News feed

Drupal 8.0.0 released - 2015, November 19 - 16:33

Today we released Drupal 8.0.0, the first fully supported release of Drupal 8! This is the biggest update ever to Drupal, our open source content management platform. Here are just a few of the hundreds of improvements in Drupal 8:

  • In-context, what-you-see-is-what-you-get (WYSIWYG) editing and previews
  • Comprehensive content modeling out of the box with entities, fields, and views
  • Customization of content pages and even forms and administrative pages via the administrative interface
  • Full translatability and localization out of the box
  • Reliable configuration management for safe and straightforward deployment of changes between environments
  • Mobile-first, responsive, HTML5 output
  • REST-first native web services
  • Enhanced accessibility and WAI-ARIA compliance
  • Modern PHP standards and practices, with integration of popular libraries such as Composer, Symfony2, Guzzle, and Twig
  • Significantly improved front-end performance out of the box
  • Enhanced caching and best-of-class integration with CDNs and reverse proxies
  • Full compatibility with PHP7, and the PostgreSQL and SQLite databases
  • ...And much more!
Learn more about Drupal 8    Download Drupal-8.0.0

Drupal 8 in action

With key modules like Views and Entity Reference fully included in Drupal 8 core, and many contributed projects already available for Drupal 8, you can start building new Drupal 8 sites right now, today. You can also use the crowd-sourced Drupal 8 Contrib Porting Tracker to get updates on the status of your favorite modules and themes, or read how you can help.

How do I upgrade my current site?

If you have a Drupal 6 or 7 site you want to upgrade, install or update the Upgrade Status module to get a customized, up-to-date report on the status of your modules and themes in Drupal 8. Once you are ready, Drupal 8 core also includes the Migrate module to update existing Drupal 7 and 6 sites to Drupal 8 directly. Migrate is marked "experimental" in Drupal 8.0.0, but will be fully supported in an upcoming release. Read more about how you can migrate from Drupal 6 or 7.

Photo credit: pdjohnson

What about other versions of Drupal?

Drupal 8.0.0 marks several changes for Drupal releases. We will add new features to Drupal 8 every six months in minor releases, with bug fix and security release windows every month. The next bugfix release window is December 2, 2015, and next scheduled minor release (Drupal 8.1.0) is planned for mid-April 2016.

The release of Drupal 8 also means that it's time to say a fond farewell to Drupal 6 after eight great years. Drupal 6 will reach its end-of-life (EOL) on February 24, 2016, meaning that it will no longer receive official community support and you should plan to update Drupal 6 sites soon. Refer to the Drupal 6 end-of-life announcement for more information.

Drupal 7 is still fully supported and will remain so for several more years. Read more about the Drupal core release cycle.

Found a bug?

With your help, we can find and fix bugs sooner rather than later. If you find a bug in Drupal 8, search for it in the Drupal 8 issue queue, and if you don't find an existing bug report, file a new one.

Celebrating the release

Help share and celebrate this milestone for the Drupal community! The Drupal 8 media kit includes the official Drupal 8 press release which has already been translated into many languages. Share this press release with your community, or use the #Drupal8 hashtag to talk about Drupal 8 on social media. Then, join one of over 200 Drupal 8 release parties on six continents.


Drupal 8 core is the work of more than 3300 contributors in over 16,000 Drupal core commits during nearly five years of development, and it is by far the best release of Drupal yet. There are already more than 50,000 Drupal 8 installations, so start yours today!

Build something amazing, for anyone.

Front page news: Drupal NewsDrupal version: Drupal 8.x
Categories: News Migrates Content and File Delivery to Fastly - 2015, November 16 - 19:27

We are so stoked to announce our partnership with Fastly. Fastly is now serving up all of our traffic from the * domain Drupal sites and related services. is big and its services handle over 1.5 billion requests per month; this is a massive amount of traffic for an open source project.

Every time cron runs the update service on your Drupal site, it talks to Every time you download a copy of Drupal or any projects on, you talk to (We see over 400,000 downloads of Drupal core in a typical month—way more around DrupalCons and major community sprints.)

Each month we have over 15 million unique pageviews on—by over 2 million unique visitors.

All of those stats are about to rise significantly with the launch of Drupal 8. Drupal 7 caused a 30% bump in traffic when it was released and we expect even more with the launch of Drupal 8.

Fastly is… well… fast

In 2014, we implemented a CDN (content delivery network) for The impact was immediate. Everything was faster. We met our initial goal of getting sites and services fronted by a CDN.

That CDN solution was a good start, and while it lacked features we didn’t know we needed, it improved our ability to deliver Drupal-generated content as well as packaged projects.

Late in 2014, we were introduced to Fastly. They offered us an opportunity to try out the service for and we haven't looked back.

Varnish for the win!

You may already use the open source Varnish for your Drupal sites. Varnish is an HTTP accelerator. began using Varnish in 2009 to reduce load on its web servers. It is a powerful cache that likely sits in front of your web origins. Fastly gives us a globally distributed Varnish cache with all of the features we are familiar with.

Fastly hires maintainers of the Varnish project and are helping move it forward. Drupal 8 cache keys are also a straight correllation to Fastly Surrogate Key purging and Fastly's active involvement is another great example of Fastly working with an open source community (ours!) to build a better experience.

Yay, open source!

Open Source Alliance

Speaking of open source, Fastly has an open source alliance that provides free content delivery to projects like Debian, the MIT Media Lab, the W3C, Memcached, Linux Foundation, and more. They have even open sourced some of their technology stack to make it easier for others to build systems with their tools. We love partnering with these sorts of organizations.

Supporting Technology Partner

Speaking of partnering, Fastly took their partnership a step further and are helping fund a lot of great work on through commitments to sponsor DrupalCons and even the release of Drupal 8. Look for them at upcoming DrupalCons. Thanks Fastly!

How Fastly Works

Fastly’s Global Network consists of Points of Presence (POPs) running Fastly’s custom Varnish software stack. These POPs are spread around the world in strategic locations close to the highest density Internet Exchange Points, ensuring cached content is just a few milliseconds away.

Fastly has a powerful feature that allows us to specify a specific POP as a shield to our origin server. In our case we chose the Seattle POP because of its proximity to our servers at the OSL in Corvallis, Oregon in the United States.

The origin shield configuration means all requests to flow through Fastly’s origin server in Seattle before reaching our origin. If Fastly’s origin server in Seattle has already cached the file, no request to our origin is necessary.

In practice, this allows us to deliver a huge amount of content with an extremely high hit ratio. (See that spike in the GIF below, that's one of those regular times that cron jobs request a ton of content from our updates server. Fastly is just churning along.)

(Fastly made us confident we could put this enormous GIF in our write up.)

Faster changes, faster response time

Another advantage to Fastly has been the efficiencies it has given us by allowing us to quickly make changes to how they cache our content. With our previous CDN, changes could take up to 4 hours to propagate through the system. We can now change a Varnish config and reflect those changes in under 5 seconds. That has been a huge help when we need to make a hot fix to production and keep delivering Drupal to the world.

Logging and improving our usage stats

Fastly also allows us to stream our logs. This means we can parse those logs and turn them into data. We are already seeing much more reliable project usage statistics with from our new log processing for thanks to Fastly’s log streaming.

More accurate logs mean we can provide users with better data to help them to make better decisions about modules, themes and distributions that have the most installations.

Next Steps with Fastly

We have been impressed with Fastly, both for their responsiveness and the performance improvements we have seen while using their services. They have given a ton to our community and we can't wait to see where they take Varnish and their open-source-powered service. If you are interested in using Fastly with your own Drupal sites, you can learn more about Fastly on their organization page or sign up for a developer account at—there is even a Fastly module for Drupal7, and one for Drupal8 is on the way!

Front page news: Drupal News
Categories: News

Drupal 6 end-of-life announcement - 2015, November 9 - 17:34

As announced in the Drupal 6 extended support policy, 3 months after Drupal 8 comes out, Drupal 6 will be end-of-life (EOL).

On February 24th 2016, Drupal 6 will reach end of life and no longer be supported.

What this means for you:
  1. Drupal 6 will no longer be supported by the community at large. The community at large will no longer be creating new projects, fixing bugs in existing projects, writing documentation, etc. around Drupal 6.
  2. There will be no more core commits on Drupal 6.x to the official tree. (see What if I have a Drupal 6 site still)
  3. The security team will no longer provide support or Security Advisories for Drupal 6
  4. All Drupal 6 releases on project pages will be flagged as not supported.
  5. At some point in the future update status may stop working for Drupal 6 sites.
Should I update to Drupal 7 or Drupal 8?

The version of Drupal you choose for your upgrade will depend on how complex your site is, what contributed modules you need, and other factors. Many modules have been built in to Drupal 8. For example, Views and a WYSIWYG editor come as a part of Drupal 8, which means that some sites can move to Drupal 8 much sooner. Find out more about Drupal 8.

Drupal 8 core also provides a Migration path directly from Drupal 6 as an experimental feature, so sites can update directly to Drupal 8 using either a user interface or with Drush. See Executing a Drupal 6/7 to Drupal 8 upgrade for more details. The Migrate feature will be fully supported in a later minor release of Drupal 8.

Drupal 7 remains fully supported, so Drupal 6 sites can also update to Drupal 7 using the core update feature when that is a better fit. Drupal 7 is estimated to be supported until Drupal 9 is released, or later. For more information follow: [policy, no patch] Drupal 7 (and 8) EOL timing.

What if I have a Drupal 6 site still?

You should plan to upgrade your site as soon as possible. For sites not updated before February 24th 2016, the Security Team is working with some vendors who are willing to provide paid support for Drupal 6 sites beyond February 24th, 2016. We will announce the details of this in early January. If you are a vendor that would like to look into doing this, please read D6 LTS Vendors policy.

Front page news: Drupal NewsDrupal version: Drupal 6.x
Categories: News

Drupal 8.0.0 will be released on November 19, 2015 - 2015, October 30 - 20:53

Based on our experience with our successful release candidates, we are confident to announce that Drupal 8.0.0 will be released on November 19, 2015! Until then, we will continue publishing Drupal 8 release candidates with the latest fixes. See the first release candidate announcement for more details on the release candidate phase, or download the latest release candidate (RC4) for a preview of the release.

Port your modules/themes and update translations

There is not a lot of time left if you are looking to have your module, theme or translation ready for the big day! Read more about porting your modules and themes and contributing to translations.

Preparing for release promotion

We are working on both the release announcement and the press release in English. However we do need volunteers to help translate it to their language. The final translations will be posted on at time of release.

If you can help promote the release on Twitter on November 19th and 20th in your respective time zones, Paul Johnson is looking for you. When tweeting about Drupal 8, be sure to use the hashtag #drupal8.

Parties around the globe!

We also need you to throw a party! Organize a local meetup on the week (or even better the exact date) with sweets, sessions, shirts, stickers or whatever fits to spice it up. Make sure to let the community know, so it shows up on the world map on We also suggest you follow @celebr8d8 and promote your party and share your party stories with #celebr8d8.

Finally, thanks to the nearly 3,300 people who contributed to the codebase of Drupal 8 as well as hundreds of others who organized events, conducted usability tests, mentored contributors, found sponsors, etc.—in short did all the awesome things that made Drupal 8 happen. Now, let’s go make something amazing, for anyone!

Front page news: Drupal NewsDrupal version: Drupal 8.x
Categories: News

Drupal 7.41 released - 2015, October 21 - 21:25

Drupal 7.41, a maintenance release which contain fixes for security vulnerabilities, is now available for download. See the Drupal 7.41 release notes for further information.

Download Drupal 7.41

Upgrading your existing Drupal 7 sites is strongly recommended. There are no new features or non-security-related bug fixes in this release. For more information about the Drupal 7.x release series, consult the Drupal 7.0 release announcement.

Security information

We have a security announcement mailing list and a history of all security advisories, as well as an RSS feed with the most recent security advisories. We strongly advise Drupal administrators to sign up for the list.

Drupal 7 includes the built-in Update Manager module, which informs you about important updates to your modules and themes.

Bug reports

Drupal 7.x is being maintained, so given enough bug fixes (not just bug reports), more maintenance releases will be made available, according to our monthly release cycle.


Drupal 7.41 is a security release only. For more details, see the 7.41 release notes. A complete list of all bug fixes in the stable 7.x branch can be found in the git commit log.

Security vulnerabilities

Drupal 7.41 was released in response to the discovery of security vulnerabilities. Details can be found in the official security advisory:

To fix the security problem, please upgrade to Drupal 7.41.

Known issues


Front page news: Planet DrupalDrupal version: Drupal 7.x
Categories: News

Community Spotlight: Veronica Vedia (veronicanerak) - 2015, October 20 - 20:05

Veronica Vedia (veronicanerak) organized Women in Drupal at DrupalCamp Bolivia in 2014 alongside Karen Da Cruz and several other women. Veronica shared the story of how she went from anonymous Drupaler to community evangelist over email with the Drupal Association. Parts of this Community Spotlight have been transcribed from a article that Veronica wrote on her experience coordinating Women in Drupal.

I started using Drupal approximately 4 years ago. At the time, I worked in front-end, and I did my work in multiple different languages and frameworks, like PHP, C#, and Microsoft’s .NET. I really enjoyed working in front-end, but wanted to get more specialized. At one point, a coworker told me about Drupal roles, and the idea of becoming a dedicated “themer” caught my attention. I decided to study Drupal on my own so I could leave that company and find another employer where I could work in Drupal as a themer.

I didn’t become very active in my local community until after Drupal Picchu in 2014 in Cusco, Peru. Before that, I had been a relatively passive participant in the Bolivian Drupal community. But when I heard about Drupal Picchu, I knew I had to go. I admit, the chance to travel to Machu Picchu was my main motivation, but I also knew that attending the Drupal workshops and talks would be very valuable.

When I got to Drupal Picchu, I was amazed at how many passionate people were at the event. There were people with so much experience and talent sharing knowledge from basic to advanced. It really caught my attention how so many people were generously sharing knowledge that they put so much effort into learning. It was a really encouraging experience for me.

The event's keynote was on Women in Drupal, and was led by Karen Da Cruz, Nancy Contreras, Molly Byrnes, and Holly Ross, all of whom are very inspiring women in the industry. I found their stories very motivating, and wound up talking to Karen afterward. I told her, “I want to do the same thing in my country that you have done here.” So I got together with several other women in my local community, and together we made the Women in Drupal group a reality at DrupalCamp Bolivia 2014 several months later.

At DrupalCamp Bolivia, Karen and I gave a “Women in Drupal in Bolivia” workshop where we taught several women Drupal. The goal was to motivate everyone (but especially girls and women) who are learning Drupal. The workshop was a success and it was amazing how enthusiastic all of our attendees are. It wouldn’t have been possible without all the amazing women who came out to help us conduct the workshop and replicate the Drupal Picchu keynote on Women in Drupal. It was really fun to participate in both the workshop and the the keynote, and I had a great time speaking about my own experiences alongside Nancy Contreras (Peru), Karen (Peru), and Mariana Graf (Brazil).

Organizing an activity like Women in Drupal in Bolivia was really intimidating at first. I was worried that there might not be attendees, or that our activities wouldn’t be well received. But everyone was so encouraging and helped me realize that the important thing is the desire to share knowledge — it’s normal to feel fear, and it’s worth overcoming it in the end. Without help from Karen, Freddy Cahuas, and the other DrupalCamp Bolivia organizers, I wouldn’t have succeeded. It also made me realize that one day, you’re new to the community, and the next day, you’re daring to try something new for the community. It becomes a chain where everyone helps each other and the community grows, and I think it’s really powerful how it breaks across the boundaries of languages and cultures and brings us closer to each other.

In the future, I hope to help grow the community and the "Women in Drupal” events. I want to motivate many other girls and women to learn Drupal. It’s a world of endless opportunities and possibilities! To make this happen, I am always looking for help from the community. If anyone has examples of activities that I could share to help boost, improve, and motivate my local community group, I would love to hear from you.

Thank you to everyone who continues to participate and encourage each other to be part of this big family called “Drupal"!

Categories: News

Responding to spam on - 2015, October 15 - 04:16

With the recent release of Drupal 8 RC1, and the related increases in mentions on social media and tech news outlets, is seeing a modest bump in traffic. Along with that modest bump in real traffic, spammers have decided to increase their efforts to get content onto to boost their own SEO. is very attractive to these spammers.

Spam fighting is not fun, and certainly not glamorous, but it is a necessary part of keeping our community home clean and tidy. Community volunteers have helped report and block spam for many years, and Drupal Association staff are looking for ways to ease this burden.

Every spam fighting solution for a website as open as ours takes on spammers using two approaches: automated pattern matching and human review. I wanted to take a moment to walk through some of the approaches we use—though not in too much detail lest the spammers read this and adapt their methods to match.

On the automated front, we use tools like Mollom to do text analysis. Their system is constantly learning from the sites that use it. These services also have tools to help distinguish a robot from a human. Figuring out which spam is coming from bots helps us prevent certain types of spam from filling up the site. We also use tools like Honeypot to try and detect particularly fast submissions to the site. (Note: this is a tough one as many developers type as fast as a robot. You know who I'm talking about.)

Just as common as bot-based attacks are those that are run by humans. The advantage in using humans to place spam is they can get around bot-detection techniques such as captcha or submission speed check.

The most recent spam attacks are a combination of these techniques. We employed a combination of techniques to respond. These include some automated techniques and some that rely on humans.

The automated techniques will likely get a bit more strict for a time while we sort out the best ways to limit the rate of spam hitting Most of the spam is submitted to our forum system.

As for the human-reliant techniques, we need your help. If you see something, report it. We switched the focus of our development team this week on building the tools to make reporting process much easier. Early next week confirmed users should be able to help us target spam and remove it from with minimal effort by simply flagging content as spam.

We really appreciate all of the amazing work our community does to help keep its home tidy and free of spam. Our community is phenomenal!

Front page news: Association
Categories: News

Drupal 7.40 released - 2015, October 15 - 01:39

Update: Drupal 7.41 is now available.

Drupal 7.40, a maintenance release with numerous bug fixes (no security fixes) and several new features, is now available for download. See the Drupal 7.40 release notes for a full listing.

Download Drupal 7.40

Upgrading your existing Drupal 7 sites is recommended. There are no major, non-backwards-compatible features in this release. For more information about the Drupal 7.x release series, consult the Drupal 7.0 release announcement.

Security information

We have a security announcement mailing list and a history of all security advisories, as well as an RSS feed with the most recent security advisories. We strongly advise Drupal administrators to sign up for the list.

Drupal 7 includes the built-in Update Manager module, which informs you about important updates to your modules and themes.

There are no security fixes in this release of Drupal core.

Bug reports

Drupal 7.x is being maintained, so given enough bug fixes (not just bug reports), more maintenance releases will be made available, according to our monthly release cycle.


Drupal 7.40 contains bug fixes and small API/feature improvements only. The full list of changes between the 7.39 and 7.40 releases can be found by reading the 7.40 release notes. A complete list of all changes in the stable 7.x branch can be found in the git commit log.

Update notes

See the 7.40 release notes for details on important changes in this release.

Known issues


Front page news: Planet DrupalDrupal version: Drupal 7.x
Categories: News

2015 Membership Drive: Because Members Are Contributors Too - 2015, October 13 - 22:28

Today, we introduced a banner on pages. It invites all site visitors to support the Drupal project by becoming Drupal Association members.

Our membership drive runs from now through December 30, and we have two big goals: $100,000 in revenue and 1,000 new/renewed members. Visitors to who log in as current Individual Members will be invited to share the campaign; all other visitors will be invited to join.

We hope you enjoy the stories told as part of this campaign. We've invited community members to participate by telling us why the Association matters to them. This is another great opportunity for community spotlights to shine on some of the most active and passionate people in Drupal. Want to share your story? Reach me by contact form at

We'll keep you updated on our progress toward the campaign goals at and

Front page news: Planet Drupal
Categories: News

Drupal 8.0.0-rc1 released - 2015, October 7 - 23:33

Update: Drupal 8.0.0 is now available.

We now present the first release candidate for Drupal 8.0.0! Drupal 8 includes a tremendous number of new features and improvements for both users and developers.

We revamped Drupal's user interface; added WYSIWYG and in-place editing; significantly improved mobile support; added and improved key contributed modules including Views, Date, and Entity Reference; introduced a new object-oriented backend leveraging Symfony components; revamped configuration management; improved multilingual support; and added hundreds of other improvements. Drupal 8.0.0-rc1 is the collective work of over 3,200 core contributors. Read more about what's new in Drupal 8.0.x.

The first release candidate provides a great opportunity to begin developing with Drupal 8, especially for:

  • New sites.
  • Sites that rely mainly on the expanded functionality provided by Drupal 8 core alone.
  • Projects that will take months of development time.
  • Sites for which Drupal 8's benefits outweigh the effort needed to port (or work around) contributed modules that do not yet have Drupal 8 versions.
Using Drupal 8 # Launching new sites #

Drupal 8 itself is very functional straight out of the box -- many of the top Drupal 7 modules are now included in core, and several features have been made more flexible to avoid the need to install many other modules. Evaluate your needs, and you may easily find that everything you need for a project is already included in Drupal 8 core. Check out our slides about Drupal 8 to learn about the changes.

Updating existing sites #

The new version also includes a revamped Migrate module to update existing Drupal 6 and 7 sites to Drupal 8 directly. The migration feature is currently marked "experimental," meaning it is not yet fully supported and we are still working to improve it. For this reason, the Drupal 8 release candidate does not yet provide a user interface for migrations. Use the Migrate Plus and Migrate Upgrade modules to test migrations now, or read more about Migrate in core.

Contributed modules and themes #

There are a number of modules already ported to Drupal 8 as well as themes already being developed. We set up the contrib tracker project to make it easier to track the status of the ports of contributed modules.

DrupalCon Barcelona Drupal 8 sprint photo by Pedro Lozano (under the CC BY 2.0 license) Porting modules and themes to Drupal 8 #

If you have not done so already, now is the time to ensure that your modules and themes will work with the new version. While there are many changes in Drupal 8, we wanted to make it as easy as possible to get started porting modules. We suggest you use Drupal Module Upgrader to run a first pass of code upgrades. Some things will be automatically upgraded while others will get a @todo comment or will be left untouched.

To help you learn and apply the new APIs, the site has overviews and short examples of all major Drupal 8 APIs. The handbooks have in-depth guides with more background information on each API as well. We also have a complete list of all API changes to Drupal 8, spanning the 4.5 years of Drupal 8's development.

Instead of using our own home-brewed templating system from Drupal 7 and earlier, Drupal 8 uses the Twig templating engine. Many of the concepts from previous versions of Drupal still apply with Twig. We are working on a guide for you to help update your themes. Also check out the Drupal 8 theming documentation for more information.

Be sure to file any core bugs that you may find while updating your module or theme.

Translating Drupal 8 #

The interface strings are officially frozen now. Only error corrections, removals or additions of whole strings, and fixes required for critical issues may be made to the interface text from this point forward. This is the best time to translate Drupal 8, so your translations will be available when the final version is released. The installer now comes with automated translation downloads, so whatever you translate now will be useful for all Drupal 8 installs. has a summary page about core translation status in all the supported languages with a step-by-step guide in the sidebar to help you contribute.

Documentation, book, and video authors #

The user interfaces, interactions, and "look and feel" of Drupal 8.0.0 are now frozen and will only be changed if required for critical bug fixes. If you previously put your documentation, instruction video, or book project on hold, now is the time to pick it up again. Now is also the time to update documentation on and to get documentation fixes into Drupal 8, so the explanations are correct. Thanks for your contributions!

Be aware that Drupal 8 will employ semantic versioning, with new "minor" releases (backwards-compatible with API additions and new features) approximately every six months. So strings, user interfaces, and other visual aspects of Drupal will be improved throughout the entire Drupal 8 process, which may require subsequent updates to these materials.

Contributing to Drupal 8 core #

During the release candidate phase, only critical fixes and documentation improvements will be committed to Drupal 8 core (plus certain non-disruptive "rc target" changes at core committer discretion). Other issues that have been reviewed and tested by the community may remain uncommitted until after 8.0.0 to ensure that critical bugs can be fixed quickly without risking regressions. Read more about the allowed changes during the RC phase.

When will Drupal 8.0.0 be released? #

We will schedule an official release date for 8.0.0 when we are confident that the rate and nature of incoming critical bugs has slowed enough to ensure a stable release. Until then, release candidates of Drupal 8 will be released twice a month concurrently with the Drupal 6 and 7 release windows.

Update: Drupal 8.0.0 will be released on November 19, 2015!

Known issues #

We are confident that our code is stable enough for wider testing by site owners, developers, and end users. There are however still known issues with Drupal 8.0.x, including major bugs. Help resolve these issues by testing Drupal 8 and searching for existing bug reports and adding more information to help resolve those bugs. If your suspected bug hasn't been reported yet, submit a bug report.

Handling security issues #

Starting now, any security issues discovered for Drupal 8 should be kept confidential and reported using the Report a security vulnerability link on the Drupal project page in order to protect existing sites. Through December 31, 2015, the Drupal 8 security bounty is also still active, so you can get paid for finding security issues and reporting them in our private tracker! See the security team page for more information on Drupal security.

Talk about the release candidate! #

We suggest the #drupal8rc hashtag for Twitter, Facebook, etc. posts. To mention and find conversations about work already made with Drupal 8, use #madewithd8. We can't wait to see what you make with Drupal 8!

Front page news: Drupal NewsDrupal version: Drupal 8.x
Categories: News

Marketplace Updates to Highlight Contributing Organizations - 2015, September 22 - 19:28

We are excited to announce some big changes to the Marketplace. In Dries’ Amsterdam Keynote, he made a compelling case for showing the contributions of organizations that are helping build Drupal. By highlighting organizations that give their employees time to give back, we make it possible for more people to give time to making the project better.

In March, we took steps to begin collecting this information by allowing individuals that were contributing in the issue queues to attribute their contributions to organization that they are employed by or customers that funded the work. When a maintainer of a project (module, theme, distribution or Drupal Core) closes an issue as fixed, they have an opportunity to pass on credit to the individuals who helped contribute to fixing the issue—and not just code contributions, but any kind of feedback, review, designs, etc.

We called this system issue credits and it has been a huge success. We now show the last 90 days of issue credits awarded to an individual or organization on their profile.

Today, after months of collecting this data, we are taking how we highlight contributing organizations to a new level.

With this launch, we are removing the distinction of "featured service providers" versus "all service providers". By using data about these organizations contributions, we can provide a single list of all organizations ordered by their contributions.

For now, we are using issue credits as the primary sort. The secondary sort highlights organizations that are giving back by supporting through the supporting partner program or organization membership. Soon, we plan to incorporate case studies submitted, DrupalCon sponsorships, and camp sponsorships to help make a more complete picture of how organizations are contributing to our community.

Give it a look and give us your feedback.

Front page news: Drupal News
Categories: News

Help us test DrupalCI - 2015, September 15 - 19:05

DrupalCI is the next generation testing infrastructure for Drupal. After years of development, DrupalCI has been rolled out for testing Drupal 8 Core and Contrib projects - and will soon be taking over testing Drupal 7 Core and Contrib as well and for Drupal 6 for the duration of its long term support window.

But we need your help!

At this time, DrupalCI is running in parallel with the existing PIFT/PIFR testing architecture. Before we retire the old testing infrastructure we want to ensure that there are no feature regressions in the new DrupalCI system, and that core and contrib developers have had time to learn the new testing architecture and try it out thoroughly.

If you are a maintainer of a contrib module with testing enabled, we will enable DrupalCI testing for your project. At this time, DrupalCI supports testing in D8 Core and Contrib, but D7 and D6 testing will be enabled soon. If you see that DrupalCI testing has been enabled for your project, please provide your feedback in the issue linked below.

To learn more about how to use DrupalCI for automated testing of your project on, please consult this documentation page.

How can you provide feedback?

We are collecting feedback on the new testing architecture in this issue: #2534132 - Disable Legacy Testbots and use drupalCI as our testing infrastructure. Please focus your feedback on:

  • Feature regressions from current testbots
  • Unexpected test failures
  • User interface issues
  • Test result parsing and display

Though DrupalCI is a more flexible and extensible testing architecture, we are not collecting additional feature requests at this time.

If you are a module maintainer, and you are a satisfied that the new DrupalCI tests are meeting your testing needs, you can return to the Automated Testing tab for your project and choose to disable PIFT/PIFR testing, by deleting the specific releases you no longer need tested in the old system:

Learn how to add automated testing to your project…

If you would like to add automated testing to your projects on you can learn more about writing tests with this tutorial.

Front page news: Planet DrupalDrupal version: Drupal 6.xDrupal 7.xDrupal 8.x
Categories: News

Drupal 7.39 and 6.37 released - 2015, August 19 - 22:45

Update: Drupal 7.40 is now available.

Drupal 7.39 and Drupal 6.37, maintenance releases which contain fixes for security vulnerabilities, are now available for download. See the Drupal 7.39 and Drupal 6.37 release notes for further information.

Download Drupal 7.39
Download Drupal 6.37

Upgrading your existing Drupal 7 and 6 sites is strongly recommended. There are no new features or non-security-related bug fixes in these releases. For more information about the Drupal 7.x release series, consult the Drupal 7.0 release announcement. More information on the Drupal 6.x release series can be found in the Drupal 6.0 release announcement.

Security information

We have a security announcement mailing list and a history of all security advisories, as well as an RSS feed with the most recent security advisories. We strongly advise Drupal administrators to sign up for the list.

Drupal 7 and 6 include the built-in Update Status module (renamed to Update Manager in Drupal 7), which informs you about important updates to your modules and themes.

Bug reports

Both Drupal 7.x and 6.x are being maintained, so given enough bug fixes (not just bug reports) more maintenance releases will be made available, according to our monthly release cycle.


Drupal 7.39 is a security release only. For more details, see the 7.39 release notes. A complete list of all changes in the stable 7.x branch can be found in the git commit log.

Drupal 6.37 is a security release only. For more details, see the 6.37 release notes. A complete list of all changes in the stable 6.x branch can be found in the git commit log.

Security vulnerabilities

Drupal 7.39 and 6.37 were released in response to the discovery of security vulnerabilities. Details can be found in the official security advisory:

To fix the security problem, please upgrade to either Drupal 7.39 or Drupal 6.37.

Update notes

See the 7.39 and 6.37 release notes for details on important changes in this release.

Known issues

See the 7.39 release notes for a list of known issues affecting the Drupal 7 version of this release.

Front page news: Planet DrupalDrupal version: Drupal 6.xDrupal 7.x
Categories: News