Upgrade Your Drupal Skills

We trained 1,000+ Drupal Developers over the last decade.

See Advanced Courses NAH, I know Enough
Oct 22 2021
Oct 22

Earlier this year, the Conflict Resolution Team of the Drupal Community Working Group announced Donna Bungard as our newest member. 

We are happy to now announce that Donna has completed the provisional period of her membership and is now a full member of the team. During the provisional period, Donna had limited access to CWG archives, and was able to assist on CWG issues, not lead them. In addition, we periodically spent time during our weekly meetings talking about past issues, with a focus on the lessons learned, in an effort to transfer as much knowledge as possible. Emphasis was placed on process and collaboration more so than the individual issues revisited.  

Having had the opportunity to pressure-test the new on-boarding process in addition to the Community Health Team involvement requirement, we now believe that it is essential to providing a gentler on-ramp for new Conflict Resolution Team members, and adds value to those we aim to serve.  

Looking ahead, our team will need to continue to grow to ensure effective and timely responses to needs of our community. As this is a slow process, we have already begun looking for the next member of the team. Regardless of if you're a current member of the Community Health Team, or just a Drupal community member with a passion for community health, we'd love to talk to you about what being on the Conflict Resolution Team involves - please reach out to us at drupal-cwg at drupal.org. 

All members of the Community Working Group must adhere to our Code of Ethics

Oct 22 2021
Oct 22

Neil Young once famously sang, “It’s better to burn out than to fade away”, and it still reverberates loud enough in our ears when we think of an end, end of something colossal. Drupal 8 is less than a month away from hanging up the boots. Drupal 8, by no stretch of imagination, has faded away though. Rather it has traversed an amazing journey and left behind a legacy that will be impactful for the future of Drupal 9 and later versions.

Like all great things, Drupal 8's end of life date is nearing. Basically, when a version of Drupal reaches its end of life, the Drupal Community stops all the operations around it, that is, simply put, stops working on it and doesn’t provide free support. And, the core development comes to a halt where no new features are added and no bugs get fixed. So, we definitely have more than just a few questions to ponder over and make business critical decisions. Let’s jump on them right away.

November 2, 2021: Farewell Drupal 8!

On this day, Drupal 8 will be marked an end of life product before the release of Drupal 9.3.0. Drupal 8’s largest third party dependency is Symfony 3 which is going to be termed end of life in November 2021. Moving to Symfony 4 is not an option here since that would break the backward compatibility with previous versions of Drupal 8.

More on the reasoning behind Drupal 9’s release schedule here in the official documentation.

Why is Drupal 8 end of life before Drupal 7?

Simply put, upgrading from Drupal 8 to 9 is a cakewalk in comparison to upgrading from Drupal 7 to 8/9. Therefore, Drupal 7 end of life has been extended and will get community-based security coverage till November 28, 2022 so that Drupal 7 site owners will get ample amount of time to upgrade. Drupal 7 will also get vendor extended support till November 2025.

What if I don’t upgrade before the end of life date?

Your website will still function normally, but only for a certain period of time. With Drupal Community no longer releasing security updates for Drupal 8, and the symfony communities not updating the code your site depends upon, something or the other will break after a while and there will definitely be security vulnerabilities discovered.

After Drupal 8 end-of-life, will we get an extension to upgrade to Drupal 9?

That’s a big NO. You will simply not get a grace period. You travel to a place, make memories and everything seems like a fairytale until you need to bid goodbyes. Like everything else in life, you have to confront the end of a beautiful time spent and move on to the next chapter.

Is there any vendor extended support for Drupal 8?

There is no vendor extended support for Drupal 8 after its end of life.

Why upgrade to Drupal 9?

If you are still on Drupal 8, upgrade to Drupal 9.2 before November 2, 2021 to keep your website safe and secure as the Drupal 9.1 security coverage will end right after the Drupal 8 end of life. More on this ultimate guide to Drupal 9.

What’s the difference between upgrading from Drupal 7 to 8/9 and Drupal 8 to 9?

While previous major version upgrades like Drupal 7 to 8 had a bigger architectural change, migrating from Drupal 8 to 9 is more similar to a minor version of Drupal core except for the removal of long-planned deprecations.

How are Drupal 8 and Drupal 9 different?

While using the admin UI or updating content, you won’t see any difference between Drupal 8.9 and Drupal 9.0 as they have the same features. The underlying technology stack that Drupal relies upon has been updated thereby making your site more safe and secure.

How to upgrade from Drupal 8 to Drupal 9?

Migrating from Drupal 8 to 9 is only a matter of update.php if your codebase is not using deprecated APIs anymore. Drupal 9 upgrade tools can further help in recognising and solving the deprecated APIs in your codebase. Working on Drupal.org with the maintainers of contributed projects and themes can be helpful to make those projects Drupal 9 compatible.

Learn more on Drupal 9 upgrade here:

How long do we have before Drupal 9 reaches the end of life?

Symfony 4, which Drupal 9 currently uses, will reach its end of life in November 2023, and that will spell the end of life for Drupal 9 too. With the new minor release schedule in place, upgrades to new major releases of Drupal isn’t a hurdle anymore. Much like Drupal 8 to 9 migration, Drupal 9 to 10 and future major version upgrades will continue to be a no-big-deal affair.

Oct 22 2021
Oct 22

Are you aware of the fact that Drupal 7 end-of-life (EOL) is fast approaching? There is not much time left till November 2022. So, it's now the high time for the site owners and developers to make some major decisions regarding the Drupal 7 upgrade. What upgrade paths for Drupal 7 do we have? Shall we move from Drupal 7 to Drupal 8? Or, directly move from Drupal 7 to Drupal 9? This article will help you take the next right step for your organization’s website and help your developers get ready for such a change of upgrade that will enable them to reach their career heights. 

Illustration diagram describing the migration from Drupal 7 to Drupal 8 and Drupal 9


It’s almost the end of life(EOL) for Drupal 7

Due to the prevailing situation of COVID 19, Drupal 7's end-of-life (EOL) date has changed from November 2021 to November 28, 2022. But here the important point is are you still working on Drupal 7? Because if you are doing so, it’s the right time to think about the further upgrades as with the Drupal 7 end of life , it’s official support from the Drupal community will come to an end, which includes support for updates, security fixes and improvements from the Drupal Security Team and the Drupal Association. However, I also agree with the fact that Drupal 7 won’t immediately break on its EOL day as you would still get vendor extended support from a group of approved and vetted vendors. At the same time we also cannot deny the reality that Drupal 7 has already started to get less community support with the upgrades of Drupal 8 and 9. More importantly, it lacks official community security support which is a big concern for the site owners and the organizations. Since, websites store and use personal data such as CCPA and GDPR that needs to be protected by the organizations, the sites which do not stay up-to-date with security fixes can be prone to major security risks and vulnerabilities. Additionally, after Drupal 7 EOL, there won’t be any availability of new themes, modules and features that are significantly essential for every website. Therefore, Drupal 7 cannot be an ideal CMS platform to work upon for the next decade for sure. So, upgrading Drupal 7? 

What is the best time to upgrade?

It’s totally up to you how you want to go about the upgrade. You can either migrate via Drupal 8 or directly to Drupal 9, but the only important thing is that you need to start the migration process as soon as possible. So, if you plan to upgrade your site from Drupal 7, you will have to look upon some information architecture work in order to be well prepared for Drupal 8 or 9 upgrade. Once you migrate to Drupal 8, the shift to Drupal 9 will be very easy, you’ll have to check upon code deprecations, without worrying about the content migration. But wait a minute. Are you planning to wait for a much stable version of Drupal 9? If yes, that exactly won’t work as Drupal 9 seems to be handled much like that of an incremental point-release upgrade to Drupal 8. Infact, the core code which strengthens Drupal 9, is already disclosed in Drupal 8. Also, there aren't any new features in the Drupal 9.0 release, only the removal of code which already has been deprecated in Drupal 8’s minor versions. Drupal 9 plans to release new features every six months in minor releases with Drupal 9.1 and 9.2 already having been released with experimental Olivero frontend theme, early support to WebP image format and many other feature enhancements. Go for an upgrade to Drupal 9 today.

Making an upgrade to Drupal 8

Ideally you can go for an upgrade to Drupal 8 first, and then eventually to Drupal 9. Since your site requires functionality with modules which are found in Drupal 8 but not yet in Drupal 9 release, therefore, upgrading first to Drupal 8 can be very convenient. Also, on upgrading to Drupal 8 first, the upgrade to Drupal 9 will become a lot easier for you. 

Drupal 7 to 8 migration involves some important changes. So, basically some of the things you earlier required to do across contributed modules in Drupal 7, are included in Drupal 8 core now. Although, the process of implementing them might not be the same as some refactoring may be needed to get feature parity while you go for a migration to Drupal 8. The Drupal 7 to Drupal 8 migration issues are pretty well talked about by most of the Drupalists but it’s also a well known fact that when it’s done, the resulting site proves that it’s worth an effort.

Before upgrading your Drupal 7 site to Drupal 8, it is advisable to take some necessary steps that guarantee you a seamless upgrade process and help you get the suitable outcomes. 

Illustration diagram describing the migration from Drupal 7 to Drupal 8


Understanding the module of the source site

It is very essential that you understand how exactly your current Drupal 7 site is built before you start your upgrade. You need to recognize the core and contributed modules that are facilitated on your source Drupal 7 site. In order to do this, you can look after the listed modules on the Modules admin page (Administer > Site building > Modules) or make use of the Available Updates page at admin/reports/updates. Drupal 8 upgrade web user interface provides a summary of the modules which can be automatically upgraded or not. You can get more information on this analysis by referring to the Upgrade using the web browser page. By using an external service, the Upgrade Check module provides you a time estimate for an upgrade. 

Looking over the Known Issues Page

Since the path of upgrade from Drupal 7 to Drupal 8 is yet experimental and some core modules may not completely have an upgrade path. It is advisable to go through the Known Issues Page while preparing for the upgrade.

Updating the Drupal 7 site to use the latest versions of core and contributed modules

The upgrade process demands you to update your old site to the latest minor version first. For instance, if you’re running your site on Drupal core 7.35, you will have to first update to Drupal 7.38. If you plan to migrate configuration or content from contributed modules automatically, then you need to use the latest versions of them. 

Need of prerequisites for upgrading from Drupal 7 to 8   

If you choose to upgrade to Drupal 8 using the browser user interface, you will be required to facilitate the ‘Migrate Drupal UI’ core module. Using Drush, if you migrate to Drupal 8, you will also require Drush 8 or Drush 9 and the three respective modules such as Migrate Upgrade, Migrate Tools and Migrate Plus.  

Enabling required core and contributed modules in Drupal 8

The Drupal migration procedure will not automatically install modules on the Drupal 8 destination site. Migrations that are appropriate for modules installed on both the destination site and source will be implemented. Consequently, you will have to first enable all core and contributed modules over the Drupal 8 site for the one you want to migrate configuration and content from the source site.

Configuration of the Drupal 8 site to be avoided

Since, the upgrade procedure will overwrite configuration on the Drupal 8 site, so you are not supposed to get involved in any configuration of the Drupal 8 site until after the upgrade procedure is finished. It means you do not need to create all the types of content and fields manually before running this upgrade. Rather as a part of the migration procedure, the migrate module will create them. Indeed it is the best practice to install Drupal 8 by using the Minimal install profile, as the Standard profile presents its own configuration which you may not wish to use. 

Content creation on the Drupal 8 shall be avoided

The upgrade procedure looks after the unique identifiers from the source site. For instance, if any user account had the unique ID 2 on the source site (hence was at the relative URI/user/20, after the upgrade the same user account will be at the /user/2 on the Drupal 8 site. If you had to create a user account over the Drupal 8 site other than the default administrator account, then it would be given user ID 2, while running the upgrade procedure, with user ID 2, the account from the source site would overwrite it. This can be applied to taxonomy terms, user accounts, node content, and any other types of content consisting of numeric IDs from your source site. Until all your source content gets completely imported, do not create anything on the Drupal 8 site manually to avoid loss of data.

Finally, performing the upgrade

There are two ways to implement the migration process. 

  • The first method is by using the browser user interface. It is the easiest method and can be done with the help of the user interface of the Drupal 8 site. Also, it provides lesser control across the migration.
  • The second method is by using Drush. This process is faster and robust and enables selective migration, yet needs additional modules, and also needs to be run from the command line.

Making an upgrade to Drupal 9

In this section let's find out how to upgrade Drupal 7 to Drupal 9. What is the best time to move from Drupal 7 to 9? Have you ever thought about Drupal 7 to 9 migration directly and skipping over Drupal 8 completely? Well you can do that since the Drupal 7 migration ecosystem is yet available in Drupal 9. In fact, Drupal 9 includes the similar migrate drupal module which you require to migrate to Drupal 8. You just need to be clear of the fact that all of the considerations while upgrading from Drupal 7 to Drupal 8 must be applied even if you straight away move to Drupal 9 as well. There is a need to manage the migration planning, handle tooling and paradigm shifts and take into consideration the platform needs. Therefore, upgrading from Drupal 7 to Drupal 9 can be really smooth and easy. 

If your site still hasn’t migrated to Drupal 8, then directly making a big shift to Drupal 9 is a convenient option as now the Drupal 9 is already released. 

Benefits of Drupal 9

This section will specify to you the benefits of Drupal 9. It can be considered as one of the most recent iterations of the Drupal framework and content management system.

Illustration diagram describing the benefits of Drupal 9


Accessibility of contributed module functionality in core

One of the most important benefits of Drupal 9 is that many of the things that require contributed modules in Drupal 7 are built into core now. This includes:

  • Web-services are built in JSON:API now.
  • You can now find the customized editorial workflows in core, providing functionality that would have required contributed modules such as Workbench Moderation or Workflow.
  • You no longer need to install a contributed module and third-parties to attain WYSIWYG editor since it is already built into core.
  • The views can be found in core, and many of the custom lists in core are entirely customizable views now.
  • Blocks are reviewed in order to be used again. For example, Bean in Drupal 7 enables the creation of customized and fieldable blocks.
  • You can use the Layout Builder module to create customized page layouts like the Display Suite or Panel  provided in Drupal 7.

Handling Drupal dependencies with the Composer tool

Drupal 9 widely uses third party libraries like Symfony for important functionality, instead of depending on custom Drupal-specific code for nearly everything. As a result, it further gives rise to the need of handling Drupla’s dependencies on those libraries. This can be better managed by a tool known as Composer which is a great dependency manager.

No requirement of features for configuration management

Some of the sites in Drupal 7 deploy configuration by making use of the Features module that always receive mixed feedback relying on the various insights of people. However, the majority of developers express that Drupal 9’s Configuration Management system, which enables database configuration to be exported to YML files, is far more easier than the Drupal 7 Features system. 

Secure PHP support facility

In comparison to Drupal 7 sites using deprecated versions of PHP, Drupal 9 uses the minimum of PHP 7.3 that helps in delivering the much required compatibility along with secure versions of PHP. More on why you need to upgrade to the latest version of PHP here.

Prioritizing Headless CMS

Drupal 9 focuses on Headless CMS to enhance the user experience with the strong front-end of the website that provides significant features such as create once and publish everywhere, API-First approaching, simpler resourcing and front-end freedom.

So, looking at the benefits of Drupal 9, many organisations are heading towards the migration process without much delay. Also, for your information, I would like to state the fact that it simply took a month to move from 0 to 60,000 sites on Drupal 9 whereas, it took 7 long months to reach 60,000 sites on Drupal 7.

Learn more about Drupal 9 here:

How to upgrade to Drupal 9

How to prepare your Drupal 7 or 8 site for Drupal 9? Let’s look at the upgrade process and get a clear understanding. 

Illustration diagram describing the migration to Drupal 9


1. Planning the migration process

If you’re planning to migrate your current site’s content into a secure and modern platform, then these three factors such as time and budget, developer skill set and release window will help in making the right choice.

Time and budget

You need to have a proper clarity about the time needed for replatforming and also the budget for your project. These plannings will help in preventing unexpected delays in your migration process. Also, you might wish to split your migration into various phases depending on the budget constraints within your organization. For example, if you find that getting the budget is simpler as a one-time-ask, then make a plan to get your complete migration, with any further additional site changes in just a single attempt. On the contrary, if budgeting over phases appears like a much better option, then accordingly spread your migration plan. Most importantly, you need to ensure that you plan the timelines in advance so that your project doesn’t extend overtime. 

Developer skill set 

Are your developers working on Drupal 7 for a long time? If the answer is yes, then they might face some difficulties while migrating to Drupal 9, since it will require them to learn new tools and techniques. The developers learning curve shall be factored into time and budget, not just because of the migration itself but also for the current development work and maintenance post the upgrade. You can partner with a well-known experienced Drupal development firm to plan and implement your migration in a much smoother and quicker manner. 

Release window

While planning your migration from Drupal 7 to 9, also keep in your mind that Drupal 7 is all set to reach its end-of-life in November 2022. As a result, you shall complete your migration process by then. If you have any doubt that your enterprise might not make it then you should plan for an Extended Support engagement in order to maintain your site security till you’re able to finish the migration. 

You might wish to plan the release window over key dates for your enterprise, and over many other support windows in your stack. For instance, supposedly, you’re a retailer and you might want to complete the migration before the end of Q3, so that you do not have to upgrade during the holiday initiatives. Talking about your stack, you will surely wish to plan around other important release windows like end-of-support for PHP versions, and upgrading towards Symfony 4.4. This is essentially important in the case where you necessitate upgrading dependencies to support your Drupal 9 migration. 

2. Understanding the architecture, features and design

Since the shift from Drupal 7 to Drupal 9 is so significant, it can be a good time to revisit the information architecture of the site, perform a feature audit, and decide whether to make design changes or not. 

Are you planning to update your site’s information architecture?

Before you migrate to Drupal 9, you need to perform an audit of your current Drupal 7 site to get an understanding of what you would want to take forward and what you wouldn’t take along. For example, if you are using a taxonomy which was set many years ago, but currently doesn’t make any sense. So, presently, it can be a good idea to refine it for your site’s new version. Let’s look into one more example, supposedly, if you have set up a content type which you rarely used once or twice, and never used again. Then instead of migrating it, you can delete that content. 

Does your feature need changes?

As we know, it's been a decade since the release of Drupal 7, so, the features that seemed significant at Drupal 7's inception have certainly changed. Here, some questions come to mind like how have the feature requirements of your content editors changed? Has your site turned up to be media-heavy, and do your content editors require huge searchable image archives? 

Well many editors prefer the new Layout Builder experience for creating customized site pages. But this is something that doesn’t exist in Drupal 7 core, and is possibly better than what you get after extending Drupal 7 with contributed modules. On the contrary, Drupal 8 and 9 have built-in media handling and a WYSIWYG editor, eliminating the requirement for dozens of Drupal 7 contributed modules which do not always get along with each other, and emphasizing developers observation upon the editorial UX for a single authorized solution.

So, revisiting the necessities of your content editors and site users to identify the current features status in regards to usability or need of new features overall help in the upgrading process. 

Are you ready for a design update?

Have you refreshed your Drupal 7 site design? If you haven’t done that in years then the upgrade process can be a good time for a design refresh. You can plan for a design refresh after the upgrade is finished. 

3. Performing the Drupal upgrade

Since Drupal 8’ initial release, the process of migrating from Drupal 7 to Drupal 8 has improved but it can still be a very complicated and time consuming procedure for complex sites. 

Unlike the previous Drupal upgrades, Drupal 8 migration isn’t an automatic upgrade. Drupal 7 site’s configuration and content are migrated individually into a new Drupal 8 site. To automate the creation of migration files, there are tools available but if your site is a complex one which uses many contributed modules or a lot of custom code, you will go so far only with automated tools. You will have to revisit business logic and choose new options to attain results that are similar or even deprecate the use of Drupal 7 contributed modules and also custom code in your site to make a shift to Drupal 8 and 9. 

Keep in mind that whether you choose to upgrade to Drupal 8 and then Drupal 9, or directly migrating from Drupal 7 to 9, the process and the migration considerations will certainly be the same. 

Learn more about Drupal 9 upgrade here:

Get an insight through the following webinar where the significance of migrating to the later versions of Drupal 7 is explained.

[embedded content]


Making an upgrade to other CMS

Along with the options of Drupal 8 and 9, you also have the option to migrate your site to a different CMS before Drupal 7 reaches end-of-life. Backdrop CMS is a flexible, lightweight and modernized platform which is built on Drupal 7 architecture with significant improvements. This platform selects smaller budget projects which are majorly concerned with websites that provide content via traditional HTML pages. It also has its own security team which closely works with the Drupal security team. 

Conclusion

It’s a known fact that upgrading comes with a lot of challenges. But as you start planning, things fall in place with the right approach and process. In this article, I tried giving you all the possibilities for a smooth migration from Drupal 7 to its later versions which is absolutely necessary since we all are heading towards Drupal 7 EOL.

Oct 21 2021
Oct 21

Website themes are pre-made designs for website content management systems or “CMS” like Drupal, WordPress, and Joomla. If you are looking for a secure, flexible, and scalable Enterprise-ready CMS, Drupal is the best choice. With the 20 top Drupal themes we researched for you it will be easy to get started with Drupal 9. 

 

Using a good Drupal theme as a starting point can give your project a head start. Some Drupal themes are highly opinionated and designed for specific use cases like e-commerce webshops or magazine style websites. Other themes in our top 20 are less opinionated and architected more like a framework. 

Here are the best Drupal 9 themes:

 

1. DXPR Theme

Best Drupal 9 themes

Time is of the essence. With DXPR Theme, you will build powerful marketing content faster. The DXPR Settings Dashboard gives you every customization you need to create a website that exceeds expectations. DXPR theme is installed on more than 2000 sites, and you’re going to love it too.

 

DXPR Theme is the fastest and most easy-to-use low-code theme that Drupal site builders deserve! Furthermore, thanks to the tight integration with the DXPR Drupal Layout Builder, this theme can be part of a state-of-the-art digital experience platform. 

 

This theme deserves the #1 spot because it has the highest number of customization options and features, and that’s how this theme will save you time and money. DXPR Theme is really more of a low-code theming platform than a theme. It’s based on Bootstrap 3, but a Bootstrap 4 update is coming in Q1 of 2021. 

DXPR Theme (Free)

Framework: Bootstrap 3 (Bootstrap 4 update coming soon)

 

2. Tico Theme

Drupal 9 theme Tico

Tico theme is a professional and modern business Drupal theme with an eye-catching look. Most suitable for any website for personal or business use. Tico is simple to use and highly customizable. It’s designed with user-friendliness in mind. Tico sports a distinctly unique, modern look. It has a super powerful theme control panel with many useful options and tools to manage your site: Block builder, customize, sliders, etc. Tico theme is built with Gavias Block Builder. The significant drag and drop builder allows you to create professional blocks in just some simple clicks. Besides, with over 19 widgets integrated, building content has never been this easy. Tico theme uses the latest web technologies: Drupal 9.x, Bootstrap 3, SASS, HTML5, CSS3, Font Awesome 4

Tico theme (48,- USD)

Framework: Bootstrap 3

 

3. TheMag Drupal Theme

Drupal 9 theme THEMAG

TheMAG Drupal theme lets you create a modern magazine website with a lot of ease. It is excellent for sites that want to rake in ad revenue or profit from content. This bestseller theme is perfect for blogging, journalism, or entertainment sites.

TheMAG comes with lots of features and is fully compatible with Drupal Thunder distribution. It utilizes and extends the powerful and unique Drupal Layout Builder that lets you create complex layouts and pages with few clicks.

Video Review

TheMag Theme ($54,- USD) 

Framework: Bootstrap 4

 

4. Jango Theme

Drupal 9 theme Jango

 Jango is an ever-growing multipurpose theme for Drupal 7 and 9. It is powered by visual shortcodes and a layout builder.

Jango is a flexible theme that will simply be able to support every site. Such as portfolios, blogs, corporate, product showcase, landing pages, and many others. By utilizing 300+ components, you can mix-and-match any element together.

Jango theme was fired and designed with creative and modern web trends. It provides the most reliable, smooth, clean, and intuitive user experience. Jango is bundled with a completely responsive design and suitable with all popular internet browsers and devices. Jango is genuinely a theme prepared to launch upon buy.

Video overview

Jango Theme ($59- USD)

Framework: Bootstrap 3

 

5. Pivot Theme

Drupal 9 theme Pivot

Pivot is the most sold theme on ThemeForest. Pivot is a fully featured multi-proposed, responsive, and Bootstrap based HTML5 Theme, which is suited for Business, Education, Hospitals, Corporate, and Portfolio type websites. 

Pivot includes the variant page builder through which you can build refreshing and confident appealing pages. It provides pre-build necessary pages like login, error, pages, and coming soon pages. 

 

Here are some best features.

  • MailChimp & Campaign Monitor Integration

  • Contact form with different variations and validation.

  • 14 Color schemes, LESS files are included for each scheme

  • Social media sites feed.

  • Variety of pages for login, Errors, and Coming soon, etc.

Pivot Theme ($48- USD)

Framework: Bootstrap 3

 

6. Progressive Theme

Drupal 9 theme Progressive

Progressive is a visual shortcode based theme. Most suitable for those who need a content-full website. This is available for both Drupal 7 and 9 versions. It provides 200+ interactive web elements, and 50+ pre-build stunning pages, usable for a variety of businesses. Livicone and mega sliders are included for free. You can create animated layered based sliders.

The progressive theme has support for e-commerce and the best choice for online stores. It is using Ubercart for Drupal 7 and Drupal Commerce for Drupal 9. You can sell your services, products and it is also comfortable for paid membership websites.  

Progressive Theme ($59- USD)

Framework: Bootstrap 3

 

7. Inston Theme

Drupal 9 theme Inston

Inston is a new, modern, and professional business theme. Inston is a super Drupal 9 theme specially built for freelancers, designers, artists, and all types of agencies. The template is ideal for showcasing your work or projects in the best manner possible. In the Inston package, five different homepages are available, easily customizable.

You can modify it with a few clicks to fit according to your needs. Inston is a great candidate for any kind of website. You can either use it for personal or business purposes. Inston is very easy to use and highly customizable. Designed with user-friendliness in mind. Inston supports a unique, modern look. This Drupal theme has a powerful control panel with sets of useful options and tools to manage your website. 

 

The Inston theme is built with Gavias content builder. This basic drag and drop builder allows you to create a professional block in just a few clicks. Besides, with over many widgets, integrated, building content is never more natural. Inston theme applies the latest web technologies Drupal 9, THML 5, CSS 3, Bootstrap 4, SASS, Font Awesome 5.

Inston Theme (43,- USD)

Framework: Bootstrap 4

 

8. EM Theme

Drupal 9 theme EM

 Em is a premium theme for Drupal 9, using thunder for publishing with an outstanding design and impressive features. Em is ideally suited for blogs, magazines, and news publishing websites. To make a content full website responsive for all devices is difficult. On the EM theme for Drupal 9, your site will look beautiful on every device.

 

You can use predefined layouts or simply drag, drop, and arrange everything to customize it down to your own taste. You can use different designs for each of your posts. Choose from 5 predefined layouts or create your own with only a few clicks. It gives a unique accent to the articles and makes them stand out with different styles. EM has support to reuse the existing media files and libraries like images and videos that you have previously used in your site. You can also start your E-shop on your website using EM. It is fully compatible with Drupal commerce.

EM Theme (59,- USD)

Framework: Bootstrap 4

 

9. Enar Drupal Theme

Drupal 9 theme Enar

 Enar is a modern, responsive, and Multi-Purpose Drupal 9 Theme. It is Created with the Bootstrap framework. Enar has great designs for the website of Creative Corporate, corporations, company profiles, personal portfolios, and more. You can create an impressive website or blog in minutes. Everything is possible with Enar.

It includes 10+ ready-to-use homepages with awesome design, unique concepts, scalable, responsive, amazing flexibility, premium plugins, useful shortcodes & many More.

Enar Drupal theme (58,- USD)

Framework: Bootstrap 3

 

10. Maarif Drupal Theme

Drupal 9 theme Maarif

Maarif is a fully responsive, unique & modern designed Drupal 9 Theme. This theme can be used for car servicing, car repairing, car wash, auto shop, mechanic shop, batteries shop, tire/wheel shop, multipurpose businesses. The code is well commented, so one can find it very easy to customize. It also includes detailed documentation where everything is described how to customize each template with screenshots. The developer tried to give an attractive look to this theme to gather more traffic on your website.

Maarif Drupal Theme (43,- USD)

Framework: Bootstrap 4

 

11. Pillar Theme

Drupal 9 theme Pillar

 Pillar is a rugged, responsive multipurpose Drupal 9 theme build with Bootstrap. Pillar embeds reusable HTML and modular CSS first, blending modern styling with clean markup everywhere in each template in the pack. take your startup business website to the next level, show off your one-page portfolio with smooth parallax, boost your blog, and amp up your multi-page corporate or mobile app website. The paragraph builder takes the pain out of building a website. It has an exclusive page builder to save time. Pillar forms the ideal starting point to Drupal projects of any kind.

Pillar Theme (48,- USD)

Framework: Bootstrap 3

 

12. Kunco Theme

Drupal 9 theme Kunco

 Kunco is best for charity crowdfunding and fundraising websites. It is a clean, modern, super flexible, and responsive Drupal theme. It comes packed with powerful features and functions. Kunco theme is best suited for charity organizations such as NGO non-profit donation and fundraising organization websites.
Users can customize it with the facility to fit their requirements. Kunco theme is built with a famous and flexible Gavias builder. Astonishing drag and drop builder permits us to build professional blocks, pages in a few simple clicks. Furthermore, it contains over 35+ widget integrations. Preparing and writing the content is not easy work to do. Kunco theme implemented and applied the latest technologies keeping in view the latest version of Drupal, which is Drupal 8.7.x, SASS, HTML5, CSS3, Font awesome.

Kunco Theme (56,- USD)

Framework: Bootstrap 3

 

13. Consulta Drupal Theme

Drupal 9 theme Consulta

Consulta Drupal theme is Perfect for Finance, Consulting & Business. Consulta is best suited for corporate websites like financial advisors, accountants, consulting firms, etc. This is a business template that is helpful for online presence for corporate businesses and financial firms. 

Consulta is fully responsive and retina ready, having 7+ headers and mega menus. It includes 11 pre-build readymade homepages you just have to include your own content. It has great SEO support (integration with most SEO Plugins)  

Consulta Drupal Theme (50,- USD)

Framework: Bootstrap 4

 

14. Facdori Theme

Drupal 9 theme Facdori

Facdori is the most reliable Drupal 9 Theme for industrial & factory businesses and companies. The theme is also ideal for construction, industry, architecture, engineering, manufacturing, building services, and other construction or industry-related services. The theme has its own super powerful theme control panel with many useful options and tools to manage your site: Block builder, customize, sliders, etc. Facdori Theme is built with Gavias Content Builder; the amazing drag and drop builder allows you to build professional blocks in a few clicks. Facdori theme applies the latest web technologies: Drupal 9.x, Bootstrap 4, SASS, HTML5, CSS3, Font Awesome 5.  

Facdori Drupal Theme (43,- USD)

Framework: Bootstrap 4

 

15. Rogan Theme

Drupal 9 theme Rogan

 Rogan is a multipurpose Drupal 9 theme for robust, eye-catching, and high-performance websites. The theme includes 7 home pages and 66 multipurpose demos and variants. This website has been developed using feature-rich plugin ideas and designs for a modern website. In this theme, the purchaser can find striking designs that best suits his needs.If you like Drupal and seeking a modern, clean, and flexible theme then Rogan is one of the topline recommendations for you to pick. This theme is adequate for corporate-level organizations, agencies, and any type of business. To display and share their company history, services, portfolio, and projects most creatively and professionally.

Rogan Drupal Theme (48,- USD)

Framework: Bootstrap 3 and 4

16. IBlue Drupal Theme

IBlue is a Responsive Drupal 9 clean and Professional Theme. It comes with over ten homepages and many more inner pages. It is decorated with awesome slideshows and color variations. Easy-to-customize and fully featured page design. This template is created for all sorts of businesses such as corporate, business, portfolios, hosting, creative, blogs, construction, and more.

Iblue Drupal Theme (49,- USD)

Framework: Bootstrap 3 and 4

 

17. Stack Drupal Theme

Drupal 9 theme stack

Stack is a completed multipurpose Drupal 9 theme built with reusability and modularity at the core. Combining contemporary styling with clean markup, Stack forms a good starting point for many types of website. They are boasting over 140 demo pages, 270 customizable interface blocks, and a plethora of carefully crafted base elements. Quality and quantity in equal measure.

Using the Paragraph Builder Stack theme includes 240+ interface blocks in the huge collection of customizable elements. This modular system enables site builders to build their own blocks quickly and easily, leaving more time for layout and interface experimentation. Stack never uses inline styles, junk classes, or layout-specific stylesheets.

Stack Drupal Theme (48,- USD)

Framework: Bootstrap 3

 

18. BizReview Directory Listing Drupal Theme 

Drupal 9 theme BizReview

On ThemeForest, BizReview is the best-selling theme for directories. ThemeForest review team selected it as a featured theme. There are no hidden charges, no extra fees to utilize features. All are available on the demo. You can create an interactive online directory portal with comprehensive searching, many map layers, attractive markers, and much more. A variety of tools are available for advertising. PayPal is also integrated in this theme. 

BizReview Theme (58, - USD)

Framework: Bootstrap 3

 

19. Wosh Theme

Drupal 9 theme Wosh

Wosh is a multipurpose Drupal 9 theme with e-commerce integration using Drupal commerce and featuring different product types, Product reviews, product attributes, carts, and all you need for your next online commerce shop.

 

This responsive e-commerce template built with bootstrap 4 will be ideal for any web developer to customize and make their own site become one of the top online shopping sites since this theme has a great combination of a clean, modern, minimalist design and many powerful features.

 

It has different header and footer options as well as unlimited color styles. Wosh is packed with various features and options to make a complete website, such as landing pages, sale promotion, sales product, etc. Whatever products that you are selling, it will catch your viewer’s interest fromfirst sight.

Wosh Theme ($49- USD)

Framework: Bootstrap 4

 

20. VoltBuzz Drupal Theme

Drupal 9 theme VoltBuzz

VoltBuzz- is a stylish and professional Drupal 9 theme for SEO and digital marketing. All kinds of digital marketing service Websites like SEO Services, online marketing, digital agencies, Social Media Marketing, and any other marketing strategies based agency can use it.This theme is easily customizable, fully responsive, and supported in all new browsers and devices. 

VoltBuzz Drupal theme (43,- USD)

Framework: Bootstrap 4

Should you use these Drupal themes on your next Drupal 9 project?

Here are some of the advantages for using one of the below top Drupal 9 themes:

  • All top Drupal themes are SEO friendly

  • You will get a great mobile responsive design with all Drupal themes

  • Easily customize these themes with theme settings

  • Theme owners provide updates to enhance website functionality and maintain browser compatibility so you won’t have to

For good measure we’ll also list a few disadvantages to consider:

  • With feature-rich themes you are increasing the technical debt in your project

  • The more opinionated a theme is the harder it will be to customize the theme. For example if your theme is an ecommerce theme it might be harder to make it work for a new magazine section on your website. Choose a less opinionated theme if you plan to grow your site beyond its initial scope.

Oct 21 2021
Oct 21

2021 CATEGORIES AND CRITERIA 

A panel of distinguished judges composed of digital experience platforms (DXP) and digital marketing experts evaluated submissions based on several criteria: functionality, integration, performance (results and key performance indicators), and overall user experience.  All submissions had to represent initiatives, updated features or projects built with Acquia that were completed during 2020 or 2021. Categories are as following, taken from Acquia Engage page

DOERS 

Reimagining Customer Experience: We want to see proof that “if you dream it, you can build it.” How has your team created flexible, open solutions that help your organization reinvent customer experience? We want to celebrate solutions that allow organizations to personalize, engage and connect with customers in new ways.

Best Campaign: Have you launched a great campaign that spoke to your customers and delivered results? Let us know how you organized and executed your campaign. And remember to back up your story with metrics that showcase that success.

Most Impactful Insights: When you drilled down into your customer data, did you find something that made you pivot how your organization does business? Tell us how your customer insights and/or analytics changed the game. 

Leader of the Pack: We want to hear from organizations that are setting the bar for digital experiences in their field or industry. 

BUILDERS

Best Return on Investment: Organizations that have implemented strategies that ensure governance and reduce cost and time-to-market... and have the results to prove it.

Quickest to Launch: Got things up and running at top speed in no time? We want to know how your team expertly leveraged Acquia to bring your solution from vision to fruition, fast. 

Open Source Giants: Strongest contribution to the Drupal ecosystem, through Drupal.org or GitHub code contributions, event sponsorship, community mentorship, or technical excellence. 

Scale: Scaling to accommodate online growth is tough: today it requires a meaningful change in the delivery model and adoption of new technologies, often in a way that changes the way organizations do business. Show us how you rose to the challenge and delivered amazing solutions at scale.

DREAMERS

Building A Better Tomorrow: This award is to applaud organizations that used their platform to make a difference, provide essential resources for their communities or design a new path forward. We want to showcase innovations and quick pivots that created better customer experiences and contributed toward a better society.

Pandemic Problem-Solver: As physical doors closed, digital doors opened. This past year, teams made quick decisions to continue to serve customers even in the face of COVID-19. We want to showcase innovative change, quick pivots and customer experiences that successfully met these new demands. 

Best of Both Worlds: We want to recognize organizations making the most of both Marketing Cloud and Drupal Cloud. How are you crafting the best digital experience out there through use of content and customer insights? 

Radical Innovator Award: We’re shaking it up this year and recognizing an individual, not just an organization. The Radical Innovator Award will go to an individual who defined their organization’s digital strategy and saw it through to execution and strong results. Their work has made an impact on the way their organization delivers customer experience. 

Regional Excellence: This award showcases the work of different regions across the globe.

Oct 21 2021
Oct 21

In preparation for the minor release, Drupal 9.3.x will enter the alpha phase the week of October 25, 2021. Core developers should plan to complete changes that are only allowed in minor releases prior to the alpha release. The 9.3.0-alpha1 deadline for most core patches is October 22, 2021. (More information on alpha and beta releases.)

  • Developers and site owners can begin testing the alpha after its release.

  • The 9.4.x branch of core will be created, and future feature and API additions will be targeted against that branch instead of 9.3.x. All outstanding issues filed against 9.3.x will be automatically migrated to 9.4.x.

  • Once 9.4.x is branched, alpha experimental modules will be removed from the 9.3.x codebase (so their development will continue in 9.4.x only).

  • All issues filed against 9.2.x will then be migrated to 9.3.x, and subsequent bug reports should be targeted against the 9.3.x branch.

  • During the alpha phase, core issues will be committed according to the following policy:

    1. Most issues that are allowed for patch releases will be committed to 9.3.x and 9.4.x.
    2. Most issues that are only allowed in minor releases will be committed to 9.4.x only. A few strategic issues may be backported to 9.3.x, but only at committer discretion after the issue is fixed in 9.4.x (so leave them set to 9.4.x unless you are a committer), and only up until the beta deadline.

Roughly two weeks after the alpha release, the first beta release will be created. All the restrictions of the alpha release apply to beta releases as well. The release of the first beta is a firm deadline for all feature and API additions. Even if an issue is pending in the Reviewed & Tested by the Community (RTBC) queue when the commit freeze for the beta begins, it will be committed to the next minor release only.

The release candidate phase will begin the week of November 22. See the summarized key dates in the release cycle, allowed changes during the Drupal 8 and Drupal 9 release cycles, and Drupal 8 and 9 backwards compatibility and internal API policy for more information.

The scheduled release date of Drupal 9.3.0 is December 8, 2021.

Drupal 10 branch will be open soon

The Drupal 10 branch will be opened for development when meaningful third party component updates are available. We will post an update when that happens.

Bugfix and security support of Drupal 9.2.x, 9.1.x, 8.9.x.

Security coverage for Drupal 8 and 9 is generally provided for the previous minor release as well as the newest minor release. However, Drupal 8.9.x is a Long-Term Support release where support is provided until November 2, 2021. Based on these the following changes are upcoming:

Drupal 8.9.x Security releases will be provided until November 2, 2021. Bugfix support is restricted to selected low-disruption major and critical bug-fixes. Drupal 9.1.x Security releases will be provided until the release of Drupal 9.3.0 on December 8, 2021. Bugfix support is restricted to selected low-disruption major and critical bug-fixes. Drupal 9.2.x Normal bugfix support ends on December 8, 2021. However, security releases are provided until the release of Drupal 9.4.0 on June 15, 2022.

Oct 21 2021
Oct 21

In a previous article on Drupal personalization I covered content personalization trends in terms of search frequency for the term "content personalization". We saw that interest in the term has been on the increase since around 2015 with possibly a peak being hit around 2020. Whilst it is too early to say that interest in the subject has collapsed, it certainly has taken a breather. In its place it appears that interest in "digital experience platform" (DXP) has picked up over the last couple of years. The chart below (Google Trends) shows the relative rise of DXP as a search term in contrast to personalization.

Red: DXP, Blue: Personalization

The rise in interest is DXP can be seen as an extension in the interest initially shown in content personalization. Attention is now moving from the concept of what it is to how it might be achieved. Personalization cannot be achieved by an isolated system. It requires the coordination of a number of processes including data gathering, management and processing to determine the next best piece of content to deliver to the user. Traditional content management systems (CMS) have been good at managing and delivering the content but not so good at orchestrating the delivery of the experience. Campaign management software has been effective at pushing content to users but has suffered from not having a view into what their interests are. And finally CRMs store content on known users but miss out on insights to anonymous users who probably make up the bulk of traffic to the website and other platforms. Digital Experience Platforms offer the promise of being able to bring the pieces of the puzzle together.

Customer Data Platforms (CDPs) potentially play a role in this ecosystem. They offer capabilities to form unified user profiles based on behaviour and the aggregation from a number of sources. They also offer user segmentation tools which can help drive the delivery of personalized content. In a similar way to DXPs, there has been a rise in interest in them as well over the last few years.

Red: DXP, Blue: Personalization, Yellow: CDP

In conclusion there is increased interest around technology to better understand users and how personalized content can be delivered to them across the various touchpoints.

But what is a DXP?

It has been said that there is no such thing as a DXP. By its very nature a DXP is a collection of different tools acting in unison with the ultimate aim of delivering digital experiences to users. As we know, the marketing technology landscape is vast with countless options available for almost any problem. Buyers will look for solutions which fit their needs, capabilities and budgets. This will inevitably lead to buyers working with a mix of technologies which may not be well integrated. The problem can then be seen as to how to coordinate these tools to act in unison. 

Gartner identifies a number of different capabilities for a DXP:

  • Content management
  • Account services
  • Personalization and context awareness
  • Analytics and optimization
  • Customer journey mapping
  • Customer data management
  • Presentation, delivery and orchestration
  • Search, navigation and insight
  • Collaboration and knowledge sharing
  • Security and access control
  • Artificial intelligence (AI)
  • Cloud capabilities
  • Architecture and platform design
  • Integration, interoperability and extensibility
  • Multiexperience support

The list is long and covers a wide range of requirements. In the DXP space vendors have been scrambling to build out platforms which tick the various boxes for what makes a DXP. The individual pieces of these solutions will have their strengths and weaknesses and may not be right for every customer. Tightly integrated solutions offer the advantage of enabling the flow of data and easier management, however, they may well offer the wrong type of solution for the customer. In all practicality it is not feasible to buy a single solution off the shelf and have success.

The rise of the composable DXP

Whilst DXP vendors have been making acquisitions to build out their monolithic platforms, a counter idea has emerged, that of the "composable" DXP. The main idea behind the composable DXP is the recognition that a monolithic solution is not going to be right for everyone. With the monolith comes vendor lock in and the inability to pick and choose "best of breed" solutions. In a fast moving world businesses need to be able to act in an agile manner to the changing landscape and demands.

In the Gartner report on the matter, the following recommendations were made:

  • Modernization of the DXP technology stack around the principles of composable business.
  • Improvements in operational agility by replacing the DXP monolith with a composable architecture.
  • Implementation of task-oriented packaged business capabilities

The ideas of the composable DXP has taken strong hold with many vendors now using the term in their marketing. This is particularly the case for smaller vendors who may not have developed their own monolith. Composable DXPs require coordination and integration. The focus is now on how well the tools work together and what the effort and cost is in making this happen. For buyers considering their platform, the concept of a composable DXP offers a way to reconceptualise the problem to focussing on business needs and processes, rather than a single silver bullet.

The open DXP

The rise the composable DXP with its emphasis on integration has necessarily lead to an evaluation capabilities of the components to interoperate. Open systems will fare better because they are outward looking and better able to work with other systems. Open source systems, with their collaborative nature, are at an advantage as they will more likely have a breadth of solutions available. Where there is a gap, new functionality can be easily incorporated. The architectures of open system will also make extensions easier to implement and incorporate.

"Openness" can be seen in two ways. The first refers to the licensing of the code. Open source systems will necessarily be open in this sense. However, in a wider sense, openness also refers to the ability for the system to be easily implemented and extended. Is the system open to being extended and improved. Solutions claiming to be open need to be evaluated in this light. 

Drupal's place in the DXP world

Drupal has earned its place as a leading enterprise CMS which excels at content management and integration. These have always been its strong points and as such it is extremely well placed to form a key part of a DXP. The Drupal ecosystem (hosting, code, support, knowhow) is capable of ticking many of the boxes for what makes up a DXP. 

Looking back at the Gartner list, it is apparent that there are key pieces missing:

  • Personalization and context awareness
  • Customer journey mapping
  • Customer data management
  • Orchestration
  • Architecture and platform design

These missing pieces should be seen as an opportunity for the Drupal community as they point the way to how Drupal, as a product, can be improved to remain future proof.

Interestingly, Drupal is namechecked by the composable DXP article:

Currently, most DXP products are too large and not task-oriented. This prevents organizations from managing them easily, or changing them quickly. DXP capabilities are not easily decomposable or replaceable. However, several DXPs do have extensibility built in, via robust APIs, extension frameworks (such as Drupal’s module framework) and/or app marketplaces. These can be the starting point on the journey toward composability.

Drupal is therefore seen as being well placed to take a central role in the composable DXP ecosystem due to its APIs and extensibility.

The future

There will no doubt continue to be increasied interest in DXPs from businesses looking to build integrated platforms. The rise of the composable DXP as a concept should see many smaller vendors with more open platforms starting to make an impact in the space. For Drupal, improvements in the areas of personalization and experience orchestration should see it build on the strong foundations it already has. This should see a range of DXP options becoming available as activity increases in the area.

Oct 20 2021
Oct 20

Our normally scheduled call to chat about all things Drupal and nonprofits will happen TOMORROW, Thursday, October 21 at 1pm ET / 10am PT. (Convert to your local time zone.)

We don't have anything on the agenda at the moment, so join us for an informal chat about anything at the intersection of Drupal and nonprofits. Got something specific on your mind? Feel free to share ahead of time in our collaborative Google doc: https://nten.org/drupal/notes!

All nonprofit Drupal devs and users, regardless of experience level, are always welcome on this call.

This free call is sponsored by NTEN.org and open to everyone.

View notes of previous months' calls.

Oct 20 2021
Oct 20

An in-depth analysis of how Drupal's development was sponsored between July 1, 2020 and June 30, 2021.

For the past few years, I've examined Drupal.org's contribution data to understand how the Drupal project works. Who develops Drupal? How diverse is the Drupal community? How much of Drupal's maintenance and innovation is sponsored? Where do sponsorships come from?

The report might be of interest even if you don't use Drupal. It provides insights into the inner workings of one of the largest Open Source projects in the world.

This year's report shows that:

  • Compared to last year, we have fewer contributions and fewer contributors. The slowdown is consistent across organizations, countries, project types, and more. I believe this is the result of COVID-19, where we are in the Drupal Super Cycle, and many Drupal shops being too busy growing.
  • Despite a slowdown, it's amazing to see that just in the last year, Drupal welcomed more than 7,000 individual contributors and over 1,100 corporate contributors.
  • Two-thirds of all contributions are sponsored, but volunteer contributions remain important to Drupal's success.
  • Drupal's maintenance and innovation depends mostly on smaller Drupal agencies and Acquia. We don't see many contributions from hosting companies, multi-platform digital agencies, system integrators, or end users.
  • Drupal's contributors have become more diverse, but are still not diverse enough.

For comparison, you can also look at the 2016 report, 2017 report, 2018 report, 2019 report, and the 2020 report.

Methodology

What data did I analyze?

I looked at all Drupal.org issues marked "closed" or "fixed" in the 12-month period from July 1, 2020 to June 30, 2021. This is across issues in Drupal Core and all contributed projects, including all major versions of Drupal.

What are Drupal.org issues?

Each "Drupal.org issue" tracks an idea, feature request, bug report, task, or more. It's similar to "issues" in GitHub or "tickets" in Jira. See https://www.drupal.org/project/issues for the list of all issues.

What are Drupal.org credits?

In the spring of 2015, I proposed some ideas for how to give credit to Drupal contributors. A year later, Drupal.org added the ability for contributors to attribute their work to an organization or customer sponsor, or mark it the result of volunteer efforts.

Example issue credit on drupal orgA screenshot of an issue comment on Drupal.org. You can see that jamadar worked on this patch as a volunteer, but also as part of his day job working for TATA Consultancy Services on behalf of their customer, Pfizer.

Drupal.org's credit system is unique and groundbreaking within the Open Source community. It provides unprecedented insights into the inner workings of a large Open Source project. There are a few limitations with this approach, which I'll address at the end of this report.

How is the Drupal community doing?

In the 12-month period between July 1, 2020 and June 30, 2021, Drupal.org's credit system received contributions from 7,420 different individuals and 1,186 different organizations. We saw a 10% decline in individual contributors, and a 2% decrease in organizational contributors.

Contributions by individuals vs organizations

For this report's time period, 23,882 issues were marked "closed" or "fixed", a 23% decline from the 2019-2020 period. This averages out to 65 issues marked "closed" or "fixed" each day.

In total, the Drupal community worked on 3,779 different Drupal.org projects this year compared to 4,195 projects in the 2019-2020 period — a 10% year-over-year decline.

Metric 2019 - 2020 2020 - 2021 Delta Number of individual contributors 8,303 7,420 -12% Number of organizational contributors 1,216 1,186 -2% Number of issues "fixed" or "closed" 31,153 23,882 -23% Number of projects worked on 4,195 3,779 -10%

Understanding the slowdown in contribution

Individual contributors slowed down

To understand the slowdown, I looked at the behavior of the top 1,000 contributors:

  • The top 1,000 individual contributors are responsible for 65% of all contributions. The remaining 6,420 individuals account for the remaining 35%. Overall, Drupal follows a long tail model.
  • In the last year, 77 of the top 1,000 individual contributors stopped contributing to Drupal, 671 contributed less, and 252 contributed more.

A 7.7% annual attrition rate in the top 1,000 contributors is very low. It means that the average contributor in the top 1,000 is active for 13 years. In other words, Drupal's top 1,000 contributors are extremely loyal — we should be grateful for their contributions and continued involvement in the Drupal project.

While we can't compare Open Source projects like Drupal to commercial companies, it might be useful to know that most commercial organizations are very happy with an attrition rate of 15% or less. This means that an employee stays with their employer for almost 6.5 years. Nowadays, a lot of people don't stay with their employer for that long. When it’s put that way, you can see that an attrition rate of 7.7% is very good!

The big takeaway is that the top individual and organizational contributors aren't leaving Drupal. They just became less active in 2020-2021.

Organizational contributors also slowed down

Next, I looked at the behavior of the top 250 organizations:

  • The top 250 organizational contributors are responsible for 82% of all contributions. The other 936 organizations account for the remaining 18%.
  • In the last year, 8 organizations (3%) stopped contributing, 168 (67%) contributed less, and 74 (30%) contributed more.
  • Five of the 8 organizations that stopped contributing were end users; they most likely switched their website away from Drupal. The remaining 3 were digital agencies. The end user attrition rate in the top 250 was 2%, while the digital agency attrition rate was 0.4%.

The top Drupal agencies remain very committed to Drupal. While many agencies contributed less, very few agencies stopped contributing to Drupal altogether.

Why are individuals and organizations contributing less?

As part of my research, I reached out to some of the top contributing Drupal agencies. The main reason why they are contributing less is that they are too busy growing:

  • We grew 33% so far in 2021. We have grown our contribution as well, but there has been a shift from code contributions to non-code contributions. We've contributed less code because Drupal has all the features we need to deliver amazing digital experiences, and has become really stable and robust. There has been less code to contribute. — Baddý Sonja Breidert, CEO of 1xINTERNET, Germany
  • We have grown 35% in the last year — from around 65 employees to 90. — Nick Veenhof, CTO of DropSolid, Belgium
  • Customer investment in digital has accelerated by several years the past 12 months. We grew our Drupal practice by 35% in the past year. — Paul Johnson, Drupal Director at CTI Digital, UK
  • We grew 27% in revenue last year. We expect to continue on that growth trajectory. Our only concern is shortage of Drupal talent. — Janne Kalliola, CEO of Exove, Finland
  • We grew 40% over the last year. This has been driven by an increased demand for large Drupal projects on tight deadlines. With more time pressures from clients and changing personal commitments, it’s been more difficult for people to find the time to contribute. But also, more of our contribution shifted from Drupal.org to GitHub, and doesn't use the credit system. — Stella Power, Managing Director of Annertech, Ireland
  • We experienced unexpected sales growth during COVID. Thanks to Drupal Commerce, we grew 95% in 2020 and 25% year to date. In addition, two of our leading contributors pursued other opportunities. As new team members get onboarded and the workload stabilizes, I'm hopeful we see our overall contributions increase again in 2022. — Ryan Szrama, CEO of Centarro, United States

It's great to see so many Drupal agencies doing well.

Other than being too busy with client work, the following secondary reasons were provided:

  • Drupal is a stable and mature software project. Drupal has all the features we need to deliver ambitious digital experiences. Furthermore, Drupal has never been this stable and robust; we don't have many bug fixes to contribute, either.
  • There is a shortage of Drupal talent; the people we hire don't know how to contribute yet.
  • COVID eliminated in-person events and code sprints. In-person events inspired our employees to contribute and collaborate. Without in-person events, it's hard to instill employees with a passion to contribute.
  • It's more difficult to teach new employees how to contribute when everyone is remote.
  • People want a vision for Drupal that they can rally behind. We have already achieved the vision: Drupal is for ambitious digital experiences. People want to know: what is next?
  • The tools and processes to contribute are becoming more complex; contribution has become more difficult and less desirable.
  • We are getting more efficient at managing major Drupal releases. Rector automates more and more of the upgrade work. When we work smarter, contribution drops.

There is no doubt that COVID has accelerated a lot of digital transformation projects, but it has also slowed down contribution. Parents are busy home-schooling their children, people have Zoom-fatigue, some families may have lost income, etc. COVID added both stress and extra work to people's lives. For many, this made contribution more difficult or less possible.

Drupal Super Cycle

Drupal agencies provided many valid reasons for why contribution is down. In addition to those, I believe a Drupal Super Cycle might exist. The Drupal Super Cycle is a new concept that I have not talked about before. In fact, this is just a theory — and only time will tell if it is valid.

The Drupal Super Cycle is a recognition that Drupal's development cycle ebbs and flows between a "busy period" and "quiet period" depending on when the next major release takes place. There is a "busy period" before a major release, followed by a "quiet period" after each major release.

Major Drupal releases only happen every 2 or 3 years. When a major release is close, contributors work on making their projects compatible. This requires extra development work, such as adopting new APIs, subsystems, libraries, and more. Once projects are compatible, the work often shifts from active development to maintenance work.

A visual representation of the Drupal Super Cycle; contribution accelerates just before a major release and slows down after.A slide from the my DrupalCon Europe 2021 keynote where I explain the Drupal Super Cycle theory.

The last major Drupal release was Drupal 9, released in June of 2020. Last year's report analyzed contribution activity between July 1, 2019 and June 30, 2020. This period includes the 11-month period leading up to the Drupal 9 release, the Drupal 9 release itself, and 1 month after the Drupal 9 release. It's the "busy period" of the Super Cycle because the Drupal community is getting thousands of contributed modules ready for Drupal 9.

This year's report analyzes contribution data starting 1 month after the Drupal 9 release. There was no major Drupal release this year, and we are still 9 to 14 months away from Drupal 10, currently targeted for the summer of 2022. We are in the "quiet period" of the Super Cycle.

If the Drupal Super Cycle concept is valid, we should see increased activity in next year's report, assuming we remain on track for a Drupal 10 release in June of 2022. Time will tell!

What is the community working on?

Contribution credits decreased across all project types, but increased for Drupal Core.

A graph showing the year over year growth of contributions per project type: only contributions to core grew

Core contributions saw a 7% year-over-year increase in credits, while work on contributed projects — modules, themes and distributions — are all down compared to last year.

Who are Drupal's top individual contributors?

The top 30 individual contributors between July 1, 2020 and June 30, 2021 are:

A graph showing the top 30 individual contributors ranked by the quantity of their contributions.A graph showing the top 30 individual contributors ranked by the impact of their contributions.

For the weighted ranking, I weighed each credit based on the adoption of the project the credit is attributed to. For example, each contribution credit to Drupal Core is given a weight of 10, because Drupal Core has about 1 million active installations. Credits to the Webform module, which has over 450,000 installations, get a weight of 4.5. And credits to Drupal's Commerce project get 0.5 points, as it is installed on around 50,000 sites.

The weighting algorithm also makes adjustments for Drupal's strategic initiatives. Strategic initiatives get a weight of 10, the highest possible score, regardless of whether these are being developed in Drupal Core's Git repository or in a sandbox on Drupal.org.

The idea is that these weights capture the end user impact of each contribution, but also act as a proxy for the effort required to get a change committed. Getting a change accepted in Drupal Core is both more difficult and more impactful than getting a change accepted to a much smaller, contributed project.

This weighting is far from perfect, but so is the unweighted view. For code contributions, the weighted chart may be more accurate than a purely unweighted approach. I included both charts:

No matter how you look at the data, all of these individuals put an incredible amount of time and effort into Drupal.

It's important to recognize that most of the top contributors are sponsored by an organization. We value the organizations that sponsor these remarkable individuals. Without their support, it could be more challenging for these individuals to contribute.

How much of the work is sponsored?

When people contribute to Drupal, they can tag their contribution as a "volunteer contribution" or a "sponsored contribution". Contributions can be marked both volunteer and sponsored at the same time (shown in jamadar's screenshot near the top of this post). This could be the case when a contributor does paid work for a customer, in addition to using unpaid time to add extra functionality or polish.

For those credits with attribution details, 16% were "purely volunteer" (7,034 credits). This is in stark contrast to the 68% that were "purely sponsored" (29,240 credits). Put simply, roughly two-thirds of all contributions are "purely sponsored". Even so, volunteer contribution remains very important to Drupal.

A graph showing how many of the contributions are volunteered vs sponsored.

Volunteers contribute across all areas of the project. A lot of volunteer time and energy goes towards non-product related contributions such as event organization, mentoring, and more. Non-code contributions like these are very valuable, yet they are under-recognized in many Open Source communities.

Contributions by project type

Who are Drupal's top organizational contributors?

Similar to the individual contributors, I've ranked organizations by both "unweighted contributions" and "weighted contributions". Unweighted scores are based solely on volume of contributions, while weighted scores also try to take into account both the effort and impact of each contribution.

A graph showing the top 30 organizational contributors ranked by the quantity of their contributions.A graph showing the top 30 organizational contributors ranked by the impact of their contributions.

If you are an end user looking for a company to work with, these are some of the companies I'd work with first. Not only do they know Drupal best, but they also help improve your investment in Drupal. If you are a Drupal developer looking for work, these are some of the companies I'd apply to first.

A variety of different types of companies are active in Drupal's ecosystem:

Category Description Traditional Drupal businesses Small-to-medium-sized professional services companies that primarily make money using Drupal. They typically employ fewer than 100 employees. Because they specialize in Drupal, many of these companies contribute frequently and are a huge part of our community. Examples are Third and Grove, OpenSense Labs, Srijan, etc. Digital marketing agencies Larger full-service agencies that have marketing-led practices using a variety of tools, typically including Drupal, Adobe Experience Manager, Sitecore, WordPress, etc. Many of these larger agencies employ thousands of people. Examples are Wunderman Thompson, Possible, and Mirum. System integrators Larger companies that specialize in bringing together different technologies into one solution. Example system integrators are Accenture, TATA Consultancy Services, EPAM Systems, and CI&T. Hosting companies Examples are Acquia, Pantheon, and Platform.sh, but also Rackspace or Bluehost. End users Examples are the European Commission or Pfizer.

A few observations:

  • Most of the sponsors in the top 30 are traditional Drupal businesses with fewer than 100 employees. With the exception of Acquia, Drupal's maintenance and innovation largely depends on these small Drupal businesses.
  • The larger, multi-platform digital marketing agencies are barely contributing to Drupal. Only 1 digital marketing agency shows up in the top 30: Intracto with 410 credits. Hardly any appear in the entire list of contributing organizations. I'm frustrated that we have not yet found the right way to communicate the value of contribution to these companies. We need to incentivize these firms to contribute with the same level of commitment that we see from traditional Drupal businesses.
  • The only system integrator in the top 30 is CI&T with 1,177 credits. CI&T is a smaller system integrator with approximately 5,200 employees. We see various system integrators outside of the top 30, including EPAM Systems (138 credits), TATA Consultancy Services (109 credits), Publicis Sapient (60 credits), Capgemini (40 credits), Globant (8 credits), Accenture (2 credits), etc.
  • Various hosting companies make a lot of money with Drupal, yet only Acquia appears in the top 30 with 1,263 credits. The contribution gap between Acquia and other hosting companies remains very large. Pantheon earned 71 credits compared to 122 last year. Platform.sh earned 8 credits compared to 23 in the last period. In general, there is a persistent problem with hosting companies not contributing back.
  • We only saw 1 end user in the top 30 this year: Thunder (815 credits). Many end users contribute though: European Commission (152 credits), Pfizer (147 credits), bio.logis (111 credits), Johnson & Johnson (93 credits), University of British Columbia (105 credits), Georgia Institute of Technology (75 credits), United States Department of Veterans Affairs (51 credits), NBCUniversal (45 credits), Princeton University (43 credits), Estée Lauder (38 credits), University of Texas at Austin (22 credits), and many more.
A graph showing that Acquia is by far the number one contributing hosting company.A graph showing that CI&T is by far the number one contributing system integrator.

I often recommend end users to mandate contributions from their partners. Pfizer, for example, only works with agencies that contribute back to Drupal. The State of Georgia started doing the same; they made Open Source contribution a vendor selection criteria. If more end users took this stance, it could have a big impact on Drupal. We'd see many more digital agencies, hosting companies, and system integrators contributing to Drupal.

While we should encourage more organizations to sponsor Drupal contributions, we should also understand and respect that some organizations can give more than others — and that some might not be able to give back at all. Our goal is not to foster an environment that demands what and how others should give back. Instead, we need to help foster an environment worthy of contribution. This is clearly laid out in Drupal's Values and Principles.

How diverse is Drupal?

Supporting diversity and inclusion is essential to the health and success of Drupal. The people who work on Drupal should reflect the diversity of people who use the web.

I looked at both the gender and geographic diversity of Drupal.org contributors.

Gender diversity

While Drupal is slowly becoming more diverse, less than 9% of the recorded contributions were made by contributors who do not identify as men. The gender imbalance in Drupal remains profound. We need to continue fostering diversity and inclusion in our community.

A graph showing contributions by gender: 67% of the contributions come from people who identify as male.

A few years ago I wrote a post about the privilege of free time in Open Source. I made the case that Open Source is not a meritocracy. Not everyone has equal amounts of free time to contribute. For example, research shows that women still spend more than double the time as men doing unpaid domestic work, such as housework or childcare. This makes it more difficult for women to contribute to Open Source on an unpaid, volunteer basis. Organizations capable of giving back should consider financially sponsoring individuals from underrepresented groups to contribute to Open Source.

A graph that shows that compared to males, female contributors do more sponsored work, and less volunteer work.Compared to men, women do more sponsored work, and less volunteer work. We believe this is because men have the privilege of more free time.

Free time being a privilege is just one of the reasons why Open Source projects suffer from a lack of diversity.

The gender diversity chart above shows that there is a growing number of individuals that no longer share their gender identity on Drupal.org. This is because a couple of years ago, the gender field on Drupal.org profile was deprecated in favor of a Big 8/Big 10 demographics field.

Today, over 100,000 individuals have filled out the new "Big 8/Big 10" demographics field. The new demographics field allows for more axes of representation, but is also somewhat non-specific within each axis. Here are the results:

A graph showing different axes of diversity in Drupal

Diversity in leadership

Drupal.org recently introduced the ability for contributors to identify what contributor roles they fulfill. The people who hold these key contribution roles can be thought of as the leaders of different aspects of our community, whether they are local community leaders, event organizers, project maintainers, etc. As more users begin to fill out this data, we can use it to build a picture of the key contributor roles in our community. Perhaps most importantly, we can look at the diversity of individuals who hold these key contributor roles. In next year's report we will provide a focused picture of diversity in these leadership positions.

Geographic diversity

We saw individual contributors from 6 continents and 121 countries. Consistent with the trends described above, most countries contributed less compared to a year earlier. Here are the top countries for 2020-2021:

 A graph showing the top 20 contributing countries in 2021.The top 20 countries from which contributions originate. The data is compiled by aggregating the countries of all individual contributors behind each issue. Note that the geographical location of contributors doesn't always correspond with the origin of their sponsorship. Wim Leers, for example, works from Belgium, but his funding comes from Acquia, which has the majority of its customers in North America. Wim's contributions count towards Belgium as that is his country of residence.

Europe contributes more than North America. However, contribution from Europe continues to decline, while all other continents have become more active contributors.

A graph that shows most contributions in 2021 come from Europe and North America.

Asia, South America, and Africa remain big opportunities for Drupal; their combined population accounts for 6.3 billion out of 7.5 billion people in the world.

Limitations of the credit system

It is important to note a few of the current limitations of Drupal.org's credit system:

  • The credit system doesn't capture all code contributions. Parts of Drupal are developed on GitHub rather than Drupal.org. Contributions on GitHub usually aren't credited on Drupal.org. For example, a lot of the work on the Automatic Updates initiative is happening on GitHub instead of Drupal.org, and companies like Acquia and Pantheon don't get credit for that work.
  • The credit system is not used by everyone. Because using the credit system is optional, many contributors don't. For example, while they could, not all event organizers and speakers capture their work in the credit system. As a result, contributions often have incomplete or no contribution credits. Where possible, we should automatically capture credits. For example, translation efforts on https://localize.drupal.org are not currently captured in the credit system, but could be automatically.
  • The credit system doesn't accurately value complexity and quality. One person might have worked several weeks for just 1 credit, while another person might receive a credit for 10 minutes of work. Each year we see a few individuals and organizations trying to game the credit system. In this post, I used a basic weighting system based on project adoption. In future, we should consider refining that by looking at issue priority, patch size, number of reviews, etc. This could help incentivize people to work on larger and more important problems and save smaller issues, such as coding standards improvements, for new contributor sprints.

Because of these limitations, the actual number of contributions and contributors could be much higher than what we report.

Conclusions

While we have fewer contributions and fewer contributors compared to last year, it is not something to be worried about. We can attribute this to various things, such as COVID-19, agency growth, and the Drupal Super Cycle.

Our data confirms that Drupal is a vibrant community full of contributors who are constantly evolving and improving the software. It's amazing to see that just in the last year, Drupal welcomed more than 7,000 individual contributors and over 1,100 corporate contributors.

To grow and sustain Drupal, we should support those that contribute to Drupal and find ways to get those that are not contributing involved in our community. We are working on several new ways to make it easier for new contributors to get started with Drupal, which I covered in my latest DrupalCon keynote. Improving diversity within Drupal is critical, and we should welcome any suggestions that encourage participation from a broader range of individuals and organizations.

Special thanks to Tim Lehnen, CTO at the Drupal Association, for supporting me during my research.

Oct 20 2021
Oct 20

Lynette has been part of the Drupal community since Drupalcon Brussels in 2006. She comes from a technical support background, from front-line to developer liaison, giving her a strong understanding of the user experience. She took the next step by writing the majority of Drupal's Building Blocks, focused on some of the most popular Drupal modules at the time. From there, she moved on to working as a professional technical writer, spending seven years at Acquia, working with nearly every product offering. As a writer, her mantra is "Make your documentation so good your users never need to call you."

Lynette lives in San Jose, California where she is a knitter, occasionally a brewer, a newly-minted 3D printing enthusiast, and has too many other hobbies. She also homeschools her two children, and has three house cats, two porch cats, and two rabbits.

Oct 20 2021
Oct 20

What are the benefits of LocalGov Drupal?

1. Low cost

With no licence fees to pay, and being free and open source, LocalGov Drupal means you can have a best-in-class, enterprise-grade website for your council at a fraction of the price of a licenced, proprietary website. And remember, you’ll pay that licence before a line of code is written to develop the website to your brand guidelines. Meaning, with LocalGov Drupal, budget is freed up to spend on other services for the homeless, health, education, etc.

2. Rigorously tested

Since LocalGov Drupal is a collaboration between a number of councils and development agencies, it’s well-tested before any new feature is released. More, you have the reassurance of knowing that each feature has an automated test suite alongside it, developed by some of the best Drupal developers in the world.

As well as that, you can see for yourself websites built on the codebase – Brighton-Hove, Cumbria, Bracknell Forest, Croydon, and many more. And being open source, you can have your in-house developers download it and validate the codebase.

3. WCAG 2.1 AA compliant

LocalGov Drupal is built with accessibility at the core. Each feature is tested from a number of accessibility standpoints and WCAG 2.1 AA criteria. We want to ensure everyone can use our websites fully, whether they have accessibility requirements or not.

4. Faster development time

As the features you need for your council website are already built and ready to go, development turnaround time is much faster. Typically, creating a new council website can often take up to a year. However, LocalGov Drupal websites are typically launched in only 8 to 12 weeks.

And, with a shared feature set, the development budget is mostly used creating the look and feel of your website (called “frontend development” – fonts, colours, spacing, etc). Given Annertech were tasked with writing the base frontend system for the platform, who better to implement it on your council website.

5. No vendor lock-in

As an open-source product, there is no vendor lock-in with LocalGov Drupal. You do not need to sign up for a licence for any period of time. If you want to take your website and have another development agency work on it, you are free to do so. You own the codebase at all times. All you’ll need is another Drupal specialist.

6. Share features

Collaborating with others means we learn from one another. Through LocalGov Drupal you have access to people who have solved a problem you’re currently experiencing.  

What if you want a feature that isn’t available yet? Simply send a proposal to the product working group. If your proposal is accepted (i.e., it’s a feature lots of councils will use), we will work on it. If it is not accepted (perhaps it’s very specific to your council), you are free to work on it yourself and maintain it for just your website. Also, you could  share it with the smaller number of councils that will need that feature.

Oct 20 2021
Oct 20

In today’s fast-paced and dynamic digital world, it’s nearly a requirement for businesses to deliver web experiences that are more secure, better performing and feature-rich. Luckily, there is an easy way to close the gap if your organization is still a little behind; Simply get your CMS updated to its latest version.   
 
With the release of Drupal 9 in mid 2020 and the news of an imminent Drupal 10 release, the mid-cycle time frame can be a confusing time for some organizations. As the details become more clear, Specbee is here to answer all your questions about Drupal 10. We’ll also help you get prepared for Drupal 10 and give you updates on what the Drupal 10 readiness initiative team is currently working on later in this article.

Drupal Upgrade

When does Drupal 10 release and why is it releasing so soon?

Drupal 10 is tentatively scheduled to release between June 2022 and November 2022. As of the latest reports, the Drupal 10 readiness initiative team has been making great progress and is on track with its goals and deliverables - which means any delay would be unexpected.
 
The reason for such a fast cycle from Drupal 9 to Drupal 10 is that, since the release of Drupal 8 and its adoption of continuous innovation practices, Drupal has fueled integrations and dependencies with many third-party components which has, in a positive turn, actively driven technology advances. Integrating some of these fantastic components like Composer, PHP, Symfony and CKEditor (amongst many others) has taken Drupal’s usability and robustness to another level as well as opened doors to wider pools of talent.

But all of these component and dependency advances also means that Drupal will have to move at a faster pace to keep up with those release cycles. With every major integration update to major/minor versions, Drupal needs to update its major/minor versions as well.
 
Symfony is one of Drupal’s biggest dependencies. Drupal 9 requires Symfony 4 which reaches its End Of Life (EOL) by November 2023. There is a similar situation with CKEditor and other 3rd party components as well. With those major components reaching EOL, Drupal 9 will also be reaching EOL by November 2023. In preparation, Drupal 10 is scheduled to be released before then (between the window of June and November 2022) to give organizations enough time to upgrade.

DriesNote at DrupalCon

DriesNote at DrupalCon Europe 2021 - https://youtu.be/VuSBnL_uG2I

Upgrade to Drupal 8 or Drupal 9?

When Drupal 7 was released early 2011, there was huge excitement among the community because of the massive leap from Drupal 6. It was also a long time coming… It took almost three years of hard work, passion and commitment to build that game-changing version of Drupal.
 
But now that Drupal 7 is more than 10 years old (which is a century in “website age”), it is time to move on to a modern version of Drupal for all organizations. Drupal 7 reaches End of Life (EOL) in November 2022. One of the bigger reasons for this is that, with PHP and MySQL releasing their latest versions, it’s harder for Drupal 7 to stay compatible and for websites still using it to work as intended. More importantly, organizations are also missing out on key improvements and features that have been made since its restructuring in Drupal 8.
 
Drupal 8 was released in November 2015 and brought in huge architectural changes while embracing modern libraries and components. It was a whole paradigm shift for Drupal. With those advancements came semantic versioning, shorter release cycles and, most importantly, easy future upgrades - to the appreciation of many.
 
So, if you’re on Drupal 7 or Drupal 8, what’s your next move? That decision is a bit easier than you might expect. Drupal 8 reaches EOL by November 2, 2021 (it will no longer receive any further community support or security fixes) and all Drupal 8 sites need to upgrade to Drupal 9 before then. We recommend moving to Drupal 9 now. The good news is that the upgrade from Drupal 8 to Drupal 9 is really easy!
 
Drupal 9 was released in June 2020 and wasn’t very different from the last version of Drupal 8. The main difference is that it had cleaner & leaner code, the latest versions of some of the best technologies and a modern default theme.

Update Drupal 9

Image Credits: Drupal.org

Get Drupal 10 Ready

The other good news is that the upgrade from Drupal 9 to Drupal 10 is going to be even easier! With the help of amazing tools like Rector to help you with automating code updates, upgrading your Drupal 9 site to Drupal 10 is going to be 300% more automated than a Drupal 8 to Drupal 9 upgrade.

According to the recent DriesNote at DrupalCon Europe 2021, the Drupal 10 readiness initiative has been making some amazing progress and completed 70% of the work already!
 
Here’s what you can do to get ready for Drupal 10:

  • If you’re still on Drupal 7 (or Drupal 6), find a reliable and skilled Drupal partner to help you with a seamless migration to Drupal 9.
  • If you’re on Drupal 8, make that easy upgrade to Drupal 9 soon (before Drupal 8 EOL)
  • Make sure you have updated to the latest (last released) version of Drupal 9
  • Upgrade all your contributed projects to remove deprecations to support Drupal 10.
  • This will ensure that it supports all the latest released libraries, components and latest PHP versions (as their older versions will deprecate in Drupal 10)
  • From here, it is going to be an easy ride to Drupal 10 with just a simple core upgrade.

Updates from the Drupal 10 Readiness Initiative

Drupal 10 is already being built in Drupal 9. According to the Drupal 10 readiness initiative team, “Drupal 10 will be a refined version of Drupal 9”. The team has been working hard since March 2020 to make sure Drupal 10 is released on time without any glitches. If you would like to contribute to the initiative, you can do so through many different ways. Check out how you can help here.
 
Here are some of the latest updates from the Drupal 10 readiness initiative:
 
1. Symfony 6 compatibility

Resolved Symfony 4 deprecations in Drupal 9 for Symfony 5. It's just better for site owners and module developers to have as much Symfony 6 compatibility as possible in 9.3. 
 
2. Remove jQuery UI components used by Drupal core and replace with a set of supported solutions

Rebuild jQuery UI functionality ourselves. This could be done either by using vanilla JavaScript or by using a framework such as React.
 
3. Provide a proper mechanism for deprecating modules

A set of best practices for naming, versioning, deprecating, leaving wrappers or not, forcing uninstallation, etc. Introduce a 'lifecycle' -property to be used in info.yml files, both for themes and modules.
 
4. Allow Drupal 9 to be installed with Twig 3

We don't know exactly when Twig 2 EOL will be, but whether it forces an update in Drupal 10 or 11, it is better to upgrade to Twig 3. 
 
5. Add optional support for CKEditor 5 in Drupal 9 so we can remove CKE 4 from Drupal 10

Moving Ckeditor 5 to contrib for seeking the support from the community. The CKEditor 5 module needs to be stable in the last Drupal 9 minor if we want to be able to deprecate CKEditor 4 before Drupal 10, so we can remove CKEditor 4 in Drupal 10.
 
6. Php 8.1 support for Drupal 9 and Drupal 10

There is a great progress on PHP 8.1 compatibility. It has only two internal issues to fix now. Also, PHP 8.1 is in RC3, so it is quite stable now to work against.
 
7. Upgrade to Guzzle 7

Guzzle has been updated to Guzzle 7.3.0. It requires psr/http-client 1.0.1, which has also been added as a dependency.
 
8. Replace Classy with a starter kit theme 

Replace Classy with a new starter kit theme. The starter kit markup and CSS will be allowed to change over time since it acts only as a starting point for themes.
 
9. Remove deprecated modules on the Drupal 10 branch 

Remove modules where agreement was made and modules were deprecated in Drupal 9.
 
A big thanks to @AkshayDevadiga, who is also a contributor to the Drupal 10 readiness initiative, for these helpful updates!

Oct 19 2021
Oct 19

Website reconnaissance is one of the elements of a security audit. This task can be automated to some extent by choosing one of the free, open-source programs available on the web. One of such tools is Droopescan.

What is Droopescan?

Droopescan is a script allowing speeding up the initial reconnaissance of the audited website if it uses one of the CMSs listed below. The script enables defining your own plugins, which can allow even greater automation of the initial review process. You can find more about creating own plugins, that extend the functionality of the script, in README.md on the previously linked tool’s page on Github.

Drupal scanner features

Droopescan capabilities vary depending on the content management system.

In Drupal, these are the functions that allow identifying:

  • installed plugins,
  • installed themes,
  • paths of interest to a potential attacker (such as the login panel or the changelog file),
  • Drupal version used.

In Joomla and WordPress, you can identify the paths of interest to an attacker, and the used version of these systems. In another CMS, Moodle, the Droopescan tool can recognize the installed plugins and themes, and the version of the content management system in use.

In the Silverstripe system, we'll identify:

  • installed plugins,
  • installed themes,
  • paths of interest to an attacker,
  • Silverstripe version used.

Methods of installing the script

The developers have prepared several methods of installing the script. We can choose the most appropriate way, depending on our preferences.

Using pip

This is the installation method recommended by the creators:

apt-get install python-pip pip install droopescan

Manual installation

To install the script manually, run the following commands:

git clone https://github.com/droope/droopescan.git cd droopescan pip install -r requirements.txt ./droopescan scan --help

On the BlackArch distribution

For installation on the BlackArch distribution, the creators recommend using pacman:

sudo pacman -S droopescan

Docker

Droopescan can also be installed as a Docker container:

git clone https://github.com/droope/droopescan.git cd droopescan docker build -t droope/droopescan . # display help docker run --rm droope/droopescan # example scanning a drupal site docker run --rm droope/droopescan scan drupal -u https://drupal.example.com

Unboxing

The Droopescan script is very flexible and allows configuring the scan as you wish. Thanks to the settings, we can change the type of scan, choosing one of the available frameworks, provide an address or a list of addresses to be scanned, and much, much more. Here's a complete list of the configurable options.

Commands

droopescan scan --help

Opens a list of the available commands.

droopescan scan

{drupal|joomla|moodle|silverstripe|wordpress}

Runs the scripts responsible for scanning the website that uses the selected CMS.

droopescan scan --debug

Runs the debug output.

droopescan scan --quiet

Enables silent mode that doesn't show the information about the scan while it's running.

droopescan scan -u {URL} and droopescan scan --url {URL}

They allow defining the target of the scan.

droopescan scan -U {URL_FILE} and droopescan scan --url-file {URL_FILE}

They allow defining the file path where the target scan websites are located. The file structure should look like this:

> cat example.txt http://localhost/drupal/8.9.0/ http://localhost/drupal/8.7.1/ http://localhost/drupal/8.9.13/ http://example.com

droopescan scan -e {a, t, p, v, i} and droopescan scan --enumerate {a, t, p, v, i}

They allow defining what the script should scan:

  • p - plugins,
  • t - themes,
  • v - version,
  • i - useful links,
  • a (default) - all.

droopescan scan --method {not_found, forbidden, ok}

It allows specifying what type of error is treated as an indicator and whether a given path exists. For some servers, it's 403, for others – 404. By default, the script tries to deduce this itself.

droopescan scan --verb {head, get}

It allows specifying the type of request that the script will use. The default option is head.

droopescan scan --number {NUMBER} droopescan scan -n {NUMBER}

Specifies the number of words to be checked from the plugins or themes dictionary. It's one thousand by default. To use all available, you should type all.

droopescan scan --plugins-base-url {PLUGINS_BASE_URL}

Allows specifying the path where plugins are stored in the CMS. Without providing this parameter, the script checks the default path for a given system.

droopescan scan --themes-base-url {THEMES_BASE_URL}

Allows specifying the path where themes are stored in the CMS. Without providing this parameter, the script checks the default path for a given system.

droopescan scan --timeout {TIMEOUT}

Specifies how long the script should wait for an HTTP response in seconds.

droopescan scan --no-follow-redirects

Enabling this flag prevents redirects from being followed.

droopescan scan --host {HOST}

Overwrites the host query header with the provided value.

droopescan scan --user-agent {USER_AGENT}

Overwrites the User Agent header of the query.

droopescan scan --massscan-override

Using this flag replaces the default values with those convenient for mass scanning of hosts.

droopescan scan --threads {THREADS} and droopescan scan -t {THREADS}

A number of threads used for scanning. It’s 4 by default.

droopescan scan --threads-identify {THREADS_IDENTIFY}

A number of threads used for CMS identification.

droopescan scan --threads-scan {THREADS_SCAN}

A number of threads used for mass scanning of hosts.

droopescan scan --threads-enumerate {THREADS_ENUMERATE}

A number of threads used for plugins identification.

droopescan scan --output {standard, json} and droopescan scan -o {standard, json}

Allows specifying the format of the output returned by the script.

droopescan scan --hide-progressbar

Enabling this flag allows turning off the progress bar.

droopescan scan --debug-requests

Enabling this flag enters into the console the contents of all HTTP requests made by the script, together with the response received from the server. Enabling this flag disables scan threading and progress bars.

droopescan scan --error-log {ERROR_LOG}

Allows defining the file that all scan errors will be logged to.

droopescan scan --resume

Returns the scan to the stage where it was last completed. It's a useful option when using mass scanning.

Example of using Droopescan

Our test page uses Drupal 8.9.15 and contains a list of many popular modules. It uses a custom theme, and logging into the admin panel is carried out with the default path.

To start the scan, we'll use the command:

droopescan scan drupal -u example.com

You can see the result of the scan below.

➜  droopescan git:(master) docker run --rm droope/droopescan scan drupal -u example.com
modules [ ===                                                ] 224/4000 (5%)[+]  Got an HTTP 500 response.
modules [ ====                                               ] 287/4000 (7%)[+]  Got an HTTP 500 response.
modules [ ====                                               ] 288/4000 (7%)[+]  Got an HTTP 500 response.
modules [ ========                                           ] 626/4000 (15%)[+]  Got an HTTP 500 response.
modules [ ==============                                     ] 1053/4000 (26%)[+]  Got an HTTP 500 response.
modules [ ==============                                     ] 1056/4000 (26%)[+]  Got an HTTP 500 response.
modules [ ================                                   ] 1272/4000 (31%)[+]  Got an HTTP 500 response.
modules [ ============================                       ] 2227/4000 (55%)[+]  Got an HTTP 500 response.
modules [ ================================                   ] 2509/4000 (62%)[+]  Got an HTTP 500 response.
modules [ ===============================================    ] 3746/4000 (93%)[+]  Got an HTTP 500 response.
[+] Accepted redirect to https://www.example.com/
[+] Plugins found:
    image_widget_crop https://www.example.com/sites/all/modules/image_widget_crop/
    flexslider_views_slideshow https://www.example.com/sites/all/modules/flexslider_views_slideshow/
    service_links https://www.example.com/sites/all/modules/service_links/
    compact_forms https://www.example.com/sites/all/modules/compact_forms/
    strongarm https://www.example.com/sites/default/modules/strongarm/
    video_embed_field https://www.example.com/sites/default/modules/video_embed_field/
    tablefield https://www.example.com/sites/default/modules/tablefield/
    ctools https://www.example.com/modules/contrib/ctools/
        https://www.example.com/modules/contrib/ctools/README.txt
        https://www.example.com/modules/contrib/ctools/LICENSE.txt
    token https://www.example.com/modules/contrib/token/
        https://www.example.com/modules/contrib/token/README.md
        https://www.example.com/modules/contrib/token/LICENSE.txt
    pathauto https://www.example.com/modules/contrib/pathauto/
        https://www.example.com/modules/contrib/pathauto/README.md
        https://www.example.com/modules/contrib/pathauto/LICENSE.txt
    metatag https://www.example.com/modules/contrib/metatag/
        https://www.example.com/modules/contrib/metatag/CHANGELOG.txt
        https://www.example.com/modules/contrib/metatag/README.txt
        https://www.example.com/modules/contrib/metatag/LICENSE.txt
    field_group https://www.example.com/modules/contrib/field_group/
        https://www.example.com/modules/contrib/field_group/CHANGELOG.txt
        https://www.example.com/modules/contrib/field_group/README.txt
        https://www.example.com/modules/contrib/field_group/LICENSE.txt
    google_analytics https://www.example.com/modules/contrib/google_analytics/
        https://www.example.com/modules/contrib/google_analytics/README.md
        https://www.example.com/modules/contrib/google_analytics/LICENSE.txt
    redirect https://www.example.com/modules/contrib/redirect/
        https://www.example.com/modules/contrib/redirect/README.txt
        https://www.example.com/modules/contrib/redirect/LICENSE.txt
    colorbox https://www.example.com/modules/contrib/colorbox/
        https://www.example.com/modules/contrib/colorbox/README.txt
        https://www.example.com/modules/contrib/colorbox/LICENSE.txt
    features https://www.example.com/modules/contrib/features/
        https://www.example.com/modules/contrib/features/LICENSE.txt
    devel https://www.example.com/modules/contrib/devel/
        https://www.example.com/modules/contrib/devel/README.txt
        https://www.example.com/modules/contrib/devel/LICENSE.txt
    admin_toolbar https://www.example.com/modules/contrib/admin_toolbar/
        https://www.example.com/modules/contrib/admin_toolbar/CHANGELOG.txt
        https://www.example.com/modules/contrib/admin_toolbar/README.txt
        https://www.example.com/modules/contrib/admin_toolbar/LICENSE.txt
    better_exposed_filters https://www.example.com/modules/contrib/better_exposed_filters/
        https://www.example.com/modules/contrib/better_exposed_filters/README.txt
        https://www.example.com/modules/contrib/better_exposed_filters/LICENSE.txt
    paragraphs https://www.example.com/modules/contrib/paragraphs/
        https://www.example.com/modules/contrib/paragraphs/README.txt
        https://www.example.com/modules/contrib/paragraphs/LICENSE.txt
    smtp https://www.example.com/modules/contrib/smtp/
        https://www.example.com/modules/contrib/smtp/README.txt
        https://www.example.com/modules/contrib/smtp/LICENSE.txt
    search_api https://www.example.com/modules/contrib/search_api/
        https://www.example.com/modules/contrib/search_api/CHANGELOG.txt
        https://www.example.com/modules/contrib/search_api/README.md
        https://www.example.com/modules/contrib/search_api/LICENSE.txt
    entity_reference_revisions https://www.example.com/modules/contrib/entity_reference_revisions/
        https://www.example.com/modules/contrib/entity_reference_revisions/LICENSE.txt
    linkit https://www.example.com/modules/contrib/linkit/
        https://www.example.com/modules/contrib/linkit/README.md
        https://www.example.com/modules/contrib/linkit/LICENSE.txt
    eu_cookie_compliance https://www.example.com/modules/contrib/eu_cookie_compliance/
        https://www.example.com/modules/contrib/eu_cookie_compliance/README.md
        https://www.example.com/modules/contrib/eu_cookie_compliance/LICENSE.txt
    scheduler https://www.example.com/modules/contrib/scheduler/
        https://www.example.com/modules/contrib/scheduler/README.md
        https://www.example.com/modules/contrib/scheduler/LICENSE.txt
    simple_sitemap https://www.example.com/modules/contrib/simple_sitemap/
        https://www.example.com/modules/contrib/simple_sitemap/README.md
        https://www.example.com/modules/contrib/simple_sitemap/LICENSE.txt
    google_tag https://www.example.com/modules/contrib/google_tag/
        https://www.example.com/modules/contrib/google_tag/README.md
    addtoany https://www.example.com/modules/contrib/addtoany/
        https://www.example.com/modules/contrib/addtoany/README.txt
        https://www.example.com/modules/contrib/addtoany/LICENSE.txt
    advagg https://www.example.com/modules/contrib/advagg/
        https://www.example.com/modules/contrib/advagg/README.md
        https://www.example.com/modules/contrib/advagg/LICENSE.txt
    config_update https://www.example.com/modules/contrib/config_update/
        https://www.example.com/modules/contrib/config_update/README.txt
        https://www.example.com/modules/contrib/config_update/LICENSE.txt
    robotstxt https://www.example.com/modules/contrib/robotstxt/
        https://www.example.com/modules/contrib/robotstxt/README.txt
        https://www.example.com/modules/contrib/robotstxt/LICENSE.txt
    config_filter https://www.example.com/modules/contrib/config_filter/
        https://www.example.com/modules/contrib/config_filter/README.md
        https://www.example.com/modules/contrib/config_filter/LICENSE.txt
    menu_link_attributes https://www.example.com/modules/contrib/menu_link_attributes/
        https://www.example.com/modules/contrib/menu_link_attributes/README.md
        https://www.example.com/modules/contrib/menu_link_attributes/LICENSE.txt
    migrate_plus https://www.example.com/modules/contrib/migrate_plus/
        https://www.example.com/modules/contrib/migrate_plus/README.txt
        https://www.example.com/modules/contrib/migrate_plus/LICENSE.txt
    checklistapi https://www.example.com/modules/contrib/checklistapi/
        https://www.example.com/modules/contrib/checklistapi/README.md
        https://www.example.com/modules/contrib/checklistapi/LICENSE.txt
    config_split https://www.example.com/modules/contrib/config_split/
        https://www.example.com/modules/contrib/config_split/README.md
        https://www.example.com/modules/contrib/config_split/LICENSE.txt
    migrate_tools https://www.example.com/modules/contrib/migrate_tools/
        https://www.example.com/modules/contrib/migrate_tools/README.txt
        https://www.example.com/modules/contrib/migrate_tools/LICENSE.txt
    config_ignore https://www.example.com/modules/contrib/config_ignore/
    schema_metatag https://www.example.com/modules/contrib/schema_metatag/
        https://www.example.com/modules/contrib/schema_metatag/README.txt
        https://www.example.com/modules/contrib/schema_metatag/LICENSE.txt
    tvi https://www.example.com/modules/contrib/tvi/
        https://www.example.com/modules/contrib/tvi/README.txt
        https://www.example.com/modules/contrib/tvi/LICENSE.txt
    svg_image https://www.example.com/modules/contrib/svg_image/
        https://www.example.com/modules/contrib/svg_image/README.md
        https://www.example.com/modules/contrib/svg_image/LICENSE.txt
    link_attributes https://www.example.com/modules/contrib/link_attributes/
        https://www.example.com/modules/contrib/link_attributes/README.md
        https://www.example.com/modules/contrib/link_attributes/LICENSE.txt
    facets https://www.example.com/modules/contrib/facets/
        https://www.example.com/modules/contrib/facets/README.txt
        https://www.example.com/modules/contrib/facets/LICENSE.txt
    yoast_seo https://www.example.com/modules/contrib/yoast_seo/
        https://www.example.com/modules/contrib/yoast_seo/README.txt
        https://www.example.com/modules/contrib/yoast_seo/LICENSE.txt
    panels_everywhere https://www.example.com/modules/contrib/panels_everywhere/
    stage_file_proxy https://www.example.com/modules/contrib/stage_file_proxy/
        https://www.example.com/modules/contrib/stage_file_proxy/README.md
        https://www.example.com/modules/contrib/stage_file_proxy/LICENSE.txt
    entity_reference_display https://www.example.com/modules/contrib/entity_reference_display/
        https://www.example.com/modules/contrib/entity_reference_display/README.md
        https://www.example.com/modules/contrib/entity_reference_display/LICENSE.txt
    we_megamenu https://www.example.com/modules/contrib/we_megamenu/
        https://www.example.com/modules/contrib/we_megamenu/README.md
        https://www.example.com/modules/contrib/we_megamenu/LICENSE.txt
    ckeditor_codemirror https://www.example.com/modules/ckeditor_codemirror/

[+] No themes found.

[+] Possible version(s):
    8.9.10
    8.9.11
    8.9.12
    8.9.13
    8.9.14
    8.9.15
    8.9.16
    8.9.17
    8.9.6
    8.9.7
    8.9.8
    8.9.9


[+] Possible interesting urls found:
    Default admin - https://www.example.com/user/login
    Default changelog file - https://www.example.com/CHANGELOG.txt

[+] Scan finished (0:16:25.708460 elapsed)

CMS scanning - results analysis

The Droopescan tool helped to identify many of the modules used on the website and provided links to the files that made this identification possible. The script identified the Drupal version used as one with a minor update from 8.9.6 to 8.9.17 and detected the path to the login panel and the CHANGELOG.txt file. Unfortunately, in the case of the audited website, it wasn't possible to identify the theme used.

Droopescan - summary

The Droopescan script speeds up the initial reconnaissance of the audited website. It's a fast, stable, constantly updated solution that allows threading the scanning of multiple websites simultaneously and requires only Python. The scanning result is presented in a user-friendly way. It's possible to save the results in the JSON format, which can then be freely processed in order to, for example – using an application specially designed for this – to view the results in an even more friendly way or to use the results in the next stages of the audit. If you are interested in the topic of controlling application security, our Drupal support team can help you with their expert knowledge.

Oct 19 2021
Oct 19

In a previous article on Drupal personalization I covered content personalization trends in terms of search frequency for the term "content personalization". We saw that interest in the term has been on the increase since around 2015 with possibly a peak being hit around 2020. Whilst it is too early to say that interest in the subject has collapsed, it certainly has taken a breather. In its place it appears that interest in "digital experience platform" (DXP) has picked up over the last couple of years. The chart below (Google Trends) shows the relative rise of DXP as a search term in contrast to personalization.

Red: DXP, Blue: Personalization

The rise in interest is DXP can be seen as an extension in the interest initially shown in content personalization. Attention is now moving from the concept of what it is to how it might be achieved. Personalization cannot be achieved by an isolated system. It requires the coordination of a number of processes including data gathering, management and processing to determine the next best piece of content to deliver to the user. Traditional content management systems (CMS) have been good at managing and delivering the content but not so good at orchestrating the delivery of the experience. Campaign management software has been effective at pushing content to users but has suffered from not having a view into what their interests are. And finally CRMs store content on known users but miss out on insights to anonymous users who probably make up the bulk of traffic to the website and other platforms. Digital Experience Platforms offer the promise of being able to bring the pieces of the puzzle together.

Customer Data Platforms (CDPs) potentially play a role in this ecosystem. They offer capabilities to form unified user profiles based on behaviour and the aggregation from a number of sources. They also offer user segmentation tools which can help drive the delivery of personalized content. In a similar way to DXPs, there has been a rise in interest in them as well over the last few years.

Red: DXP, Blue: Personalization, Yellow: CDP

In conclusion there is increased interest around technology to better understand users and how personalized content can be delivered to them across the various touchpoints.

But what is a DXP?

It has been said that there is no such thing as a DXP. By its very nature a DXP is a collection of different tools acting in unison with the ultimate aim of delivering digital experiences to users. As we know, the marketing technology landscape is vast with countless options available for almost any problem. Buyers will look for solutions which fit their needs, capabilities and budgets. This will inevitably lead to buyers working with a mix of technologies which may not be well integrated. The problem can then be seen as to how to coordinate these tools to act in unison. 

Gartner identifies a number of different capabilities for a DXP:

  • Content management
  • Account services
  • Personalization and context awareness
  • Analytics and optimization
  • Customer journey mapping
  • Customer data management
  • Presentation, delivery and orchestration
  • Search, navigation and insight
  • Collaboration and knowledge sharing
  • Security and access control
  • Artificial intelligence (AI)
  • Cloud capabilities
  • Architecture and platform design
  • Integration, interoperability and extensibility
  • Multiexperience support

The list is long and covers a wide range of requirements. In the DXP space vendors have been scrambling to build out platforms which tick the various boxes for what makes a DXP. The individual pieces of these solutions will have their strengths and weaknesses and may not be right for every customer. Tightly integrated solutions offer the advantage of enabling the flow of data and easier management, however, they may well offer the wrong type of solution for the customer. In all practicality it is not feasible to buy a single solution off the shelf and have success.

The rise of the composable DXP

Whilst DXP vendors have been making acquisitions to build out their monolithic platforms, a counter idea has emerged, that of the "composable" DXP. The main idea behind the composable DXP is the recognition that a monolithic solution is not going to be right for everyone. With the monolith comes vendor lock in and the inability to pick and choose "best of breed" solutions. In a fast moving world businesses need to be able to act in an agile manner to the changing landscape and demands.

In the Gartner report on the matter, the following recommendations were made:

  • Modernization of the DXP technology stack around the principles of composable business.
  • Improvements in operational agility by replacing the DXP monolith with a composable architecture.
  • Implementation of task-oriented packaged business capabilities

The ideas of the composable DXP has taken strong hold with many vendors now using the term in their marketing. This is particularly the case for smaller vendors who may not have developed their own monolith. Composable DXPs require coordination and integration. The focus is now on how well the tools work together and what the effort and cost is in making this happen. For buyers considering their platform, the concept of a composable DXP offers a way to reconceptualise the problem to focussing on business needs and processes, rather than a single silver bullet.

The open DXP

The rise the composable DXP with its emphasis on integration has necessarily lead to an evaluation capabilities of the components to interoperate. Open systems will fare better because they are outward looking and better able to work with other systems. Open source systems, with their collaborative nature, are at an advantage as they will more likely have a breadth of solutions available. Where there is a gap, new functionality can be easily incorporated. The architectures of open system will also make extensions easier to implement and incorporate.

"Openness" can be seen in two ways. The first refers to the licensing of the code. Open source systems will necessarily be open in this sense. However, in a wider sense, openness also refers to the ability for the system to be easily implemented and extended. Is the system open to being extended and improved. Solutions claiming to be open need to be evaluated in this light. 

Drupal's place in the DXP world

Drupal has earned its place as a leading enterprise CMS which excels at content management and integration. These have always been its strong points and as such it is extremely well placed to form a key part of a DXP. The Drupal ecosystem (hosting, code, support, knowhow) is capable of ticking many of the boxes for what makes up a DXP. 

Looking back at the Gartner list, it is apparent that there are key pieces missing:

  • Personalization and context awareness
  • Customer journey mapping
  • Customer data management
  • Orchestration
  • Architecture and platform design

These missing pieces should be seen as an opportunity for the Drupal community as they point the way to how Drupal, as a product, can be improved to remain future proof.

Interestingly, Drupal is namechecked by the composable DXP article:

Currently, most DXP products are too large and not task-oriented. This prevents organizations from managing them easily, or changing them quickly. DXP capabilities are not easily decomposable or replaceable. However, several DXPs do have extensibility built in, via robust APIs, extension frameworks (such as Drupal’s module framework) and/or app marketplaces. These can be the starting point on the journey toward composability.

Drupal is therefore seen as being well placed to take a central role in the composable DXP ecosystem due to its APIs and extensibility.

The future

There will no doubt continue to be increasied interest in DXPs from businesses looking to build integrated platforms. The rise of the composable DXP as a concept should see many smaller vendors with more open platforms starting to make an impact in the space. For Drupal, improvements in the areas of personalization and experience orchestration should see it build on the strong foundations it already has. This should see a range of DXP options becoming available as activity increases in the area.

Oct 19 2021
Oct 19

DrupalCon Europe 2021 was a fantastic virtual conference that brought together Drupal Camps in Europe with the wider Drupal community. The event took place earlier this month from October 4th to 7th 2021. Here’s a short synopsis.


DrupalCampference


DrupalCon unites people who use, develop, design and support the Drupal platform from around the world. This year, DrupalCon Europe 2021 brought together the European community by hosting various regional Drupal camps within the main conference. We had camps representing Finland, Germany, Netherlands, Poland, Switzerland, and Ukraine. Alongside the camps, we had contribution periods available every single day with official Drupal sessions taking place over 5 hours per day, leaving the rest of the day open to contribution or networking with others from the community.
 

Day 1: A Musical Entrance
 

DrupalCon kicked off with a keynote by LJ Rich entitled “Sound Ideas: Unlocking Creativity” where LJ simultaneously played two instruments, a piano and a soundboard; and managed two different computers all while teaching us about music and how it has an effect on our learning capabilities. Highly talented with musical synaesthesia, LJ creatively explained the similarities in writing music with writing open-source software. This was by far one of my favourite talks I’ve ever had the privilege to watch live. LJ finished off the talk with a remix of the Drupal song, which motivated the whole community into a sense of belonging. A wonderful start to the conference.Keynote by LJ Rich

There were 5 simultaneous parallel tracks with talks ranging from “The Future of Accessibility is Choice” by Carie Fisher to workshops about getting started with Drupal by Mauricio Dinarte. There was a good balance of different sessions for people who were new to Drupal to those who know the ins-and-outs at a more experienced level. The evening ended with a networking reception that led into the “Women in Drupal” event hosted by Baddý Sonja Breidert and Lenny Moskalyk.
 

Day 2: The Dutch Jam
 

The second day of DrupalCon started early in the morning with a wide range of talks and workshops. I followed along with the workshop entitled “DruxtJS 101: Fully Decoupled Drupal with JSON:API and Nuxt.js” by Stuart Clark. It was structured very well and delivered at a pace that everyone could follow along. We learnt the basics of Druxt and how to build out a fully decoupled Drupal website.

I watched Anita Ihuman’s talk on “How Implicit Bias Affects Diversity and Inclusion in Open-Source.” Anita explained different types of implicit bias such as gender bias, the tendency to prefer one gender over another; or affinity bias, the tendency for people to connect with others who share similar backgrounds, experiences, and interests. Anita then gave us different steps to eliminate implicit bias, from learning what unconscious biases are, to setting diversity and inclusion goals.Steps to Eliminate Implicit Bias

We then had the keynote “Build vs Buy - Pfizer and Open-Source.” This was a fireside chat hosted by Jeffrey ‘jam’ McGuire joined by Richard Jones, Jess Romeo, and Dick Olsson. They explored the story of how Pfizer uses Drupal with their strategy to “build vs buy.” It was a rare glimpse into open source at enterprise scale in a highly regulated industry.

After this, the Dutch community hosted “DrupalJam,” a mini-conference held in a live television studio in Rotterdam. They held various sessions and interviews in Dutch. It was interesting to briefly attend and listen in, although I do not understand much Dutch. It was a great way to interact with the Dutch community and to see them celebrate Drupal’s 20th anniversary together in person was inspiring.
 

Day 3: Driesnote
 

The third day of DrupalCon started with the main keynote, the “Driesnote” by Dries Buytaert. Introduced by Heather Rocker who gave a short “prenote” presentation that was both inspiring and informative. Heather drew parallels with the TV show, Ted Lasso, telling us that we are capable of great things and we deserve the best possible outcome if we continue to believe in Drupal. Dries explained that we’ve come a long way and that Drupal 10 is already on the horizon. There are still many Drupal 8 modules that only require an automated patch to be compatible with Drupal 9. The Drupal core initiatives help to continuously push Drupal to the next level. With a new frontend theme coupled with an easy out-of-the-box experience, Drupal is leading the way forward not only with its’ welcoming open-source community but also with new features such as the decoupled menus that are a stepping stone to make it easier to build a fully decoupled website.Driesnote

I watched the Driesnote in the comfort of the Amazee Labs office with friends from the Drupal Switzerland community. We hosted one of the local Drupal Camp events, “Drupal Mountain Camp”, as an informal gathering at our office in Zurich. This was twinned with a parallel event happening in the Inovae offices in Geneva for the Swiss community-based in the Romandy (French-speaking) region of Switzerland. It was invigorating to be able to spend time in-person with Drupal friends again, where we could network and enjoy the talks of the day. The two local Drupal Switzerland events were sponsored by Liip, Inovae, and Amazee Labs.

After lunch, we watched Sascha Eggenberger’s talk titled “Gin Admin Theme: The Past, The Present, & The Future”. Sascha then took some time to have a special Q&A chat with the Swiss community in Zurich. After which we brainstormed the next Drupal Mountain Camp which we hope will take place in Davos, sometime in 2022. We ended the day with a few social drinks.DrupalCamp

Day 4: The Community
 

The final day of DrupalCon began with the final talks, ranging from “Drupal for Universities: current state and perspectives” by Andrea Pescetti, to “a deep dive of the possibilities of layout builder for the site-builder & content editor” by Wesley de Vrient and Frederik Wouters. I attended “The Sorceress’ Spellbook - Pandemic edition” by Fatima Sarah Khalid. Fatima always delivers talks in a bubbly energetic way, which is always great fun to watch. Fatima presented neat CLI tricks and a wide range of useful tools to make working from home easier for all of us.

Finally, we ended the conference with the keynote from the Drupal Core Initiative Leads, hosted by Gábor Hojtsy. We were given an overview of the current state of the Project Browser by Christopher Wells. Then Emilie Nouveau and Cristina Chumillas gave some insight into where we are with the easy-out-of-the-box initiative. Tearyne D. Almendariz talked about the importance of Drupal Diversity & Inclusion. Tim Lehnen showed us a few updates to Drupal.org to improve recognition for contribution. Pierina Wetto explained the Promote Drupal initiative and how people can get involved. Kaleem Klarkson gave a rundown on organising events with an overview of all the upcoming events for the next year. Then Lee Rowlands and Griffyn Heels showed us the “Bugs Smash” initiative with an update on how many bugs were fixed since the initiative began, along with ways to help automatically test and detect bugs.Drupal Core Initiative Leads

Overall, the conference was a very well organised event largely thanks to Kuoni and the volunteer team. All sessions were recorded and should be released to the public in the next month. The recordings are already available to everyone with a DrupalCon ticket on the Hopin platform.

Until then, if you're as passionate about Drupal web development and the open-source community as we are, get in touch with us today!

Oct 18 2021
Oct 18

Join nonprofit peers on October 28th for a free, hands-on virtual event that will help nonprofits leverage technology to scale their capacity and impact. As a participant, you will be invited to take TechSoup’s Digital Assessment Tool to help identify your organization’s most pressing technology opportunities. Then join small group conversations with peers and subject matter experts around: 

  • Collection, management and analysis of data to inform business and marketing decisions
  • Website Content Management Systems - (ex. Drupal, WordPress, Wix, Squarespace, etc.)
  • Email, social media and marketing automation tools
  • Project management tools
  • Client relationship management (CRM) systems
  • Accounting systems
  • Much, much more!

Have fun while solving challenges and expanding your professional network.

Hope you can join us on October 28th!
Save Your Spot: https://bit.ly/3zQkRe1
 
Co-hosted by KalamunarootidTechSoup & UpMetrics
This event is a part of BADCamp (Bay Area Drupal Camp).

Oct 18 2021
Oct 18

Lynette has been part of the Drupal community since Drupalcon Brussels in 2006. She comes from a technical support background, from front-line to developer liaison, giving her a strong understanding of the user experience. She took the next step by writing the majority of Drupal's Building Blocks, focused on some of the most popular Drupal modules at the time. From there, she moved on to working as a professional technical writer, spending seven years at Acquia, working with nearly every product offering. As a writer, her mantra is "Make your documentation so good your users never need to call you."

Lynette lives in San Jose, California where she is a knitter, occasionally a brewer, a newly-minted 3D printing enthusiast, and has too many other hobbies. She also homeschools her two children, and has three house cats, two porch cats, and two rabbits.

Oct 18 2021
Oct 18

Web accessibility is always prioritized by Drupal to provide its potential users a decent user-experience. Without any fail, Drupal has succeeded in providing an extensive range of modules that can be downloaded according to user convenience. This platform has consistently put efforts in bringing significant improvements in all its versions when it comes to accessibility modules. So, with this article, I will try to give you an insight of some of the recently refreshed or newly released Drupal modules that will efficiently help you in your various challenging projects. You will also get the answer to a common question that often comes to your mind, “Why Drupal for accessibility”?

To begin with, for your better understanding, I am describing the Drupal web accessibility modules by categorizing them based on their different functionalities. 

Illustration diagram describing drupal logo and accessibility symbol


Accessibility Auditing

Under this category Drupal has a sufficient number of modules that help in offering you an enhanced accessibility audit for your ambitious projects.

Illustration diagram describing drupal accessibility auditing modules


Editoria11y Accessibility Checker

Editoria11y can be termed as a user-friendly checker that provides support to the content authors and editors. Compatible with Drupal 9, it also looks after the three most vital needs of the content authors. 

  • It makes sure that the spellcheck is constantly running and rectifies the content mistakes when it occurs.
  • It makes sure that no mistakes take place in terms of Views, Layout Builder, Media and other modules, as it runs in context with them and it's checkers are also constantly on. 
  • It prioritizes content issues by fixing them, also ensuring that the page editors do not omit any issue that is easily rectifiable.

Monsido Tools

Monsido helps in smooth optimization of your website, also focusing on web governance, quality assurance, and accessibility compliance. Since accessibility laws differ from country and sector, this module helps in validating your site against the international standard, the WCAG 2.1. This module which is compatible with Drupal 9 provides your site with the scanning facility to identify any difficulties that might further hamper accessibility, and also enhances your search engine rankings by recognizing SEO errors. 

Siteimprove

Known as the most comprehensive cloud-based Digital Presence Optimization (DPO) software, Siteimprove enables you in creating high quality content, editing efficiently, driving better traffic, measuring digital performance and working towards regulatory compliance. Siteimprove plugins help in filling the gap between Drupal and the Siteimprove Intelligence Platform, also empowering contributors to test, fix and optimize their work without any hurdles. This module has Drupal 9 compatibility which is an added advantage.

CKEditor Accessibility Auditor

CKEditor Accessibility Auditor is a module that has Drupal 9 compatibility and it functions by clicking a button which runs the HTML_CodeSniffer Accessibility Auditor on the source code of the current content. With this module, you get to access a detailed view on any type of specific error, convenient success criteria and suggestions of techniques, and also upon what exactly triggered the error, once you run the auditor. 

CKEditor Accessibility Checker

CKEditor Accessibility Checker helps in enabling the Accessibility Checker plugin from CKEditor.com in your WYSIWYG. You can inspect the accessibility level of content that is generated in CKEditor, and resolve any accessibility concerns at the earliest. 

Sitemorse Lite - a11y Audit

Integrating Drupal with the inCMS service, this module enables to run the on-page accessibility audits and view results from the Drupal Administration interface. Sitemorse along with Ixis bring you a Drupal connector that provides the facility of checking your content quality before it gets published. Additionally, this module is compatible with Drupal 9 as well. With this module, the content editors can have more command over their content by making it more SEO friendly, accessible and resolving any issues that adversely affect the customer experience. 

Accessibility

The Accessibility module is a great support for the content authors and theme developers as it enables them to make their websites accessible to the users regardless of their capabilities and the technologies they prefer. It offers a set of available Accessibility tests that helps in scrutinizing the content for any accessibility errors that are published by the editors. Since this module uses the QUAIL jQuery plugin, it is not covered by Drupal's security advisory policy.

Accessibility Scanner

The Accessibility Scanner module enables you to use Drupal along with Axe toolset to opt for web accessibility scans on local and remote websites within the Drupal admin interface. It is compatible with Drupal 9 but isn’t covered by Drupal's security advisory policy.

USWDS Ckeditor Integration

The USWDS library has become an essential requirement for government websites. This module majorly focuses on making a user to smoothly utilize and inject USWDS classes and components into the ckeditor without even opening the source event for a single time. The USWDS Ckeditor Integration module is compatible with Drupal 9.

Quail API

This module is a complete rework of parts of the Drupal 6 project known as “Accessible Content”. It offers an API for the 3rd-party Quail Library to Drupal modules. Quail API has Drupal 8 alpha version as well.

Site builders

This is the second category under which Drupal offers exclusive modules to its users which enable them to design and create functional sites without the need of manual code editing.

Illustration diagram describing drupal site builders modules


Automatic Alternative Text

Automatic Alternative Text module allows you to automatically generate an image caption, while none of the Alternative Text has been given by the users. It is made possible by using the Microsoft Azure Cognitive Services API. This module offers one or even more descriptions of an image that are ordered as per their confidence. Although the default descriptions are in English, there is an option of translating them into other languages. This module is also compatible with Drupal 9. 

iFrame Title Filter

To comply with WCAG guidelines, the iFrame Title Filter helps in ensuring that embedded

Oct 17 2021
Oct 17

Projects vary vastly in terms of complexity. Sometimes there are just one or two entities, sometimes a standard product structure. But what happens when you have several layers of interconnected nodes or terms that rely on each other via custom entity reference fields? My take is, it may (will) tip over to becoming messy code, very fast.

Say we are doing an online class. We have 3 entities:

  1. A group of people
  2. A participant in this group
  3. A physical person (which can be in multiple groups)

And let's say we have this structure organized as nodes, with entity reference fields defining the connections.

Core & contrib entity behavior

Let's say that we are preparing some data from this structure. Based on a participant, we are going to find the description of the group to display in some template somwehere. Just traversing the fields of nodes, we would do this:

// Get the description and location of the group
$group_participant = $a_node;
$group = $group_participant->field_group_reference->entity->field_text->value;
$location = $group_participant->field_group_reference->entity->field_location->value;

This is the most standard thing to see in custom Drupal code when traversing entity reference fields. Alas, very unfriendly code in terms of readability, eh? In this case, we are using core node entities with two different bundles. If we had spent time on creating custom entities, we could of course do like so:

// Get description and location for the group
$participant = $custom_entity;
$participant->getGroup()->getDescription();
$participant->getGroup()->getLocation();

This looks a lot more intuitive, right? And, we can use such modern things as code completion in editors like PHPStorm to traverse the entity objects. But this approach does not apply to taxonomies, media entities, nodes, or any other entities that a core or contrib module provides.

Here is another example. References between nodes and taxonomies are usually one-way only. The participant can be a member of several groups. Let's say we know only of a participant, but we want to know in what groups this participant is in? Using an injected service, you would most probably do something like this, using an entityQuery in the background:

// Find the groups that this participant is in.
$participant = $a_node;
/** @var MyService $some_service */
$groups = $some_service->getGroupsByParticipant($participant);

This is type-completion capable, provided that you add that service in every class you need it. But why on earth, why would you need a service to find the groups? It should be as simple as:

$participant->getGroups($status);

Right now, we can only do clean code like this in two scenarios:

  1. By overriding the node class in its entirety, once and for all
  2. By creating a custom entity module

Using option 1, if you override the entire class completely, we would get this scenario:

// Get the Schroedinger's participant.
$participant = $node;
// Is it a participant? let's find out.
$is_participant = $participant->isParticipant();
// Or maybe like this:
$is_participant = $participant->getType() == 'participant';
// Now it is a real participant.

PHP would know what type it is, but the code completion won't know that because we cannot differentiate on bundles. So on the same object, we could both do:

$node->isGroupParticipant(); // would be false
$node->isParticipant(); // would be true

Using option 2, in many cases, there are two or three commands that we'd like to add to each bundle of a node. Creating a custom entity just to make some small alterations to the functionality of the node system is in most cases completely overkill. It is loads of custom code that can easily be avoided if we only could create custom entity classes for those bundles.

Enter the savior patch

The patch is here: https://www.drupal.org/node/2570593

This patch provides a way to add entity bundle classes, which allows us to create customized classes that applies to one single bundle. To use it, we use hook_entity_bundle_info_alter to register the bundles with its separate classes:

function fabulous_module_entity_bundle_info_alter(&$bundles) {
  $bundles['node']['participant']['class'] = ParticipantNode::class;
  $bundles['node']['group']['class'] = GroupNode::class;
};

Alas, we create two classes, one for the group:

class GroupNode extends Node {

}

And one for the participant:

class ParticipantNode extends Node {

}

Or instead, you can of course be a pro and describe your custom class in an interface:

class ParticipantNode extends Node implements ParticipantNodeInterface {

}

The important thing here is, the class *must* extend the registered entity class, in this case, Node. And that is basically it.

You can now start building functionality for each of the bundles separately. Here is the magic, let's say you load a node:

// If we load..
$id = $a_participant
$node = Node::load($id);
if ($node instanceOf ParticipantNode) {
  // Hooray, this is true!
}

Instead of receiving the standard Node object, you'll get your own ParticipantNode object!

Now, to make the example above work, instead of remembering field names, add this to the group node class object:

public function getParticipant() {
  return $this->field_participant->entity;
}

And you can add this to the participant node object (provided it is a 1-many relationship):

public function getGroups($status) {
  $result = $this->entityQuery('node')
    ->condition('type', 'group')
    ->condition('nid', $this->id())
    ->condtition('field_group_status', $status)
    ->execute();
  return Node::load(reset($result));
}

Then you can basically go on an eternal trail of type-completed entities, wheter it is nodes, users or taxonomies:

$participant->getGroupParticipant()->getGroup()->getMunicipality()->getRegion();

Not just nodes

Any entity bundle, core or contrib, can get an entity bundle class. Taxonomies, nodes, media, files.

$term->reIndexReferencedEntities();
$comment->whatever();
$file->doSomeOtherFunkyBusiness();

// More examples here!!

It's nice, but be careful

Using the approach that this patch provides, there are a few dos and dont's.

First of all, a single bundle type can only be overridden once. So, this approach is best used:

  • In the semi-lawless world of custom project-specific code
  • Very carefully in reusable code, but only where the entity type is defined by the module itself

So the limit on this approach is primarily for custom projects. But, that is also where code tends to get most messy.

Oct 15 2021
Oct 15

Overview

We’ve been working over the last year to help the Judicial Council of California move the infrastructure and design of various California court sites. This ongoing effort is grounded by several desired outcomes:

  • Secure and shared infrastructure
  • Sustainability and ease of maintenance for a large ecosystem
  • Flexible and expandable component architecture
  • Branding and design alignment

In a previous post, we noted that the California court system is the largest unified court system in the nation, and includes the State Supreme Court, six state appellate court districts, 58 county superior courts, and several administrative, policy-making, research and other supporting legal entities. Our most prominent effort at the moment is to begin moving at least two dozen entities, primarily county superior courts, onto an updated Drupal platform with shared design components, content migration and consulting, ongoing technical support and shared hosting.

The Challenge and The Approach

Even in a unified state court system, these dozens of county court sites have a variety of distinct content and features. Some courts were on an existing shared infrastructure, others were not. Some used Drupal, others didn't. Even elements like paying parking tickets or going to small claims court can be somewhat bespoke experiences from court to court, both in content structure and 3rd party integrations.

JCC Tehama Superior Court Before and After Tehama County Court: Before and After

Because these individual county courts retain a great deal of autonomy over their websites, technology, content and vendors, encouraging court sites to the new shared infrastructure required selling the benefits of this shared approach, being open to discussion with the courts about individual implementations, acknowledging some modest constraints, and committing to long-term expansion and modification of the initial templates and feature set.

Our base technical approach includes:

  • Drupal 8
  • Pattern Lab
  • Pantheon Hosting
  • Flexible Component Design
  • Bi-weekly Code Deployments

Project Management is Essential

Deploying what will eventually be dozens of court sites in a year requires *alot* of coordination between content editors, developers and clients. We worked closely with the JCC’s web services team as an augmentation of their in-house staffing and expertise; that team was the liaison with the individual courts. After we had settled on the management approach, we began rolling out sites this spring, managing to move over 20 courts (so far) from their old sites to the new shared infrastructure. Before the rollout, our initial planning work included:

  • A tiered analysis of individual court website complexity (features, content, staff resources)
  • Structured outreach at all stages of the project (initial briefing, schedule alignment, content migration, training and launch)
  • Review and recommendations of any special court requests (integrations, features)

What’s Next

More courts are joining the effort, spurred on by the success of the initial rollout. Within the next 3 months we anticipate at least half of California’s county courts joining onto the new platform, with others likely to join in 2022.

Stay tuned for additional posts on the partnership with the Judicial Council of California, including more specifics about the implementations of key sites as well as insights into managing an enterprise rollout and ongoing maintenance plan.

Interested in learning more about our approach to your enterprise project? Please get in touch!

Oct 14 2021
Oct 14

My colleagues and I in the Drupal Security Team recently became aware of a Zero Day RCE vulnerability in Ghostscript. This was later assigned CVE-2021-3781.

At least one viable Proof of Concept (PoC) was made public not long after the Zero Day which illustrated Scalable Vector Graphics (SVG) handling in Imagemagick being used as an attack vector.

Drupal core doesn't use Ghostscript directly, but it's fairly common for Drupal sites to use Imagemagick in some form.

As such, we began to look at how an attacker might try to exploit the Ghostscript vulnerability via SVG and Imagemagick on a Drupal site.

Our goal in such an investigation is to determine whether it would be sufficiently easy, with a common Drupal configuration, that we ought to issue a Public Security Announcement (PSA) warning Drupal users and providing any mitigation steps they might be able to take until an upstream fix was available.

Here's a quick write-up of some of the investigation I did.

We'd determined that SVG is not in the default list of permitted image extensions in Drupal.

However, the PoC write up showed Imagemagick being tricked into parsing an SVG with a fake jpg extension.

I verified that in Drupal 9 the built-in file type detection prevented a malicious SVG from being smuggled into an upload with a permitted file extension.

Drupal 7 core by itself doesn't have this protection, although modules are available that add e.g. mime-type sniffing such as https://www.drupal.org/project/mimedetect.

How might an attacker try to take advantage of this?

Drupal core has built-in support for "image styles" which can perform preset transformations on uploaded images. For example, a thumbnail image is often prepared to show in previews of articles.

So a Drupal site which uses Imagemagick to handle image processing (GD is the default in core but alternative "image toolkits" are available) might be exploited if an attacker could upload a malicious SVG and have the site try to perform an image manipulation on this, such as resizing it to prepare a thumbnail. This sort of functionality is quite common - for example - when a newly registered user uploads a profile picture. That would make a good target for an attacker.

I ran through what happens if you smuggle a malicious SVG masquerading as a permitted image type into a D7 upload field. As Drupal tries to record the metadata about the image, it makes a series of API calls which end up invoking image_get_info() which in turn calls image_toolkit_invoke('get_info', $image).

At that point both the default GD and the alternative Imagemagick toolkits call PHP's built in getimagesize() on the image. If the image in question is actually an SVG, this will typically return FALSE.

That means that Drupal will not attempt to perform a transformation on the image - for example to create a thumbnail - because it has not been able to derive the image's metadata including the dimensions of the original.

Even on a site which has explicit support for the uploads of SVG files (and you might argue that would be quite unusual for e.g. user profile pics) - because of the nature of SVGs - Drupal's default behaviour of deriving some image metadata and then deciding whether image transformations should be performed doesn't work like it does for e.g. jpg and png files.

At least one popular SVG contrib module tries to derive an SVG image's dimensions by parsing it as XML, but the malicious files produced by the PoC are not correctly formed for this.

It doesn't really make sense to try and run an SVG through Imagemagick's convert to create a thumbnail or other derivative of a different size - that's sort of the whole point of Scalable Vector Graphics.

This investigation had focused on Drupal 7, but it looked like Drupal 9 would be - if anything - better protected because of its built-in file type detection.

One popular configuration to support SVGs in D8/9 uses a vendored library to validate the XML and rejected the PoC's malicious SVG during upload validation.

There are a handful of different ways (as is often the case in Drupal) to set up SVG support in Drupal 9, but in one discussion about SVG support, phenaproxima (one of the media module's developers) stated:

The Media module itself has no opinion about SVG images. The Image module, on the other hand, doesn't normally allow SVG to be uploaded into any image field, due to the various security and integration issues (i.e., image styles).

So it really didn't look great for our potential attacker trying to exploit Drupal's image styles (automatic image transformations) via SVG and an Imagemagick toolkit to take advantage of the Ghostscript Zero Day.

As it looked like it wouldn't be easy to exploit this in what we'd consider a common configuration of Drupal, we decided against issuing a PSA.

This is not to say it's inconceivable that the vulnerability could be exploited on a Drupal site out there somewhere, but it would likely be considered an "edge case".

It's also possible that I got some of this wrong. If you know of any significant details I missed which mean that exploitation might be easier or more likely than my analysis suggested, please contact me or the Drupal Security Team privately in the first instance. We will credit any researchers who provide information that leads to us issuing a Security Advisory.

Thanks to Greg Knaddison (greggles) for (suggesting and) reviewing this post.

Oct 14 2021
Oct 14

This blog has been re-posted and edited with permission from Dries Buytaert's blog.

Last week, Drupalists around the world gathered virtually for DrupalCon Europe 2021.

In good tradition, I delivered my State of Drupal keynote. You can watch the video of my keynotedownload my slides (156 MB), or read the brief summary below.

I talked about end-of-life schedules for various Drupal versions, delivered some exciting updates on Drupal 10 progress, and covered the health of the Drupal community in terms of contributor dynamics. Last but not least, I talked about how we are attracting new users and contributors by making it much easier to contribute to Drupal.

Drupal 7 and Drupal 8 end-of-life

If you are using Drupal 7 or Drupal 8, time is of the essence to upgrade to Drupal 9. Drupal 7 end-of-life is scheduled for November 2022.

Drupal 8's end-of-life is more pressing, as it is scheduled for November 2nd, 2021 (i.e. in less than a month). If you are wondering why Drupal 8 is end-of-life before Drupal 7, that is because we changed how we develop Drupal in 2016. These changes have been really great for Drupal. They've made it much easier to upgrade to the latest version without friction.

As a community, we've spent thousands of hours building tools and automations to make migrating to Drupal 9 as simple as possible.

Drupal 10 timeline

Next, I gave an update on Drupal 10 timelines. Timing-wise, our preferred option would be to ship Drupal 10 in June 2022. That date hinges on how much work we can get done in the next few months.

Drupal 7, 8,9, and 10 timelines

Drupal core strategic initiatives

After these timelines, I walked through the six strategic initiatives for Drupal core. We've made really great progress on almost all of them. To see our progress in action, I invited key contributors to present video updates.

Core initiatives progress

Project Browser

You may recall that I introduced the Project Browser initiative in my April 2021 State of Drupal presentation. The idea is to make it easy for site builders to find and install modules right from their Drupal site, much like an app store on a smartphone. The goal of this initiative is to help more evaluators and site builders fall in love with Drupal.

Today, just six months later, we have a working prototype! Take a look at the demo video:

Decoupled Menus

Drupal is an excellent headless CMS with support for REST, JSON:API and GraphQL.

As a next step in our evolution, we want to expand the number of web service endpoints Drupal offers, and build a large repository of web components and JavaScript framework integrations.

With that big goal in mind, we launched the Decoupled Menus initiative about one year ago. The goal was to create a small web component that could ship quickly and solve a common use case. We focused on one component so we could take all the learnings from that one component to improve our development infrastructure and policies to help us create many more web service end points and JavaScript components.

I talked about the various improvements we made to Drupal.org to support the development and management of more JavaScript components. I also showed that we've now shipped Drupal menu components for ReactSvelte and more. Take a look at the video below to see where we're at today:

Our focus on inviting more JavaScript developers to the Drupal community is a transformative step. Why? Headless momentum is growing fast, largely driven by the growth of JavaScript frameworks. Growing right along with it is the trend of composability, or the use of independent, API-first micro-services. Building more web service endpoints and JavaScript components extends Drupal's leadership in both headless development and composability. This will continue to make Drupal one of the most powerful and flexible tools for developers.

Easy Out of the Box

The goal of this initiative is to have Layout BuilderMedia, and Claro added to the Standard Profile. That means these features would be enabled by default for any new Drupal user.

Unfortunately, we have not made a lot of progress on this initiative. In my presentation, I talked about how I'd like to find a way for us to get it done by Drupal 10. My recommendation is that we reduce the scope of work that is required to get them into Standard Profile.

Automatic Updates

The Automatic Updates initiative's goal is to make it easier to update Drupal sites. Vulnerabilities in software, if left unchecked, can lead to security problems. Automatic updates are an important step toward helping Drupal users keep their sites secure.

The initiative made excellent progress. For the very first time, I was able to show a working development version:

Drupal 10 Readiness

The Drupal 10 Readiness initiative is focused on upgrading the third-party components that Drupal depends on. This initiative has been a lot of work, but we are largely on track.

Drupal 10 will be 300% more automated

The most exciting part? The upgrade to Drupal 10 will be easy thanks to careful management of deprecated code and continued investment in Rector. As it stands, upgrading modules from Drupal 9 to Drupal 10 can almost be entirely automated, which is a big 300% improvement compared to the Drupal 8 to Drupal 9 upgrade.

New front end theme

We are nearly at the finish line for our new front end theme, Olivero. In the past few months, a lot of effort has gone into ensuring that Olivero is fully accessible, consistent with our commitment to accessibility.

Olivero already received a glowing review from the National Federation of the Blind (USA):

Olivero is very well done and low-vision accessible. We are not finding any issues with contrast, focus, or scaling, the forms are very well done, and the content is easy to find and navigate.

Something to be really proud of!

The health of Drupal's contribution dynamics

Next, I took a look at Drupal's contribution data. These metrics show that contributions are down. At first I panicked when I saw this data, but then I realized that there are some good explanations for this trend. I also believe this trend could be temporary.

Contribution metrics

To learn more about why this was happening, I looked at the attrition rate of Drupal's contributors — the percentage of individuals and organizations who stopped contributing within the last year. I compared this data to industry averages for software and services companies.

Contributors attrition
While typical attrition for software and services companies is considered "good" at 15%, Drupal's attrition rate for its Top 1,000 contributors is only 7.7%. The attrition rate for Drupal agencies in the Top 250 organizations is only 1.2%.

I was very encouraged by this data. It shows that we have a very strong, loyal and resilient community of contributors. While many of our top contributors are contributing less (see the full recording for more data), almost none of them are leaving Drupal.

There are a number of reasons for the slowdown in contribution:

  • The COVID-19 pandemic has made contribution more difficult and/or less desirable.
  • We are in the slow period of the "Drupal Super Cycle" — after every major release, work shifts from active development to maintenance.
  • Anecdotally, many Drupal agencies have told me they have less time to contribute because they are growing so fast (see quotes in image below). That is great news for Drupal adoption.
  • Drupal is a stable and mature software project. Drupal has nearly all the features organizations need to deliver state-of-the-art digital experiences. Because of Drupal's maturity, there are simply fewer bug fixes and feature improvements to contribute.
  • Rector-automations have led to less contribution. It's good to work smarter, not harder.

I'll expand on this more in my upcoming Who sponsors Drupal development post.

Drupal Agencies too busy growing

The magic of contribution

I wrapped up my presentation by talking about some of the things that we are doing to make it easier to adopt Drupal. I highlighted DrupalPod and Simplytest as two examples of amazing community-driven innovations.

Drupalpod Simplytest

After people adopt Drupal, we need to make it easier for them to become contributors. To make contribution easier, Drupal has started adopting GitLab in favor of our home-grown development tools. Many developers outside the Drupal ecosystem are accustomed to using tools like GitLab. Allowing them to use tools with which they are already familiar is an important step to attracting new contributors. Check out this video to get the latest update on our GitLab effort:

Thank you

To wrap up I'd like to thank all of the people and organizations who have contributed to Drupal since the last DriesNote. It's pretty amazing to see the momentum on our core initiatives! As always, your contributions are inspiring to me!

Thank you to all the contributors

Oct 13 2021
Oct 13

There are plenty of resources, articles, and mechanisms for funding Open Source development. I’m hesitant to rehash the past discussions; meanwhile, everyone needs to improve their dialog around contributing and helping to sustain Open Source. Frankly, it is tough to argue that a business should contribute to Open Source when they already get the software for free. Time and time again, an organization’s contribution to Open Source seems to be driven by an individual who has the authority or influence to move an organization to contribute. When I listen to podcasts about how different Open Source projects have become sustainable, persuading people to contribute is consistently one of the most critical tasks.

Oct 13 2021
Oct 13

Last week, Drupalists around the world gathered virtually for DrupalCon Europe 2021.

In good tradition, I delivered my State of Drupal keynote. You can watch the video of my keynote, download my slides (156 MB), or read the brief summary below.

I talked about end-of-life schedules for various Drupal versions, delivered some exciting updates on Drupal 10 progress, and covered the health of the Drupal community in terms of contributor dynamics. Last but not least, I talked about how we are attracting new users and contributors by making it much easier to contribute to Drupal.

Drupal 7 and Drupal 8 end-of-life

If you are using Drupal 7 or Drupal 8, time is of the essence to upgrade to Drupal 9. Drupal 7 end-of-life is scheduled for November 2022.

Drupal 8's end-of-life is more pressing, as it is scheduled for November 2nd, 2021 (i.e. in less than a month). If you are wondering why Drupal 8 is end-of-life before Drupal 7, that is because we changed how we develop Drupal in 2016. These changes have been really great for Drupal. They've made it much easier to upgrade to the latest version without friction.

As a community, we've spent thousands of hours building tools and automations to make migrating to Drupal 9 as simple as possible.

Drupal 10 timeline

Next, I gave an update on Drupal 10 timelines. Timing-wise, our preferred option would be to ship Drupal 10 in June 2022. That date hinges on how much work we can get done in the next few months.

Drupal and timelines

Drupal core strategic initiatives

After these timelines, I walked through the six strategic initiatives for Drupal core. We've made really great progress on almost all of them. To see our progress in action, I invited key contributors to present video updates.

A slide with progress bars for each of the 6 initiatives; 3 of them are over 80% complete.

Project Browser

You may recall that I introduced the Project Browser initiative in my April 2021 State of Drupal presentation. The idea is to make it easy for site builders to find and install modules right from their Drupal site, much like an app store on a smartphone. The goal of this initiative is to help more evaluators and site builders fall in love with Drupal.

Today, just six months later, we have a working prototype! Take a look at the demo video:

Decoupled Menus

Drupal is an excellent headless CMS with support for REST, JSON:API and GraphQL.

As a next step in our evolution, we want to expand the number of web service endpoints Drupal offers, and build a large repository of web components and JavaScript framework integrations.

With that big goal in mind, we launched the Decoupled Menus initiative about one year ago. The goal was to create a small web component that could ship quickly and solve a common use case. We focused on one component so we could take all the learnings from that one component to improve our development infrastructure and policies to help us create many more web service end points and JavaScript components.

I talked about the various improvements we made to Drupal.org to support the development and management of more JavaScript components. I also showed that we've now shipped Drupal menu components for React, Svelte and more. Take a look at the video below to see where we're at today:

Our focus on inviting more JavaScript developers to the Drupal community is a transformative step. Why? Headless momentum is growing fast, largely driven by the growth of JavaScript frameworks. Growing right along with it is the trend of composability, or the use of independent, API-first micro-services. Building more web service endpoints and JavaScript components extends Drupal's leadership in both headless development and composability. This will continue to make Drupal one of the most powerful and flexible tools for developers.

Easy Out of the Box

The goal of this initiative is to have Layout Builder, Media, and Claro added to the Standard Profile. That means these features would be enabled by default for any new Drupal user.

Unfortunately, we have not made a lot of progress on this initiative. In my presentation, I talked about how I'd like to find a way for us to get it done by Drupal 10. My recommendation is that we reduce the scope of work that is required to get them into Standard Profile.

Automatic Updates

The Automatic Updates initiative's goal is to make it easier to update Drupal sites. Vulnerabilities in software, if left unchecked, can lead to security problems. Automatic updates are an important step toward helping Drupal users keep their sites secure.

The initiative made excellent progress. For the very first time, I was able to show a working development version:

Drupal 10 Readiness

The Drupal 10 Readiness initiative is focused on upgrading the third-party components that Drupal depends on. This initiative has been a lot of work, but we are largely on track.

A slide from the DriesNote saying that the Drupal 10 upgrade work is 300% more automated than Drupal 9.

The most exciting part? The upgrade to Drupal 10 will be easy thanks to careful management of deprecated code and continued investment in Rector. As it stands, upgrading modules from Drupal 9 to Drupal 10 can almost be entirely automated, which is a big 300% improvement compared to the Drupal 8 to Drupal 9 upgrade.

New front end theme

We are nearly at the finish line for our new front end theme, Olivero. In the past few months, a lot of effort has gone into ensuring that Olivero is fully accessible, consistent with our commitment to accessibility.

Olivero already received a glowing review from the National Federation of the Blind (USA):

Olivero is very well done and low-vision accessible. We are not finding any issues with contrast, focus, or scaling, the forms are very well done, and the content is easy to find and navigate.

Something to be really proud of!

The health of Drupal's contribution dynamics

Next, I took a look at Drupal's contribution data. These metrics show that contributions are down. At first I panicked when I saw this data, but then I realized that there are some good explanations for this trend. I also believe this trend could be temporary.

Contribution metrics

To learn more about why this was happening, I looked at the attrition rate of Drupal's contributors — the percentage of individuals and organizations who stopped contributing within the last year. I compared this data to industry averages for software and services companies.

Slide with data that shows Drupal's top contributors are very loyalWhile typical attrition for software and services companies is considered "good" at 15%, Drupal's attrition rate for its Top 1,000 contributors is only 7.7%. The attrition rate for Drupal agencies in the Top 250 organizations is only 1.2%.

I was very encouraged by this data. It shows that we have a very strong, loyal and resilient community of contributors. While many of our top contributors are contributing less (see the full recording for more data), almost none of them are leaving Drupal.

There are a number of reasons for the slowdown in contribution:

  • The COVID-19 pandemic has made contribution more difficult and/or less desirable.
  • We are in the slow period of the "Drupal Super Cycle" — after every major release, work shifts from active development to maintenance.
  • Anecdotally, many Drupal agencies have told me they have less time to contribute because they are growing so fast (see quotes in image below). That is great news for Drupal adoption.
  • Drupal is a stable and mature software project. Drupal has nearly all the features organizations need to deliver state-of-the-art digital experiences. Because of Drupal's maturity, there are simply fewer bug fixes and feature improvements to contribute.
  • Rector-automations have led to less contribution. It's good to work smarter, not harder.

I'll expand on this more in my upcoming Who sponsors Drupal development post.

Slide with quotes from Drupal agencies CEOs stating that they are growing fast

The magic of contribution

I wrapped up my presentation by talking about some of the things that we are doing to make it easier to adopt Drupal. I highlighted DrupalPod and Simplytest as two examples of amazing community-driven innovations.

A slide promoting DrupalPod and Simplytest

After people adopt Drupal, we need to make it easier for them to become contributors. To make contribution easier, Drupal has started adopting GitLab in favor of our home-grown development tools. Many developers outside the Drupal ecosystem are accustomed to using tools like GitLab. Allowing them to use tools with which they are already familiar is an important step to attracting new contributors. Check out this video to get the latest update on our GitLab effort:

Thank you

To wrap up I'd like to thank all of the people and organizations who have contributed to Drupal since the last DriesNote. It's pretty amazing to see the momentum on our core initiatives! As always, your contributions are inspiring to me!

Thank you for the many contribution
Oct 12 2021
Oct 12

Does 13 months feel like a comfortable cushion between now and the Nov. 28, 2022 Drupal 7 end of life? It’s not.
The time to get serious about your Drupal 9 migration is now. There are countless reasons why. 
Here are our top 20. 

  1. Even though Drupal 7 is technically still being supported, the Drupal community’s focus is on Drupal 9 and 10. With no particular inspiration among developers to support Drupal 7, websites that use Drupal 7 contributed modules will be increasingly prone to instability issues.  
  2. With as many structural difference as there are between Drupal 7 and Drupal 9, building in as much time as possible is an essential strategy for mitigating against unwelcome surprises that can occur during a Drupal 9 migration.
  3. Despite the Drupal 9 release date of more than a year and a half ago (June 2020), more than a half million websites around the world are still on Drupal 7. As such, there is every reason to expect that the best Drupal design and development agencies will become overwhelmed with work as the November 2022 Drupal 7 end-of-life date nears. Delaying a migration to Drupal 9 might mean settling for sub-par Drupal talent and expertise, and allowing your site to be rushed through an extremely packed queue.
  4. Drupal migration is a prime opportunity to think strategically about your site and how the architecture, design, and user experience can more effectively drive current objectives and branding. Starting the Drupal 9 migration process as soon as possible will help in optimizing every aspect of the opportunity.
  5. Every day that migration to Drupal 9 is delayed translates into another day in which your organization is not benefitting from a far superior CMS with a depth and breadth of transformative new Drupal 9 features and functionality.
  6. Drupal 9 offers game-changing content editing capabilities that far exceed what was possible in Drupal 7. The built-in visual layout builder allows for the ability to easily edit and switch up layouts, reuse blocks, and customize all parts of the page.
  7. Building upon the content editor enhancements of Drupal 8, the Drupal 9 admin dashboard features CKEditor’s WYSIWYG rich text editing capabilities, along with a configurable toolbar, quick edit feature, Layout Builder, and the modern Claro admin theme.
  8. Development and staging environment support is built into Drupal 9’s integrated configuration management system.
  9. A media library comes out of the box, allowing for the easy access to and reuse of all images and media.
  10. Establish as the leading CMS for multilingual functionality, Drupal translation interfaces for more than 100 languages allow for full multilingual support in all content and configuration. Recent enhancements include the attachment of language fields to language-aware entity objects from which language is "inherited," vs. previous public API exposure. 
  11. Better keyboard navigation is among the built-in ADA web accessibility features for users with disabilities.
  12. Olivero, Drupal 9’s new front-end theme has been described as an accessibility masterpiece.
  13. Structured data features build upon Drupal’s framework for enhanced SEO. 
  14. A  “mobile first” approach translates into a huge SEO advantage driven by Google’s transition to mobile-first indexing.  
  15. The mobile-first UI also allows for the ability to easily make updates or revisions to the site from a mobile device. 
  16. Built-in BigPipe supports faster initial page loads, along with better performance and scalability.
  17. Built-in JSON:API support allows for progressively and fully decoupled applications.
  18. The updated code base leverages the latest version of PHP, for increasingly tighter security.  
  19. Use of the most current third-party libraries and components, such as Symfony and Twig, enhance performance. 
  20. Integration with JavaScript frameworks and architecture enhancements result in greater speed. 

The Drupal organization has referred to migration from Drupal 7 as the last big migration. No further platform upheavals are expected. Future upgrades will be evolutionary, within a continuous innovation cycle that delivers enhanced features twice a year. 
Migrating from Drupal 7 to Drupal 9 is a process that hundreds of thousands of site owners worldwide have opted to not yet engage with. Despite the procrastination that is running deep and wide, the fact is, when a devoted Drupal design and development partner is guiding the migration with unsurpassed expertise and skill, the process transforms from a “have to” to a “get to.”
The Drupal 7 end of life clock is ticking. Looking for a partner who can get you where you need to be with far greater value than you could have expected? That’s what we do here at Promet Source. Questions or concerns about how or where to start? Let’s talk.
 

Oct 12 2021
Oct 12

Lynette has been part of the Drupal community since Drupalcon Brussels in 2006. She comes from a technical support background, from front-line to developer liaison, giving her a strong understanding of the user experience. She took the next step by writing the majority of Drupal's Building Blocks, focused on some of the most popular Drupal modules at the time. From there, she moved on to working as a professional technical writer, spending seven years at Acquia, working with nearly every product offering. As a writer, her mantra is "Make your documentation so good your users never need to call you."

Lynette lives in San Jose, California where she is a knitter, occasionally a brewer, a newly-minted 3D printing enthusiast, and has too many other hobbies. She also homeschools her two children, and has three house cats, two porch cats, and two rabbits.

Oct 12 2021
Oct 12

Submit Your Nomination Today

The Drupal Event Organizers Working Group is seeking nominations for Board Members and Advisory Committee Members. Anyone involved in organizing an existing or future community event is welcome to nominate. 

EOWG Board Members. We are currently looking for nominations to fill four (4) board seats. Interested organizers are encouraged to nominate themselves. 

The following members terms are expiring this year:

  • Kaleem Clarkson (first term)
  • Matthew Saunders (first term)
  • Suzanne Dergacheva (first term)
  • Andrii Podanenko (first term)
     

EOWG Advisory Committee. We are looking for advisory committee members. The advisory committee is designed to allow individuals to participate who may not have a consistent availability to meet or who are interested in joining the board in the future. 

Submit Your Nomination: To submit your nomination please visit the Issue below and submit your name, event name, country, territory/state, and a short reason why you would like to participate.  

Issue: https://www.drupal.org/project/event_organizers/issues/3241177 

Nomination Deadline:  Thursday, October 28, 2021 11:59 pm UTC

Oct 12 2021
Oct 12

The Webform module is the most powerful and flexible form builder and submission manager for Drupal. It gives  site builders the power to easily create complex forms instantly. It comes with a certain level of default settings, also letting you customize it as per your requirements.

Check out this amazing blog - Drupal 8 Webform Module - A Brief Tutorial to help you get started with the Webform module in your Drupal 8/9 site. This will help you understand the basics easily. 

The Webform module ships with a lot of interesting features and I’d like to mention a few here.

Web Form Module

Webform Features

1. Altering form & elements

Any form, element and its related settings can be altered by using their respective hooks. Below are few hooks that are available to use and you can find more in the webform.api.php file:

  • Form hooks

        ◦ hook_webform_submission_form_alter()    
        ◦ Perform alterations before a webform submission form is rendered.

  • Element hooks

        ◦ hook_webform_element_alter()
        ◦ Alter webform elements.

  • Option hooks

        ◦ hook_webform_options_alter()
        ◦ Alter webform options.

  • Handler hooks

        ◦ hook_webform_handler_invoke_alter()
        ◦ Act on a webform handler when a method is invoked.

  • more hooks…

        ◦ hook_webform_access_rules_alter() etc..
        ◦ Alter list of access rules that should be managed on per webform level.

2. YAML Source

The Webform module started as a YAML Form module, which allowed people to build forms by writing YAML markup. At some point, the YAML Form module started to have UI and became the Webform module for Drupal 8.

  • YAML provides a simple & easy to learn markup language for building & bulk editing a webform's elements.
  • The (View) Source page allows developers to edit a webform's render array using YAML markup. Developers can use the (View) Source page to hand-code webforms to alter a webform's labels quickly, cut-n-paste multiple elements, reorder elements, as well as add custom properties and markup to elements.
  • Here’s an example of a Contact form and its corresponding YAML source code:
Contact Form with Drag and Drop UI

A Contact form with drag-n-drop UI

 

YAML Source Code

The Contact form’s YAML source code

3. Conditional fields

Webform lets you add conditional logic to your elements within your form. Let us consider a small example, wherein we need to conditionally handle the visibility of elements based on the value of another element within the form.

Here’s an example form with two-step fields, STEP 1 (Radios element) with options ‘Email’ and ‘Mobile Number’. STEP 2 (Fieldset) with two elements, 'Email' and 'Mobile Number'.

Build Page

Form Build page

Form View Page

Form View page

In the above example, I would like to show the ‘Email’ field if the ‘Email’ option is chosen in Step 1, else show the ‘Mobile Number’ field if the ‘Mobile Number’ option is chosen in Step 1.

To achieve that, edit your ‘Email’ field, click on the ‘Conditions’ tab, choose the ‘State’ as ‘Visible’ and set the ‘Trigger/Value’ as ‘STEP 1 [Radios] value is email’. Similarly, follow the same steps to add conditional logic to your ‘Mobile Number’ field and set the ‘Trigger/Value’ as ‘STEP 1 [Radios] value is mobile_number’. Here’s the final look of the Webform:

Edit Email Element

Setting up conditional logic

Step1

Form when ‘Email’ is chosen on STEP 1

Step 2

Form when ‘Mobile Number’ is chosen on STEP 1

4. Custom options properties

Webform lets you add custom option properties to your from elements.

Imagine a scenario where you would want to conditionally handle the options of a radio element based on the value of a different element within the form. How would you do that?

Well, I did not find any way to handle it through the Conditional logic settings from the UI. But there is a provision to set ‘custom options properties’ to your element, wherein you write the required conditional logic targeting your options within the element using the YAML code.

Here is an example, where we can see two radio elements and based on the option I select in the first element, the visibility of the options within the second element should change.

Form Build Page

Form Build page

Custom Option

Form View page before adding any custom options properties:

  • If ‘Type A’ is chosen, then ‘Option 1’ and ‘Option 2’ should be visible from the second element. Similarly, if ‘Type B’ is chosen, then ‘Option 3’ and ‘Option 4’ should be visible. To achieve this edit the second element, go to the ‘Advanced’ tab, scroll down to the ‘Options (custom) properties’ sections and write the necessary logic in YAML.
Option ElementEdit option element

Setting up the options properties

Choose type

Form when ‘Type A’ is chosen

Choose Type B

Form when ‘Type B’ is chosen

5. Webform submission email handlers

  • Email handlers

          Email handlers sends a webform submission via email. To add email handlers to your webform, go to ‘Settings’ and then ‘Emails/Handlers’ tab. Next, click on the ‘Add Email / Add handler’ button.

Email handler

Add Email Handler

  • As shown in the below image, on the ‘General’ tab, add the ‘Title’ and set ‘Send to’  and ‘Send from’ details. Add the message ‘Subject’ and ‘Body ‘ as required and save the configuration form. 
Email ConfirmationConfirmation HandlerEmail Confirmation HandlerMessageTitle & Description

And that’s about it. Your handler gets fired whenever the form is submitted.

  • You can also set conditional email handlers to your webform i.e., trigger different email handlers based on the value of certain elements within the form.
  • For example, let us consider a ‘Select’ element with values ‘Type 1’ and ‘Type 2’. If the user submits ‘Type 1’, trigger the ‘Email - Type 1’ handler that has set ‘To’ address to ‘[email protected]’. If the user submits ‘Type 2’, trigger the ‘Email - Type 2’ handler that has set ‘To’ address to ‘[email protected]’.
  • To add conditional logic to your email handler, create one handler and name it ‘Email - Type 1’. Set ‘To’ address to ‘[email protected]’, switch to the ‘Conditions’ Tab, choose the ‘State’ as ‘Visible’ and set the ‘Trigger/Value’ as ‘Select Type [Select] value is type_1’. 
  • Similarly, create the second handler and name it ‘Email - Type 2’. Set ‘To’ address to ‘[email protected]’, switch to the ‘Conditions’ Tab, choose the ‘State’ as ‘Visible’ and set the ‘Trigger/Value’ as ‘Select Type [Select] value is type_2’.
Email type
  • Scheduled email handlers

    • It extends the Webform module's email handler to allow emails to be scheduled. To use this feature, enable the ‘Webform Scheduled Email Handler’ sub-module. 
    • To schedule sending an email of the form submissions, click on the ‘Add handler’ button. Select ‘Scheduled Email’ handler here.
Select Handler

There is only one extra config setting in the ‘Scheduled Email’ handler compared to the normal ‘Email handler’. And that is to add Schedule email date under the General settings tab.

Schedule email Handler

Scheduled email handler

Set the date to trigger your handler and when the next cron is run, your email will be sent! 

Finding Help

There are different ways through which you can seek help with the webform module. Here is a list of a few sources:

  • Documentation, Cookbook, & Screencasts
  • Webform Issue Queue
  • Drupal Answers
  • Slack channel
    • You can always post your queries regarding the Webform module at the #webform channel within the Drupal slack workspace. Anyone from the community, even the module maintainer themselves are always around and are kind enough to guide you with your problems.

A HUGE shoutout to Jacob Rockowitz for his relentless support towards the Drupal 8/9 Webform module. Webform wouldn't have been what it is now without him.

Oct 12 2021
Oct 12

In such a time, i want to place blocks in sidebar region with the dynamic weight. It means the blocks should render in different position for each page request. I have searched and tried lots of method but unfortunately i can’t find proper method to do that. So i have decided to do that with some hacky way.

Drupal 8 is providing a hook to alter the region template_preprocess_region, it would prepares values to the theme_region. I have planned to use the hook to alter the block's position to be rendered in the region.

Adding the following codes in THEMENAME.theme file would solve the problems,

function themename_preprocess_region(&$variables) {
  if ($variables['region'] == 'sidebar_second') {
    $variables['elements'] = shuffle_assoc($variables['elements']);
    $content = '';
    foreach ($variables['elements'] as $key => $value) {
      if (is_array($variables['elements'][$key])) {
        $content .= \Drupal::service ('renderer')->render($value);
      }
    }
    $variables['content'] = array(
      '#markup' => $content,
    );
  }
}

function shuffle_assoc($list) {
  if (!is_array($list)) {
    return $list;
  }

  $keys = array_keys($list);
  shuffle($keys);
  $random = array();
  foreach ($keys as $key) {
    $random[$key] = $list[$key];
  }
  return $random;
}

It is working well in my site but i know it is the hacky way, not sure about the proper way to do that. If anyone of you know about this kindly share it in the comments :)

Oct 12 2021
Oct 12

Twig can be extended in many ways; you can add extra tags, filters, tests, operators, global variables, and functions. You can even extend the parser itself with node visitors. In this blog,

I am going to show you how to create new custom twig filters in drupal. For example we are going to create a filter to remove numbers from string, will explain with hello_world module.

Create hello_world folder in modules/custom/ folder with the following files,

1. hello_world.info.yml // It would contains normal module .info.yml file values, Check here for more details

2. hello_world.services.yml // It would contain following lines,

services:
  hello_world.twig_extension:
    arguments: ['@renderer']
    class: Drupal\hello_world\TwigExtension\RemoveNumbers
    tags:
      - { name: twig.extension }

3. src/TwigExtension/RemoveNumbers.php It would contain followings in that,

namespace Drupal\hello_world\TwigExtension;


class RemoveNumbers extends \Twig_Extension {    

  /**
   * Generates a list of all Twig filters that this extension defines.
   */
  public function getFilters() {
    return [
      new \Twig_SimpleFilter('removenum', array($this, 'removeNumbers')),
    ];
  }

  /**
   * Gets a unique identifier for this Twig extension.
   */
  public function getName() {
    return 'hello_world.twig_extension';
  }

  /**
   * Replaces all numbers from the string.
   */
  public static function removeNumbers($string) {
    return preg_replace('#[0-9]*#', '', $string);
  }

}

Enable the hello_world module and clear the cache, then you could use the “ removenum “ filters in your twig file,

{{ twig-value-with-numbers | removenum }}

It would remove the all numbers from the string, enjoy with your custom filters !

Download the hello_world module here

Oct 12 2021
Oct 12

I needed a way to check the currect user has permission to view the currect/particular page, Searched lot finally got the exact way, going to show the tricks to you in this blog.

Drupal has an api called " drupal_valid_path " , Normally it used to test the url is valid or not. but the trick is that, It also check the user has permission to view the currect/particular page.

It will return TRUE If path is valid and user has permission to view the page, otherwise it will return FALSE,

For example,

$path = current_path();
if (drupal_valid_path($path)) {
  // Your code here.
}
Oct 12 2021
Oct 12

Most of the times developers don't like the GUI, It makes feel lazy. Drupal has a tool (Drush) to do some management work from command line.

And also the installing the drupal site makes very lazy while doing with browser, The Drush has an option to install the full site with a single command.

The Following command will install the drupal in standard method,

drush site-install standard --account-name=admin --account-pass=[useruser_pass] --db-url=mysql://[db_user]:[db_pass]@localhost/[db_name]
Oct 11 2021
Oct 11

This has seen a drive to add personalization features to automated marketing campaigns as well as in the content management system (CMS). CMSs have therefore evolved to accommodate this need, moving from platforms to manage and serve content to also service digital experiences which are personalised. This has seen the emergence of digital experience platforms (DXP) which need to orchestrate the personalization process. Related buzzwords in this space include "Content as a Service" (CaaS) and "headless" or "decoupled". 

Personalization trends

A look at Google Trends for "content personalization" emerged from a low base around 2013 to hit a peak around 2020. Interest in the term is still elevated today, however it does seem to have reached its peak. This perhaps represents attention moving to other hotter topics such as DXP and CDP.

This trend has also been seen in the Drupal community. The concept of "Web Experience Management" first appeared in the Drupal community around 2011 and was popularised by Dries in his keynote at DrupalCon Portland in 2013.

This marked the beginnings of the shift in the community. On particularly visionary presentation was given by Dave Ingram, Delivering Hyper Personal Digital Experiences Within Drupal, where he set out a recipe for personalization which covers all of the bases for personalization techniques as well as a sensible approach for iterating and improving over time. 

The concepts of segmentation, engagement and personalization were beginning to take hold. However, prior to 2015 there was only the occasional article or presentation on the specific subject of personalization. From 2015 interest certainly picked up, with more Drupal personalization presentations being given at Drupal conferences and camps. In 2020 in was a very hot topic at DrupalCon, with many presentation given from a variety of Drupal agencies.

Early personalization efforts were based around tracking a logged in user and serving a personalized experience to them based on their properties. Users could signal their interests by explicitly selecting them on their user profile or signing up to various groups. CRM systems could also be integrated with Drupal to sync user profiles of known users. In this light personalization is relatively easy as the user is known and already a customer. Recent developments have been around personalizing for anonymous users and this has lead the need for a more decentralised approach to tracking and the delivery of the personalised experience. This need to personalize for unknown users could be considered as the main driver for the activity in the space since 2015.

A lot of this interest has been driven in the emergence of Acquia Lift (now Acquia Personalization). This product saw a lot of promotional activity from Acquia which, whilst being targetted at potential customers, was also helpful in educating the Drupal community around the need for personalization and also some of the approaches that could be taken to achieve that. This lead to the development of modules based around user context and the conditional serving of content.

That is not to say the rest of the community has sat idly by. There are a number of Drupal agencies which have picked the concept up and integrated it into their practices, driving the way they communicate with clients about the needs for personalization and how it can be achieved. In the presentations below there is a fairly even split between strategy and technology. It is refreshing to see that the problem of personalization has been seen as multifaceted with a strong emphasis on research, planning and design, as well as the technology to achieve it.

This has lead to the development of a number of open source projects in the Drupal space which can be used for personalization projects. Some of these are simple client side solutions, sometimes adopting a decoupled approach to serving the personalized experiences. We have also seen increased integrations with CRMs, marketing tools and CDPs to serve the personalized content.

Conclusion

This article is a roundup of most of the events and presentations which have helped shape the way Drupal practitioners approach the conceptual and technical solutions required for Drupal personalization. If you have any items you think I have missed in the roundup below, please add them to the comments and I will look to incorporate them in. 

What is next for personalization in Drupal? Time will tell.

Oct 08 2021
Oct 08

Drupal 8 was launched on November 19, 2015 to support the Drupal community with advanced features and functionalities. But now there is only three months left for it’s end-of-life (EOL) since we already have the end date fixed i.e. November 2nd, 2021. Well, what does Drupal end of life mean? End of life basically is the official date after which Drupal Community stops supporting a certain version of Drupal. This article can be considered as a guide where we will be able to clear all our queries in regards to Drupal 8 end-of-life (EOL). 

Illustration diagram describing the end of life of Drupal 8


Why November 2nd, 2021 marks end of life for Drupal 8?

As we have discussed above, Drupal 8's end-of-life is just a few months away, so are we making our necessary plans for migrating to Drupal 8’s later version? Let us get into a little more detail about Drupal 8’s end-of-life as it will help you in taking any major decisions about the migrating process. So, basically, after November 2nd, 2021, the end date of Drupal 8 version, no security patches will be available to you and along with that you won’t be receiving any vendor extended support program for Drupal 8. 

You will be surprised to know that Drupal 8’s End of Life happens before Drupal 7. Since, now you have an idea about Drupal 7 and 8 end of life, let us now look into the reasons why Drupal 8’s end of life takes place before Drupal 7. The first reason is that there was not much effort needed in the transition from Drupal 8 to Drupal 9. Since, Drupal 9 was not a reinvention of Drupal but rather it consists of two major differences i.e. updated dependencies and deprecating APIs. Second, Drupal 8 is majorly dependent on Symfony 3 and Symfony 3’s end of life is November 2021.

Is it still safe to stay on Drupal 8 even if the end of life is approaching?

If you decide to stay on Drupal 8 even after it’s end-of-life then you will have to go through some difficult consequences. Your website has to be compromised in terms of the security as the community support finishes with Drupal 8 end-of-life. You will have to purchase a vendor extended support program for Drupal 8 instead of depending upon the Drupal community to identify exploits and release patches. Additionally, as the developer community will no longer prioritize on enhancing the Drupal 8 version, so consequently, the existing modules will not receive any further necessary updates from the community as they will be busy focusing on Drupal 9 modules. Let me also tell you that with the growing time Drupal 8 sites tend to disappear and as a result, very few agencies will be available to offer Drupal support for these versions. Therefore, the best option you have is to upgrade to Drupal 9 without any further delay and get the maximum benefits out of it for your aspiring projects. 

What benefits will I get after migrating to Drupal  9? 

This section will give you a clarity about the important features that Drupal 9 offers. Once you take a look at them, you won’t regret migrating to this version from your present familiarised version of Drupal 8. 

Illustration diagram describing the benefits of migrating to Drupal 9


Availability of intuitive tools

Enhancing Drupal’s ease-of-use is something that is prioritized in this version of Drupal 9. Some of the promising improvements in regards to the strategic initiatives for Drupal core include automatic updates, Drupal 10 readiness and, decoupled menus.

Improving future upgrades

Drupal 9 focuses on making the upgrades smooth for future releases. There won’t be any need to replatform as new versions get released. 

Enabling you to stay close to innovation

With Drupal 9, you get access to the latest new feature releases that happen twice a year.

Front-end facilities

Drupal’s API-First initiative provides your site more versatility, allowing much better integrations, and also availing the much needed front-end flexibility. 

Providing richer media management

Drupal 9 enables you to embed remote content like YouTube and Vimeo videos. Additionally, it also features a Media Library module that helps users to add existing media assets. 

Accessibility of powerful visual design

Drupal 9 provides an improved Layout Builder which exclusively offers a single, powerful visual design tool for:

  • Layouts for templated content
  • Customization for templated layouts
  • Custom pages

Is migrating to Drupal 9 difficult?

By far we have got familiar with some of the important aspects of Drupal 8’s end-of-life, but now we will get through the most significant aspect i.e. the nature of the migrating process to Drupal 9. Is it easy or difficult? This question might be at the back of your mind, so here I am with the answer you are looking for. Since, Drupal 9 is built on Drupal 8, the technology in Drupal 9 is to be surely, convenient and effective as it has already been used in Drupal 8. Therefore, it gives an understanding that the upgrade to Drupal 9 will be easy. Let me explain this to you in a more detailed way. 

For Drupal core contributors, it means that there is a limited set of tasks to be done in Drupal 9 itself even before its release. Releasing Drupal 9 solely, depends on removing deprecated functionality and upgrading Drupal's dependencies, for instance, Symfony. This further helps in making the release timing more predictable and the release quality extremely robust.

For contributed module authors, the new technology is already available at their service, so they can easily work on Drupal 9 compatibility even before time (e.g., they can start with updating their media modules to use the new media library even before Drupal 9 gets released). Eventually, their Drupal 8 know-how remains extremely relevant in Drupal 9, since there won’t be any major change in building Drupal 9.

Finally, for Drupal site owners, it means that the upgrading process to Drupal 9 should be much easier in comparison to upgrading to Drupal 8. As Drupal 9 happens to be the last version of Drupal 8, with its deprecations being removed. So, there is no need to introduce new, backwards-compatibility breaking APIs or features in Drupal 9 except for the dependency updates. Until modules and themes stay up-to-date with the latest Drupal 8 APIs, the upgrade to Drupal 9 is set to be easy. Moreover, a 12 to 18 month period is enough for a smooth upgrade. 

Learn more about Drupal 9 upgrade approaches here:

What about Drupal 9 end-of-life?

With all the above discussion, you must be clear about the Drupal 8 end-of-life. But is that all you wanted to know? Or do you have any more curiosity to take a step forward and know about Drupal 9 end-of-life? Well, I'll give you a little information about it. Drupal 9 support ends in November 2023. Since, Drupal can be seen using a lot of Symfony code, the end of life for Drupal 9 will be when Symfony 4 reaches its end of life in November 2023.

The Drupal community is planning to release Drupal 10 ahead of the end date of Drupal 9. Therefore, Drupal 10 is estimated to be released in the mid of 2022. But they still haven’t fixed the Drupal 10 release date. And also we are far away from Drupal 10 end of life for sure. 

You can also see the release cycle overview to get more information on the possible release dates. 

Learn more about Drupal 9 here:

Illustration diagram describing Drupal End of Life Cycle

Conclusion

With this article, I tried giving you a clear picture of the various risks which you will come across if you choose to stick around Drupal 8 even after it’s end of life (EOL).  You could also possibly see all the important benefits that Drupal 9 has to offer. So, now hopefully, it can be expected that you will take the right step towards Drupal 9 upgrade. But yes, I do agree that upgrading comes with a lot of challenges. Therefore, the first convenient step for you will be to perform a readiness audit. As audit helps in recognizing the work and effort needed on your website, along with recommending you a seamless migration to Drupal 9.

Oct 07 2021
Oct 07

When creating content for a website, it is sometimes necessary to plan its publication later down the line. However, taking care of it manually can be both time-consuming and inconvenient. This is when Scheduler comes in handy – a Drupal module that will help you automate this process. Using it will allow us, among other things, to schedule the publication of content for a specific date and time.

Scheduler module - dates

The module was released on 23 July 2006, and its latest update was pushed on 19 July 2021. Scheduler has versions for Drupal 7 and 8. What is more, the latest update is compatible with Drupal 9 as well.

Module popularity

The module is currently used on more than 85 thousand websites. About 44 thousand of them are running Drupal 7, and more than 37 thousand are on Drupal 8.

The usage statistics of the Scheduler module aimed for scheduling publication on a Drupal website

Source: Drupal.org

Module developers

Scheduler was originally published by Eric Schaefer. However, the list of people working on its development to date is very long and impossible to establish – we don’t know all the users who contributed to its development.

Drupal Scheduler module – what does it do?

As I pointed out in the introduction, the module is used to plan content publication in advance. It also offers you a way to plan unpublishing. If needed – for example, in the case of events, where news will be made obsolete after the end, you can task the module with publishing your content and schedule its removal from your website at a specific day and time.

Scheduler provides three new permissions, allowing only the selected roles to have access to scheduled publishing. The list of possibilities also includes the so-called Lightweight cron, the configuration of which optimizes resource consumption. Lightweight cron is the developers' solution to make the cron responsible for publishing and removing content available to be run separately, without the need to initiate all other tasks, as is usually the case in Drupal.

Unboxing

Installation is standard. I recommend using Composer.

composer require drupal/scheduler
Scheduler composer

 

Permissions

Go to

/admin/people/permissions#module-scheduler 

– there, you will find a list of permissions that the module provides:

Permissions available in the Drupal Scheduler module

 

Administer scheduler

This setting enables you to configure the Scheduler module, available at

/admin/config/content/scheduler 

(see the next section for the description of all the features).

Scheduler content publication

Granting this permission allows a role to set scheduled publication, as well as to plan unpublishing.

View scheduled content list

Scheduler provides a view, which is available at

/admin/content/scheduled

Granting this permission allows you to access this view.

Settings

Go to

/admin/config/content/scheduler

to find all the global settings for the module. What is more, Scheduler can be configured per content type. Below, you can find a break down the global options.

Global settings of the Scheduler module

 

Allow users to enter only a date and provide a default time

Allows users who have permission to configure scheduled content publishing to specify only the publication date. When this option is selected, the time will be predefined and configurable in the Default time field.

Defining the publication date of the user-selected content in the Scheduler module.

 

Hide the second

Checking this option disables the ability to set seconds when scheduling content publishing.

Lightweight cron

As I pointed out earlier, by default, Drupal runs all cron jobs every once in a while. Checking which content needs to be published and unpublished relies on a cron job, which should be run every 1-5 minutes. Configuring Drupal to run all cron jobs every minute is hardly a very good idea, considering its performance, which is why the developers enabled the users to run a single cron job at a suitable interval. To do this, you need to add a new cron job run at a given time. Here is an example of a cron job that is run every minute: 

* * * * * wget -q -O /dev/null "https://tesd9.lndo.site/scheduler/cron/{access-key}

Go to

/admin/config/content/scheduler/cron 

to find the lightweight cron settings. There, you can enable logging of cron job activation and completion, change access-key and run cron manually.

Content type

I’ll illustrate this option with the default content type - Article - available in Drupal default profile. Go to

/admin/structure/types/manage/{content-type-machine-name} 

There, you will notice a new Scheduler tab. This is where you’ll find all the module's configuration options, which you can set for each entity.

In the Scheduler tab, related to the types of content, you will find all configuration options for the entity

 

Enable scheduled publishing/unpublishing for this content type

Enables or disables the ability to set scheduled publication and/or unpublishing.

Change content creation time to match the scheduled publish time

Changes the date in the creation time field to the date selected as the planned publication date.

Require scheduled publishing/unpublishing

Checking this option makes setting scheduled publication and/or unpublishing required.

Create a new revision on publishing/unpublishing

Creates a new revision during scheduled publication and/or unpublishing.

Action to be taken for publication dates in the past

This setting enables you to specify what will happen when the editor selects a publication date earlier than the current date. You can choose one of three options here:

  • Display an error message about choosing a date earlier than the current one – in this case, the content won’t be published.
  • Publish content immediately after saving.
  • Schedule your content to be published on the next cron job run.

Display scheduling options as

Changes the way Scheduler module options are displayed when creating and editing content. There are two options to choose from – Vertical tab and Separate fieldset.

Vertical tab

The vertical tab is one of the possibilities for displaying the Scheduler module options

 

Separate fieldset

Separate fieldset is one of the ways to display Scheduler options

 

Expand fieldset or vertical tab

Allows you to specify whether the field provided by the Scheduler should be expanded when creating and editing content.

Show message

Checking this option displays information about planned publication and unpublishing after saving the content.

Scheduled publication notification from the Scheduler module

Module usage

Let's assume that our article needs to go live on 1 September 2021 at 9:30 a.m. and won't have to be unpublished.

When writing the article, choose Publish on and set it to 01.09.2021 at 9:30 a.m., and then leave Unpublish on empty. In this case, the Require scheduled unpublishing option must be disabled for the Article entity.

Options for scheduling a publication for a specific date

Now imagine that our article needs to go live on 1 September 2021 at 9:30 a.m. and has to be unpublished a week later at the same time.

Let's start with doing the same thing as we did in the previous example, but this time also set Unpublish on to 08.09.2021 at 9:30 a.m.

Setting the time of publication of the article and unpublishing in the Drupal Scheduler module

You may be also interested in: How to Make Content Editing Easier in Drupal - Review of the Simplify Module

Integrations

Scheduler offers integrations with several Drupal modules.

  • If you’re using the Content Moderation module, you must enable the Content Moderation Integration sub-module.
  • Scheduler provides additional conditions, actions, and events for the Rules module.
  • It is also integrated with the automatic generation of test content provided by the Devel Generate module. Scheduler can automatically add the planned publication and unpublishing dates.
  • It also creates new tokens for the Token module, containing the planned publication and unpublishing dates.

The future of the module

The developers responsible for the Scheduler have announced that they are working on releasing version 2.0 of the module, supporting entities other than nodes, for example, Media, Commerce Products, and more. They also announced that events triggered by the Scheduler module and its integration with the Rules module will from now on be triggered after an entity is saved, rather than before, as was the case until now. The development progress can be followed on the module page.

Drupal Scheduler module – summary

Scheduler is a tool that greatly facilitates the scheduling publication of content on your website. Using it allows you to automate the process and makes it possible to do all the steps required to publish content at any time – thus making sure that you won't have to worry about it when the time comes. At Droptica, we also use Scheduler to schedule publications in advance. This module is extremely popular among Drupal users, and as such, it is constantly developed – with version 2.0 in the works right now. Our team of Drupal developers recommends using the Scheduler module to schedule publications in advance or to publish content for a specific time.

Oct 07 2021
Oct 07

Those of us who have a strong conviction that Drupal is the optimal CMS for government websites are in good company.
Secure, scalable, accessible out of the box, inherently cost effective, easily integrated with other systems, and fueled by a million member plus Drupal community -- the number of government entities around the world that are relying on the Drupal CMS is on a solid upward trajectory. Key among the factors driving Drupal’s role in the world’s accelerated advance toward digital government: the Drupal ecosystem’s 40,000 plus core and contributed modules. 
With so much from which to choose, sorting through the possibilities and moving forward with confidence that the best options are being deployed can be a challenge. Here at Promet Source, the multiple government clients for whom we’ve had the privilege recently of developing, designing and migrating Drupal sites, has resulted in a depth and breath of insight on the topic and expertise that we can share.  
Here’s an overview of a few of our faves and thoughts on must-have Drupal modules for government.

Management of Complex Permissions Levels

Workflows

Drupal 8 comes out of the box with a workflow management capability that can accommodate a basic level of  permissions and processes associated with creating and ushering content from draft to published states. Government clients, however, tend to require complex content publishing workflows concerning creation, editing, publishing, revising, and updating of content within designated pages and sections of the site. The Drupal Workflow module stands up to the complex workflow requirements of government clients, allowing for a high degree of customization and the association of specified workflow states with entities. 

Spam Mitigation

Honeypot

Digital government requires the ability to conduct business online, which often requires the completion and submission of online forms, free from the interference of spam bots, whose impact runs the spectrum from a time-consuming annoyance to a disabling of all or part of the site’s functionality. Our favorite Drupal module for stopping spam is the contributed Honeypot module is designed to deter spam bots from completing forms on a Drupal site, by adding an invisible field, as well as a time stamp to every form. Humans can’t see the invisible field and won’t fill it out. If the invisible field is filled out by a bot, the form returns an error. The time stamp feature enables detection of bots an based unreasonably quick completion of a form. With Honeypot a designated amount of time is required before the form can be effectively submitted. 
 

Secure, Single Sign On

SimpleSAMLphp Authentication

Government clients need to be able to count on sign on capabilities that are both robust and easy to manage. The Drupal SimpleSAMLphp Authentication module serves both purposes, integrating Drupal with SimpleSAMLphp, which serves to authenticate users with a single sign on. The module is fully configurable, allowing for the assigning of highly specific internal permission levels.

Easy Access to Related Content

Entity Reference Module

The Drupal Entity Reference module enables a critical functionality, which Promet heavily leverages on every government website that we build. Utilizing the Entity Reference field, the module can significantly enhance user experience by alerting them to related content, which could be a node, a user, or a taxonomy term. 

Multilingual Capabilities

Drupal Translation Modules

Even on the local level, government websites are widely expected to serve a wide range of constituencies who might speak multiple different languages. Starting with Drupal 8, Drupal became multilingual out of the box, supported by a robust selection of translation modules.

  • The Content Translation module allows for the translation of content, comments, custom blocks, taxonomy terms, users and other content entities in order to create a duplicate web page in the designated language. 
  • Entity Translation allows translation of particular web page elements. Instead of translating complete nodes, Entity Translation provides the option of making only designated fields translatable.
  • Merge Translations provides the ability to merge nodes that are in different languages into one, translated node.

Multifaceted Resource for Government Sites

Provus

Cherry picking from among tens of thousands of Drupal modules in the process of building optimal web solution for our public sector clients has served us well. 

Focused on greater efficiencies and leveraging best practices, we recently created Provus, a distribution system consisting of dozens of modules, multiple themes, several content type, and taxonomy terms -- all of which are auto enabled at the time of the initial installation.

Provus proved key in the efficient, seamless launch of the Orange County, Calif., website, which consists of 40 microsites. Key to the efficient development of the Orange County site was a component-based design system that offered a robust set of design options without needing to reinvent the wheel with the build of every new microsite. From the perspective of the current content editors of the site, Provus has sparked a new level of empowerment with the ability to easily edit, update, and switch up layouts utilizing drag-and-drop functionality. 
Among the modules leveraged within Provus:

  • Layout Builder allows content editors and site builders create visual layouts for displaying content and customize how content is arranged on a single page with an easy to use drag-and-drop interface
  • Fullcalendar View provides a calendar view format powered by the FullCalendar JavaScript library and features day, week, or month views; the ability to create a new event by double clicking; event colors based on taxonomy or content type; and recurring event functionality.
  • Geolocation Views facilitates the creation of Views-based mapping solutions using a choice of map renderers. 
  • Focal Point is an image scaling and cropping tool that allows for the specification of what part of the image is most important, ensuring, for instance that a subject’s head or the most essential element of the image is not cropped out.
  • Media Library is a media management module that provides an accessible and consolidated view of all of images that have been uploaded to a site. A robust and easy-to use interface allows for the searching, sorting and creation of media items, and can be used to add media items to an entity reference field, or embed media into content via a text editor.
  • The Drupal Office Hours module defines a weekly office hours or hours of operation field type allowing for the specification of when facilities are opened or closed. 
  • Facets provides a system for sorting content on a search, enabling users to filter down to the specific content that they are looking for in an easy and accessible manner. This functionality is huge for government sites which require robust search capabilities. The Facet module allows site builders to easily create and manage faceted search interfaces. 
  • DraggableViews can be used to organize simple lists and complex structures via drag-and-drop functionality. Access to style plug-in settings serves to simplify configuration.
  • Search API is a module that we leverage with a high degree of frequency in conjunction with Views and Facets. This module provides a framework for easily creating searches on any entity known to Drupal, using any kind of search engine. 
  • Taxonomy is a powerful core module that facilitates  the connection and classification of a website’s content, gathering terms within "vocabularies." 

Drupal sites for government clients that leverage Promet’s collective brainpower, plus the all the best that the Drupal community has to offer: that’s what we do. What can we do for you? Let’s talk.

Oct 07 2021
Oct 07

 At Globant, on my team, we have been exploring multiple content staging and deployment strategies. The observations from some of which can be found in my earlier posts here and here.

Next Tuesday, Makbul and Rahul from my team are presenting a consolidation of our findings, and a refined strategy that we use in our enterprise projects to create, stage and deploy content across environments using a robust process that increases our productivity significantly.

Sign up for the webinar @ https://bit.ly/3DdBAKD

image 18

Oct 06 2021
Oct 06

The UX Y’all Conferences hosted from Sept 23rd – 24th by The Triangle User Experience Professionals Association (TriUXPA) attracted user experience lovers and designers worldwide for two fun-filled days of virtual learning and networking opportunities. 

Sessions were led by a diverse set of creative leads and industry experts, many of whom represented prominent technology companies such as IBM, DocuSign, Adobe, and Triangle-based SAS and Red Hat — to name a few. 

The conference’s 25 sessions covered a variety of topics and involved presentations related to UX research, digital product design, design operations, emotional wellness, and even team building. But, if there was one session topic that stood out above the rest, that topic was certainly Inclusivity. 

Conference attendees had the opportunity to view a different inclusivity-themed session every other hour, including but not limited to: Being a Woman of Color in Technology, Our Equitable Future Depends on Forming Inclusive UX Teams NOW!, An Inclusive Web: Using Preference Media Queries to Make Your Sites for Everyone, Designing with an Equity and Justice Lens, and Moving from Awareness to Action: Designing Inclusive and Accessible Experiences.

These particular sessions were among the finest reflections of the overall theme for the 2021 conference, which was Unity. UX Y’all organizers made it very clear that their aim for this event was to connect our different experiences, spaces, and strengths, and explore how UX can inspire togetherness through our products and practices. As a conference attendee I think I can speak for everyone when I say that they certainly accomplished their goal. 

DesignHammer was heavily involved in the 2021 Conference. As a sponsor, we had the opportunity to present the DesignHammer brand and network with attendees inside our virtual “expo booth”. In addition to this, one of the company highlights of this year’s conference was a 45-minute panel moderated by DesignHammer's own Dave Shepley.

UX Y'all Dave Shepley

The panel "Considering Accessibility in Modern UX/UI", included DesignHammer's Managing Partner David Minton and digital accessibility advocate Jon Samuel, who is the Co-Founder of Ablr, an accessibility and inclusion company that delivers innovative solutions and services that empower the lives of people living with disabilities. The panel also included input from Ablr's Accessibility Operations Manager Kim Casey, and Bona Son, a legally blind technology professional who executes website accessibility testing as a contractor for Ablr. 

The free-flowing conversation between accessibility experts revolved around accessible web design, how screen readers actually operate, and common user interface design errors that make using the web very difficult for people who are visually and/or hearing impaired. Panel attendees were also heavily educated on the importance of addressing accessibility in light of usability.

Over the course of the 45-minute panel, the most memorable part actually happened at the very beginning. For the first 15 minutes, John Samuel, who is visually impaired, could not find the proper controls on the conference's virtual platform and was therefore unable to join in on the live panel discussion. As the moderator, Dave Shepley attempted to help John join the call mid-panel to no avail. Ultimately it was a UX Y'all volunteer who was able to jump in and assist John through the steps he needed to take to access the call successfully.

While this kind of occurrence feels like a minor fluke on our end, it is actually a reflection of something bigger.
John’s difficulty joining in on the video panel is a perfect representation of the plight faced on a daily basis by people with hearing, visual, and learning disabilities whenever they attempt to use the internet.

Overall, the discussion taught me that although the rapidly-evolving technological landscape of the 21st century is exceptional and even amazing at times, there are still some prevailing flaws in digital product design and a huge awareness gap that exists when it comes to public knowledge of the issues faced by people with disabilities. The DesignHammer / Ablr panel discussion was effective in bringing these issues to light and managed to successfully highlight various ways, some obvious and some not, that UX/UI designers can be more inclusive towards the visual and hearing impaired in their design.

UX Y'all Accessibility Speaker biosConsidering Accessibility in Modern UX/UI panel participants
Oct 06 2021
Oct 06

One of our clients had the need to display calendar links in an email which was being sent out after the user signed up for an event. The event registration was being handled as a Weform submission and and email was being sent out to the user after they had submitted the form. We had no easy way to add the calendar links in as the markup required was quite complex.

One possible alternative was the Calendar Link module. It provides twig functions for converting a link into an invite. This was not of use to us because we wanted to convert the link to an invite in an email, rather than a web page. The natural solution was to extend the token system to do this for us.

The Calendar Links Token module is the simple solution. It makes use of the Calendar Links library to implement a token which can be used in Drupal. We have used it in emails, however it could be used in other situations.

The token has quite a number of options to handle the various fields which can be used when creating links for the various calendar services.

[calendar_links:parameters:nid|date_start_field|date_end_field|title_field|description_field|location_field]

The module page has a few examples of how this can be used.

The output of the token shows links to the common calendar services:

This tiny little module has allowed us to build a simple event registration system which provides a better user experience, allowing users to easily add the event to their calendars once they have signed up.

We hope you find this module of use in one of your projects. 

Pages

About Drupal Sun

Drupal Sun is an Evolving Web project. It allows you to:

  • Do full-text search on all the articles in Drupal Planet (thanks to Apache Solr)
  • Facet based on tags, author, or feed
  • Flip through articles quickly (with j/k or arrow keys) to find what you're interested in
  • View the entire article text inline, or in the context of the site where it was created

See the blog post at Evolving Web

Evolving Web