Drupal 8 + CiviCRM Roundearth Lands In Calgary for CiviCamp

by Elliot Christenson on May 9, 2018 - 9:22pm

On May 22nd, the giant CiviCRM Meetup CiviCamp Calgary arrives! What is a CiviCamp you ask? What is CiviCRM? What is Calgary? Why should a Drupaler care? All will be revealed below, dear reader!

Critical Drupal core security update for SA-CORE-2018-004 (including Drupal 6!)

by David Snopek on April 25, 2018 - 11:53am

Today, there is a Critical security release for Drupal core to fix a Remote Code Execution (RCE) vulnerability. You can learn more in the security advisory:

Drupal core - Critical - Remote Code Execution - SA-CORE-2018-004

This issue also affects Drupal 6 (although, less severely than Drupal 7 or 8). So, we're also making a Drupal 6 Long-Term Support (D6LTS) release of Drupal core and the Filefield module.

Drupal 6 core security update

As you may know, Drupal 6 has reached End-of-Life (EOL) which means the Drupal Security Team is no longer doing Security Advisories or working on security patches for Drupal 6 core or contrib modules - but the Drupal 6 LTS vendors are and we're one of them!

This fix is both for Drupal 6 core and the Filefield module. This is because the Drupal 7 & 8 fixes include changes to the core 'file' module, which isn't in Drupal 6 core, but an equivalent fix applies to the Filefield module.

Here you can download:

If you have a Drupal 6 site, we recommend you update immediately! We have already deployed the patch for all of our Drupal 6 Long-Term Support clients. :-)

If you'd like all your Drupal 6 modules to receive security updates and have the fixes deployed the same day they're released, please check out our D6LTS plans.

Note: if you use the myDropWizard module (totally free!), you'll be alerted to these and any future security updates, and will be able to use drush to install security updates for contrib modules (even though they won't necessarily have a release on Drupal.org).

Security Vulnerabilities Affect Your Dev Sites Too

by Will Long on April 18, 2018 - 4:25pm

When Drupalgeddon 2 (SA-CORE-2018-002) happened a few weeks back, we saw plenty of buzz from agencies and other organizations throughout the community who were having patching parties.

Yay for patching! But were you left vulnerable by not updating all of your installations?

If you didn’t update development and staging sites, you may be at risk!

Due to the nature of the vulnerability, from the largest of enterprise applications to the smallest of brochure or hobbyist site builds, all Drupal sites were affected. This includes any testing or staging versions of your site. Depending on how you manage your local development sites, even those may have been exposed too!

Still not convinced? Read more to find out why you need to update ALL sites!

Drupal 7 Long-Term Support ... for after official support ends!

by Elliot Christenson on April 11, 2018 - 9:24pm

You may already know that we've been providing Drupal 6 Long-Term Support (D6LTS) for over two years.

What we have been hearing over and over lately - especially at Drupalcon - is "what about Drupal 7?"

Typically, only two major versions of Drupal are supported at once: the latest version, and the previous one. Right now, that means Drupal 7 and Drupal 8.

We don't know when the community's support for Drupal 7 will end or if the community itself will do some kind of LTS. But we do know that community support will come to end at some point. While the details will depend on what the community does, we just wanted to let everyone know...

We intend to provide Long-Term Support for Drupal 7, in order to keep your site going long after the end of official support!

Read more to learn more about our plans for D7LTS...

Get FREE help from a "Wizard" at DrupalCon Nashville!

by Elliot Christenson on April 5, 2018 - 1:53am

We're trying something new this year at Drupalcon 2018! Book some time with a myDropWizard "Support Wizard" for some FREE help with your Drupal site!

You're a first time Drupalcon attendee? You're a veteran Drupaler? Either way, you made part of your Drupalcon mission to fix a lingering issue - or at least to be pointed in the right direction!

We're here to help!

We spend our days helping Drupalers just like you every day with their support needs, so we thought "Let's bring that myDropWizard Support Face-to-Face with Drupalers: FOR FREE!"

So, drop by Booth #818 or (better yet!) schedule with us below!

The continuing importance of the Drupal 6 Long-Term Support program

by David Snopek on March 29, 2018 - 12:02am

Drupal 6 reached End-of-Life over 2 years ago, so you might be forgiven for thinking that Drupal 6 and its Long-Term Support (D6LTS) no longer matter.

However, yesterday (March 28th, 2018), there was a HIGHLY CRITICAL security vulnerability announced that affected Drupal 6, 7 & 8 (and even Backdrop).

This wasn't the first Drupal 6 LTS core release (did anyone notice that one?) and it probably won't be the last. And there are still ~65,000 sites running Drupal 6 according to Drupal.org, which were affected by this issue, and could be affected by future issues.

Luckily, the Drupal 6 LTS program is still going, and we got a patch and release out immediately!

But the D6LTS program won't go on forever... at least without users of Drupal 6 continuing to buy support from the D6LTS vendors.

I think this is a good time to remind everyone what the D6LTS program is and why it's still important to the Drupal community...

HIGHLY CRITICAL Drupal core security update for SA-CORE-2018-002 (including Drupal 6!)

by David Snopek on March 28, 2018 - 2:25pm

Today, there is a Highly Critical security release for Drupal core to fix a Remote Code Execution (RCE) vulnerability. You can learn more in the security advisory:

Drupal core - Critical - Remote Code Execution - SA-CORE-2018-002

As we noted last week, this issue also affects Drupal 6! So, we're also making a Drupal 6 Long-Term Support (D6LTS) release of Drupal core.

Drupal 6 core security update

As you may know, Drupal 6 has reached End-of-Life (EOL) which means the Drupal Security Team is no longer doing Security Advisories or working on security patches for Drupal 6 core or contrib modules - but the Drupal 6 LTS vendors are and we're one of them!

Here you can download the Drupal 6 patch to fix, or a full release ZIP or TAR.GZ.

If you have a Drupal 6 site, we recommend you update immediately! We have already deployed the patch for all of our Drupal 6 Long-Term Support clients. :-)

If you'd like all your Drupal 6 modules to receive security updates and have the fixes deployed the same day they're released, please check out our D6LTS plans.

Note: if you use the myDropWizard module (totally free!), you'll be alerted to these and any future security updates, and will be able to use drush to install security updates for contrib modules (even though they won't necessarily have a release on Drupal.org).

Drupal 6 highly critical security release on March 28th (PSA-2018-001)

by David Snopek on March 22, 2018 - 9:16am

Yesterday, the Drupal Security Team published PSA-2018-001, announcing that there would be a security release for Drupal 7 & 8 on March 28th to fix a highly critical security vulnerability.

The same vulnerability also affects Drupal 6, and so there will also be a Drupal 6 security release shortly after the Drupal 7 & 8 security advisory is published.

We'll be announcing that here, on the myDropWizard blog, as well as in the D6LTS issue queue on Drupal.org.

If you have any Drupal 6, 7 or 8 sites, we highly recommend setting aside some time on March 28th to update all of your sites!

If you're a myDropWizard customer: we'll be sending you the patch or deploying to your site or making a PR (depending on the workflow you have setup with us) as soon as possible once the security advisory is published. As always, we get all security updates out to our customers the same day they're released! This will be no different :-)

If you'd like all your Drupal 6 modules to receive security updates and have the fixes deployed the same day they're released, please check out our D6LTS plans.

Outsourced Drupal 7/8 Maintenance Can Give Better Support Than You Can!

by Elliot Christenson on March 14, 2018 - 8:20pm

We see two chief types of Drupal developers day-to-day. First there are those of you who are full-time developers with NGO's or medium to large business. Second, there are those developers that work independently or as part of larger agencies. In both cases, I believe outsourcing maintenance for your Drupal 7 or Drupal 8 websites is better from a quality standpoint and/or a cost standpoint. That might seem a little controversial to you, but stick with me, dear Drupaler!

It's Security Update Wednesday - You're Just Chillin'

by Elliot Christenson on March 1, 2018 - 7:35am

Last Wednesday, February 21 was a security update that impacted Drupal 8, Drupal 7, and even Drupal 6 "LTS". Hundreds of thousands of website operators need to immediately update their websites! A huge percentage of them are not "web developers". Many don't even know they need the update!

Drupal isn't known for its ease of use for site owners. It's come a long way, but it remains difficult for most. That's expected and sometimes even exciting for Drupal developers.

What about the (non-developer) site owner? We don't believe your site should be left vulnerable. We believe you should be able to "just chill" rather than stress about your Drupal site security!

Read on for a peek behind the curtain to see what the Wizards do so you don't have to.

Subscribe to Blog on myDropWizard.com

We're a Top 40 Drupal Blog!

o