Drupal Changed Our Lives

It is very rare that something so powerful can change a company overnight. Our long history as a web development company can be defined in single word: "Custom". Custom web designs, custom web programming, and custom web applications. These skills are things that we are most proud to promote. However, a "custom" Website doesn’t have to mean starting from scratch. Today, with the power of the entire contributed Drupal community, things are different. There have been so many advances in Drupal’s open source solutions that it is impossible for any web development company to ignore. The Drupal framework only enhanced our ability to develop custom Websites for our clients. Drupal changed our lives — It opened up new doors for all of us at Nu-Designs and our clients.

What is Drupal?

Drupal is an open source platform for creating a Website. Thousands of web developers world wide use the Drupal platform. Many of these developers have contributed additional functions to the platform. These new functions are contributed to the Drupal community in the form of a Module. A Drupal module is a widget of code that works with the Drupal framework. The module basically plugs into the Website, adds new functionality and can be configured in a variety of ways. Today there is a library of over 8,000 Drupal modules available for any project. As a Drupal developer, Nu-Designs can leverage this module library for the benefit of our customers. We can utilize existing modules or we can make "custom" modules to meet our clients needs. The point is: why do something from scratch when it has already been done before? To find out more information about the Drupal framework, visit the Drupal.org Website.

If you are a Drupal developer be sure to check out our Drupal community site Made With Drupal.

Video: 

News and Updates from Drupal.org

December 14, 2014

Drupal.org will be affected by maintenance Monday, December 15th 17:00 PST, 01:00 UTC (1 day after).

New database servers are being deployed for Drupal.org. This hardware refresh should greatly improve database query performance on Drupal.org. The deployment should require less than 15 minutes of downtime on Drupal.org if no major issues are encountered.

Please follow the @drupal_infra Twitter account for any issues encountered during the maintenance window.

Thanks for your patience!

December 4, 2014

On October 29, the Drupal Security Team issued a Public Service Announcement (PSA) as a follow-up to Security Advisory SA-CORE-2014-005, which disclosed a serious SQL Injection vulnerability in Drupal 7. Our goals with the PSA were to:

  1. Provide an update on the time window between disclosure and first-known exploits
  2. Provide guidance for users who patched or upgraded outside that window
  3. Reiterate the severity of the vulnerability and the importance of upgrading or patching

(Speaking of which, if you have not remediated yet, please stop reading and do so.)

While we feel those goals were accomplished, the PSA also resulted in a large volume of press coverage – in fact much more coverage than the original disclosure of the vulnerability on October 15th. Not surprisingly, the general tone of the press coverage was quite negative. Unfortunately, some of the coverage was also inaccurate which we’d like to address here as well as provide additional context regarding our security processes.

While we don’t know the total number of Drupal sites affected, the number is not near 12 million as stated in several publications. Unless disabled, individual Drupal sites report their existence back to Drupal.org and this system reports around 1 million total Drupal sites. While this is not an exact measure of live Drupal sites we can infer that the affected number of specifically vulnerable Drupal 7 sites is more likely to be under 1 million.

SA-CORE-2014-005 was certainly a severe issue, if not the most severe issue in Drupal’s history; but it’s important to recognize all software has bugs and security issues that require a remediation process. Finding, fixing and announcing security patches is evidence of a healthy security process and Drupal is one of the few content management systems with a dedicated security team that covers both Drupal core and contributed code.

The above said, there are lessons from both the original disclosure and the follow-up PSA that might result in some changes to the Drupal Security Team policy and process, however we want to reinforce that we are deeply committed to keeping Drupal secure. We encourage you to read this whitepaper that explains our processes, policies and contains a good overview of Drupal security.

If you ever have questions, please use the public discussion area for general topics at https://groups.drupal.org/security or contact us (security@drupal.org). Or better yet, get involved. You can find more information on the Drupal Security Team page.

-Drupal Security Team

There are a growing number of licensing-related issues on Drupal.org that are unresolved. Additionally, volunteers who have been tackling licensing issues believe that the policies are often applied inconsistently. The result is that contributors are often left in a difficult situation, unsure if they should contribute their code or not, and the Drupal project is left at risk when non-compliant code is uploaded to Drupal.org.

To solve this problem, several of the key volunteers met in July and determined that a Licesning Working Group, modeled after other Drupal and Drupal.org governance bodies and supported by training from the Drupal Association law firm, could provide more consistent oversight. At the 21 November meeting, the Drupal Association Board of Directors approved the draft charter written by those volunteers.

Now it's your turn! We're looking for 4-5 individuals to serve on the Working Group. You'll receive lots of support from the Drupal Association when you need it, and you'll be making a direct impact on the happiness of our contributors and the safety of the Drupal project. Just fill out the form below and we'll get back to you. We expect to approve a slate of candidates during the 21 January board meeting. Questions? Email the Drupal Association Executive Director, Holly Ross, at holly@association.drupal.org.

Nominate Yourself!

Front page news: Drupal News