Issue 336 - April, 26th 2018

News

Drupal Core - Critical - Remote Code Execution - SA-CORE-2018-004

This vulnerability is already being exploited so hopefully you already patched your site.

Media - Critical - Remote Code Execution - SA-CONTRIB-2018-020

The Media module has multiple security releases for the various branches currently supported.

Drupal Core - Moderately Critical - Cross Site Scripting - SA-CORE-2018-003

"CKEditor, a third-party JavaScript library included in Drupal core, has fixed a cross-site scripting (XSS) vulnerability. The vulnerability stemmed from the fact that it was possible to execute XSS inside CKEditor when using the image2 plugin (which Drupal 8 core also uses)."

D6LTS Patch for SA-CORE-2018-004

If you still manage a Drupal 6 site you should apply this patches to your site.

Drupal Core Announcements: Have Your Say in Where Drupal 8 Is Going by Participating in Key Initiatives

From Our Sponsor

DrupalCon

Decoupled Drupal Summit at DrupalCon Nashville

Experience Express in Nashville: Decoupled in the Spotlight at DrupalCon

Summary of decoupled Drupal related things.

A Farewell to Twig - DrupalCon Session

Though this is a click-bait like session title the talk and discussion is well worth watching.

API-First Initiative - DrupalCon Session

Lessons in Leadership from DrupalCon Nashville

Think Your Website Is GDPR Compliant? Think Again! - DrupalCon Session

You Matter More Than the Cause - DrupalCon Session

Very important session by Jeff Eaton.

Articles

Security Vulnerabilities Affect Your Dev Sites Too

Drupalgeddon 2 Drupal Vulnerability Exploiting Botnets Emerge

How Popular Is Decoupled Drupal?

"These figures and graphs seem to confirm that decoupled Drupal is rapidly gaining popularity, although Drupal 8 usage still has not reached Drupal 7 level."

Kevin Thull, from Behind the Camera

"This year at DrupalCon Nashville the Drupal Community awarded Kevin the Aaron Winborn award. The Aaron Winborn award is presented annually to an individual who demonstrates personal integrity, kindness, and above-and-beyond commitment to the Drupal community."

DDEV: It Does What It Says on the Tin

We recently spoke with Alex Burrows from the Digidrop agency about local development.

Post-Mollom, What Are the Best Options for Preventing Spam for Drupal?

Technology Leadership: Finding My Voice as a Woman in Tech

Tutorials

How to Build a Drupal Site with Composer, as Seen at DrupalCon

How to Find the Route Name in Drupal 8?

Integrating Auth0 with Drupal for Single Sign-on Authentication

Looking to Create a Bootstrap Theme for Drupal 8?

Learn how to create a Bootstrap theme for Drupal 8. We'll cover the process of creating a Bootstrap subtheme in Drupal 8 and how to customize it for your site's design. This on-demand webinar includes: structuring your sub-theme files, using Compass to compile CSS from SCSS, overriding Bootstrap variables & custom variables, twig template file customization and Bootstrap options for Panels, Views, Display Suite.

Using Drupal's Linked Field Module to Output Fields as Links in View Modes

Projects

Drupal Does Face Recognition: Introducing Image Auto Tag Module

Introducing the Cart API for Drupal Commerce

Releases

Drupal 8.5.3

Drupal 8.4.8

Drupal 7.59

config_installer 8.x-1.8

Ds 7.x-2.15

Extlink 7.x-1.20

jsonapi_extras 8.x-2.0-Rc2

Message 8.x-1.0-Rc2

Pathauto 8.x-1.2

Release 5.0.5 - Wodby/docker4drupal

simple_oauth 8.x-3.6

Sitemap 8.x-1.4

Webform 7.x-4.17

Webform 8.x-5.0-Rc11

Wysiwyg 7.x-2.5

Jsonapi 8.x-1.16

Media 7.x-2.19

Media 7.x-3.0-Rc5

Media 7.x-4.0-Alpha4

Podcasts

Behind the Screens with Kat Armstrong

DrupalEasy Podcast 209 - Local Development Environments

Talking Drupal #168 - Open Source Sustainability

TEN7 - Episode 026: Chris Weber, Software Engineer