Drupal Changed Our Lives

It is very rare that something so powerful can change a company overnight. Our long history as a web development company can be defined in single word: "Custom". Custom web designs, custom web programming, and custom web applications. These skills are things that we are most proud to promote. However, a "custom" Website doesn’t have to mean starting from scratch. Today, with the power of the entire contributed Drupal community, things are different. There have been so many advances in Drupal’s open source solutions that it is impossible for any web development company to ignore. The Drupal framework only enhanced our ability to develop custom Websites for our clients. Drupal changed our lives — It opened up new doors for all of us at Nu-Designs and our clients.

What is Drupal?

Drupal is an open source platform for creating a Website. Thousands of web developers world wide use the Drupal platform. Many of these developers have contributed additional functions to the platform. These new functions are contributed to the Drupal community in the form of a Module. A Drupal module is a widget of code that works with the Drupal framework. The module basically plugs into the Website, adds new functionality and can be configured in a variety of ways. Today there is a library of over 8,000 Drupal modules available for any project. As a Drupal developer, Nu-Designs can leverage this module library for the benefit of our customers. We can utilize existing modules or we can make "custom" modules to meet our clients needs. The point is: why do something from scratch when it has already been done before? To find out more information about the Drupal framework, visit the Drupal.org Website.

If you are a Drupal developer be sure to check out our Drupal community site Made With Drupal.

Video: 

News and Updates from Drupal.org

April 16, 2014

Drupal 7.27 and Drupal 6.31, maintenance releases which contain fixes for security vulnerabilities, are now available for download. See the Drupal 7.27 and Drupal 6.31 release notes for further information.

Download Drupal 7.27
Download Drupal 6.31

Upgrading your existing Drupal 7 and 6 sites is strongly recommended. There are no new features or non-security-related bug fixes in these releases. For more information about the Drupal 7.x release series, consult the Drupal 7.0 release announcement. More information on the Drupal 6.x release series can be found in the Drupal 6.0 release announcement.

Security information

We have a security announcement mailing list and a history of all security advisories, as well as an RSS feed with the most recent security advisories. We strongly advise Drupal administrators to sign up for the list.

Drupal 7 and 6 include the built-in Update Status module (renamed to Update Manager in Drupal 7), which informs you about important updates to your modules and themes.

Bug reports

Both Drupal 7.x and 6.x are being maintained, so given enough bug fixes (not just bug reports) more maintenance releases will be made available, according to our monthly release cycle.

Changelog

Drupal 7.27 is a security release only. For more details, see the 7.27 release notes. A complete list of all bug fixes in the stable 7.x branch can be found in the git commit log.

Drupal 6.31 is a security release only. For more details, see the 6.31 release notes. A complete list of all bug fixes in the stable 6.x branch can be found in the git commit log.

Security vulnerabilities

Drupal 7.27 and 6.31 were released in response to the discovery of security vulnerabilities. Details can be found in the official security advisory:

To fix the security problem, please upgrade to either Drupal 7.27 or Drupal 6.31.

Known issues

This security release introduces small API changes which may require code updates on sites that expose Ajax or multi-step forms to anonymous users, and where the forms are displayed on pages that are cached (either by Drupal or by an external system). See the Drupal 7.27 release notes and Drupal 6.31 release notes for more information.

Front page news: Planet DrupalDrupal version: Drupal 6.xDrupal 7.x

April 8, 2014

You may have heard that a vulnerability in the OpenSSL cryptographic library called Heartbleed or formally called CVE-2014-0160 has been disclosed and that it represents a potential security threat to a large number of websites. Using this vulnerability, malicious individuals could access sensitive information submitted by people actively visiting a website including usernames, passwords and credit card numbers. Users across the Internet should be especially aware of suspicious activity on their accounts.

We want to communicate a couple pieces of information about this news with regard to Drupal.org.

Members of the Drupal Association staff, Drupal Security Team and Drupal Infrastructure Team have reviewed Drupal.org's potential exposure to the vulnerability.

As of now, we have no indication that Drupal.org was attacked using this vulnerabililty. That said, the nature of the vulnerability makes an attack difficult to detect and we prefer to be cautious.

We have taken steps to protect users of Drupal.org, including a forced password reset for users with administrative access or access to code repositories for projects. While we have only forced the password reset for some users, we recommend that all of our users change their passwords.

We have taken the following steps to protect Drupal.org account holders:

  • Installed new SSL certificates based on a new private key
  • Revoked the old SSL certificates
  • Replaced the private strings (drupal_private_key and drupal_hash_salt) which are used for a variety of security related purposes in all Drupal sites
  • Replaced the private key used by the “bakery” single-sign-on system on Drupal.org
  • Removed all active sessions
  • Verified the email addresses in use today match those in use a week ago
  • Required that all Drupal.org users with administrative or project repository access to reset their passwords

Also, we simply want to help create awareness about the vulnerability and encourage people to review their sites for exposure. For more information, please see https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0160

Feel free to comment on the post with any questions. Thank you!

March 18, 2014

Drupal.org will be going down for up to 1 hour starting Wednesday, Mar 19, 17:00 PDT (Mar 20, 0:00 UTC). This maintenance window will be used for routine Drupal module updates, which need to alter large tables. Logging into sub-sites (api.drupal.org, groups.drupal.org, etc) will be down; they will otherwise remain available. Please follow the @drupal_infra Twitter account for updates during the downtime. Thanks for your patience!