Blog

myDropWizard will give Extended Support to all current Drupal 7 customers!

by Elliot Christenson on December 19, 2019 - 12:04am

In November 2021, Drupal 7 will be End-of-Life (EOL). To continue getting security updates, you'll need to get Extended Support (D7ES). But if you sign up before EOL, you'll get automatic security updates until then AND a better price when EOL comes.

Drupal 6 security update for Webform module

by David Snopek on December 11, 2019 - 2:45pm

As you may know, Drupal 6 has reached End-of-Life (EOL) which means the Drupal Security Team is no longer doing Security Advisories or working on security patches for Drupal 6 core or contrib modules - but the Drupal 6 LTS vendors are and we're one of them!

Today, there is a Critical security release for the Webform module to fix a Cross Site Scripting (XSS) vulnerability.

The Webform module is for making forms and surveys in Drupal. 

It doesn't sufficiently sanitize token values taken from query strings. If a query string token is used as the value of a markup component, an attacker can inject JavaScript into a page.

See the security advisory for Drupal 7 for more information.

Here you can download the Drupal 6 patch or the full release.

If you have a Drupal 6 site using the Webform module, we recommend you update immediately! We have already deployed the patch for all of our Drupal 6 Long-Term Support clients. :-)

If you'd like all your Drupal 6 modules to receive security updates and have the fixes deployed the same day they're released, please check out our D6LTS plans.

Note: if you use the myDropWizard module (totally free!), you'll be alerted to these and any future security updates, and will be able to use drush to install them (even though they won't necessarily have a release on Drupal.org).

What happens when the Drupal Security Team marks a module as unsupported?

by David Snopek on November 13, 2019 - 8:44pm

You may have noticed that today the Drupal Security Team marked 16 modules as unsupported, due to the module maintainer not fixing a reported security vulnerability after a sufficiently long period of time.

Among those modules, there were a few very popular ones like Admininistration Views and Nodequeue, which have have reported ~118k and ~40k sites using them, respectively.

Everytime a popular module is unsupported, there's a certain amount of panic and uncertainty, so I wanted to address that in this article, both for the Drupal community at large, and for our customers in particular, because we promise to deploy security updates the same day they are released.

Read more to see our perspective!

Wizards & Robots Save Drupal Websites From Non-Stop Attack!

by Elliot Christenson on October 16, 2019 - 7:53am

All versions of Drupal are under attack - no different than other software. What can be different is that websites are often custom, complex, and can be attacked seconds after an exploit is made public. myDropWizard's Support "Wizards" and our automated process "Robots" are continually working to keep you backed up, supported, and secured from all types of threats.

Drupal 6 security update for Ubercart module

by David Snopek on October 2, 2019 - 1:32pm

As you may know, Drupal 6 has reached End-of-Life (EOL) which means the Drupal Security Team is no longer doing Security Advisories or working on security patches for Drupal 6 core or contrib modules - but the Drupal 6 LTS vendors are and we're one of them!

Today, there is a Moderately Critical security release for the Ubercart module to fix a Cross Site Scripting (XSS) vulnerability.

The Ubercart module provides a shopping cart and e-commerce features for Drupal.

The order module doesn't sufficiently sanitize user input when displayed on an invoice leading to a XSS vulnerability.

This vulnerability is mitigated by the fact that an attacker must have a role with the permission "edit orders".

See the security advisory for Drupal 7 for more information.

Here you can download the Drupal 6 patch or the full release.

If you have a Drupal 6 site using the Ubercart module, we recommend you update immediately! We have already deployed the patch for all of our Drupal 6 Long-Term Support clients. :-)

If you'd like all your Drupal 6 modules to receive security updates and have the fixes deployed the same day they're released, please check out our D6LTS plans.

Note: if you use the myDropWizard module (totally free!), you'll be alerted to these and any future security updates, and will be able to use drush to install them (even though they won't necessarily have a release on Drupal.org).

Contact myDropWizard About Drupal 7 Life Support

by Elliot Christenson on September 18, 2019 - 8:22pm

We are less than 260 days from the release of Drupal 9. Whether you are moving away from Drupal, planning on updating to Drupal 8, or updating to Drupal 9 in 2020, you need your current Drupal 7 website kept up to date and watched over for security issues in the meantime.

My Drupal Developer Stopped Drupaling! What Now?

by Elliot Christenson on August 1, 2019 - 12:39am

If you have a Drupal website, then you have a Drupal developer. In some cases, that might be you. In other cases, that could be an employee or intern on your staff. In other cases, it could be an employee or team from a consulting team or "Drupal Shop". For all sorts of reasons, any or all of these types of people may eventually not be able to continue to maintain the website they built for you. Read on!

Why are We Called Wizards?

by Elliot Christenson on July 4, 2019 - 3:30am

Every morning, our team meets, as so many development teams do, for a daily "standup". Since we all work remotely, at some point, we decided it would be a great idea to have "ice breakers" to get to know our far-flung teammates better. It's worked great, and I feel like I know my teammates like they are working across the room instead of across the planet!

It was during one of these sessions that my blogging writer's block came up, and Arturo mentioned that I should just explain "Why are We Called Wizards?". This was exactly the sort of inspiration that I was hoping for. I hadn't seen the forest for the trees, so to speak! We never really have explained why we have such a seemingly silly company name.

Maybe today I can show you how it's, perhaps not just appropriate - but maybe even perfect - to describe what it is that we try to do!

Drupal 6 security update for Advanced Forum module

by David Snopek on June 26, 2019 - 11:42am

As you may know, Drupal 6 has reached End-of-Life (EOL) which means the Drupal Security Team is no longer doing Security Advisories or working on security patches for Drupal 6 core or contrib modules - but the Drupal 6 LTS vendors are and we're one of them!

Today, there is a Critical security release for the Advanced Forum 6.x-2.x module to fix an Cross Site Scripting (XSS) vulnerability.

Advanced Forum builds on and enhances Drupal's core forum module.

The module doesn't sufficiently sanitise user input in specific circumstances relating to the module's default functionality. It is not possible to disable the vulnerable functionality.

This vulnerability is mitigated by the fact that an attacker must have a role with permission to create forum content.

See the security advisory for Drupal 7 for more information.

Here you can download the Drupal 6 patch or the full release.

Note: This only affects Advanced Forum 6.x-2.x -- not 6.x-1.x.

If you have a Drupal 6 site using the Advanced Forum 6.x-2.x module, we recommend you update immediately! We have already deployed the patch for all of our Drupal 6 Long-Term Support clients. :-)

If you'd like all your Drupal 6 modules to receive security updates and have the fixes deployed the same day they're released, please check out our D6LTS plans.

Note: if you use the myDropWizard module (totally free!), you'll be alerted to these and any future security updates, and will be able to use drush to install them (even though they won't necessarily have a release on Drupal.org).

Drupal 6 supports MySQL 8 (starting in Drupal 6.51)

by David Snopek on May 21, 2019 - 9:17am

As you probably know, Drupal 6 reached its End-of-Life (EOL) on February 24th, 2016. However, the mantle of supporting Drupal 6 was taken up by the Drupal 6 Long-Term Support vendors - including the team here at myDropWizard!

Long-Term Support isn't glamorous or exciting.

It's making security releases. It's minor bug fixes. Sometimes it's updating a contrib module that hasn't had an official release since 2009 to work with PHP 7. :-)

In fact, a big part of Drupal 6 Long-Term Support (D6LTS) is updating Drupal 6 core and contrib to work with new technologies, especially as the older versions that it was originally designed to work with become deprecated or reach their own EOL, like when PHP 5 reached its EOL at the end of last year. (Did you know that Drupal 6 now works with PHP 7?)

Today, I'd like to announce that Drupal 6 supports MySQL 8, starting with Drupal 6.51!

This was implemented in collaboration with the community, largely the contributions of f1mishutka, but also a number of others who contributed testing and bug reports.

I know there's a lot of anxiety over how Drupal 7 Extended Support (D7ES) is going to work, however, I think that this is more evidence that the vendor-supported model used by D6LTS (and soon, D7ES) is working.

You can download the latest Drupal 6 LTS core release from GitHub.

Popular topics

Subscribe to Blog on Drupal 7-8 Support and Maintenance + Drupal 6 Long-Term Support: myDropWizard

We're a Top 40 Drupal Blog!

o