Blogs

News in this area are aggregated from Blogs across Drupal.org:

Drupal blog
Drupal.org blog
Drupal Association blog
Drupal Supporters blog

Help us test DrupalCI

DrupalCI is the next generation testing infrastructure for Drupal. After years of development, DrupalCI has been rolled out for testing Drupal 8 Core and Contrib projects - and will soon be taking over testing Drupal 7 Core and Contrib as well and for Drupal 6 for the duration of its long term support window.

Drupal 7.39 and 6.37 released

Drupal 7.39 and Drupal 6.37, maintenance releases which contain fixes for security vulnerabilities, are now available for download. See the Drupal 7.39 and Drupal 6.37 release notes for further information.

Secure your account: Two Factor authentication on Drupal.org

Drupal.org users can now use Two factor authentication to increase the security of their accounts.

Drupal.org Git Server Migration (2015-07-09 20:00-22:30 UTC)

On July 9th 8pm UTC, Drupal.org migrated to a redundant cluster of 2 servers. This provides failover in the event one server fails.

Drupal 7.38 and 6.36 released

Drupal 7.38 and Drupal 6.36, maintenance releases which contain fixes for security vulnerabilities, are now available for download. See the Drupal 7.38 and Drupal 6.36 release notes for further information.

Drupal.org Terms of Service and Privacy Policy update - June 2015

Following our plan to review and update Drupal.org Terms of Service and Privacy Policy every quarter based on community feedback, today we are implementing the second revision of those documents. This time we only have a minor update to the Privacy policy.

Privacy policy updates:

We added a note about Mailchimp to the 'Service providers and partners' section:

Drupal 7.37 released

Drupal 7.37, a maintenance release with numerous bug fixes (no security fixes), is now available for download.

Pre-production Drupal.org environments unauthorized access and rebuild

An issue was reported to the Drupal.org infrastructure team that uncovered an installed rootkit on our pre-production (dev and staging) environment on April 19th. We stopped all services on these servers. The access was gained through an open VNC port on our OpenStack environment that allowed hijacking of an open console session. The attacker was attempting to create a distributed denial of service (DDoS) attack on targeted IPs.

There is no evidence that information was taken from our staging database or that user information was compromised.

Limited email privacy breach on Drupal.org on April 15th

On April 15th, a Drupal.org website permission inadvertently allowed those with the "community" role to view a report listing of recently logged in users.

A new way to welcome newcomers on Drupal.org

Today, we are introducing a new ‘Community’ user role on the site. It will be granted automatically to users who have been around for some time and reached a certain level of participation on Drupal.org.

Pages