Thanksgiving Eve Emergency Security Update? You're Just Chillin'

by Elliot Christenson on December 2, 2020 - 11:00pm

Last Wednesday, November 25th, 2020 was a security update that impacted Drupal 8, Drupal 7, and even Drupal 6 "LTS". Hundreds of thousands of website operators need to immediately update their websites! A huge percentage of them are not "web developers". Many don't even know they need the update!

Drupal isn't known for its ease of use for site owners. It's come a long way, but it remains difficult for most. That's expected and sometimes even exciting for Drupal developers.

What about the (non-developer) site owner? We don't believe your site should be left vulnerable. We believe you should be able to "just chill" rather than stress about your Drupal site security!

Read on for a peek behind the curtain to see what the Wizards do so you don't have to.

Drupal 6 core security update for SA-CORE-2020-012

by David Snopek on November 18, 2020 - 12:13pm

As you may know, Drupal 6 has reached End-of-Life (EOL) which means the Drupal Security Team is no longer doing Security Advisories or working on security patches for Drupal 6 core or contrib modules - but the Drupal 6 LTS vendors are and we're one of them!

Today, there is a Critical security release for Drupal core to fix a Remote Code Execution (RCE) vulnerability. You can learn more in the security advisory:

Drupal core - Critical - Remote code execution - SA-CORE-2020-012

Here you can download the Drupal 6 patch to fix, or a full release ZIP or TAR.GZ.

If you have a Drupal 6 site, we recommend you update immediately! We have already deployed the patch for all of our Drupal 6 Long-Term Support clients. :-)

FYI, there were other Drupal core security advisories made today, but those don't affect Drupal 6.

If you'd like all your Drupal 6 modules to receive security updates and have the fixes deployed the same day they're released, please check out our D6LTS plans.

Note: if you use the myDropWizard module (totally free!), you'll be alerted to these and any future security updates, and will be able to use drush to install them (even though they won't necessarily have a release on Drupal.org).

PHP 7.4 for Drupal 6 Long-Term Support

by Elliot Christenson on November 5, 2020 - 12:33am

This is a bit of an update to our update to PHP 7 that we did awhile back.

Last week we contacted all of our clients to announce our PHP 7.4 upgrade plans.

Much like the update to accomodate PHP 7, this update will necessitate some changes for some of our Drupal 6 clients.

Thankfully the scope of changes seems to be a bit smaller so far.

The important thing to note is that we are continuing to make changes to keep Drupal 6 and important contrib modules current with modern, supported (and secure) versions of PHP!

Read on to find out more!

(Updated for 2020) So, When Do I REALLY Need to Upgrade From Drupal 7 (or 8)?

by Elliot Christenson on September 30, 2020 - 9:04pm

Two years ago, we had a blog post with the same title: So, When Do I REALLY Need to Upgrade From Drupal 7? A lot has changed in the past two years. In the world, of course, but also in Drupal.

Drupal 7 was released on January 5, 2011. It's nearly 10 years old and going strong!
Drupal 8 was released on November 19, 2015 which itself is nearly 5 years old!

Where do our legacy and most used Drupals stand? Read on...

Drupal 6 core and CTools security update for SA-CORE-2020-007

by David Snopek on September 16, 2020 - 1:27pm

As you may know, Drupal 6 has reached End-of-Life (EOL) which means the Drupal Security Team is no longer doing Security Advisories or working on security patches for Drupal 6 core or contrib modules - but the Drupal 6 LTS vendors are and we're one of them!

Today, there is a Moderately Critical security release for Drupal core and CTools to fix a Cross-Site Scripting (XSS) vulnerability. You can learn more in the security advisory:

Drupal core - Moderately critical - Cross-site scripting - SA-CORE-2020-007

Here you can download:

If you have a Drupal 6 site, we recommend you update immediately! We have already deployed the patch for all of our Drupal 6 Long-Term Support clients. :-)

FYI, there were other Drupal core security advisories made today, but those don't affect Drupal 6.

If you'd like all your Drupal 6 modules to receive security updates and have the fixes deployed the same day they're released, please check out our D6LTS plans.

Note: if you use the myDropWizard module (totally free!), you'll be alerted to these and any future security updates, and will be able to use drush to install them (even though they won't necessarily have a release on Drupal.org).

myDropWizard automatically transition to Extended Support to all current Drupal 7 customers!

by Elliot Christenson on September 1, 2020 - 6:20pm

In November 2022, Drupal 7 will be End-of-Life (EOL). To continue getting security updates, you'll need to get Extended Support (D7ES). But if you sign up before EOL, you'll get automatic security updates until then AND a better price when EOL comes.

myDropWizard is Watching Over Your Complex Drupal 7 Website During the Long Drupal 9 Upgrade

by Elliot Christenson on August 12, 2020 - 11:37pm

Your Drupal 7 site is working great, and it is powering important parts of your infrastructure. You need it to work safely, securely, and with a minimum of staff - especially now! myDropWizard has your back.

There are a number of sad and scary issues facing all of us, but working together we can solve any problem. myDropWizard would like to be a piece of the puzzle in helping your organization navigate the uncertainty of 2020 and beyond.

We Support the Mainstream Drupal: Drupal 7

by Elliot Christenson on July 1, 2020 - 9:03pm

Where Does Drupal 7 Fit?

Drupal 9 is the future of Drupal. No doubt. It's awesome.

Drupal 8 site owners are busy upgrading to Drupal 9!

Drupal 6 is still a reality for a large number of critical websites.

In fact, at myDropWizard, we spent a lot of time focusing on Drupal 6 over the years. 32,000 Drupal 6 sites is not an insignificant number, and many of them contract for suport with us.

Drupal 6 core security update for SA-CORE-2020-004

by David Snopek on June 17, 2020 - 2:15pm

As you may know, Drupal 6 has reached End-of-Life (EOL) which means the Drupal Security Team is no longer doing Security Advisories or working on security patches for Drupal 6 core or contrib modules - but the Drupal 6 LTS vendors are and we're one of them!

Today, there is a Critical security release for Drupal core to fix a (Cross-Site Request Forgery) CSRF vulnerability. You can learn more in the security advisory:

Drupal core - Moderately Critical - Cross Site Request Forgery - SA-CORE-2020-004

Here you can download the Drupal 6 patch to fix, or a full release ZIP or TAR.GZ.

If you have a Drupal 6 site, we recommend you update immediately! We have already deployed the patch for all of our Drupal 6 Long-Term Support clients. :-)

FYI, there were other Drupal core security advisories made today, but those don't affect Drupal 6.

If you'd like all your Drupal 6 modules to receive security updates and have the fixes deployed the same day they're released, please check out our D6LTS plans.

Note: if you use the myDropWizard module (totally free!), you'll be alerted to these and any future security updates, and will be able to use drush to install them (even though they won't necessarily have a release on Drupal.org).

Drupal 9: The Drupal of Tomorrow? Drupal 7: Drupal of Now!

by Elliot Christenson on June 4, 2020 - 1:03am

The Top Five Reasons Why You Should Stick With Drupal 7 in 2020 and Beyond.

Drupal 9 was launched yesterday! There will be no shortage of buzz about how you can get your site upgraded and ready for Drupal 9. Obviously, it's the best Drupal ever, and it's positioned well for the future. However, are you well positioned for the future?

Subscribe to Blog on Drupal 7-8 Support and Maintenance + Drupal 6 Long-Term Support: myDropWizard

We're a Top 40 Drupal Blog!

o