Issue 161 - October, 23rd 2014

A major security flaw(SA-CORE-2014-005) was fixed last week in the Drupal 7.32 release. If you haven't upgraded your Drupal 7 sites by now your unpatched Drupal sites could be compromised. Drupalize.me has written up a guide to assist with upgrading. If you have a Drupal 7 site I would also recommend looking at this logic tree from ‏@BevanR.

News

Sa-Core-2014-005 - Drupal Core - SQL Injection

"Drupal 7 includes a database abstraction API to ensure that queries executed against the database are sanitized to prevent SQL injection attacks. A vulnerability in this API allows an attacker to send specially crafted requests resulting in arbitrary SQL execution. Depending on the content of the requests this can lead to privilege escalation, arbitrary PHP execution, or other attacks. This vulnerability can be exploited by anonymous users."

Drupal 7.32 Released

"Upgrading your existing Drupal 7 is strongly recommended. There are no new features or non-security-related bug fixes in this release."

From Our Sponsor

Articles

Security = Customer Success

Why it's time for dev shops to start offering support, and how to get there.

Welcome to Amsterdam, the "Free Ride" Stops Here

Paul Johnson discusses how we can encourage new contributors to Drupal in the context of Dries Keynote at DrupalCon Amsterdam.

On Authority in Drupal And/or Open Source in General

A great article from Gábor Hojtsy. Here's a great quote. "In short, hard power and a volunteer based open source community are not compatible on the long run. You either need to lose the volunteerism or gain soft power which authority does not help you with."

What We Are Seeing with Drupal SA 2014-005

Pantheon's Josh Koenig shares the attacks they have been seeing on Drupal 7 sites in the first 24 hours after Drupal SA 2014-005 was announced.

Drupal as a Public Good and Renewing Our Commitment

Blink reaction shares how they are investing in Drupal 8. Very cool.

We've Got Your Headless Covered

Amitai Burstein discusses an Angular-based administrative project called ng-admin.

Drupal 8

27 Questions (And Answers) from My First Drupal 8 Site Build

Matt Korostoff walks through his first Drupal 8 site set up. Great and informative post.

Drupal 8 Hooks and the Symfony Event Dispatcher

Including Image Styles with Your Drupal 8 Theme

Let's Fix Critical Drupal 8 Issues Together!

Every Friday at noon Pacific (3pm New York, 9pm Berlin, 6am Saturday in Sydney) chx will be in #drupal-contribute helping people fix critical issues.

Tutorials

Fixing Drupal Fast - Using Ansible to Deploy a Security Update on Many Sites

Make Your Styleguide a Living Styleguide!

Books

Programmer's Guide to Drupal - O'reilly Media

Projects

Drupalgeddon

This is not a module, it's a Drush command that makes it possible to check for known indications of your site having been exploited with the vulnerability fixed in SA-CORE-2014-005.

Site Audit

Site Audit is a Drupal static site analysis platform that generates reports with actionable best practice recommendations.

Security Review

The Security Review module automates testing for many of the easy-to-make mistakes that render your site insecure.

Hacked!

This module scans the currently installed Drupal, contributed modules and themes, re-downloads them and determines if they have been changed. Changes are marked clearly and if the diff module is installed then Hacked! will allow you to see the exact lines that have changed.

Jobs

List Your Job on Drupal Jobs

Wanna get the word out about your great Drupal job? Get your job in front of hundreds of Drupal job seekers every day at Jobs.Drupal.Org.

Issue 161 - October, 23rd 2014

News

From Our Sponsor

Articles

Drupal 8

Tutorials

Books

Projects

Releases

Podcasts

Jobs

Featured Jobs

What are you waiting for? Subscribe already.