Freelock : Assessment of May 8 Drupal Security update SA-CORE-2019-007
Assessment of May 8 Drupal Security update SA-CORE-2019-007 John Locke Wed, 05/08/2019 - 14:12 New versions of Drupal core dropped today, to fix a file handling issue. After assessing the patches, statements, and risks associated with this update, we have decided this is an important update to apply, but not urgent for most of the sites we manage. Exploitation of the flaw takes two things: Drupal Drupal Planet Security Read more about Assessment of May 8 Drupal Security update SA-CORE-2019-007Add new comment
myDropWizard.com: Drupal 6 core security update for SA-CORE-2019-007
As you may know, Drupal 6 has reached End-of-Life (EOL) which means the Drupal Security Team is no longer doing Security Advisories or working on security patches for Drupal 6 core or contrib modules - but the Drupal 6 LTS vendors are and we're one of them!Today, there is a Moderately Critical security release for Drupal core to fix a vulnerability in the protections added in SA-CORE-2019-003. You can learn more in the security advisory:Drupal core - Moderately Critical - Third-party Libraries - SA-CORE-2019-007Here you can download the Drupal 6 patch to fix, or a full release ZIP or TAR.GZ.If you have a Drupal 6 site, we recommend you update immediately! We have already deployed the patch for all of our Drupal 6 Long-Term Support clients. :-)If you'd like all your Drupal 6 modules to receive security updates and have the fixes deployed the same day they're released, please check out our D6LTS plans.Note: if you use the myDropWizard module (totally free!), you'll be alerted to these and any future security updates, and will be able to use drush to install them (even though they won't necessarily have a release on Drupal.org).
Security advisories: Drupal core - Moderately critical - Third-party libraries - SA-CORE-2019-007
Project: Drupal coreDate: 2019-May-08Security risk: Moderately critical 14∕25 AC:Complex/A:Admin/CI:All/II:All/E:Theoretical/TD:UncommonVulnerability: Third-party librariesDescription: This security release fixes third-party dependencies included in or required by Drupal core. As described in TYPO3-PSA-2019-007: By-passing protection of Phar Stream Wrapper Interceptor: In order to intercept file invocations like file_exists or stat on compromised Phar archives the base name has to be determined and checked before allowing to be handled by PHP Phar stream handling. [...] The current implementation is vulnerable to path traversal leading to scenarios where the Phar archive to be assessed is not the actual (compromised) file. Solution: Install the latest version: If you are using Drupal 8.7, update to Drupal 8.7.1 If you are using Drupal 8.6 or earlier, update to Drupal 8.6.16. If you are using Drupal 7, update to Drupal 7.67. Versions of Drupal 8 prior to 8.6.x are end-of-life and do not receive security coverage. Also see the Drupal core project page.Reported By: Daniel Le Gall Fixed By: Jess of the Drupal Security Team Michael Hess of the Drupal Security Team Oliver Hader David Snopek of the Drupal Security Team Alex Pott of the Drupal Security Team Daniel Le Gall Tim Plunkett
TEN7 Blog's Drupal Posts: Episode 059: 2019 Twin Cities Drupal Camp
Chris Weber and Dan Moriarty, volunteer organizers for the 2019 Twin Cities Drupal Camp are today's podcast guests. We'll be talking about the changes to this year's TCDrupal Camp and fond memories of previous camps.  TCDrupal Camp is a three-day conference for open source enthusiasts, designers, hackers, geeks, developers, UI experts, IT managers and anyone else that wants to find out more about Drupal. It’s a great place to learn, code, network and have fun with your fellow Drupalistas.
Dries Buytaert: Acquia acquires Mautic to create the Open Digital Experience Platform
I'm happy to announce today that Acquia acquired Mautic, an open source marketing automation and campaign management platform. A couple of decades ago, I was convinced that every organization required a website — a thought that sounds rather obvious now. Today, I am convinced that every organization will need a Digital Experience Platform (DXP). Having a website is no longer enough: customers expect to interact with brands through their websites, email, chat and more. They also expect these interactions to be relevant and personalized. If you don't know Mautic, think of it as an alternative to Adobe's Marketo or Salesforce's Marketing Cloud. Just like these solutions, Mautic provides marketing automation and campaign management capabilities. It's differentiated in that it is easier to use, supports one-to-one customer experiences across many channels, integrates more easily with other tools, and is less expensive. The flowchart style visual campaign builder you saw in the beginning of the Mautic demo video above is one of my favorite features. I love how it allows marketers to combine content, user profiles, events and a decision engine to deliver the best-next action to customers. Mautic is a relatively young company, but has quickly grown into the largest open source player in the marketing automation space, with more than 200,000 installations. Its ease of...
Acquia acquires Mautic to create the Open Digital Experience Platform
I'm happy to announce today that Acquia acquired Mautic, an open source marketing automation and campaign management platform. A couple of decades ago, I was convinced that every organization required a website — a thought that sounds rather obvious now. Today, I am convinced that every organization will need a Digital Experience Platform (DXP). Having a website is no longer enough: customers expect to interact with brands through their websites, email, chat and more. They also expect these interactions to be relevant and personalized. If you don't know Mautic, think of it as an alternative to Adobe's Marketo or Salesforce's Marketing Cloud. Just like these solutions, Mautic provides marketing automation and campaign management capabilities. It's differentiated in that it is easier to use, supports one-to-one customer experiences across many channels, integrates more easily with other tools, and is less expensive. The flowchart style visual campaign builder you saw in the beginning of the Mautic demo video above is one of my favorite features. I love how it allows marketers to combine content, user profiles, events and a decision engine to deliver the best-next action to customers. Mautic is a relatively young company, but has quickly grown into the largest open source player in the marketing automation space, with more than 200,000 installations. Its ease of...
Hook 42: Stanford Web Camp 2019
Stanford Web Camp 2019 Lindsey Gemmill Wed, 05/08/2019 - 12:45
Cheeky Monkey Media: 3.5 Ways To Approach (And Budget) For a Drupal 8/9 Migration
3.5 Ways To Approach (And Budget) For a Drupal 8/9 Migration dennis Tue, 05/07/2019 - 23:09 Back in September 2018, Dries Buytaert, founder and project lead of Drupal, announced,  Drupal 7 will be end-of-life in November 2021, Drupal 9 will be released in 2020, and Drupal 8 will be end-of-life in November 2021.  You can read the announcement and get further information on this here - https://dri.es/drupal-7-8-and-9 Since that announcement, Cheeky Monkey Media has been in a lot of conversations with businesses of all shapes and sizes, not-for-profit and for-profit, that are currently on the Drupal 7 CMS platform and are considering migrating to Drupal 8. The first thing everyone needs to realize is the move to drupal 8 will be painful, and almost as expensive as building a Drupal website from scratch. The second thing everyone should realize is that once they’re on Drupal 8, the move to Drupal 9 will be relatively painless. As Dries announced in a later article,
Security public service announcements: Drupal 7 and 8 release on May 8th, 2019 - PSA-2019-05-07
Date: 2019-May-07Vulnerability: Drupal 7 and 8 release on May 8th, 2019Description: The Drupal Security Team will be coordinating a security release for Drupal 7 and 8 this week on Wednesday, May 8th, 2019. We are issuing this PSA in advance because according to the regular security release window schedule, May 8th would not typically be a core security window. This release is rated as moderately critical. The Drupal 7 and 8 core release will be made between 16:00 – 21:00 UTC (noon – 5:00pm Eastern). May 8th also remains a normal security release window for contributed projects.
OSTraining: Define Role Based Field Permissions in Drupal 8
The Field Permissions module in Drupal 8 allows you to set permissions (enter, edit or view) on a Drupal field, based on the role the user belongs to. In order to demonstrate how this module works, we are going to create a content type called "Essay" for the website of a school. There will be 2 roles: Freshman Sophomore. The Freshmen permission will not be allowed to choose the subject of the essay, whereas the Sophomores will have the possibility to choose between literature and history. However, there will be no possibility to change the subject once a student has made a choice. Let’s start!
Drupal Association blog: New on Drupal.org: better visibility into the humans behind the comments
We're excited about a feature built by a member of our community and recently deployed on Drupal.org: to give more human context to discussions in the Drupal issue queue, you can now choose to display your primary language, pronoun, and location. Update your profile now This is an opportunity to bolster human context within an online medium where tone and posture can be difficult to read. Providing this level of detail allows for visibility into the global composition of our community — such as when a person's primary language is not English or when a person resides in a distant time zone. It is important to recognize what being global means and drawing attention to the details that remind us about the people behind the project helps us all to have a greater understanding of one another. You can enable this new feature by editing your user account and adding pronouns to the personal information tab, and location language on the Language/location tab. Finally, you can opt into what you would like shown inline in comments under the "comments" tab.
Agaric Collective: Agaric is Coming to Drupaldelphia this Friday
City Hall in Philadelphia. Photo by Jason Murphy, licensed as Creative Commons By 2.0   Drupaldelphia is an annual camp held in Philadelphia happening this Friday May 10th for the open source content management platform, Drupal. The event attracts developers, site-builders, content administrators, designers, and anyone interested in using Drupal in their organization or upcoming project. We're excited to have Ben present two sessions at the camp. Tickets are only $30 (if you buy today, May 7th!) and the day is packed with helpful presentations and hands-on clinics. See the full schedule. Iterative UX: Find It Cambridge Case Study 2:15-3:45pm
Hussian Room 125 Developing a trusted, ongoing feedback loop with your users ensures that your project is effective and relevant. We call this approach Iterative UX and Ben will share how this looks in practice with the city of Cambridge. You will get a holistic, honest look at both the highlights and challenges of this type of relationship to help you apply Iterative UX in your projects. Read the full description. Scaling Community Decision-making 3:45-4:55pm
Hussian Room 125 Any libre software, volunteer, or even startup project will have elements of do-ocracy (rule of those who do the work) but not all decisions should devolve to implementors. Rather, a basic principle is that decisions should be made by the people...

Total Twitter Followers
Tweets Impressions Monthly
Facebook Followers
Pinterest Followers

33,6K
126,3K
1,788
2,796

Alexa Global Rank
Alexa Rank in US
Keywords Tracked
Updated

336,3K
38,5K
2,208
May 26 2019