AGILEDROP: Adding another DrupalCon to the list

Posted by Blog - 19 Apr 2017 at 07:47 UTC
Last week we promised that from now on, we'll be more informative about where you will be able to find us. Therefore, Web Camp was our first described destination. That event is a local thing for us since our headquarters are in Ljubljana, Slovenia. Now, we are proud to say that after Web Camp we are heading towards DrupalCon Baltimore! DrupalCon is organized by Drupal Association three times a year at three different locations. Next week, from 24th to 28th April it's time for the United States to shine. The biggest Drupal event, which brings together thousands of people from all around the… READ MORE

Diversity by example

Posted by Gábor Hojtsy - 19 Apr 2017 at 07:33 UTC

(Disclaimer: Dries did not ask/order/suggest/request me to post this neither to make any changes whatsoever.)

Dear Drupalists I need your help

Posted by Paul Johnson - 18 Apr 2017 at 22:02 UTC


Those who know me will be well aware that I am both a passionate cyclist. Last June I wrote a blog about cycling. It told the dreadfully sad tale of a cyclist who died close to my home following a road traffic incident. In just 24 hours the post had over 10,000 reads. This triggered me to take positive action, the result of which is my campaign "BeyondACyclist", which has backing and support from CyclingUK.

A totally volunteer effort (entirely inspired by my work with Drupal) BeyondACyclist has a groundswell of support and active participation from the likes of Three Degrees West film company, Cheshire Fire Service, Cheshire East Council, West Midlands Police, Christie Hospital, composer Brian Lane, script writer Craig Roderick (Southpaw Agency) and Phil Jones MBE Managing Director - Brother UK to name but a few. Plans are in advanced stages to produce an ambitious cinema quality short film, supporting studio portraits and action photography, social media campaign and distribution across a variety of mediums.

Why I am reaching out to you the Drupal community

Within the next few months we will have the film completed. But there is a final missing link. I need a website designed, built and themed to drive traffic towards. A site to serve as central focal point for all campaign activity. The place where all traffic will arrive be that from TV news, print media, social or offline. I cannot do all of this alone. I already have a lot on my plate!

I'm hoping someone in the Drupal community will be reading right now and feel this is a cause they would like to get involved with. Obviously Drupal 8, it will be high traffic as I have built excellent relations with media outlets including TV, print and social. And this is a global issue. In Ireland, across USA, Australia there are currently hot news stories about cycle safety and sadly more deaths. So don't think being outside the UK is a blocker, no.

I anticipate needing 2-3 individuals to complete the task - Designer, Site builder or Site builder and Themer (as separate roles). If you would like to discuss the idea further or are just plain interested in getting involved please use my contact form to reach me. And thank you in advance. Paul.

Baltimore!! We're Excited!

Posted by Hook 42 - 18 Apr 2017 at 20:30 UTC
DrupalCon Baltimore 2017 We're all thrilled to be heading to Baltimore soon for DrupalCon!

The Hook 42 team is on their way to the historic city of Baltimore. Its early days helped shape the narrative of America. This year it hosts DrupalCon North America and perhaps it will share a role in shaping the future of Drupal.

The team is excited to share what they are looking forward to, not only at DrupalCon, but also what the city might have in store for them during their down time.

Free SSL certificates for every project & every environment

Posted by - 18 Apr 2017 at 19:16 UTC
Free SSL certificates for every project & every environment Crell Tue, 04/18/2017 - 19:16 New Features Let's Encrypt

At, we believe that all websites deserve to be secure, fast, and feature-rich, and that it should be easy to have all three. Secure has always meant that a site is encrypted using SSL, which is why we’ve never charged for an SSL certificate. Fast means using HTTP/2, which we added support for earlier this year, but most browsers only support HTTP/2 over SSL. And feature-rich means allowing the full range of newer web functionality such as geolocation, access to media devices, or notifications, many of which browsers are now only permitting over SSL connections. You know what? The modern web only works properly with SSL so let’s cut out the middleman. Let’s Encrypt everything.

We’re happy to announce automatic support for Let’s Encrypt SSL certificates on every production site on Professional, at no charge.

Starting today for all new projects, on every deploy we will automatically provision and install an SSL certificate for you using the free Let’s Encrypt service. You don’t have to do anything. It will just be there.

For existing projects, we're bringing that functionality online in batches to avoid overwhelming the Let's Encrypt servers. We expect to finish getting through them all within the next few weeks. If you're about to bring a site live and want to make sure you get Let's Encrypt functionality before that, just file a support ticket and we'll bump you to the front of the line.

Wait, what does this mean for my site?

If you currently just have HTTP routes defined in your routes.yaml file, then as of your next deploy HTTPS requests will be served as HTTPS requests rather than being redirected to HTTP. Both will “just work”.

If you want to serve your entire site over HTTPS all the time (and yes, you do), simply change all http:// routes in your routing file to be https://. That will automatically redirect HTTP requests to HTTPS going forward.

See the Routes section of the documentation for more details, but really, there’s not many details beyond that. It just works.

What about Enterprise?

Most Enterprise sites are served through a Content Delivery Network already, in which case the SSL certificate is handled by the CDN. This change has no impact on Enterprise customers.

Neat! So what should I do?

You don’t have to do anything. HTTPS just works now. As above, you can configure your site to use HTTPS exclusively by adding the letter "s" to your routes.yaml file in a few places. (We told you it was easy.)

Of course, now that you know your site will use SSL, you also know it will be using HTTP/2. All SSL-protected sites on use HTTP/2. HTTP/2 is supported by nearly 80% of web browsers in the world. That makes it safe, and a good investment, to start optimizing your site for HTTP/2, layering in HTTP/2-specific capabilities like server push, and so forth.

Secure, fast, feature-rich, and easy. Welcome to!

Larry Garfield Larry Garfield 20 Apr, 2017

Drupal 6 security update for CCK

Posted by - 18 Apr 2017 at 18:05 UTC

As you may know, Drupal 6 has reached End-of-Life (EOL) which means the Drupal Security Team is no longer doing Security Advisories or working on security patches for Drupal 6 core or contrib modules - but the Drupal 6 LTS vendors are and we're one of them!

Today, there is a Moderately Critical security release for the CCK module to fix an Access Bypass vulnerability.

CCK allows you to add custom fields to any content type.

The Node Reference sub-module had a bug where it could list the node titles of nodes that the user doesn't have access to.

Here you can download the Drupal 6 patch.

If you have a Drupal 6 site using the CCK module, we recommend you update immediately! We have already deployed the patch for all of our Drupal 6 Long-Term Support clients. :-)

If you'd like all your Drupal 6 modules to receive security updates and have the fixes deployed the same day they're released, please check out our D6LTS plans.

Note: if you use the myDropWizard module (totally free!), you'll be alerted to these and any future security updates, and will be able to use drush to install them (even though they won't necessarily have a release on

Building a Network of 195 Drupal 8 Sites Using Pantheon’s Upstream

Posted by Pantheon Blog - 18 Apr 2017 at 18:04 UTC
Fairfax County Public Schools (FCPS) is the largest school system in Virginia and the 10th largest in the United States, with more than 200 schools and centers serving 186,000 students. To keep this large community of students, parents, teachers, employees, and the general public informed, FCPS is building out a network of 195 school websites.

What's new on - March 2017

Posted by blog - 18 Apr 2017 at 18:02 UTC

Read our Roadmap to understand how this work falls into priorities set by the Drupal Association with direction and collaboration from the Board and community.

DrupalCon Baltimore logo Apr 24-28

The Drupal Association team is gearing up for DrupalCon Baltimore. We're excited to see you there and we'll presenting a panel giving an update on our work since Dublin, and our plans for the coming months. updates

Project application revamp

As we announced in mid-March, new contributors on can now create full projects and releases! Contributors no longer have to wait in the project application queue for a manual review before they are able to contribute projects.

This is a very significant change in the Drupal contribution landscape, and it's something we approached carefully and will continue to monitor over the coming months. Drupal has always had a reputation for a high quality code, and we want to make sure that reputation is preserved with good security signals, project quality signals, and continued incentives for peer code review.

That said, we're very excited to see how this change opens up Drupal to a wider audience of contributors.

Please note that the removal of project applications to create full projects and releases means a change in the security advisory policy (see below for details).

Security Advisory Opt-in and new Security Signals for Projects

Are you responsible for the security of your clients' Drupal sites?

Please note that Drupal's security advisory coverage policy has changed. Security advisory coverage for contributed projects is now only available for projects that have both opted in to receive coverage and made a stable release. You can see which projects have opted in by checking their project pages. If you have questions, please contact

Because users may now create full projects and releases without opting in to security advisory coverage, it's critically important that we provide good security signals to users evaluating projects on This is why we've added a security coverage warning to projects that aren't opted in to coverage.

We've also:

2017 Community Elections Update

The 2017 elections for the community-at-large seat on the board were held successfully in March. Drupal Association community board elections are conducted with the Instant Runoff Voting system. This voting methodology requires that voters rank their preferred candidates on their ballot, and we've heard that this system has been somewhat unwieldy in the past.

Each year we try to improve the voter experience and so this year we deployed a new drag-and-drop ballot.

Drag and Drop Ballot

Finally, we want to congratulate our newest board member Ryan Szrama!

Better international datetime support throughout has grown organically over the course of more than a decade, and as features have been built out they were not always consistent in their display of datetime information. While it sometimes makes sense to have a few different formats for displaying date and time, many of the formats in use were simply arbitrary historical decisions.

As a quality of life improvement, especially for users outside of the USA, we've standardized the datetime format used on That format is: DD MMM YYYY - hh:mm (UTC±h). For example: 11 Aug 2016 - 16:42 (UTC+8)


CSS Lint check style results

DrupalCI logo

When we implemented coding standards testing in DrupalCI in February we were not able to add CSS Lint testing until the CSSLint configuration file in core was fixed. That issue was fixed in late February and so we added CSSLint to support coding standards testing for CSS at the beginning of March.

Cleaning up coding standards results

The addition of coding standards results to DrupalCI means that is now storing even more test data about the code we test on Our initial implementation of coding standards testing did not include clean up of older results, and so to preserve database space and testing resources, we implemented some clean-up routines in March. In particular we are now:

  • Cleaning up all results for closed issues
  • For custom one-off tests, keeping results for 30 days to match what is shown on project’s automated testing tab
  • For tests triggered on a schedule or commit, keeping the most recent per-environment per-branch, and keeping anything less than 24h old

Protecting Git services

We experienced some minor Git outages in March, due to malicious authentication attempts. To mitigate these issues in the future, we've implemented fail2ban rules to protect Git authentication. This should improve the stability and uptime of Git services for all developers on

We want to thank infrastructure volunteer mlhess for his assistance with this.

Community Initiatives

Contrib Documentation Migration

New tools for Documentation have been available on for more than half a year. While most of the core documentation has been migrated to the new system, we are still encouraging Contrib maintainers to migrate their docs.

To make it easier for contrib project maintainers to migrate their documentation to the new documentation tools, we've made two improvements:


As always, we’d like to say thanks to all the volunteers who work with us, and to the Drupal Association Supporters, who made it possible for us to work on these projects. In particular we want to thank:

If you would like to support our work as an individual or an organization, consider becoming a member of the Drupal Association.

Follow us on Twitter for regular updates: @drupal_org, @drupal_infra

Getting Started with Acquia Cloud CD

Posted by Acquia Developer Center Blog - 18 Apr 2017 at 17:19 UTC

The engineers at Acquia recently launched Acquia Cloud CD, a set of developer tools to automatically and continuously assure the quality of Drupal applications on Acquia Cloud.

To help you get started with these powerful tools, Acquia Learning Services has created a task-oriented, hands-on tutorial, to walk you through implementing continuous integration for your Drupal application.

Tags: acquia drupal planet

Additional ways to participate in Drupal training

Posted by DrupalCon News - 18 Apr 2017 at 17:04 UTC

A week at DrupalCon is a fantastic way to level up your skills and bring new knowledge back to your work. We have had such high interest in these training courses, that many have sold out!  We know there are still people out there who want to learn these valuable skills, and we want to be sure you have that chance, even if it's not at DrupalCon. 

How to Crop Images using Crop API, Image Widget Crop and Focal Point in Drupal 8

Posted by Web Wash - 18 Apr 2017 at 17:00 UTC
If you’ve done any Drupal site building, I’m sure you’ve experienced this issue. You create an image style with the “Scale and crop” effect and everything is going great until an editor uploads an image with a different aspect ratio. Now instead of images getting cropped correctly, they’re getting cut in half, or the top part is chopped off, and images are not displaying nicely. You could fix this problem by tweaking the image style to handle different aspect ratios, but it’ll never be the perfect solution. The best option is to crop image directly in Drupal, and this is what you’ll learn today. In this tutorial, you’ll learn how to avoid these situations by using Crop API. Now, Crop API doesn’t offer any interface on its own; it’s just an API. The two modules that provide an interface are Image Widget Crop and Focal Point. We’ll take a look at these modules in detail, in this tutorial.

Why I care about the Drupal drama

Posted by Mikkel Høgh - 18 Apr 2017 at 16:23 UTC
Why I care about the Drupal drama

There’s been a lot said and written about the most recent drama in the Drupal community, quite a few people have asked me why I care. This is hard to answer without sounding flippant in 140 characters, so I’ve taken the time to write another blog post about the topic. This one a little less angry and more reasoned than the first.

mikl Tue, 2017-04-18 - 18:23 Tags Drupal Drupal Planet

Open Y: Drupal Distribution for YMCA's

Posted by Featured Case Studies - 18 Apr 2017 at 16:20 UTC
Open YMCA on a computer screenCompleted Drupal site or project URL:

The Open Y is an open-source customer experience (CX) platform and Drupal 8 distribution specifically built for YMCAs to fuel the Y movement. It was founded by some of the largest YMCA associations in North America including YMCA of Greater Twin Cities, YMCA of Greater Seattle and YMCA of Greater Houston.

In the modern environment where customer experience often starts, and ends online, the YMCAs were constrained by aging proprietary content management systems (CMS). Their systems were difficult to use, cost prohibitive, and limited The Y’s ability to innovate digitally. The team team understood that they weren’t the only YMCA facing this situation, either, and decided to make their solution available to any other YMCA to use or improve upon by creating the digital initiative within the Y movement.

A Proposal for Future Drupal Core Development

Posted by FFW Agency - 18 Apr 2017 at 15:27 UTC
A Proposal for Future Drupal Core Development David Hernandez Tue, 04/18/2017 - 15:27

While working on a presentation for DrupalCon Baltimore, I was brainstorming various tactics and proposals for removing components and modules from Drupal core. The act of deleting something from core can, at first glance, seem simple, but it brings up a more interesting discussion.

First, some background

Earlier this year Dries Buytaert announced a change to the future backwards compatibility support for Drupal core. You can read more about the policy change in his post. To summarize, Drupal core will continue adding enhancements, marking replaced APIs as deprecated along the way. The next major version update of Drupal will simply be the removal of all the deprecated components.

Less than a month before this he also wrote about the opportunities prepackaged distributions present for Drupal 8. The new world of Composer-based dependency management is great for developers, but will become a new barrier to entry for beginners. The predefined packaging of distributions may be an important tool for combating this problem.

A clash of concerns

The real historical problem that has made the decision to add or remove components in Drupal core difficult is the dichotomy between Drupal as a framework and Drupal as a product. Framework advocates want a small, agile core focused on robust APIs that can advance at a faster pace. We’ve traditionally called this “small core.” Product advocates are focused on Drupal being a complete product for website building; with sensible defaults, out-of-the-box content modeling tools, and a plethora of features.

Let them eat cake, and have it, too

Is there a way to focus on the framework, but still provide the product-level utility that beginners, site builders, evaluators, and the like all need? Maybe.

Let’s give the small core crowd what they want and reduce Drupal core down to its core components and APIs. All the things subsystems need for Drupal to function, and only modules that the vast majority of sites will use and are fairly integrated into core; node, block, menu, field, views, etc. Everything removed will be put back into the contrib space, but maintained by the core commit team and component maintainers with the same high standards as core.

We then create an official, standard distribution that is prepackaged by and pulls in all those additional components from the contrib space; themes, toolbar, forum, etc. This distribution would be maintained along with small core and be available on Drupal’s download page. (With small core available for download on its own.) The end result should be transparent to anyone downloading Drupal. The initial distribution would look exactly like Drupal 8 does right now.

Let small core focus on developer needs, and free up the distribution to focus on site builder and evaluator needs.

Here are some potential benefits I’ve been thinking about, most of which fall in line with the current direction of Drupal core:

  • Focus core on APIs
  • Allow developers that want to contribute to focus on those APIs, not product decisions.
  • Reduce some of the maintenance burden on core itself, or at least better segment it.
  • Moving most modules back to contrib would give component maintainers commit access to their modules and allow them to iterate and experiment.
  • Creating an official distribution separate from small core would let product managers, designers, and UX specialists focus entirely on Drupal the product; what modules and themes are included, default features, user testing, etc. (Something like the default content initiative would go right into the distribution, and never clutter core.)
  • Experimental modules/themes can be created in contrib first, and then when stable, added to the distribution via its composer file.
  • Small core would provide a small, vanilla starting point increasing the diversity and experimentation we might see with distributions; effectively removing all the unneeded components so builders can focus on what they want to add, not what they need to remove. The end result could be a wide range of Drupal “flavors” that look very different, but have the same core.

If you’d like to talk about this and the general topic of removing components from Drupal core, come to the Core Conversation session Peter Wolanin and I are having at DrupalCon Baltimore - Less is More - What Modules, Features, or APIs Should We Cut From Core?

Drupal 8 logo Tagged with Comments Comment Yes please! Thank you for your efforts here. Core should be a finely tuned masterpiece of software engineering, smallcore is the only way this will ever have a chance of happening. Different speeds for different needs.

Steve Purkiss (not verified)Wed, 04/19/2017 - 08:00

Xeno Media’s Jim Birch presents on Bootstrap Paragraphs at Baltimore DrupalCon 2017

Posted by Xeno Media - 18 Apr 2017 at 15:22 UTC

Attendees to Baltimore's DrupalCon 2017 should check out Xeno Media Strategist Jim Birch's presentation, Bootstrap Paragraphs, on April 26 at 10:45am.

In it, you will learn how to combine the power of the world's most popular front end framework, Bootstrap with Drupal Paragraphs, the powerful module that allows content creators to build layouts and structured pages.

Using the Bootstrap Paragraphs Drupal 8 module, you'll be able to create Bootstrap features like Accordions, Carousels, Modals, Tabs, and Multi-column layouts.  We'll also demonstrate how to harness the power of Drupal referencing Text, Images, Contact Forms, Blocks, and even Views!  We will also review how the module adds different widths and backgrounds which can be modified in the Drupal theme layer.

This presentation will review:
  • Why use the Bootstrap framework?
  • Why use the Paragraphs module?
  • What goes into the different types of bundles?
  • How we add width and background options
  • How to override, and build on top of the defaults
Learning Objectives & Outcomes:

Attendees will come away learning how to build a site using the Bootstrap Paragraphs module, how to customize it in their own themes, and how to use the module as a baseline to develop their own Paragraphs bundle types.

Update a project installed via composer_manager or drush to a CI based Composer template under Drupal VM

Posted by Colorfield - 18 Apr 2017 at 10:24 UTC
Update a project installed via composer_manager or drush to a CI based Composer template under Drupal VM christophe Tue, 18/04/2017 - 12:24

If you have to go for a Drupal core update from a previous install based on composer_manager or drush (both deprecated), consider installing something robust, Composer friendly, that also enables CI tools like Phing, Behat, PHPUnit, ...

If you don't have already Drupal VM installed, head to the documentation.

How to Sync Blocks Between different environments in a Drupal 8 website

Posted by Valuebound - 18 Apr 2017 at 07:32 UTC

A custom block is made of two entities, one for the placement and one for the actual content. Only the actual placement can be exported with cim. The content can not. Therefore this will result in "Block description Broken/Missing" error on site where the config is imported. And since there is no option to disable custom blocks from being exported through Configuration management, this will break the functionality.

Steps to reproduce

On Site A:

Create custom block

Assign this custom block to any region

Export configuration of the site

On Site B:

Import configuration from site A…

The Draven

Posted by Palantir - 17 Apr 2017 at 17:09 UTC
The Draven brandt Mon, 04/17/2017 - 12:09 Allison Manley Apr 17, 2017Baltimore skyline

Let's connect at DrupalCon Baltimore, April 24 - 28, 2017.

In this post we will cover...
  • Sessions we'll be presenting at DrupalCon
  • A fun movie trailer for PM: The Musical!
  • An opportunity for you to sign up to meet with us

We want to speak with you at DrupalCon!

Schedule a Time

Heavily borrowing from “The Raven” by Baltimore’s own Edgar Allen Poe.

Once upon a laptop dreary, with its glow so blue and eerie,
Viewing travel sites where I could shop the online store —
While I purchased, looked at mapping, suddenly there came a tapping,
As of someone gently rapping, rapping at my office door.
“’Tis my colleague,” I muttered, “tapping at my office door —
Helping plan for Baltimore.”

DrupalCon! It is upon us! This conference of such colossus;
3,000 strong will be among us on the conference floor.
Many coming from Palantir to learn and join in Drupal’s cheer
Coming to learn and share with those of similar rapport,
Descending upon a convention center on this eastern shore.
Arriving to explore.

Palantir will have a presence: Booth 109 — and we’ll have presents:
Swag to give all those who visit our spot upon the floor.
A photo booth will offer chances to give our visitors some glances
Of how they look with props and hats of variety galore.
They can tweet and share photos beyond that building’s door.
Posterity forever more!

Three talks will come from Palantiri, who worked hard on each topic’s theory.
The first is 2:15 on Tuesday, and has a musical score:
“Project Management: The Musical” . . . could be slightly Seussical!
Allison and Joe will sing and dance on running scrums and more.
There’s much to learn! Don’t be fooled by the use of songs of yore.
Room 307 – Acquia in Baltimore.

The next are April 27. First at noon . . . is it hell or heaven?
Can separate teams together be something to desire or deplore?
“Successfully Integrating Teams” is the stuff of engineer dreams.
Mixing teams with thoughtful prep can much success ensure.
The tips to do this seamlessly Megh Plunkett will underscore.
Room 319 – in Baltimore.

The last is in the afternoon, and shows that no site is immune
From website content that has been continuously ignored.
“Content Before Code: A D8 Case Study” at 2:45. Grab a buddy!
So you too can learn how to gather content in ways to make all sure.
“Get your content ready for launch!” Michelle and Bec implore.
Room 307 – Acquia in Baltimore.

Palantir will host the fun at Trivia Night, where everyone
Can try for fame by answering questions about Core.
Doors will open right at 8, so hurry there and don’t be late!
Test your skills against your friends to gain the highest score.
Baltimore Soundstage is the place where we shall host the lore.
124 Market Place in Baltimore.

Our wish to see you there grows stronger; hesitating then no longer,
Please know we’d love to see you at our booth or on the floor.
Since we know that time can be fleeting, you can even set up a meeting.
To discuss how we can help your project take wing, and then to soar!
Contact us so we can meet that week in Baltimore.
DrupalCon forevermore!

We want to speak with you at DrupalCon!

Schedule a Time

How to Avoid the DrupalFlu

Posted by Chromatic - 17 Apr 2017 at 13:15 UTC

This year, don't take home the DrupalFlu along with your swag and business cards - here are some tips for staying healthy at a huge conference.

Project Management: The Musical! DrupalCon Trailer

Posted by Palantir - 14 Apr 2017 at 20:10 UTC
Project Management: The Musical! DrupalCon Trailer brandt Fri, 04/14/2017 - 15:10 Alex Brandt Apr 14, 2017Allison Manley and Joe Allen-Black

Come see Project Management: The Musical! at DrupalCon Baltimore. April 25th at 2:15pm.

In this presentation we will cover...
  • How to get your project organized
  • What analytics and KPIs to review
  • How to handle scope creep
  • ...and many more facets of project management

We want to make your project a success.

Let's Chat.

Additional information about this session can be found on the DrupalCon site



Stay connected with the latest news on web strategy, design, and development.

Sign up for our newsletter.


Subscribe with RSS Subscribe to aggregator - Planet Drupal