Blog

Drupal 6 security update for XML sitemap (6.x-2.x only)

by David Snopek on July 18, 2018 - 2:42pm

As you may know, Drupal 6 has reached End-of-Life (EOL) which means the Drupal Security Team is no longer doing Security Advisories or working on security patches for Drupal 6 core or contrib modules - but the Drupal 6 LTS vendors are and we're one of them!

Today, there is a Moderately Critical security release for the XML sitemap module (version 6.x-2.x only) to fix an Information Disclosure vulnerability.

The XML sitemap module enables you to generate XML sitemaps and it helps search engines to more intelligently crawl a website and keep their results up to date.

The module doesn't sufficiently handle access rights under the scenario of updating contents from cron execution.

See the security advisory for Drupal 7 for more information.

Here you can download the Drupal 6 patch.

If you have a Drupal 6 site using the XML sitemap module, we recommend you update immediately! We have already deployed the patch for all of our Drupal 6 Long-Term Support clients. :-)

If you'd like all your Drupal 6 modules to receive security updates and have the fixes deployed the same day they're released, please check out our D6LTS plans.

Note: if you use the myDropWizard module (totally free!), you'll be alerted to these and any future security updates, and will be able to use drush to install them (even though they won't necessarily have a release on Drupal.org).

CiviCRM secrets for Drupalers: Membership Directory

by Elliot Christenson on July 5, 2018 - 12:58am

We're Drupalers who only recently started digging deep into CiviCRM and we're finding some really cool things! This series of videos is meant to share those secrets with other Drupalers, in case they come across a project that could use them. :-)

In the screencast below, I'll show how how you can set-up a public membership directory in Roundearth's CiviCRM! Many organizations have a need to have public visitors see their member individuals or organizations

Watch the screencast to see how to add a public membership directory with Roundearth:

Some highlights from the video:

  • Add Memberships to a Contact
  • Create a Smart Group of Members
  • Boom: Create a Public Membership Directory

Please leave a comment below!

CiviCRM secrets for Drupalers: Fundraising Campaigns

by Elliot Christenson on June 27, 2018 - 11:38pm

We're Drupalers who only recently started digging deep into CiviCRM and we're finding some really cool things! This series of videos is meant to share those secrets with other Drupalers, in case they come across a project that could use them. :-)

In the screencast below, I'll show how how you can set-up a new Campaign in Roundearth's CiviCRM! The thing about campaigns is that until there is activity, there isn't much to see, but we have to start somewhere! So, here we setup a campaign.

Watch the screencast to see how to use a Campaign with Roundearth:

Some highlights from the video:

  • Set-up a new Campaign Type
  • Set-up a new Campaign
  • Send a Mailing attached to a Campaign!

Please leave a comment below!

Drupal 6 security update for Generate Password!

by David Snopek on June 27, 2018 - 2:06pm

As you may know, Drupal 6 has reached End-of-Life (EOL) which means the Drupal Security Team is no longer doing Security Advisories or working on security patches for Drupal 6 core or contrib modules - but the Drupal 6 LTS vendors are and we're one of them!

Today, there is a Less Critical security release for the Generate Password module to fix an Insecure Randomness vulnerability.

The Generate Password modules allows administrators to create a new user account without setting a password, allowing the system to automatically generate one. The module doesn't use a strong source of randomness, creating weak and predictable passwords.

See the security advisory for Drupal 7 for more information.

Here you can download the Drupal 6 patch.

If you have a Drupal 6 site using the Generate Password module, we recommend you update immediately! We have already deployed the patch for all of our Drupal 6 Long-Term Support clients. :-)

If you'd like all your Drupal 6 modules to receive security updates and have the fixes deployed the same day they're released, please check out our D6LTS plans.

Note: if you use the myDropWizard module (totally free!), you'll be alerted to these and any future security updates, and will be able to use drush to install them (even though they won't necessarily have a release on Drupal.org).

CiviCRM secrets for Drupalers: Drupal 8 + CiviCRM June 2018 Update

by Elliot Christenson on June 14, 2018 - 12:15am

We're Drupalers who only recently started digging deep into CiviCRM and we're finding some really cool things! This series of videos is meant to share those secrets with other Drupalers, in case they come across a project that could use them. :-)

In the screencast below, I'll demonstrate the new demo of Roundearth! Roundearth is our Drupal 8 + CiviCRM Distribution.

Watch the screencast to see the progress so far on the Roundearth project:

Some highlights from the video:

  • Drupal 8.5
  • CiviCRM + Bootstrap based Shoreditch theme
  • Quick demo of adding Contacts, using a Group, and sending a Bulk Mailing
  • Quick demo of a Public Event

Please leave a comment below!

Brand New "Bulk" Pricing: Automatic, Same Day Security Updates for Your Drupal Sites!

by Elliot Christenson on June 7, 2018 - 1:16am

You may already be aware of myDropWizard's services. We provide same day security updates for Drupal 6, 7 and 8. We also offer full service support for Drupal Sites. What's new? We have quantity discounts for agencies and other organizations that may have dozens or hundreds of Drupal sites!

However, the discounts start to kick in with as low as 6 sites!

Are you in charge of support for an agency? Is your team responsible for supporting hundreds of installs at a University? Has your corporation standardized on Drupal for your worldwide web presence?

Read on for more details!

Drupal 6 in the year 2020 (and with PHP 7 support!)

by Elliot Christenson on May 24, 2018 - 1:24am

When we originally announced that we'd be providing Drupal 6 Long-Term Support, we committed to supporting our customers until at least February 2017.

Each year in the spring, we've taken a look at the state of Drupal 6 and decided whether we'll extend support for another year, and if we need to make any changes to our offering. Here's the articles from 2016 and 2017, where we announced support until at least February 2019.

Today, I'm happy to announce that we'll be extending our Drupal 6 Long-Term Support until at least February 2020!

While I'm sure there will come a time, when it no longer makes business sense to pour resources into Drupal 6 for the few remaining sites, however, it's already clear to us that there's enough demand to one more year.

However, this time is a little different because PHP 5.6 will reach the end of its security support in December 2018 (8 months from now).

We can't responsibly provide Long-Term Support for Drupal 6, if there isn't a PHP version that you can securely run it on.

So, this year we're making some bigger changes to the program and to Drupal 6 itself!

Read on to find out more!

Drupal 8 + CiviCRM Roundearth Lands In Calgary for CiviCamp

by Elliot Christenson on May 9, 2018 - 9:22pm

Roundearth CiviCamp Calgary - May 22, 2018
On May 22nd, the giant CiviCRM Meetup CiviCamp Calgary arrives! What is a CiviCamp you ask? What is CiviCRM? What is Calgary? Why should a Drupaler care? All will be revealed below, dear reader!

Critical Drupal core security update for SA-CORE-2018-004 (including Drupal 6!)

by David Snopek on April 25, 2018 - 11:53am

Today, there is a Critical security release for Drupal core to fix a Remote Code Execution (RCE) vulnerability. You can learn more in the security advisory:

Drupal core - Critical - Remote Code Execution - SA-CORE-2018-004

This issue also affects Drupal 6 (although, less severely than Drupal 7 or 8). So, we're also making a Drupal 6 Long-Term Support (D6LTS) release of Drupal core and the Filefield module.

Drupal 6 core security update

As you may know, Drupal 6 has reached End-of-Life (EOL) which means the Drupal Security Team is no longer doing Security Advisories or working on security patches for Drupal 6 core or contrib modules - but the Drupal 6 LTS vendors are and we're one of them!

This fix is both for Drupal 6 core and the Filefield module. This is because the Drupal 7 & 8 fixes include changes to the core 'file' module, which isn't in Drupal 6 core, but an equivalent fix applies to the Filefield module.

Here you can download:

If you have a Drupal 6 site, we recommend you update immediately! We have already deployed the patch for all of our Drupal 6 Long-Term Support clients. :-)

If you'd like all your Drupal 6 modules to receive security updates and have the fixes deployed the same day they're released, please check out our D6LTS plans.

Note: if you use the myDropWizard module (totally free!), you'll be alerted to these and any future security updates, and will be able to use drush to install security updates for contrib modules (even though they won't necessarily have a release on Drupal.org).

Security Vulnerabilities Affect Your Dev Sites Too

by Will Long on April 18, 2018 - 4:25pm

When Drupalgeddon 2 (SA-CORE-2018-002) happened a few weeks back, we saw plenty of buzz from agencies and other organizations throughout the community who were having patching parties.

Yay for patching! But were you left vulnerable by not updating all of your installations?

If you didn’t update development and staging sites, you may be at risk!

Due to the nature of the vulnerability, from the largest of enterprise applications to the smallest of brochure or hobbyist site builds, all Drupal sites were affected. This includes any testing or staging versions of your site. Depending on how you manage your local development sites, even those may have been exposed too!

Still not convinced? Read more to find out why you need to update ALL sites!

Popular topics

Subscribe to Blog on myDropWizard.com

We're a Top 40 Drupal Blog!

o