Come together with the global Drupal community in Rotterdam, 28 Sept – 1 Oct 2026. Sessions, contribution, connection, and Early Bird savings until 8 June.All the security issues have now been fixed, thanks to @ChrisZZ of "think modular" for sponsoring this final step. We now have a beta release! Stable release coming in early 2024.
Completed
- Security bug in the case where the subscriber entity has been extended with fields: #3152102: Anonymous user can alter fields of any subscriber.
- Major bug that affects sites that have enabled newsletters to appear on the registration form: #3238247: Major confusion for subscriptions during user registration. This is a regression in 3.x due to an incomplete fix for the security bug #3049356: Anon user can alter any anonymous subscription.
- Major redesign that enables fixes: #3332695: Model for confirmations is flawed.
Other non-BC issues:
- #3392981: Final tidy up of subscription routes
- #3260907: hook_simplenews_subscribe fires before subscription
- #3012160: Invalid unsubscribe link for test
- #3037139: Add "subscribed reason" explanatory text to newsletter
- #3035367: Track history of subscribe/unsubscribe and proof of consent
- #3384934: Undefined array key "status" for subscribers view
- #3350587: Add indices for simplenews_subscriber (performance fix)
- #3356308: Fix outdated names/comments for confirmations
- #3260400: Add types to function parameters
- #3298538: Show subscriptions field in Manage form display
Comments
Comment #2
adamps commentedComment #3
chriszz commentedHow long would it take to fix this, and what is the required budget?
Comment #4
adamps commentedHi @ChrisZZ, thanks for your interest. As it says in the issue summary, it would be about 2 weeks of developer time total. If you'd like to discuss the matter further, please use my contact form and we can set up a call.
Comment #5
adamps commented@ChrisZZ I received your message and sent you a reply at the start of February. I hope it reached you, and avoided your spam folder😃.
Comment #6
chriszz commentedHi Adam, for the moment, it seems better to use an existing open source newsletter tool - rather than to implement it within Drupal .... so we are not focusing on this anymore ...
Comment #7
ressaThanks for showing an interest in sponsoring a stable release of the module @ChrisZZ. It's too bad it didn't work out ...
Among the 45,000 sites reporting using the module, there are probably big companies and organizations. It would be really awesome if some of them would consider sponsoring the remaining tasks, to get a stable, Drupal 10 supporting version released.
This is Open Source after all, and the free software we all enjoy, doesn't write itself :-)
Comment #8
chriszz commentedSure, I understand this and we sponsor lot's of modules.
It would help me and others if you were precise in terms of remaining amount of financial means needed and if received, how long it would take - so that one could decide to jump on the bandwagon.
If you send me those numbers, I will reevaluate - without promising anything here. ...
regards,
Comment #9
ressa@ChrisZZ: Thanks for a fast answer. I certainly did not mean to single you guys out. Quite the opposite, I am truly grateful that you showed an interest in the first place.
My aim was simply to get other, bigger organizations and companies to maybe take a look at their budget, and consider allocating a little bit of it, on a stable release of Simplenews, if they use it.
That being said, I don't even use the Simplenews module myself, so a maintainer such as @AdamPS would need to give you the details you request. Have a nice day.
Comment #10
adamps commentedGreat thanks for considering it. I sent you an email containing this information in February. I guess it didn't reach you so I've just resent it (to the address you used when sending me the initial contact using this site's form).
I hesitate to publish financial details here in case people consider it inappropriate to use the Drupal.org issue queue for seeking paid work. If anyone can offer guidance on that please leave a comment.
The Issue Summary states "about 2 weeks of developer time", so hopefully that gives a fair idea. Personally speaking, I offer a discounted rate when hired for open-source work.
Comment #11
adamps commentedComment #12
adamps commentedThanks to @ChrisZZ of "think modular" for sponsoring a detailed investigation. I have updated the IS here, and will update the other issues next with detailed proposed changes.
The required changes and the time estimate are now solid: 76 hours. The funding for the remaining work is not yet confirmed, and any offers of sponsorship would be most welcome.
Comment #13
adamps commentedComment #14
ressaThank you @ChrisZZ for sponsoring an investigation and @AdamPS for doing it. Have a great weekend, you both deserve it.
Comment #15
adamps commented#3332695: Model for confirmations is flawed is fixed in 4.x dev
Comment #16
adamps commentedThe security bugs have now all been fixed and I created a first 4.x alpha release. Please install on your dev sites and start to test it.
Before making the first beta I would like to fix some of the other non-back-compatible issues listed in the IS.
Comment #17
adamps commentedGetting closer - 1 fixed, 1 ready to commit. Still 1 non-BC issue not yet started.
Comment #18
adamps commentedComment #19
adamps commentedComment #20
adamps commentedComment #21
adamps commentedComment #22
adamps commentedComment #23
adamps commentedComment #24
adamps commentedComment #25
adamps commentedComment #26
adamps commentedComment #27
adamps commentedComment #28
adamps commentedComment #29
adamps commentedComment #30
adamps commentedComment #31
adamps commentedNew release 4.0.0-alpha3 is available. The next release should be a beta - I'll just wait a while first in case of any serious bug reports.
Comment #32
adamps commentedWe now have a beta release! Stable release coming in early 2024.
Comment #34
ressaA belated, but big thank you @adamps, and @chriszz from think modular for sponsoring a stable release of Simplenews 🎉
I have since used Simplenews in a client project, and it works extremely well.