Blog

Drupal 6 security update for Lightbox2 module

by David Snopek on October 10, 2018 - 12:40pm

As you may know, Drupal 6 has reached End-of-Life (EOL) which means the Drupal Security Team is no longer doing Security Advisories or working on security patches for Drupal 6 core or contrib modules - but the Drupal 6 LTS vendors are and we're one of them!

Today, there is a Critical security release for the Lightbox2  module to fix a Cross Site Scripting (XSS) vulnerability.

The Lightbox2 module enables you to overlay images on the current page.

The module did not sanitize some inputs when used in combination with a custom View leading to potential XSS.

See the security advisory for Drupal 7 for more information.

Here you can download the Drupal 6 patch.

If you have a Drupal 6 site using the Lightbox2 module, we recommend you update immediately! We have already deployed the patch for all of our Drupal 6 Long-Term Support clients. :-)

If you'd like all your Drupal 6 modules to receive security updates and have the fixes deployed the same day they're released, please check out our D6LTS plans.

Note: if you use the myDropWizard module (totally free!), you'll be alerted to these and any future security updates, and will be able to use drush to install them (even though they won't necessarily have a release on Drupal.org).

Announcing Drupal 6.45 (and selected contrib) for PHP 7.2!

by David Snopek on October 8, 2018 - 4:45pm

If you haven't heard yet, PHP 5 will reach the end of its security support (from the upstream project) in December of this year.

During DrupalCon Baltimore we announced that we'd be updating Drupal 6 to work with PHP 7.2, and, in September, we announced that we'd be making a big push to get that live with a couple of our customers.

Finally, we have something to show for it! :-)

So far, we've only tested with a few sites, so I'm sure there's some additional issues and bugs we haven't encountered yet. But we have an initial release of Drupal core and some selected contrib modules that work with PHP 7.2 in our testing.

And all our work so far has been released back to the community!

Read more for the details :-)

Drupal 6 security update for Print module (CRITICAL!)

by David Snopek on October 3, 2018 - 4:30pm

As you may know, Drupal 6 has reached End-of-Life (EOL) which means the Drupal Security Team is no longer doing Security Advisories or working on security patches for Drupal 6 core or contrib modules - but the Drupal 6 LTS vendors are and we're one of them!

Today, there is a Critical security release for the Print module to fix a Remote Code Execution (RCE) vulnerability.

The Print module provides printer-friendly versions of content, including send by e-mail and PDF versions.

The module doesn't sufficiently sanitize the arguments passed to the wkhtmltopdf executable, or HTML passed to dompdf or other PDF generation tools.

See the security advisory for Drupal 7 for more information.

NOTE: This vulnerability has a lower risk in Drupal 6 than in Drupal 7 (where it's Highly Critical). This is because you can't pass shell commands to execute using the HTTP basic auth user/pass, like you can in Drupal 7.

Here you can download the Drupal 6 patch.

If you have a Drupal 6 site using the Print module, we recommend you update immediately! We have already deployed the patch for all of our Drupal 6 Long-Term Support clients. :-)

If you'd like all your Drupal 6 modules to receive security updates and have the fixes deployed the same day they're released, please check out our D6LTS plans.

Note: if you use the myDropWizard module (totally free!), you'll be alerted to these and any future security updates, and will be able to use drush to install them (even though they won't necessarily have a release on Drupal.org).

So, When Do I REALLY Need to Upgrade From Drupal 7?

by Elliot Christenson on September 20, 2018 - 1:07am

So, When Do I REALLY Need to Upgrade from Drupal 7?

Drupal 8 was released on November 19, 2015 - nearly three years ago. The drastic architectural changes created a difficult upgrade path for those running Drupal 7. With the huge amount of investment in Drupal 7 over the previous 5 years, this set off shockwaves of fear across the Drupal ecosystem. Recently, Dries Buytaert, the project lead for Drupal, announced the planned launch of Drupal 9 in 2020. That signals the "End of Life" of Drupal 7 in November 2021. When do I need to upgrade?

By the way, that is more than ten years after the release of the first version of Drupal 7!

It's also the date of the "End of Life" of Drupal 8 (more on that later).

Drupal 6 on PHP 7

by David Snopek on September 5, 2018 - 2:59pm

Back in May, we announced that we'd be working on getting Drupal 6 core, and the contrib modules used by our D6LTS customers, working on PHP 7.2 before the end of the year.

This is largely because PHP 5 will be reaching it's End of Life (EOL) on December 31st, and will no longer be supported by the PHP maintainers, which means no more security updates.

How can we help keep your Drupal 6 site secure, if PHP itself is insecure?

Well, that deadline is coming up fast, and in fact, may be coming sooner than December for folks hosted with certain hosting companies!

Acquia just announced that they'll automatically switch all sites hosted on Acquia Cloud to PHP 7.1 on October 1st, less than a month away from now.

Inspired by this (read: some of our customers are hosted on Acquia ;-)) we're going to make a push to get a handful of brave D6LTS customers switched to PHP 7.1 or 7.2 by the end of September.

After proving this out with a handful of sites in September, we'll continue to roll that out to the rest of our customers in October, November and December.

Interested in getting involved? Wondering how much of this will be shared with the community?

Read the rest of the article!

Drupal support you can actually afford

by Sofia Saldana on August 9, 2018 - 4:07am

Having a Drupal site can be the best thing for your business: for the first few months or years.

However, like any other software, you can start experiencing some problems: security issues, software conflicts, feature upgrades - even simply forgetting how to perform some actions within the system! Having to fix issues could be expensive. Hiring support staff to help you with getting things done can be very expensive!

But there is a better way:

Organizations like what Katie and Henry run can't afford to have their website offline. This stops donations or sales from coming in, stops news and outreach, and can even put a halt to an entire web dependent organization!

Be like Katie and Henry and get your Drupal site protected with myDropWizard. Choose the Best Route!

Click play to watch the video.

Roundearth.io 101: Drupal 8 + CiviCRM for Beginners

by Elliot Christenson on July 25, 2018 - 9:49pm

Roundearth.io Screenshot

We're Drupalers who only recently started digging deep into CiviCRM and we're finding some really cool things! This series of videos is meant to share those secrets with other Drupalers, in case they come across a project that could use them. :-)

There are millions of nonprofit organizations and small businesses across the planet: we want all of them using Roundearth! In the screencast below, we'll show what myDropWizard's Roundearth is all about and offer a brief glimpse at what it looks like logged-in.

Watch the screencast to see our brief overview of Roundearth:

Some highlights from the video:

  • What is Roundearth?
  • Who can use Roundearth?

Please leave a comment below!

Drupal 6 security update for XML sitemap (6.x-2.x only)

by David Snopek on July 18, 2018 - 2:42pm

As you may know, Drupal 6 has reached End-of-Life (EOL) which means the Drupal Security Team is no longer doing Security Advisories or working on security patches for Drupal 6 core or contrib modules - but the Drupal 6 LTS vendors are and we're one of them!

Today, there is a Moderately Critical security release for the XML sitemap module (version 6.x-2.x only) to fix an Information Disclosure vulnerability.

The XML sitemap module enables you to generate XML sitemaps and it helps search engines to more intelligently crawl a website and keep their results up to date.

The module doesn't sufficiently handle access rights under the scenario of updating contents from cron execution.

See the security advisory for Drupal 7 for more information.

Here you can download the Drupal 6 patch.

If you have a Drupal 6 site using the XML sitemap module, we recommend you update immediately! We have already deployed the patch for all of our Drupal 6 Long-Term Support clients. :-)

If you'd like all your Drupal 6 modules to receive security updates and have the fixes deployed the same day they're released, please check out our D6LTS plans.

Note: if you use the myDropWizard module (totally free!), you'll be alerted to these and any future security updates, and will be able to use drush to install them (even though they won't necessarily have a release on Drupal.org).

CiviCRM secrets for Drupalers: Membership Directory

by Elliot Christenson on July 5, 2018 - 12:58am

We're Drupalers who only recently started digging deep into CiviCRM and we're finding some really cool things! This series of videos is meant to share those secrets with other Drupalers, in case they come across a project that could use them. :-)

In the screencast below, I'll show how how you can set-up a public membership directory in Roundearth's CiviCRM! Many organizations have a need to have public visitors see their member individuals or organizations

Watch the screencast to see how to add a public membership directory with Roundearth:

Some highlights from the video:

  • Add Memberships to a Contact
  • Create a Smart Group of Members
  • Boom: Create a Public Membership Directory

Please leave a comment below!

CiviCRM secrets for Drupalers: Fundraising Campaigns

by Elliot Christenson on June 27, 2018 - 11:38pm

We're Drupalers who only recently started digging deep into CiviCRM and we're finding some really cool things! This series of videos is meant to share those secrets with other Drupalers, in case they come across a project that could use them. :-)

In the screencast below, I'll show how how you can set-up a new Campaign in Roundearth's CiviCRM! The thing about campaigns is that until there is activity, there isn't much to see, but we have to start somewhere! So, here we setup a campaign.

Watch the screencast to see how to use a Campaign with Roundearth:

Some highlights from the video:

  • Set-up a new Campaign Type
  • Set-up a new Campaign
  • Send a Mailing attached to a Campaign!

Please leave a comment below!

Popular topics

Subscribe to Blog on Drupal 7-8 Support and Maintenance + Drupal 6 Long-Term Support: myDropWizard

We're a Top 40 Drupal Blog!

o