My Drupal Developer Stopped Drupaling! What Now?

by Elliot Christenson on August 1, 2019 - 12:39am

If you have a Drupal website, then you have a Drupal developer. In some cases, that might be you. In other cases, that could be an employee or intern on your staff. In other cases, it could be an employee or team from a consulting team or "Drupal Shop". For all sorts of reasons, any or all of these types of people may eventually not be able to continue to maintain the website they built for you. Read on!

Why are We Called Wizards?

by Elliot Christenson on July 4, 2019 - 3:30am

Every morning, our team meets, as so many development teams do, for a daily "standup". Since we all work remotely, at some point, we decided it would be a great idea to have "ice breakers" to get to know our far-flung teammates better. It's worked great, and I feel like I know my teammates like they are working across the room instead of across the planet!

It was during one of these sessions that my blogging writer's block came up, and Arturo mentioned that I should just explain "Why are We Called Wizards?". This was exactly the sort of inspiration that I was hoping for. I hadn't seen the forest for the trees, so to speak! We never really have explained why we have such a seemingly silly company name.

Maybe today I can show you how it's, perhaps not just appropriate - but maybe even perfect - to describe what it is that we try to do!

Drupal 6 security update for Advanced Forum module

by David Snopek on June 26, 2019 - 11:42am

As you may know, Drupal 6 has reached End-of-Life (EOL) which means the Drupal Security Team is no longer doing Security Advisories or working on security patches for Drupal 6 core or contrib modules - but the Drupal 6 LTS vendors are and we're one of them!

Today, there is a Critical security release for the Advanced Forum 6.x-2.x module to fix an Cross Site Scripting (XSS) vulnerability.

Advanced Forum builds on and enhances Drupal's core forum module.

The module doesn't sufficiently sanitise user input in specific circumstances relating to the module's default functionality. It is not possible to disable the vulnerable functionality.

This vulnerability is mitigated by the fact that an attacker must have a role with permission to create forum content.

See the security advisory for Drupal 7 for more information.

Here you can download the Drupal 6 patch or the full release.

Note: This only affects Advanced Forum 6.x-2.x -- not 6.x-1.x.

If you have a Drupal 6 site using the Advanced Forum 6.x-2.x module, we recommend you update immediately! We have already deployed the patch for all of our Drupal 6 Long-Term Support clients. :-)

If you'd like all your Drupal 6 modules to receive security updates and have the fixes deployed the same day they're released, please check out our D6LTS plans.

Note: if you use the myDropWizard module (totally free!), you'll be alerted to these and any future security updates, and will be able to use drush to install them (even though they won't necessarily have a release on Drupal.org).

Drupal is Under Non-Stop Attack. Wizards & Robots Save Websites!

by Elliot Christenson on June 6, 2019 - 7:53am

All versions of Drupal are under attack - no different than other software. What can be different is that websites are often custom, complex, and can be attacked seconds after an exploit is made public. myDropWizard's Support "Wizards" and our automated process "Robots" are continually working to keep you backed up, supported, and secured from all types of threats.

Drupal 6 supports MySQL 8 (starting in Drupal 6.51)

by David Snopek on May 21, 2019 - 9:17am

As you probably know, Drupal 6 reached its End-of-Life (EOL) on February 24th, 2016. However, the mantle of supporting Drupal 6 was taken up by the Drupal 6 Long-Term Support vendors - including the team here at myDropWizard!

Long-Term Support isn't glamorous or exciting.

It's making security releases. It's minor bug fixes. Sometimes it's updating a contrib module that hasn't had an official release since 2009 to work with PHP 7. :-)

In fact, a big part of Drupal 6 Long-Term Support (D6LTS) is updating Drupal 6 core and contrib to work with new technologies, especially as the older versions that it was originally designed to work with become deprecated or reach their own EOL, like when PHP 5 reached its EOL at the end of last year. (Did you know that Drupal 6 now works with PHP 7?)

Today, I'd like to announce that Drupal 6 supports MySQL 8, starting with Drupal 6.51!

This was implemented in collaboration with the community, largely the contributions of f1mishutka, but also a number of others who contributed testing and bug reports.

I know there's a lot of anxiety over how Drupal 7 Extended Support (D7ES) is going to work, however, I think that this is more evidence that the vendor-supported model used by D6LTS (and soon, D7ES) is working.

You can download the latest Drupal 6 LTS core release from GitHub.

Experimental Composer repository with CKEditor plugins

by David Snopek on May 17, 2019 - 8:49am

In my experience, a big part of making a Drupal 8 site usable for content editors is customizing the WYSIWYG, which usually includes adding a couple additional CKEditor plugins.

Of course, you can simply download the plugins into the 'libraries' folder, and that's fine. But these days, it's becoming best practice to pull in all of your site's dependencies using Composer.

Adding 'package' repositories to your composer.json for the CKEditor plugins (the current best practice) works fine - but only for your individual site.

It doesn't work so well if you want to install:

  • A Drupal "Feature" (like with the Features module) that configures the WYSIWYG, including adding some CKEditor plugins, or
  • A Drupal distribution (like Panopoly or Lightning)

In those cases, you can't depend on what the individual site may have in its top-level composer.json, and asking the user to manually copy-paste a bunch of 'package' repositories in there may create enough confusion or problems that potential users will just give up.

Well, I've got an possible solution to this problem: an experimental Composer repository which includes CKEditor plugins for use on a Drupal site.

It works better for Feature modules and distributions, but can also make life easier for individual sites too.

Read more to find out how it works and how to use it!

Drupal 6 core security update for SA-CORE-2019-007

by David Snopek on May 8, 2019 - 12:31pm

As you may know, Drupal 6 has reached End-of-Life (EOL) which means the Drupal Security Team is no longer doing Security Advisories or working on security patches for Drupal 6 core or contrib modules - but the Drupal 6 LTS vendors are and we're one of them!

Today, there is a Moderately Critical security release for Drupal core to fix a vulnerability in the protections added in SA-CORE-2019-003. You can learn more in the security advisory:

Drupal core - Moderately Critical - Third-party Libraries - SA-CORE-2019-007

Here you can download the Drupal 6 patch to fix, or a full release ZIP or TAR.GZ.

If you have a Drupal 6 site, we recommend you update immediately! We have already deployed the patch for all of our Drupal 6 Long-Term Support clients. :-)

If you'd like all your Drupal 6 modules to receive security updates and have the fixes deployed the same day they're released, please check out our D6LTS plans.

Note: if you use the myDropWizard module (totally free!), you'll be alerted to these and any future security updates, and will be able to use drush to install them (even though they won't necessarily have a release on Drupal.org).

Drupal 6 core security update for SA-CORE-2019-006

by David Snopek on April 17, 2019 - 4:00pm

As you may know, Drupal 6 has reached End-of-Life (EOL) which means the Drupal Security Team is no longer doing Security Advisories or working on security patches for Drupal 6 core or contrib modules - but the Drupal 6 LTS vendors are and we're one of them!

Today, there is a Moderately Critical security release for Drupal core to fix a vulnerability in jQuery. You can learn more in the security advisory:

Drupal core - Moderately Critical - Third-party Libraries - SA-CORE-2019-006

Here you can download the Drupal 6 patch to fix, or a full release ZIP or TAR.GZ.

If you have a Drupal 6 site, we recommend you update immediately! We have already deployed the patch for all of our Drupal 6 Long-Term Support clients. :-)

FYI, there was another Drupal core security release made today (SA-CORE-2019-005) but that one doesn't affect Drupal 6, because Drupal 6 doesn't depend on Symfony.

If you'd like all your Drupal 6 modules to receive security updates and have the fixes deployed the same day they're released, please check out our D6LTS plans.

Note: if you use the myDropWizard module (totally free!), you'll be alerted to these and any future security updates, and will be able to use drush to install them (even though they won't necessarily have a release on Drupal.org).

Drupal 6 in the year 2022 (and what's coming for Drupal 7)

by David Snopek on April 2, 2019 - 11:59am

When we originally announced that we'd be providing Drupal 6 Long-Term Support, we committed to supporting our customers until at least February 2017.

Each year in the spring, we've taken a look at the state of Drupal 6 and decided whether we'll extend support for another year, and if we need to make any changes to our offering. Here's the articles from 20162017, and 2018 where we announced an additional year each time and any new concerns (for example, PHP 7 support).

Today, we're announcing that we'll be extending our Drupal 6 Long-Term Support two more years until at least February 2022!

I'm sure there will come a time, when it no longer makes business sense to pour resources into Drupal 6 for the few remaining sites, however, it's already clear to us that there's enough demand for a couple more years.

Also, now that we know when Drupal 7 will reach it's End-of-Life, we've started to plan for that, and decided that we'd like D6LTS to last at least until then (which is why we're announcing an additional 2 years this time, rather than just 1).

Regarding Drupal 7: we've officially applied to be a Drupal 7 Extended Support vendor and have been accepted. :-)

Read on to find out more!

SA-CORE-2019-004 doesn't affect Drupal 6

by David Snopek on March 20, 2019 - 4:43pm

As you may know, Drupal 6 has reached End-of-Life (EOL) which means the Drupal Security Team is no longer doing Security Advisories or working on security patches for Drupal 6 core or contrib modules - but the Drupal 6 LTS vendors are and we're one of them!

Today, there is a Moderately Critical security release for Drupal core to fix a Cross Site Scripting (XSS) vulnerability.

Folks have been asking us, so this is just a short note to say that this issue does NOT affect Drupal 6. So, you can focus just on updating your Drupal 7 and Drupal 8 sites today. :-)

Thanks!

Subscribe to Blog on Drupal 7-8 Support and Maintenance + Drupal 6 Long-Term Support: myDropWizard

We're a Top 40 Drupal Blog!

o