Upgrade Your Drupal Skills

We trained 1,000+ Drupal Developers over the last decade.

See Advanced Courses NAH, I know Enough
May 20 2020
May 20
Project: Drupal coreDate: 2020-May-20Security risk: Moderately critical 10∕25 AC:Basic/A:None/CI:None/II:None/E:Theoretical/TD:AllVulnerability: Open RedirectCVE IDs: CVE-2020-13662 Description: 

Drupal 7 has an Open Redirect vulnerability. For example, a user could be tricked into visiting a specially crafted link which would redirect them to an arbitrary external URL.

The vulnerability is caused by insufficient validation of the destination query parameter in the drupal_goto() function.

Other versions of Drupal core are not vulnerable.


Install the latest version:

Reported By: Fixed By: 
May 20 2020
May 20
Project: Drupal coreDate: 2020-May-20Security risk: Moderately critical 10∕25 AC:Complex/A:Admin/CI:Some/II:Some/E:Theoretical/TD:UncommonVulnerability: Cross Site ScriptingDescription: 

The jQuery project released version 3.5.0, and as part of that, disclosed two security vulnerabilities that affect all prior versions. As mentioned in the jQuery blog, both are

[...] security issues in jQuery’s DOM manipulation methods, as in .html(), .append(), and the others. Security advisories for both of these issues have been published on GitHub.

Those advisories are:

These vulnerabilities may be exploitable on some Drupal sites. This Drupal security release backports the fixes to the relevant jQuery functions, without making any other changes to the jQuery version that is included in Drupal core or running on the site via some other module such as jQuery Update. It is not necessary to update jquery_update on Drupal 7 sites that have the module installed.

Backwards-compatibility code has also been added to minimize regressions to Drupal sites that might rely on jQuery's prior behavior. With jQuery 3.5, incorrect self-closing HTML tags in JavaScript for elements where end tags are normally required will encounter a change in what jQuery returns or inserts. To minimize that disruption in 8.8.x and earlier, this security release retains jQuery's prior behavior for most safe tags. There may still be regressions for edge cases, including invalidly self-closed custom elements on Internet Explorer.

(Note: the backwards compatibility layer will not be included in the upcoming Drupal 8.9 and 9.0 releases, so Drupal 8 and 9 modules, themes, and sites should correct tags in JavaScript to properly use closing tags.)

If you find a regression caused by the jQuery changes, please report it in Drupal core's issue queue (or that of the relevant contrib project). However, if you believe you have found a security issue, please report it privately to the Drupal Security Team.


Install the latest version:

Versions of Drupal 8 prior to 8.7 are end-of-life and do not receive security coverage. Sites on 8.6 or earlier should update to 8.7.14.

The pre-release Drupal versions (8.9 and 9.0) have been updated jQuery to version 3.5.1 as of 8.9.0-beta3 and 9.0.0-beta3.

Reported By: Fixed By: 
May 20 2020
May 20

For every website, irrespective of the industry, a blog is a powerful magnet that attracts both visitors and search engines. In order to keep your website fresh, you need to regularly treat your audience to new and tasty content.

Among the ways to increase blog engagement is to notify users about new posts. Let’s see how to set up content email notifications on a Drupal website.

Of course, you can always rely on our Drupal development team for setting up notifications on your website according to your requirements at very affordable prices.

A few tips about how to engage readers on a blog

So you have a blog that helps you bring your message across to your prospective customers. How can you increase content engagement? How do you connect with readers better? The tips include (but are not limited to) the following:

  • Regularly share your blog on social media and add sharing buttons for your readers to do the same.
  • Make sure your website has a comment section so your readers can share their thoughts or ask questions (and get your answers!)
  • Insert encouraging questions into your blog content that directly ask your readers’ opinion.
  • Never underestimate the power of interesting video content.
  • Share your blog on forums, communities, and specialized platforms in various engaging formats like polls, podcasts, contests, slideshows, and so on.
  • Don’t forget to increase your website loading speed so your users don’t lose patience while waiting to read your content.
  • Be sure to improve your website’s mobile UX so it’s easy and enjoyable to read your blog from any device.
  • Email users when a new post is published, or an old one is updated or commented on. This is the subject of the rest of this post.

The role of email notifications in your user engagement

Let’s see more details about the benefits of notifying users about new posts on a website. This increases the chance that they:

  • come and read your content
  • share it on social media
  • register on your website
  • subscribe to your newsletter
  • become loyal readers
  • get involved in a discussion in the comments
  • or, most desirably, click your important CTA button

That’s why email notifications, as an important engagement technique, are beneficial for your blog views, popularity, SEO, and conversions. Considering the high open rates of emails, the impact can be very significant.

Opportunities to notify users about new posts on a Drupal website

If your website is built with Drupal, your options for email notifications are very extensive:

  • Recipients. You can send new post notifications to subscribers, users, authors, admins, etc. These can be users of specific roles, users from a specific list, or users who have performed specific actions (e.g. commented on a blog post).
  • Events. Notify users when content is created, updated, someone posted a comment or replied to it, there are new posts to moderate, etc.
  • Form. Send notification messages, full content items, content teasers, full comment threads or just personal replies.
  • Time. Send your emails immediately, schedule them to be sent in the future, or unquee them to be processed by Drupal Cron (time-based task scheduler).
  • Amount. Notify users about every single event or collect the events into regular newsletters.

Drupal modules for email notifications

Let’s now see how to notify users about a new Drupal blog and other events described above. As usual with Drupal, this can be implemented through a wide array of contributed Drupal modules.

Which is the best Drupal module to send new post notifications to subscribers? Each of them is great in its own way and performs particular functions. Of course, anything that is not covered by them can be added as custom functionality by Drupal development experts.

Comment Notify

Comment Notify is a lightweight module that notifies users by email about replies to their comments and other comment-related events. It is available both in Drupal 7 and Drupal 8. The module has been freshly updated.

One of its important features is the ability to send emails both to authenticated and anonymous users. Anonymous users are a very promising audience in building a blog community. Other features of the module include the option for users to unsubscribe, notifications for admins that they need to moderate a comment, emails for authors about new comments to their blog posts, and much more.

Comment Notify Drupal module

Admin Content Notification

The Admin Content Notification module allows you to notify users by email when new content has been created or updated. It is also available in Drupal 7 and 8.

You can notify website administrators or users of any other roles, as well as users of a specific list. It’s possible to select specific content types, events (whether the content is created or updated), send content nodes via tokens, and much more. 

Admin Content Notification Drupal module

Workbench Email

The Workbench Email module enables you to send email notifications based on content status changes. You can send emails from the admin dashboard about the transitions of content from state to state, for example, when the content moves from “draft” to “needs review.” Its work is based on configurable email templates. The module supports tokens and allows you to select users and content types.

Workbench Email Drupal module

Message Stack

The Message Stack is a complex but very powerful and flexible module that consists of the Message, Message Notify, Message Subscribe, Message Digest, and Message UI submodules. The package has capabilities that will impress any developer because it can do literally anything if used properly. For example:

  • defining message types and generating messages
  • export of message types
  • subscription to events related to content
  • plugins for email and SMS notifications
  • multilingual support
  • Token support
  • Rules support
  • example modules included

Message Stack Drupal module

Let us help you notify your users about new posts on your site!

If you are still asking yourself “How can I increase my blog traffic?” try these effective email notification techniques and boost user engagement with the help of our Drupal development company.

We understand the situation is difficult today for many businesses. So we have adopted a cost-effective development approach and now do the work twice as fast. A wealth of contributed modules in Drupal, for email notifications and other purposes, allows us to use minimum customization where it is possible in order to meet the customer requirements. Give it a try!

Contact us to discuss how we can use our development expertise to help your website and business.

May 20 2020
May 20

Peter OroszvariContinuing our short series of articles highlighting ways that the Drupal software and its community are building solutions to help combat the effect of COVID-19, today we hear from Peter Oroszvari of Cheppers. Here, he describes their project at the Mayor’s Office of the 15th District of Budapest, Hungary.

The coronavirus pandemic triggered a critical situation in Hungary that forced local government authorities to move fast in the digitalization of services. Cheppers, a Drupal-focused development company has already been working with local governments on e-government solutions, supporting authorities in their digital transformation. 

As the Hungarian government ordered restrictions on free movement in March 2020, organizing care for the elderly and persons in need became the responsibility of local authorities. The Mayor’s Office of Budapest’s 15th District called upon Cheppers to build a mobile application and website that serves as a platform for locals in difficult situations to ask for help from the Mayor’s Office, while supporting the Office in tracking requests filed through various platforms. A Drupal-based solution seemed fitting for three reasons:

  • A Drupal-based backend simultaneously provides content for various end points while operating as a suitable platform to store incoming requests. 
  • Compliance with personal data security measures is a key requirement in the public sector. As Drupal conforms to the OWASP standards, its application guarantees the prevention of hazards to citizens’ personal data. 
  • Fast response to the challenges triggered by the pandemic was essential. Thus speed was one of the main reasons we built the Covid Helper tool in Drupal: the website and the first version of the mobile app was ready in less than 3 weeks using Drupal Contribution and core functionalities. 

Covid Helper registered more than 100 requests and 1000 visitors per day right after its release. As the pandemic evolved, the District Mayor’s Office came back with a demand for extended functionalities: version 2 allows for the registration of volunteer helpers, reducing pressure on the District Mayor’s Office. 


Due to the severe economic crisis triggered by the pandemic, many of the requests registered on the platform were applications for financial aid. This induced the digitalization of the financial aid application process in the District, which will be also available through the Covid Helper website. 

The District Mayor’s Office issued a marketing campaign informing citizens about the Covid Helper tool on city billboards and through an animated video.

Besides all the challenges, covid-19 does seem to have kicked off the digitalization process at government authorities and public services. Tools developed to solve the current situation may be the source of best practices to create an effective e-government system in the near future. 

May 20 2020
May 20

Low-code platforms have been slowly gaining popularity in the Marketing stack of organisations. Low-code essentially means being able to assemble UI of your Digital experience visually and often without the need for a dedicated Development team. Webflow for Websites and Shopify for e-commerce are among the list of rising low-code platforms. These platforms help organisations become more agile and help enable various functions like Design, Marketing to come on board as Makers on the Digital experience. Today we will talk about Cohesion now renamed as Site Studio, a low code offering for Drupal websites by Acquia, we will discuss benefits and some of the paradigms that make it an effective low code option in Drupal stack.

Drupal has witnessed a healthy growth over these years as a pillar for Enterprise Digital stack, Acquia's Site Studio brings the DIY spirit to this stack. What more and more Marketers are looking for is quicker and cheaper ways to assemble landing pages and work out of a component library of Digital elements that are performant and consistent to the Design systems of the organisation. A low code approach to Drupal will only work if its aware of its capabilities & flexibility, that is what Cohesion brings on the table. Ability to apply Design systems on your Digital Experience built on Drupal, DIY!

Benefits of Acquia's Site Studio

  1. Low code 
  2. Highly configurable
  3. Easy maintainable
  4. Easily modifiable 
  5. Highly scalable
  6. Component-based driven
  7. Less developer dependent

Acquia Site Studio

Acquia's Site Studio provides a contributed module and theme which needs to be installed in Drupal, quite similar to the way we install other modules and themes. However, to use this service, it is required to purchase a cohesion package that provides us with an API Key, Agency Key, Site ID, and an API Server URL which needs to be inserted in the Account Settings form.

Cohesion DX8

Here are the settings and key features of Acquia's Site Studio:

  1. Website Settings
  2. Style Settings
  3. Components
  4. Templates

Site Studio provides an in-site configuration form which takes care of your branding requirements. You can add your own branding elements like fonts, colours, icons, grid settings, SCSS variables, etc. directly onto the site. And there is absolutely no need to make any changes in the theme folder as well as the theme settings. Doesn’t this sound cool! Your basic frontend settings would be handy to you and you can modify it directly from the site without asking for help from a developer.

Website Settings

Cohesion DX8

Style Settings

It’s not over yet, with Acquia Site Studio you can create/modify styles of a site. Acquia Site Studio provides settings to update the base style or to create custom styles. 

Cohesion DX8

And this is how the default preview and configuration pane looks like.

[embedded content]

Now let’s understand what comes under Base styling and Custom styling

Base styling - Styling which is going to be consistent throughout the site, e.g., font-size of body. Font formatting of Headings, Style of a button, style of link, etc.

Custom styling - Styling which will be different for each instance or as a variation of base style. E.g., Big button, Small button, Read More Link, Consistent layout related styles (Padding Top & Bottom Large, Padding Top & Bottom Small), Social icons theming, etc.

Let’s look at the example of CTA link styling.

  • CTA style structure
    • Link styling
    • After pseudo-element styling
    • On hover pseudo-element styling
  • Style properties required for CTA link and those properties are added in the config form through properties button on the top right corner of the styling pane
  • Styling properties required for pseudo-element styling
  • Styling properties required for pseudo-element after hover



cohesion DX8

Component Builder

Now let’s introduce the coolest feature of the Acquia's Site Studio -  a Component Builder. Acquia Site Studio follows a complete component-based development approach. So, what is the component-based development approach? 

Acquia Site Studio provides a list of elements. By using these elements even simple and complex components can be created and be made configurable by creating a component form. The amazing part is that everything can be built by mere drag and drop. Doesn’t it sound super user friendly?

Let’s look at an example of a Hero Component and figure out which elements could be part of this component?  Let’s create a list of elements(atoms).

  • Hero Image
  • Hero Title
  • Hero Description
  • CTA button

Let’s consider the below-displayed hero component that we are trying to achieve.

Cohesion dx8

Based on the Hero component design, the hero component structure would look similar as described in the below image.

Cohesion DX8

A component will be created which will have the above-mentioned elements. But what about styling? This is the real beauty of Acquia Site Studio. It allows us to create a base style as well as a custom style and those can be appended to the component. Doesn’t it sound fascinating?

Here would like to take you back to the styling part of the section where we have styled CTA link. Now, here in the above component CTA link element can directly assign the style which has been created under custom style. And as per image, styling can be appended to CTA Link element.



There are multiple ways to create different layouts. Here, with Acquia Site Studio, the layout can be defined by a Layout Category component and also component dropzone element can be provided to add other components. 

Does it mean? Woah! Yes, it means nesting use of the component is also possible. I won’t provide the screenshot for this example right now.


There are four main templates:

  • Master Template
  • Content Template
  • Views Template
  • Menu Template

The template names clearly state the use of each template, but, I am sure you must have some questions related to master templates. 

What will it hold? The thumb rule is, this template should be least modifiable, means, it should not be updated frequently. We can ensure this by using only consistent section/components/regions added to it.

Acquia Site Studio Demo 

Explore how Site Studio enables you to apply design systems on your Digital Experience built on Drupal!

[embedded content]

I hope this blog was helpful to understand the basic outline of Acquia Site Studio. Stay tuned! We have an upcoming blog that will talk about the advanced usage of templates. 

P.S - If you want to learn more about Site Studio, Acquia has a training and a full support guide - https://cohesiondocs.acquia. com/6.1 and get access to the free sandbox here - https://www.acquia.com/ products-services/acquia- cohesion#create-sandbox.

May 19 2020
May 19

How amazing does it feel when you walk into a coffee shop and the barista greets you by name and asks if you’d like the usual? Or when you meet someone you haven’t seen in a long time and they ask about some obscure and specific hobby you once mentioned you had?

These personalized experiences give you the warm and fuzzies. You typically come away from those interactions a fan of the place or person. Heck, if someone were to criticize them, you’d speak up that that's not your experience. And you wouldn’t hesitate to recommend that place or person to others.

At an event a few years ago, I noticed someone who seemed a little hesitant. I introduced myself and invited them to join me at my table, and we chatted a little. We never spoke much after that. But on multiple occasions over the past few years, that person has given me a glowing reference when I came up in conversation. 

Personalization makes us feel valued and understood. And that's how you want your customers to feel. Because if they do, they will buy more and advocate for your brand.

Personalized Marketing Options to Consider

Broadly speaking, there are two ways to do web personalization: with real-time data or historical data.

Real-time data involves using location data to serve up a specific site, content, or offer. Here are a few examples:

  • Using device type or operating system to either manage how content is displayed or make assumptions on product needs
  • Using traffic source to tailor content (i.e., looking at when and what the user came from)
  • Basing promotions on products or services that have proven popular with others

Historical data goes deeper. This involves presenting personalized content, products, or offers based on users' previous interactions. You could look at factors like:

  • The number of orders they made
  • Their average order size
  • The total amount they spent
  • The products they looked at
  • The carts they abandoned
  • The time that has elapsed since their last transaction and/or visit

The options are as vast as the data you have collected. But through segmentation and rules, you can greatly increase the user's odds of converting.

Why You Need to Tread Carefully

Many consumers are becoming increasingly concerned about privacy and data management. You need to ensure that the personalization you supply is helping them in making a conversion decision and not simply showing them how much you know about them.

For instance, your barista asking if you fancy trying the new mocha latte (because they knew you had recently bought one from another brand) is much less creepy than being greeted with, "I heard you’re now into chocolate, so try this new mocha latte." The difference is small, but crucial.

Choose the Right Tools

With the overwhelming array of personalization options, it's important to work with an experienced team that can help guide you. At Acro, we love Drupal, and it can do many entry personalization functions within its platform (much more than most content management systems).

However, if you need to get very sophisticated, then you need a third-party platform. We love Acquia Lift. For features, usability and support, it is unparalleled. If you would like a personalized introduction to Acquia, hit me up and I’ll set you up, personally. 

The Bottom Line

Global research and advisory firm Gartner stated that the three key takeaways on personalization are:

  1. Consumers want to receive personalized help as they navigate the buying journey.
  2. Focusing solely on personalized recognition is potentially detrimental to a company’s commercial objectives.
  3. When it comes to help, consumers prioritize information, a simpler purchase process and saving time.1

Peronalization isn’t the ultimate goal. It’s another tool to achieve whatever your actual goal is, whether that be increased sales, increased order value, increased frequency or brand loyalty. Once you define what your goals are, you can explore if personalization will give the required ROI.

If you would like to have a conversation about your business goals and see if personalization is an appropriate tool for you, give me a call. And if not, if we ever meet out and about, you’re always welcome to sit at my table.

Click to contact one of our ecommerce consultants

1 - Source: Gartner, "Maximize the Impact of Personalization,” April 2019

May 18 2020
May 18

We recently introduced the concept of digital experience frameworks as the essential tools for creating and managing digital experiences. That blog post covered the basics of DXF: what’s meant by the term, some different types of DXF, and how to choose the right ones for your needs, supported by a short look into the choices for Agiledrop’s own suite of DXF.

This post will then focus more on the advantages of open-source digital experience frameworks and how they can be utilized to streamline operations and drive growth for your business. 

We’ll discuss the main reasons for opting for open-source DXF rather than custom development or proprietary tools, and take a look at the benefits of using them, both for your products/services as well as for your internal operations. 

How can you drive business growth with open-source digital experience frameworks?

Aesthetic photo of man sitting in garage

In the experience economy, websites are just one of the numerous channels with which your customers interact with your business. In order to truly drive business growth, you’ll want to take advantage of all available channels where your target audience spends their time (and money!).

It’s true that with custom development, you’ll get all the customizability you desire and won’t be constrained with certain limitations of specific and already established DXF. However, custom development, especially in the multichannel digital landscape, is not only much more costly, but also much much more time consuming than relying on open-source DXF.

Just think of it - while you may achieve more functionality with custom development, the question arises whether the custom code will be completed at a time when this functionality is still relevant. Chances are high that this won’t be the case.

With SaaS solutions for creating digital experiences, the story is a bit different. They are incredibly time- and resource-efficient, but that’s also reflected in the budget. 

For big companies with a reasonable budget, it might make sense to rely on established SaaS providers - but what about small to medium-sized businesses that don’t have the luxury to afford a premium subscription to, say, Salesforce?

Furthermore, while initial development is faster, the SaaS still likely has certain limitations which can’t be dealt with as flexibly as with a digital experience framework. Plus, if you ever decide to migrate from a SaaS to another solution, you’ll have a very hard time getting all your data - it won’t, technically, be yours.

Luckily, there are a lot of really good open-source solutions - this is basically free software, supported and vetted by a community of experts (with frameworks such as WordPress or React, for example, these communities are downright huge). 

There are 2 crucial things to take into account here:

  • Vetting by experts guarantees a very high level of security. This is especially true in Angular and Drupal: the former is supported by Google, while the latter is renowned for being the most secure open-source CMS and as such a favorite of governments, nonprofits and similar organizations.
  • Wide range of customizable options makes it easier to do personalization well, which contributes to a better customer experience, with higher conversion and lower bounce rates.

All three digital experience frameworks which we utilize at Agiledrop satisfy these two criteria. As the two leading CMS with huge communities backing them, WordPress and Drupal are able to respond efficiently to the ever-changing market demands, both of them introducing sought-after features while allowing for better and better integration with other technologies. 

Both of them can also be used as “headless” or “decoupled” content management systems, relying on a front-end framework such as Angular or React for the presentation of that content.

While both of them offer out-of-the-box support for React, they can function with basically any framework. There have been a few articles recently on using WordPress with Vue, and one of our developers has been working on a project that uses Vue in combination with Drupal. 

Our front-end framework of choice, however, is the TypeScript-based Angular, due to its enterprise capabilities. These especially make it a perfect fit with Drupal, which is also predominantly used for bigger, enterprise platforms. 

Angular is developed and maintained by leading tech company Google, and the TypeScript language by another tech giant, Microsoft. On top of that, the framework’s regular release cycle guarantees constant additions and optimizations to functionality and security. 

All three frameworks provide enough out-of-the-box features, as well as all the plugins, modules and other tools contributed by the community, that you can significantly cut down on costs with them, as you’ll require less custom development to achieve the same functionality. 

What’s more, to cater to the recent explosion of digital channels, they also come with excellent mobile support, as well as the ability to integrate with any kind of channel, allowing your business to leverage all the channels it needs to, from the web to IoT. 

In addition to powering all sorts of digital experiences for your audiences, open-source DXF are also the ideal tools for all of your internal operations, from WebOps to project and resource management. 

WordPress and especially Drupal are perfect for internal platforms where you need good content management capabilities, media handling and well-defined permissions and user roles. 

Frameworks such as Angular or React are then suited towards more specific use cases - at Agiledrop, we recently revamped our resource management dashboards which now utilize Angular, for example. And, as our project managers testify, their day-to-day work has been greatly facilitated thanks to this upgrade!

So, by providing a great experience for both your users and customers, as well as your employees, open-source digital experience frameworks are a cost-effective and future-proof solution for establishing and scaling your digital presence. Leveraging them allows for more innovation and flexibility, enabling you to better tailor your digital experiences to the needs of your audiences.


Blue web of connected nodes

To sum up, open-source digital experience frameworks such as Drupal, WordPress and Angular can be used to power any kind of digital experience, from products to operations, from web to mobile to physical digital display.

They are by their very nature future-proof enough to guarantee business relevance a few years down the line when new trends emerge, allowing you to scale and grow without having to worry about migrating your entire codebase every few years, or losing any user data. 

This is only enhanced with the frameworks’ commitment to backward compatibility, which will make upgrades between future versions even easier. 

If you’re looking for the right suite of digital experience frameworks for your next project, and proven engineers versed in those frameworks, reach out to us and we’ll craft a team with the perfect skill-set for your needs.

May 13 2020
May 13

Keeping a castle secure requires you to keep watch in every direction. The same applies to websites — protecting your “digital castle” involves many different aspects.

Luckily, Drupal website security is on a pretty high level, so you just need to follow its best practices. You can always count on our Drupal support & maintenance team for the task of improving website security and implementing the best website security measures like:

  • switching to HTTPS
  • applying Drupal security updates
  • bringing order to roles and permissions
  • blocking access to important files
  • installing security modules
  • and many more.

Our team can not only protect your website but also your budget from extra expenses thanks to our reasonable pricing and quick problem solving.

Today, we are taking a closer look at one of the practices to improve website security that is rarely described — website session timeout. Let’s see how this is done by the Automated Logout Drupal module.

How to improve website security with automated logout

You might have noticed that online banking applications show a countdown of your session time. This session time is usually very, very short.

Of course, not all apps or websites deal with this level of sensitive operations. So their session expiration time may vary. Still, if you want to improve website security, your site needs an automated logout.

The explanation is simple: this feature prevents hackers from intercepting a user’s session ID and intruding into your site. This makes it one of the website security basics that are used to improve the protection level.

  • According to OWASP (Open Web Application Security Project), insufficient session expiration increases session-based attacks. The shorter your website session is, the fewer opportunities you leave open to attackers. So you should keep a good balance between security and usability depending on the purpose of your website.

Website security features of the Automated Logout Drupal module

As part of the security measures for a website, the Automated Logout contributed module in Drupal allows site admins to specify the time of inactivity, so users are automatically logged out when it expires.

The module is very flexible in its settings. Among its features to improve website security are:

  • different session timeouts for different user roles
  • individual website session timeouts on a per-user basis
  • customized notifications about the upcoming logout
  • JS mechanisms to keep users logged-in when they have multiple tabs open or are working on a form
  • and more

How to work with the Automated Logout Drupal module to improve security

Let’s see the module in action. With the module installed and enabled, go to Configuration — People — Automated logout settings. Here are the key details to configure:

1) The main time settings

  • Set the timeout value in seconds (60 or longer). If role-based timeout is activated, this setting will not be used.
  • Set the maximum timeout in seconds. This is the maximum time that can be set by users who are allowed to set their own timeout.

2) Time for a response

  • Set the timeout padding in seconds. This is the time a user has for responding to the dialog before the logout (whether they want to resume the session or not).

Automated Logout Drupal module - settings for time

3) Where to redirect users

  • You need to set the redirect URL to which a user is redirected after the session is over.

Automated Logout Drupal module - settings for redirect URL

4) User-specific and role-specific timeouts

  • You can disable user-specific logout thresholds if you want to forbid everyone from setting their own individual maximum logout time. If this is allowed, this can be configured in individual user profiles in the People section of the admin dashboard. However, it never exceeds the sitewide maximum timeout you have set in Point 1.

Automated Logout Drupal module - settings for user-specific and role-specific timeouts

  • You can enable role timeout if you want to allow specific user roles to set their per-role maximum timeouts and redirect URLs. The permissions for specific roles can be set in the People — Permissions section of the admin dashboard.

Automated Logout Drupal module - roles and permissions

5) The logout dialog settings

When the logout is approaching, it’s a good practice to show a dialog window to users that informs them about this and gives them a chance to respond “yes” or “no” to the option to reset their session. Here are the things you can customize:

  • The dialog title
  • The message to display in the logout dialog
  • The message to display after the logout
  • The type of message (status or warning)
  • The time for a user’s response (see Point 2).

6) The response buttons

It’s also possible to customize the “confirm” and “decline” button text in the dialog window or totally disable the response buttons.

If you need to improve the standard look of the buttons to meet your brand’s identity or customize the above-described process in any other way, just contact a Drupal team.

Automated Logout Drupal module - response buttons

Improve website security with our support experts!

It’s easy to stay safe when you take the best security measures for your website. Our Drupal development company knows how to improve website security, so let us help you make your site a protected place.

As support and maintenance experts, we strive to improve sites in every aspect, so you can ask us to improve not only your site’s security, but also its performance, SEO, etc.

You can reach out to us with tasks of any scope — from installing and configuring specific security modules to performing a comprehensive security audit at a good price. Drop us a line to improve website security today!

May 12 2020
May 12

For more than 13 years, BADCamp has been dedicated to providing the Drupal community with fun, inspiring, and safe opportunities to teach, learn and share together. While 2020 has seen many changes to the ways we interact with one another, our passion for open-source, and the people who contribute to it, boogies on!

For the safety of all members of our local and global communities, BADCamp XIV will be delivered in an online format. 

Mark your calendars for Oct 14-17, 2020 – the first-ever virtual BADCamp! Featuring all the things you love about BADCamp: trainings that help you level up your skills, sessions that promote learning from members of your community, opportunities to make new friends and connections, and lots of fun! Now, from the comfort of your own kitchen table, home office, Animal Crossing headquarters, sofa, or wherever your WiFi signal is strongest.

While we still have many details to work out, we want you to know that, wherever you are, we are in this together. We look forward to seeing you in October.

May 12 2020
May 12

Many people researching Drupal Commerce 2.x for Drupal 8 (or the upcoming Drupal 9) are likely wanting to either remove the extra ecommerce shopping carts or allow checkout for multiple carts. This blog post will explain why we have multiple carts—and why being able to checkout with multiple carts is challenging, but possible.

Why you can have more than one Drupal Commerce cart

First, let’s demonstrate what Commerce 2.x can do out of the box for a single user and is often considered a bug. 

  1. Go to Acro Media’s demo store.
  2. Start out as anonymous and register as a user.
    1. Register here.
    2. Check your email/spam and click a link.
    3. Set your password because you’ll need to log back in shortly.
      Note: Acro doesn’t use your email address used on the account sign up on this site to contact you for marketing purposes. You can opt into marketing materials by clicking the large red help question mark on the right.
  3. Once registered, add something to your cart, and log out.
  4. Add something to your cart and log in.
  5. Go to /cart.


If you are seeing two carts, then you have discovered, like many others, that Drupal Commerce 2.x shows multiple carts by design. Drupal Commerce 1.x created multiple carts like this as well, but would only show one cart at a time. In 1.x, you could follow the five steps outlined above, then checkout and your original cart would display.

Why? Because the system will not delete carts. We’re using a simple anonymous session to create two carts in a potentially common edge case.

The pros and cons of multiple carts

Pro Con
  • Customers never lose a cart, even if their use of the site means they have more than one.
  • You could have multiple sellers, enabling a marketplace feature to be built on top of the existing functionality
  • You could enable different checkout workflows (one for digital services, one for recurring services, and another for physical items that require shipping).
  • You could end up with a confusing user experience by making your customers check out multiple times.
  • Payment and fulfillment must be handled separately for different items or different vendors.
  • More than one cart presents a significant visual challenge for designers. In the cart dropdown, for example, how do you should more than one cart? On the cart page, for another example, how do you handle more than one checkout button?

Turning off multiple carts in Drupal Commerce 2.x

There are two relatively simple Drupal modules you can use to show a single cart to a user:

Commerce Combine Carts—If this module is turned on, the multi-cart demo above would not produce two carts.

Commerce Cart Advanced—This module packs a lot of features into it for the crowd of users who want management tools around their multiple cart experience, but it also includes the feature to display only one cart at a time. It was created and is maintained by Acro Media’s senior developer known as krystalcode (Dimitris Bozelos).

Checking out multiple carts, Etsy/Amazon style

The holy grail of marketplace commerce is multi-store and single-checkout. The idea is that you could have a site that features multiple stores and customers could check out once from more than one store. 

According to the original author and former maintainer of Drupal Commerce 2.x, bojanz, you can do this by coding a form that acts like a checkout flow-form, but changes more than one order simultaneously.

However, you also have to consider a number of other issues: 

  • Fulfillment—If the stores are selling physical products, how will these orders appear to the customer and to customer service for each store? Likely, each store would want to only see the products for which they are responsible.
  • Order management—Even Amazon does some weird things with orders for its customers. Often, orders are split up for seemingly no reason, changing order totals and making order management challenging for customers and for customer service.
  • Payment—If you, as the site owner, plan to pay stores from your own bank account, you’ll want to set up a single, site-wide payment gateway and manage disbursement payments to your store owners. If not, then you’ll require each store to have its own payment gateway credentials or some other even more complex setup.
  • Taxes—Assuming you have good solutions for all of the above, taxes will still likely make it very hard to move forward. Tax law is hard in the best of times, and depending on how you take payment, tax rules would need to be created and maintained per store. Solutions like Avalara AvaTax only work per store and can be overly expensive for small retailers.

The bottom line

Basically, you have a few contrib options if you want to manage carts for your customers. But if you want that elusive multi-vendor, single checkout, you’ll have to plan well according to your business needs. Regardless, the flexibility of Drupal’s ecommerce cart functionality is capable of creating the best ecommerce shopping carts out there, you just need to know how to do it.

May 12 2020
May 12

Enjoy a random 404 video.

Or explore more of what we do.

We offer strategy, design and development services across industries and using a wide array of tech.

Read more about each below.

  • Business
  • Branding
  • User Research
  • Content Strategy
  • SEO
  • Accessibility
  • Responsive
  • Experience
  • Styleguides
  • Performance
  • Security
  • Migrations
  • Support
  • Training


  • Finance
  • Healthcare
  • Higher Ed
  • Nonprofit
  • Tech


  • PHP
  • Drupal
  • WordPress
  • Laravel
  • Javascript
  • Node
  • Vue
  • Nuxt
  • Electron
  • DevOps
  • Docker
  • Lando


  • Magic
  • Localdev
  • Testing
  • Events
  • Webinars
May 11 2020
May 11
Aaron Deutsch (contributed by proud mom, Kristen Pol)
Image Credit: Aaron Deutsch (contributed by proud mom, Kristen Pol)

Excited! Humbled! Appreciative! Energized! Thankful! Those are just a few of the emotions our team is feeling today as I had the honor of announcing that you helped us meet our #DrupalCares emergency funding goal. Today, we launched a press release to recognize the contributions of the Drupal Community and demonstrate to the world that the Drupal is strong.

We proudly announce that #DrupalCares has raised $500,000, meeting its 60-day goal in just over 30 days. Nearly 150 businesses and organizations, along with over 2,000 individual donors and members, donated to reach the goal in record time. Drupal has demonstrated once again that the power of community and the open source model make projects like Drupal the best possible investment in uncertain times.

While the campaign had a strong start, what really put the fundraising into overdrive was the #DrupalCares match challenge, a $100,000 matching grant for individual contributions funded by Drupal creator Dries Buytaert and his wife Vanessa. Then a coalition of Drupal businesses came together to match those contributions again—bringing the potential impact up to $300,000. These contributions, together with the contributions from Drupal service providers and end-users, accelerated the campaign dramatically.

"I'm in awe of how quickly the Drupal community rallied to raise funds for the Drupal Association,” said Dries Buytaert, founder of Drupal. “With this fundraising campaign behind us, the Drupal Association can refocus on key initiatives such as the Drupal 9 launch next month.

“DrupalCon has been an important reason for Drupal's success,” said Buytaert. “Even though we'll be gathering virtually this summer, I'm very excited that DrupalCon will live on. I'd like to thank everyone who helped us reach our goals—the Drupal community is stronger than ever."

Part of the success of #DrupalCares was thanks to community-developed fundraisers encouraging Drupal users around the globe to donate. Gábor Hojtsy, Ron Northcutt, and Ofer Shaal started the Drupal 9 module challenge, donating €9 for each module that created its first Drupal 9 compatible release. The amazee.io team created and hosted Pixels for Drupal (with help from Alanna Burke, Sean Hamlin, Brandon Williams, Eli Stone, Michael Schmid) which awarded donors pixels for fun recognition. Jeff Geerling helped amplify our message on Youtube, making a donation for every like. Oliver Davies turned purchases of Test Driven Drupal in April into donations. These and other creative Community-led campaigns helped to drive  #DrupalCares awareness and giving further. 

On behalf of the Drupal Association staff and board, we hope you’ll enjoy this token of our sincere #DrupalThanks for the support and encouragement you’ve given during this #DrupalCares journey. Tackling this hurdle of emergency funding means that we can pivot to other important projects on the horizon such as the launch of Drupal 9 and the virtual version of DrupalCon. For those that wish to continue contributing, or for those that haven’t had an opportunity yet, the official campaign stays open through May 31. Every donation and membership continues to drive our diversification of funding in the right direction.

May 08 2020
May 08

In order to best resolve some packaging, dependency, and upgrade path issues that have come to our attention in the past week, we're extending the release windows for the following releases to the week of May 11:

  • 8.8.6 (final normal bugfix release of 8.8, which has security coverage afterward until December 2020)
  • 8.9.0-rc1
  • 9.0.0-rc1

The scheduled release date for 9.0.0 and 8.9.0 remains June 3. We will share another announcement with the community once 9.0.0-rc1 is available for testing.

May 08 2020
May 08

I have recorded a video tutorial highlighting some of the features of a module I created for Drupal recently. This is the Entity Reference Preview Drupal module.

When you preview the latest version of an entity (ex: a node) you only preview that entity. That means that referenced entities in that page are rendered with the published version, not the latest. This module addresses that.

When prompted, many people ask: Wait! that is not the default behavior already?

Have you ever wanted to preview a listing from a view (or a block, or a layout builder page, …) with the latest version of the embedded entities? This module allows you to do that.

[embedded content]
May 07 2020
May 07

Today's guest post by Matt Westgate, CEO of Lullabot, is the next installment in our #DrupalCares series. My thanks to Matt and the Lullabots for sharing what the Drupal Association means to them.

It’s hard to believe that a little over a month ago, we were in DrupalCon planning mode. No one expected the Drupal community’s biggest event to come to a halt any more than we anticipated our lives totally changing due to a pandemic. While we’re all dealing with this new, and hopefully very temporary, normal, it’s more important than ever to keep things moving forward personally and professionally.

When it was clear that DrupalCon would most likely not happen this year, we decided to pledge our sponsorship dollars to the Drupal Association regardless of whether or not DrupalCon ended up taking place. We’ve been part of the Drupal community since the dawn of IRC, and many of our team members actively contribute to Drupal. We understood the financial hit that would occur by not having DrupalCon and because the Drupal Association has played such an important role in our business and the community, the decision seemed like a no-brainer. Let’s face it; the Drupal Association is the hub for Drupal success.

The Drupal Association is the conduit through which everyone on my team can contribute back to Drupal. They exist so we all can participate and receive the benefits of the community and the software. Simply put, there isn’t a Drupal without them."
Matt Westgate, co-founder and CEO of Lullabot

It’s been incredibly inspiring to see so many of our fellow sponsors step forward as well. No doubt, we’re all in this together.But, there’s still more work to do. In order to continue project velocity, ensuring that we have adequate tooling, marketing Drupal, and many other activities that the Drupal Association helms, they needed to raise $500,000. Raising this amount is no easy feat, but we are almost there. We are committed to supporting this endeavor and hope you will be too.

[Editor's note: As of publication the #DrupalCares campaign is 96% to goal!]

Lullabot Contributor Stories

Olivero Theme: Mike Herchel, Senior Front-end Developer & Putra Bonaccorsi, Technical Project Manager

The idea for the new front-end of Drupal 9 (Olivero) would not have happened without the Drupal Association. We serendipitously met up with Lauri Eskoka and Angie Byron at DrupalCon Seattle (which is put on by the Drupal Association), which led to the creation of the initiative.

Furthermore, the majority of Olivero’s development has taken place on Drupal.org, which is maintained by the Drupal Association. Without this tooling, development would be disparate and communication with the Drupal community (which is vital for this project) would be ineffective. 

We were able to pitch our ideas for the redesign and development of a theme that could ship with the release of Drupal 9 by submitting our proposal to the Drupal Association's “idea issue” queue. This ideas queue section of Drupal.org let us propose ideas for Drupal core and got them through validation and planning phases, which are a big part of the success of the Olivero project.

API-First Initiative: Mateu Aguiló Bosch, Senior Developer

The API-First initiative has been very thorough with automated testing. We have created comprehensive test coverage for all sorts of actions on all of the entity types defined in Drupal core. This allowed us to add features more soundly and eventually include JSON:API in core. The whole initiative would have been negatively impacted without the testing infrastructure provided by the Drupal Association to execute the tests and provide feedback in the issue queue.

Admin UI & JavaScript Modernization Initiative: Cristina Chumillas, Front-end Developer & Sally Young, Senior Technical Architect

The Admin UI & JavaScript Modernization Initiative idea started and evolved through several DrupalCons organized by the Drupal Association, where most of the main contributors were present. Also, drupal.org has been a key tool to move forward: the kick-off ideas issue queue was key, and Claro saw a huge increase in contributions when it moved to drupal.org. Using known tools by the community and the drupal.org credit system helped increase the project’s visibility.

Something else that made a huge difference on the design side was having the Drupal Association, especially Megan Sanicki, as the Drupal Association Director at that time, backing the design team as a legitimate group of the Drupal project to get free access to Figma. This online and real-time design tool has been a key factor allowing designers to be distributed across the world and timezones.

Join us in supporting the Drupal Association

May 06 2020
May 06

Drupal 9 Is Almost Here

Drupal 9.0.0 will officially drop on June 3, 2020. The good news (which we’ve already covered in detail here, and here) is that Drupal 9 will not be a significant upgrade from Drupal 8. 

To recap, it is effectively a version bump, with two caveats:

  • Symfony 4 will replace Symfony 3 as a core dependency. This will improve Drupal’s underlying core functionality, stability, and security.
  • Some Drupal core code that has already been marked as deprecated will be removed entirely. This code still exists in Drupal 8 to support previous upgrades from Symfony 2 in the past, and all deprecated code has Drupal 9 ready alternatives which should be used instead. There are automated tests that can assure any organization if the project is using any such deprecated code, and will even offer suggestions to replace it.

However, just because you’re on Drupal 8 now, don’t assume you’ll be ready to make the leap to 9 when June rolls around.

It’s More Than Code

While the code part is relatively easy to prepare for, the long-term viability of your Drupal 8 AND 9 CMS depends on you following Drupal best practices as well. An ideal Drupal site (i.e. one that will last the next two years and /or successfully make the leap to Drupal 9) will be one that leverages core functionality as much as possible.

Here are some of the more recent additions to Drupal core that all Drupal 8 sites should consider using in order to be ready for Drupal 9.

1) Paragraphs vs Panels vs Layout Builder

The ability for editors to layout content has been a long road. Panels was king, but Layout Builder has since replaced Panels. Layout Builder also has the added benefit of being part of Core, so it will work more closely with other core functionality.

The Paragraphs module is still very useful for content layout. However, the days of abusing Paragraphs for controlling layout are over. Start using it for what it was originally intended for, managing complex, tightly-bound bundles of content bits, but certainly not for actual page layout. There should be no more content-specific paragraphs within layout-specific paragraphs. 

This is an area where Layout Builder can help with content placement, while still using Paragraphs for content components.

2) Media Management

The Media module is now part of core, and most asset management in Drupal will begin there. Managing images, documents, and other digital assets as content types or custom entities should no longer be the pattern. Community support of core Media is ever-growing, and this is where the community’s focus will remain in the future.

3) Workflow: Workbench Moderation vs. Content Moderation

Editorial workflow is extremely important for many sites. Drupal 8 didn’t offer anything for this at first, and the community rallied around the ubiquity of Workbench Moderation. With the addition of Content Moderation in core, which is a very close facsimile of Workbench Moderation, this is where future attention will lie.

The Lightning install profile includes some tools to help transition from Workbench Moderation to to Content Moderation, so organizations don’t have to struggle alone in silence.

4) Modern Front-End Patterns

This is not strictly a Drupal 9 readiness point, but following good component-based design patterns is essential to maintaining a modern web platform. Using baseline tools such as Pattern Lab or Storybook is a great place to start to manage the components of a website. Drupal themes play nicely with these design implementation systems, often ingesting the same templates directly.

This sets up any Drupal site nicely for using component-based layout with Layout Builder and even Paragraphs-based content components.


Ensuring any Drupal project is not using deprecated code is the first step in Drupal 9 readiness. Even more important is ensuring that it is taking advantage of the latest core functionality and features, as these will be where the focus of the Drupal Contrib Community will be. Taking advantage of Core as much as possible will help with cases where once-common contrib modules are eventually abandoned over time.


Tobby is a software development professional with over two decades of experience architecting and implementing content management systems, APIs, and other enterprise frameworks. Tobby provides technical oversight across many of Phase2’s projects, ensuring best practices and efficient workflows are followed, and shares his years of experience to help clients find the complete solution to their problems.

Apr 28 2020
Apr 28

Enjoy a random 404 video.

Or explore more of what we do.

We offer strategy, design and development services across industries and using a wide array of tech.

Read more about each below.

  • Business
  • Branding
  • User Research
  • Content Strategy
  • SEO
  • Accessibility
  • Responsive
  • Experience
  • Styleguides
  • Performance
  • Security
  • Migrations
  • Support
  • Training


  • Finance
  • Healthcare
  • Higher Ed
  • Nonprofit
  • Tech


  • PHP
  • Drupal
  • WordPress
  • Laravel
  • Javascript
  • Node
  • Vue
  • Nuxt
  • Electron
  • DevOps
  • Docker
  • Lando


  • Magic
  • Localdev
  • Testing
  • Events
  • Webinars
Apr 23 2020
Apr 23

Carrie Lacina, the Drupal Association’s Director of Fund Development, provides an update on fundraising efforts and program enhancements.

Hello! I’m Carrie Lacina, I’ve been at the Drupal Association for over 5 years in various Fund Development roles. I worked in the digital media and advertising space for 12 years before making the jump to the nonprofit open source world. At the Drupal Association, I enjoy engaging with a global community of organizations using or connecting with Drupal, partnering to solve their business needs while supporting the financial sustainability of the Drupal Association. 

You may have read recent #DrupalCares updates from my teammates including Frequently asked questions, answered by Angie Sabin and Sustaining the DA through the COVID-19 crisis by Tim Lehnen. Today I’d like to build on their updates by providing information on new or enhanced fundraising program elements along with a general update on our progress. 

But first, I’d like to say THANK YOU! I am overwhelmed by the outpouring of activity from individuals and organizations offering financial support for the Drupal Association.  You have proven what I’ve known all along: Drupal is strong and together we thrive.

Why support the Drupal Association? 

You probably know that Drupal will be fine and that open source projects, including Drupal, survive and even thrive during economic downturns. But the Drupal Association may not. Why does that matter? I appreciate how Matt Westgate framed it in the latest Lullabot Podcast:

Drupal the software will survive, that's the ‘engine.’ We will always have that and will continue to work on it. The Drupal Association is the ‘car,’ the vehicle to which we put the engine in, to make things move, with doors that open to include and invite other people into the project."

-Matt Westgate, CEO, Lullabot

From an organizational perspective, open source contribution is essential to any business that relies on the project. The Drupal Association provides the tools to drive that success, but we need financial support to execute on our mission. By participating in Drupal Association programs, you directly support the Drupal Project, serve the global community and support its velocity and growth. Your support allows us to:

  • Maintain Drupal.org and expand how individuals and organizations can contribute and achieve recognition
  • Keep Drupal secure with advisories, documentation and releases
  • Drive initiatives for diversity, equity, and inclusion
  • Help the community follow the same path by bringing people together in person and online to collaborate and celebrate their Drupal successes

#DrupalCares Fundraising Update 

We launched the #DrupalCares campaign in early April. It’s incredible how quickly the community rallied to make a huge impact on our financial outlook:

  • 26 DrupalCon Minneapolis sponsors have pledged to keep their marketing dollars intact with the Drupal Association in 2020
  • 28 organizations have joined or upgraded their Drupal Association Supporting Partner program
  • More than 800 members have joined or upgraded their individual memberships
  • We’ve raised $228,000 in donations and matching challenges from Dries and Vanessa Buyteart and the Drupal business community, with a full week left to go.

We’ve made so much progress, and we're only $24,000 away from reaching our #DrupalCares Match Challenge!  Please consider donating today to help us reach our goal.  Any individual donations, increased memberships, or new memberships through the end of April will receive a 3:1 matching contribution to the #DrupalCares program, up to $100,000, for a total match potential of $300,000.

Drupal Association Program Updates and Enhancements

In addition to the $500,000 gap we are facing from the loss of DrupalCon Minneapolis net revenue, we anticipate a drop in our non-conference related revenue during an economic downturn. The Drupal Association has been working diligently to diversify funding while weaving in program changes and enhancements that continue to provide value and make it easier for organizations and individuals to invest in our mission.

Individual Memberships

Thank you to the new and renewing Drupal Association individual members!  We’ve had an outpouring of support through this program and have heard your suggestions for how we can improve our membership options.  Our team recently rolled out improvements to make it easier than ever to support Drupal as an Individual Member.  In the last few weeks we have:

  • Implemented monthly recurring payment option for memberships, since it’s often easier to give smaller monthly amounts rather than a lump annual sum
  • Enabled early renewals for recurring members who want to make an impact sooner
  • Added new tiers for individuals who have the capacity and desire to give more
  • Provided marketplace credit to organizations for each member of staff who has a membership

Please stay tuned for even more feature improvements, like:

  • Creating a mechanism to allow organizations to purchase memberships on behalf of their staff
  • Updating payment tools to support more currency types
  • Offering lower tiers for regions of the world that can’t easily support the current levels of member pricing

Supporting Partner Program

The Drupal Association Supporting Partner program offers organizations a way to financially support our mission which includes Drupal.org. Thank you to our supporting partners, technology supporters, and hosting supporters - your continued support and generosity is crucial to the Drupal ecosystem.

Often seen as an infrastructure investment for organizations that make significant cost-savings by using a CMS with no licensing fees, the Supporting Partner Program has evolved over the years to offer even more benefits. From thought leadership, accreditation, networking opportunities, talent support and industry visibility - there’s something to meet every organization’s needs.

In an effort to grow participation from all types of organizations, we’ve launched two new Supporting Partner tiers. The “Community” Supporting Partnership is geared towards small businesses with fewer than 5 employees, while the “Enterprise” tier was designed with a focus on large organizations and their unique business needs. We’ve also added new benefits including complimentary Individual Memberships for staff and additional marketing opportunities on Drupal.org. You can learn more about the new tiers and benefits here.

Drupal.org Advertising & Sponsorships

We’ve heard your input about diversifying revenue away from DrupalCon even further.  We are exploring additional advertising and sponsorships opportunities on Drupal.org over the next few weeks, please stay tuned for updates on our advertising programs soon.

DrupalCon North America shifts for 2020

You may have seen the recent news that DrupalCon Minneapolis was officially canceled due to COVID-19.  Visit https://events.drupal.org/global2020/ to learn more about the cancellation and the launch of our first virtual DrupalCon Global event.  

Thank you to the DrupalCon Minneapolis sponsors that have pledged to keep their dollars intact, regardless of the outcome of the event.  Now that we have officially gone virtual, we are working on translating DrupalCon Minneapolis sponsorship benefits to DrupalCon Global 2020. We are weaving sponsor plans into our platform selection and program updates, which will be finalized at the end of the month. Stay tuned for updates in May!

Community Driven Fundraising Efforts

In closing, we’d like to thank and celebrate a few of the unique individual fundraisers happening throughout the community.

Gábor Hojtsy opened the individual community fundraising efforts with an offer to donate €9 for each module the community update to be compatible with the upcoming Drupal 9 release. The offer has been so successful that, after only a few days, the €900 Gábor put into the fund was running out and the fund was boosted to €2250 by donations from Ron Northcutt and Ofer Shaal.

Jeff Geerling was clearly inspired to create a video telling the world how important the Drupal project has been to his life, how helping the Drupal Association helps Drupal and making a generous offer to donate $1 for every person who watches and likes his video, up to $1000. Of course, now that donation will be tripled. 

Kevin Kaland (that’s Kevin with the amazing wizard’s hat we all see at Drupal events) is the maintainer of the FillPDF module project and has a patreon page to sustain work on the module. He has pledged that, if you join his patreon page, he will donate double your subscription to the Drupal Association.DrupalCares Remix

Finally, the community have helped in many other creative ways and these initiatives are still coming in. We were delighted to see that Kirsten Pol’s son (who has his own d.o account, of course) made a special #DrupalCares mascot that we absolutely love!

And as a reminder, here are the ways you can help too!

  • DrupalCon Sponsors…
    … can commit to pledging your full sponsorship to the Association, regardless of what shape DrupalCon takes this year. This will prevent the gap from getting wider.
  • Drupal Businesses…
    … Can join the supporting partner program, or increase your partner level. Organizations can also make tax deductible donations above and beyond their partnership tier.
  • Individuals…
    … Can join or renew the Drupal Association membership program, or make tax deductible individual donations.
  • Everyone…
    … can help us get the word out! The Drupal Association has deep, deep roots within the community, and tight relationships with those of you who build your livelihoods on Drupal. Unfortunately, there are 10 times as many end-users of Drupal out there who may not even know that the Association exists. Would you leverage your networks to help us reach them?
Apr 23 2020
Apr 23

Enjoy a random 404 video.

Or explore more of what we do.

We offer strategy, design and development services across industries and using a wide array of tech.

Read more about each below.

  • Business
  • Branding
  • User Research
  • Content Strategy
  • SEO
  • Accessibility
  • Responsive
  • Experience
  • Styleguides
  • Performance
  • Security
  • Migrations
  • Support
  • Training


  • Finance
  • Healthcare
  • Higher Ed
  • Nonprofit
  • Tech


  • PHP
  • Drupal
  • WordPress
  • Laravel
  • Javascript
  • Node
  • Vue
  • Nuxt
  • Electron
  • DevOps
  • Docker
  • Lando


  • Magic
  • Localdev
  • Testing
  • Events
  • Webinars
Apr 21 2020
Apr 21

It is incredible to think how far the #DrupalCares campaign has come in such a short time. Last week, Dries and Vanessa Buytaert announced they would match individual donations alongside new and increased individual memberships up to $100k, and you truly answered the call.  The vigor and compassion of the community response is inspiring - and you inspired yet another amazing element of the #DrupalCares fundraising campaign!

When they saw the #DrupalCares matching gift challenge, a group of dedicated business leaders in the Drupal ecosystem came together and said, "We can make this even better."  Acting quickly and without prompting, these business leaders saw the impact the Drupal community was making, and in the truest sense of the open source spirit, decided to multiply that impact even further.

Today we announce that individual #DrupalCares contributions are now being matched for another $100,000 by these generous organizations who believe in the power of Drupal. Both matching gifts apply to all individual contributions, donations or memberships from the start of the campaign.

  • First, every $1 the community contributed created the core foundation that would ensure the Association's success.
  • Then, that $1 became $2 when Dries and Vanessa announced their generous matching gift challenge, and your impact was doubled.
  • As of today, that $1 has become $3, as these organizations who believe in the power of Drupal and Open Source have taken your contributions to a new height.

 Will you join the campaign, and triple your impact to secure the Drupal Association's future?

Give to #DrupalCares

Thank you to these organizations, who have funded this match

This incredible coalition of matching gift organizations and their generous donation further proves the power of the Drupal Project and the Drupal Community.



Acro Media Inc






Drupal Contractors


Digital Echidna

Elevated Third

Evolving Web


Forum One

Four Kitchens



Kanopi Studios

Last Call Media


Oomph, Inc





Tag 1 Consulting



Thank you to these #DrupalCares Champions

Several Drupal Community leaders in particular are responsible for bringing together this incredible expansion of the #DrupalCares campaign.  I would like to send my heartfelt thanks and sincere gratitude to: Anne Stefanyk of Kanopi, Baddy Breidert of 1xInternet, Chris Murray of Oomph, Inc, Jeff Walpole of Phase2, Michel van Velde of One Shoe, and Tiffany Farriss and George DeMet of Palantir.

Special thanks and extra #DrupalHugs

While there are so many people in the Drupal community deserving of our gratitude and praise right now - I want to give special recognition to Matt Westgate of Lullabot. Matt is the person who first reached out on Twitter to pledge Lullabot's sponsorship, regardless of what might be happening in the face of COVID-19, and the person who has quietly encouraged others in the Drupal ecosystem to step forward in this time of need.

With that pledge, Matt kicked the first pebble that created the momentum behind additional sponsor pledges, member renewals, and donations. In short, Matt and the Lullabot team made us believe that launching the #DrupalCares campaign really could work.

Thank you, Matt.

Apr 21 2020
Apr 21

There are certain things project managers must keep in consideration when working with a team of developers that will greatly facilitate the work of both stakeholder groups. 

Project managers and developers - these are two totally different stakeholder groups, which nevertheless have to work together and find common ground in order to deliver a project in a way that meets both the objectives of the business and other stakeholders.

I spoke with Ivana, our super capable project manager, who was happy to talk about her efficient process of juggling multiple development teams and client-side stakeholders, and offer some tips and tricks on successfully tackling it all. 

Read on if you’d like to step up your project management game and impress upper management with streamlined operations. 

1. To you, what’s the most important thing when working with a team of developers?

Number one would be providing them with an optimal working environment, where they feel safe and a part of the team. In order to do that, you basically need to be a mindreader; you need to have empathy and be able to connect people to achieve certain goals. 

Because of this, a project manager needs to be honest, direct and a good listener. Diplomacy is key: you need to be a team player who knows how to motivate your team and is calm under pressure. 

Diplomacy is key: you need to be a team player who knows how to motivate your team and is calm under pressure. 

2. What is the thing you’d least want to happen when working with a team of developers?

Being without internet or electricity for a longer period of time - everything else is somehow bearable. As a project manager, you’re in the middle of the stakeholders, project owners and CEOs on the one hand, and the development team on the other hand. 

It’s important to keep the balance between them. You’re in the middle of it all, occupied from all sides, but you need to be able to safeguard your team and provide an environment in which they can be most productive and produce the maximum output. 

3. Can you describe your typical daily tasks and activities?

I’m more of an early bird, so I start in the morning by checking my to-do list and prioritizing my tasks for the day. After that we usually have stand-ups and other meetings, after which I go through and complete my daily tasks.

At the end of the day, I usually talk with developers and do a quick personal retrospective and prepare for the next day. I try to find out what went wrong and where I performed well that day, so I can optimize for the following day. 

4. How do you facilitate communication amongst team members and with external stakeholders?

We have planned standup meetings and other meetings that follow the agile methodology in project management. There are predetermined maximum durations for different types of meetings, e.g. 10 minutes for a daily, up to 4 hours for a retrospective, and up to 8 for a sprint planning. 

All communication must go through a single channel, and all team members must have access to that channel. For example, we use Slack and create channels for specific projects, so that all team members are kept up to date and able to follow. 

Also very important is the documentation - in addition to a good team, a project’s success depends hugely on how well prepared the documentation is. The documentation is the core of everything; it happens more often that a project underperforms due to poor communication rather than due to a lack of skill.

5. How do you resolve a conflict within the team or across different teams working on the project?

Well, I do my best to prevent conflict, to act as a mediator and take preventative measures rather than a curative approach. It’s important that the team feels as one, that all team members are involved in the communication. So, as a project manager, it’s also vital that you aim to reduce distractions as much as possible. 

One of the worst things is when a stakeholder bypasses project hierarchy and gives developers additional work without consulting you first. This disrupts their workflow and causes them to skip certain tasks. Additionally, as soon as you skip someone, the entire system of keeping everyone up to date breaks down. 

On the other hand, a small, healthy conflict is actually a welcome thing, it can be an indication of a well-organized and functioning team. There’s enough psychological safety within the team for members to exchange opinions without worrying about how they will be accepted. 

If everyone is always too friendly and supportive, someone may not even argue with a certain point and instead just agree on the basis of friendship rather than the value of that point. So, if a conflict is done in a healthy way, it can even be beneficial to the team and its work. 

6. What do you do if something goes wrong with the project? How do you mitigate this (especially if the mistake wasn’t spotted immediately, but further down the line)?

I have a story here. During flight training, pilots are told to always sit on their hands when the plane starts to descend, so that they don’t panic and start frantically pressing buttons. 

I’m a big proponent of that when something goes wrong, it’s better to take a few minutes to think it through and then react - still, the reaction then needs to be quick, so that you don’t fall (in the pilot example). 

It’s better to take a second to take a few deep breaths and then react, rather than reacting quickly and then reacting quickly to your quick reaction. It’s similar with a project manager - think first, then react, while keeping in mind that the moment for consideration shouldn’t last a whole week or something.

If you spot a mistake quickly, you can typically solve it faster. If you need to do a complete refactoring, the general message to all stakeholders is “Honesty is always the best policy to practice”, especially for bigger things or during the end of projects. 

It’s key that they are aware of it and that you provide them with data as to why something went wrong, and of course give them new timeframes. The sooner you do it, the better it is. Fail fast and optimize. 

It’s better to take a second to take a few deep breaths and then react, rather than reacting quickly and then reacting quickly to your quick reaction.

7. How frequently do you check up on team members working on specific tasks or parts of the project? How do you guarantee timely delivery?

We usually work within agile frameworks, where we plan sprints with estimates, which are mostly either in time or in story points. These estimates are essential to planning sprints and achieving sprint goals. 

There typically isn’t really any daily checking in the strict sense of the word. You just check if everything is within the planned scope; if it is, you try not to interfere, but if things start to drag, then you try to talk to the team and find out if someone has specific problems with something. 

The catch is, the longer a team works on a certain project, the more accurate the developers’ estimates become. It’s vital that you find the bottleneck in the framework of project management, then follow the flow of retrospective, adapt and apply. 

As for guaranteeing timely delivery, I try to minimize the context switching, so, not constantly giving developers new tasks, but instead allowing them to finish their main ones before unloading new work on them. 

I personally have to do a lot of holding back to not go to them whenever I need something urgent. It would just reduce focus and quality, while putting additional pressure on the developers. 

8. How do you keep stakeholders aligned?

Here I have another real-life example. At a previous job we had a stakeholder who always wanted to be involved and change stuff. So we had to distract him by constantly giving him new versions of the application to test, which allowed him to feel as a part of the team, and he stopped getting involved in everything.

It’s also very important that everyone understands the relations within the team, that a stakeholder has to go through you to reach a developer, and vice-versa, of course.

This is why tools that allow stakeholders to participate (e.g. design systems) are gaining in popularity. But you need to take care that they don’t get too involved and micromanage everything - that’s why they hired you, after all.

It’s crucial that stakeholders are familiar with your project management framework; that they know the difference between waterfall and agile, and which one you use. Then they understand the process better and can follow more easily, they feel more a part of the team and its work. In the end, it is their project.

9. What (project management) tools would you recommend to project managers in this position?

At first glance, they all serve pretty much the same purpose. It’s only when you use a tool for a longer time that you start noticing things that are bothering you or that are difficult to do with that particular tool - I think you can find both of these in pretty much all the better-known tools.

At Agiledrop, we have a really well structured process for onboarding new developers, and we rely largely on Teamwork. We basically follow the same high-level of practice both in the management of external projects as well as in recruiting new employees and integrating them into our workflow and culture.

Our clients typically use JIRA, Asana or Trello, and we adapt to whichever system they’re most comfortable working with. Personally, I like JIRA best, as it also has Confluence and Git integration.

10. How does the project management of developers differ when you have an in-house team as opposed to a remote team? Is there anything specific that you need to be mindful of with a remote team? 

The thing I’d like to highlight here is that an advantage with an in-house team are the coffee maker chats, where you have those casual conversations about a project while you’re waiting for your coffee. However, it often happens that these discussions don’t get documented and thus ideas never get realized. 

With remote work, it’s really extremely important that you have good documentation of everything, and then to also have a single communication channel and to keep all team members informed. 

And when you have good documentation due to the remote nature of the work, it’s much easier to bring new people into the project, because everything is documented somewhere - it has to be, because of the very nature of the project. 

So, to me, there’s no big difference between in-house and remote project management, except for missing out on coffee maker talks. But, as I said, they often go undocumented and forgotten anyway. The documentation itself is then an advantage that remote work has over in-house work; since good documentation is necessary, we’re forced to be more proficient. 

Agiledrop's Project Manager Ivana with developers

Ivana and three developers at an AgileSport - being able to relax together is also a sign of a good team

Apr 17 2020
Apr 17

Those of us who have experience traveling the long dark roads of migration projects between Drupal’s previous major version releases may, understandably, be feeling some trepidation at the impending release of Drupal 9 (potentially as soon as June 3, 2020). 

The journey from Drupal 7 to Drupal 8 in particular was a major challenge for many developers, with massive API changes, a completely new theme layer, and a fundamental OOP architecture. 

The investment in these massive changes, however, is paying big dividends as we approach D9. This journey is going to be a lot easier in comparison. In fact, for many of us, the journey is nearly over before it begins.

D9 is D8 (mostly)

Here is the big takeaway: if you are on Drupal 8.8+, you are already fully API compatible with Drupal 9. Drupal 8’s OOP structure and its core Symfony foundation have made it possible for the Drupal API to be more stable and continuous between major versions. In fact, the major differences between Drupal 8 and Drupal 9 are the removal of deprecated code and the update of core dependencies so that they remain on supported versions.

If D9 is D8 (mostly), then why should I go through the trouble?

Drupal depends on third party libraries and frameworks, and those libraries and frameworks must be updated over time to maintain support and security updates.  Sometimes, it’s impossible to maintain backward compatibility with older versions of these dependencies. Drupal 8 adopted semantic versioning, which made it possible to introduce major new features and backward compatible third-party dependency updates in minor releases, while also making it easier to adopt backward compatibility breaking changes in a clear and predictable way.

Drupal 8’s central core dependency, Symfony 3.4, will stop receiving bug fixes in November 2020, and stop receiving security updates in November 2021. Drupal 9 will depend on Symfony 4.4, which is not fully backward compatible with Symfony 3.4. 

Your site needs to remain secure, so you need to adopt Drupal 9.  The good news is that even though Drupal 9 is planned for release June 3, 2020, Drupal 8.9x will remain supported until November 2021. This time around, we have a much lower level of effort to transition, and a long window of time to make it happen.

Dealing with deprecated code

In most cases, removing instances of deprecated code from your custom code is a simple process. Matt Glaman’s drupal-check tool can scan your code and return a report of any deprecated code in use. Many changes will be as simple as changing a call to: file_unmanaged_copy() to \Drupal::service(‘file_system’)->copy(). Some changes may require a little more work, but that work is being done within the same Drupal 8 API you’ve grown accustomed to.

For contributed code, identify the modules you rely on that use deprecated code, and use this as a great opportunity to contribute back to the community by testing and submitting patches.

The bottom line, however, is that you must deal with your deprecated code. It will not work in D9.

Dealing with core dependency updates

Here are some of the most important core dependency changes that may impact you.

  • Symfony 3 to Symfony 4.4: If you are making direct use of any Symfony code, you may need to update that code to its Symfony 4.4 equivalent

  • Twig 1 to Twig 2: There are a few changes and deprecations in Twig 2 that may require code updates in your templates. See Preparing for use of Twig 2 in Drupal 9

  • jQuery UI: Most of the world has moved on from jQuery UI, and in Drupal 9, so follows Drupal. Most jQuery UI components are being removed from core, with a few exceptions. If your project requires jQuery UI components, you will need to bring them in as contributed code

There are of course other core dependency changes. See Drupal.org’s Drupal 9 documentation for more information.

Are contributed modules ready for Drupal 9?

The state of contributed modules is much better compared with the transition from Drupal 7 to Drupal 8.  

Most Drupal 8 compatible modules are either fully code compatible with Drupal 9, or require a few deprecated code updates (and a very minor yml file change). The burden on module maintainers is much lighter, and the low level of effort presents an excellent opportunity for the Drupal community to contribute back deprecation changes and test patches.

The transition to Drupal 8 was a tough one, but the architecture and strategy changes that the core development team adopted are paying off in a big way as we look toward Drupal 9 and beyond. The stable, gradual, and predictable advancement of the API creates an environment that promotes best practices, and provides teams with a more predictable landscape with less risk.

Apr 15 2020
Apr 15

Our normally scheduled call to chat about all things Drupal and nonprofits will happen TOMORROW, Thursday, April 16, at 1pm ET / 10am PT. (Convert to your local time zone.)

No set agenda this month -- we can discuss whatever Drupal related thoughts are on your mind. If you would like to contribute to the conversation, please join us. 

All nonprofit Drupal devs and users, regardless of experience level, are always welcome on this call.

Feel free to share your thoughts and discussion points ahead of time in our collaborative Google doc: https://nten.org/drupal/notes

This free call is sponsored by NTEN.org but open to everyone.

REMINDER: New call-in information -- we're on Zoom now!

  • Join the call: zoom.us/j/7423234165
    • Meeting ID: 742 323 4165
    • One tap mobile
      • +16699006833,,7423234165# US (San Jose)
      • +13462487799,,7423234165# US (New York)
    • Dial by your location
      • +1 669 900 6833 US (San Jose)
      • +1 929 205 6099 US (New York)
  • Follow along on Google Docs: https://nten.org/drupal/notes
  • Follow along on Twitter: #npdrupal

View notes of previous months' calls.

Apr 14 2020
Apr 14

Read our roadmap to understand how this work falls into priorities set by the Drupal Association with direction and collaboration from the Board and community. You can also review the Drupal project roadmap.

...what a changed world we live in compared to just a month ago. There are so many people across the world who make Drupal what it is, and Drupal.org is where we all come together.

Tim Lehnen (hestenet) | CTO - Drupal Association

Project News

Drupal 9 release window confirmed

The Drupal Core release managers and the Drupal Association team successfully released Drupal 9.0.0-beta in March, which means that we are on track for the June release window of Drupal 9. The target release date for Drupal 9 is June 3, 2020. 

There are several things you can do to help: 

  • Test the latest Drupal 9 beta. At the time of writing, Drupal 9.0.0-beta2 is the latest available version.
  • Test the Drupal 8.9.0-beta. This will be the last minor release of Drupal 8, to come out simultaneously with Drupal 9. 
  • If your organization would like to formally join the beta test program, you are welcome to do that as well. 

It's also time to get your own sites, contributed modules, and custom modules ready for Drupal 9. The community has built a variety of tools to help: 

#DrupalCares Fundraising Campaign

#DrupalCaresAt the end of March we also kicked off the #DrupalCares fundraising campaign. This campaign is specifically targeted at closing the budget gap caused by the impact of COVID-19. 

Drupal is used across the globe - but did you know Drupal is also in use by organizations on the front-line of the COVID-19 fight? The National Institutes of Health, the CDC National Prevention Information Network, Oxfam, Unicef and many others are using Drupal to spread key messages about safety and prevention. The Drupal Association supports these organizations with the infrastructure that hosts new releases and security updates. 

As of today, project founder Dries and Vanessa Buytaert have also announced a #DrupalCares matching campaign. They will match all individual donations, membership upgrades, and membership renewals through the end of April - up to $100,000. We appreciate their leadership and support. 

Drupal.org Updates

Semantic Versioning Available for All Projects

Semantic versioning is now available for all contributed projects on Drupal.org. All versions of Drupal greater than Drupal 8.8.3 are compatible with semantic versioning, and the old version format will continue to be supported until Drupal 10. 

Example of Semver

Using semantic versioning allows contributed project maintainers to follow the same pattern that has been so successful for the core release cycle--enabling core to release significant features every six months. The semver version pattern is: MAJOR.MINOR.PATCH. To summarize how this is used in the Drupal project: PATCH versions should include bug fixes and security releases; MINOR versions can include new features, but should remain backwareds compatible; MAJOR versions can break backwards compatibility and remove deprecated code.

Project maintainers who want to continue to support versions of Drupal at or below 8.8.3 should continue using the old version schema.

Major overhaul to Packaging Pipeline

Drupal PackagingAs we mentioned in last month's update, we've significantly overhauled how Drupal.org's packaging pipeline works, to provide better support for scaffolding Composer installations, to improve introspection, and to make it easier to enhance and maintain as Drupal continues to evolve as a software platform. 

There were several components to this packaging update: 

  • The Packaging Process is now a multi-step Jenkins pipeline, making it easier to observe packaging progress at each phase. 
  • The Packaging Process uses composer create project to ensure that the generated .zip and .tar.gz archives are ready to use Composer. 
  • The subtree splitter step of the packaging process uses a local path repository, so the packaging infrastructure does not depend on GitHub/Packagist
  • Many steps of the pipeline have had performance improvements and reductions in redundant work, to speed up the release process as much as possible. 
  • The use of local path repositories will also help reduce the risk of early embargo break for any security releases. 

Coming soon: Community event listings on Drupal.org

Groups.Drupal.org is well past its prime, but there's still a tremendous need for the community to organize around local events. Especially in light of shelter-in-place orders during COVID-19, we want to support the community in making their virtual events accessible to all.

In collaboration with the Event Organizers Working Group - we've been building a new event listings feature for drupal.org that will allow users to submit their DrupalCamps and other events, include a feed that can be aggregated by tools like Drupical.com, and provide a baseline for future features that will allow us to sunset Groups.Drupal.org

Drupal Association Updates

Contribution Recognition Committee

We know that the community at large is very interested in the future of Drupal.org's Contribution Credit system. The Contribution Recognition Committee has been holding regular meetings since its formation at DrupalCon Amsterdam in 2019, and has been making good progress gathering community input and creating early models for the next generation of the credit system.

The next phase of the committee's work is interviews with key stakeholders in the community, before assembling a list of final recommendations. Please understand:The CRC is on a brief pause as many committee members have found their time constrained for extra child care and other concerns during shelter-in-place orders for COVID-19, but we hope to resume progress as soon as possible. 

You can reach out to the committee here


As always, we’d like to say thanks to all the volunteers who work with us, and to the Drupal Association Supporters, who make it possible for us to work on these projects. In particular, we want to thank: 

If you would like to support our work as an individual or an organization, consider becoming a member of the Drupal Association.

Follow us on Twitter for regular updates: @drupal_org, @drupal_infra

Apr 10 2020
Apr 10

With the release of Drupal 9 drawing nearer and nearer, there’s been a plethora of Drupal 9 readiness posts recently. With this in mind, you can expect to see several of these make it to our recap of the top Drupal blog posts from March - read on to find out which!

Sustaining the Drupal Association in uncertain times

First up, we have a post by Dries Buytaert calling on Drupal community members to help support and sustain the Drupal Association, which has taken a heavy blow with the current unprecedented situation.

The main issue here, as Dries points out, is the need to postpone/cancel DrupalCon, the biggest Drupal event and the main source of funding for the Association. Some companies, such as FFW, Palantir and Amazee, have decided to not withdraw their sponsorships or request ticket refunds even if DrupalCon doesn’t take place.

Dries proposes two ways for helping out the Drupal Association, in addition to the one already mentioned: making a donation directly to the Association, or supporting it by becoming a member (or upgrading your membership if you already are one).

Read more

Drupal 9 beta release and module compatibility status

This next post is the first Drupal 9 related one that made it on the list. In it, Primož Hmeljak of MD Systems gives an update on the status of Drupal 9 beta and module compatibility. At the time of the post’s publication, a majority of the most widely used modules as well as those that MD Systems help maintain were Drupal 9 compatible.

Since the beta was released just one day after the post, though, and a stable 9 release is fast approaching, even more modules are ready now. If you’d like, you can start testing the beta now; in any case, if your site doesn’t rely on a lot of dependencies, you’ll be able to upgrade to Drupal 9 quite soon after its release in June. 

Read more

Update on the Status of Drupal’s New Olivero Theme

In the third post we wanted to mention this month, Lullabot’s Mike Herchel takes a look at Drupal’s upcoming new front-end theme Olivero. He starts off with some insight into the design process and the proof of concept, then continues with some challenges that had to be addressed and the work done during DrupalCamp Florida.

Mike’s post even includes a short video of the theme in action - and, we must say, it looks absolutely fantastic, smooth, modern, and accessible. Mike also doesn’t forget to credit the contributions from Drupal’s new admin theme Claro and the former default theme Umami. He finishes with some information on when Olivero will be finished and released.

Read more

Is Open Source recession-proof?

Next up, we have another post by Dries which dives into the question of open source’s sustainability in times of recession. He points out that, while the future is unknown, open-source communities have survived many recessions. In fact, a lot of companies have thrived during the Great Recession of 2008 exactly because of open-source software. 

Today, open-source communities are even stronger, with even more companies and individuals working together towards a common goal to produce innovative and secure software, which is on par with proprietary solutions despite being free. We can definitely agree with Dries’s optimism - if anything, the current crisis will only help grow open source.

Read more

A whole new version of the open source "State of Drupal 9" slideshow, present it yourself!

Time for another Drupal 9 post, this one by Gábor Hojtsy. Back in 2019, he created a “State of Drupal 9” slideshow that he made broadly available for anyone to be able to copy and present.

Now, Gábor has posted an updated version of the slideshow which is more practically oriented. He has also already presented using this version, at his remote DrupalCamp London talk (the recording of which you can also find in the post, by the way).

As with the previous version, he encourages others to use it for their own presentations, and even includes a lot of speaker notes to facilitate this. 

Read more

Argument for the Open Source Approach

We continue with another post that’s less Drupal-specific and more about open source in general. Its author, Mobomo’s CEO Brian Lacey, points out that, while most people view its being free as the main benefit of open-source software, there are actually several other compelling benefits of going with open source over proprietary software.

These are: development freedom; interoperability with other systems; faster time to market; and business flexibility. Of course, there are also certain costs associated with open source, as supporting it is the only way to sustain it. However (we agree with Brian here), the benefits definitely outweigh the costs.

Read more

Automated testing in Drupal 8/9

The next post, written by Danny Sipos, is actually an excerpt from his book Drupal 8 module development - second edition. It highlights the importance of doing automated testing in addition to manual testing, and then focuses on the different testing methodologies available in Drupal 8.

Compared to previous versions, Drupal 8 has greatly improved automated testing thanks to PHPUnit. The framework is used for a variety of different tests, namely: unit testing & kernel testing; functional testing; and functional JavaScript testing. In addition to the ones based on PHPUnit, there’s also the former Simpletest, but this is planned to be removed in version 9. 

Read more

Preparing your site for Drupal 9

We finish with a third Drupal 9 post, written by Kim Pepper of PreviousNext. It starts by listing the changes between 8 and 9, then details the steps needed to prepare your website for the upgrade.The main changes are third-party dependencies (i.e. Symfony, Twig and Drush), the removal of deprecated code and platform requirement updates. 

To get your website ready, you need to make sure that all contributed modules are updated to their latest version, as well as prepare any custom modules by replacing deprecated APIs and specify their core version requirements. If you keep everything up to date, you’ll be able to upgrade to Drupal 9 as soon as it’s released without major effort. 

Read more

Solar panels on a field under clear sky

We hope you enjoyed revisiting some of the top Drupal-related blog posts published last month. Make sure to check the rest of our blog for more content on open source and digital experiences. 

Apr 10 2020
Apr 10

Drupal 9 is scheduled to be released on June 03, 2020. This is when the final Drupal 8 minor release 8.9 will also be released. Considering the history of previous Drupal major upgrades, Drupal 9 will relatively be smooth. Thanks to the semantic versioning introduced in Drupal 8. The upgrade to Drupal 9 will just be another minor upgrade with deprecated code removed. Drupal 8 has brought a lot of standardization in the Drupal world, thus allowing Drupal as a project to grow incrementally. 

To put it in simple terms, Drupal 9 contains the same code as of 8.9 + deprecated code removed. Here’s a reference image from the Drupal 9 documentation.

Drupal 9

That is if you reduce Drupal 9 from the last Drupal 8 version (8.8.x) the rest is just the deprecated code and dependency upgrades. 

However, upgrading all the underlying dependencies and removing all deprecated API is a challenging task. Contributors around the world are working hard to get this done especially when the world is facing an epidemic. This is a challenging time for the entire world, yet Drupal contributors have shown their love towards Drupal and are helping it advance to the next release.

This article highlights some of the system requirements, the new dependencies and some of the most commonly used APIs which are going to be removed in 9.0.0.

Let us expedite Drupal’s journey to its 9th version!

| Third-party dependency updates

  • Upgraded Symfony from 3 to 4.4

  • Upgraded Twig from 1 to 2

  • Upgraded CKEditor from 4 and 5

  • Upgraded PHPUnit from 6 to 7

  • Upgraded Guzzle from 6.3 to 6.5.2

  • Popper.js updated to version 2.0.6

| System requirement updates

  • Apache, at least version 2.4.7
  • PHP - at least 7.3. (PHP 7.4 also supported)
  • Database: MySQL (5.7.8), MariaDB (10.2.7), SQLite (3.26), PostgreSQL (10)

| Modules being removed in D9

  • Block_place

  • Entityreference

  • Field_layout -> Replaced by Layout Builder.

  • SimpleTest module has been moved to contrib

  • Action renamed to action UI

| New features in Drupal 9

Drupal 9 will have the same new features as of Drupal 8.9. Thus, Drupal 9.0 will not include new features. But Drupal 9.1 will continue to receive new features as it did for the minor D8 releases.

| Breaking APIs

Following is a list of major APIs which were deprecated in Drupal 8 and will be removed in Drupal 9.0.0. That means if your code contains any of these codes, they need to be replaced before upgrading to Drupal 9. This list is not exhaustive and has been curated by scanning Drupal core codebase for deprecated warnings and sorted according to the usage of these APIs in contributed projects as given Drupal 9 Deprecation Status by Acquia.

  • drupal_set_message() removed

change record

drupal_set_message(), drupal_get_message() functions removed.


Use messenger service 


\Drupal::service('messenger')->addMessage('Hello world');
  • Drupal::entityManager() removed

change record

EntityManager has been split into 11 classes.


Services like entity_type.manager, entity_type.repository, entity_display.repository etc to be used instead. See change records for more info.


  • db_*() functions removed

change record

All of the db_* procedural functions part of the Database API layer have been deprecated.


Obtain the database connection object and execute operations on it. See change records for more info.


$injected_database->query($query, $args, $options);

$injected_database->select($table, $alias, $options);
  • drupal_render() removed

change record

drupal_render() and drupal_render_root()  functions


Use renderer service


  • Methods for generating URLs and links deprecated

change record

Drupal::l(), Drupal::url(), Drupal::linkinfo() etc and many methods for generating URL & links are removed


See example. 



  • File functions removed

change record



Use file_system service 


\Drupal::service('file_system')->copy($source, $destination, $replace);

\Drupal::service('file_system')->move($source, $destination, $replace);


  • Loading of entities removed

change record

node_load(), entity_load(), file_load() etc removed.


Use entity_type.manager service to get specific entity storage and then use the respective load functions


use \Drupal\node\Entity\Node;

$node = Node::load(1);


$file = \Drupal::entityTypeManager()->getStorage('file')->load(1);
  • Functions to view entities are deprecated

change record

entity_view(), entity_view_multiple(), comment_view() etc removed.


Use entity view builder handler


$builder = \Drupal::entityTypeManager()->getViewBuilder('node'); 

$build = $builder->view($node, 'teaser');
  • Date formats API changes

Some of the functions and hooks removed (change record)





system_get_date_format() etc.


Use date.formatter service 


  • Unicode::* methods removed

Following functions removed (change record)







Use mb_* functions

  • Functions retrieving extensions info removed

change record

_system_rebuild_module_data(), system_get_info() etc are removed


Use extension.list.module, extension.list.profile and extension.list.theme services




  • drupal_get_user_timezone() removed

change record

drupal_get_user_timezone() function removed.


Replaced with an event listener which updates the default timezone


  • SafeMarkup methods are removed

change record

SafeMarkup::checkPlain() SafeMarkup::format() etc removed.


See change record for replacements 



| More Changes/Updates

  • Drupal core themes no longer extend Classy. Read more

  • Drupal core themes, Bartik, Claro, Seven, and Umami no longer depend on Stable.

  • New Stable theme for D9, recommended new themes to be built on new D9 stable theme. Old D8 stable to be removed from core and be moved to a contributed project before D10.

  • A new administration theme, Claro (targeted for inclusion in Drupal 9.1)

  • Drupal 9 won't be able to run updates from 8.7.x or earlier databases anymore, it is necessary for all new updates added to the code base to be tested from a Drupal 8.8.x starting point. Read more

  • Changes to how HTML Elements are inserted via AJAX commands. Read more

  • ZendFramework/* packages have been updated to their Laminas equivalents. Read more

  • PhantonJS based testing removed. Read more

  • The jQuery UI asset libraries not in use by Drupal core have been marked deprecated and have been removed from core in Drupal 9.

  • Drupal 9 will continue to depend on CKEditor 4 and jQuery 3.4.

  • Modules to be compatible with Drupal 8 and 9 at the same time and to support semantic versioning for contributed projects

  • jquery.cookie has been replaced with js-cookie version 2. 

| Conclusion

At this point, 9.0.0-beta2 is released, which means the code for 9.0.0 is stable and is ready for testing by end-users. Now is a good time to test upgrade your existing D8 sites to the latest version of 9.  If you have contributed a project in drupal.org, it is also a good time to check your extensions for D9 readiness. There are several tools which can speed up this process of making your extensions compatible with D9.

Have questions about how Drupal 9 will impact your site? We are here to help. Check out our Drupal Services or send us an email at [email protected]

| Important References

If you see any discrepancies in the information provided above, please let us know.


Apr 03 2020
Apr 03

Agiledrop is highlighting active Drupal community members through a series of interviews. Now you get a chance to learn more about the people behind Drupal projects.

This week we talked with Amber Matz, Production Manager and Trainer at Drupalize.Me. In addition to these two important roles, Amber is actively involved in a number of projects in the Drupalverse, the current most notable one likely being the Builder Track at DrupalCon Seattle. Have a read if you’d like to find out more about her journey with Drupal and her insights on its future.

1. Please tell us a little about yourself. How do you participate in the Drupal community and what do you do professionally?

My username on drupal.org is Amber Himes Matz. I participate in the Drupal Community in a number of ways. The bulk of my volunteer time lately has been consumed by the program team for the Builder Track at DrupalCon Seattle, where we review, select, schedule, and support speakers and sessions for the upcoming ‘con. I’m working on (as I am able) moving two issues forward, Add experimental module for Help Topics and new Draft "Getting Started" Outline & Guide. I’m also part of the Community Cultivation Grants Committee and like to keep tabs on what’s happening amongst Drupal camp organizers in Slack. (In February 2019, I was the lead organizer for the Pacific NW Drupal Summit in Portland, OR.) Professionally, I work on Drupalize.Me as Production Manager and Trainer for the platform, which features Drupal tutorials in both written and video format.

2. When did you first come across Drupal? What convinced you to stay, the software or the community, and why?

I was a web developer for an organization for many years working mostly with PHP and MySQL on the backend and HTML/CSS on the frontend. I coded a LOT of forms and form processing scripts. I discovered Drupal as an escape from that tedium. I stuck with it because I needed work and wanted a better job, which I eventually got. I stay with the Drupal community because of a rewarding and satisfying job, great people (local, global, and online), and the opportunity to travel.

3. What impact has Drupal made on you? Is there a particular moment you remember?

My career benefited greatly and singularly from showing up to a local Drupal user group meeting. From that first meeting, I made a connection which lead only weeks later to a job interview and my first job as a dedicated Drupal developer (which ended up being Developer + Client Manager + Project Manager). After this job experience, I was hired at Lullabot as a trainer for Drupalize.Me. (Drupalize.Me is now part of a sister company to Lullabot.)

4. How do you explain what Drupal is to other, non-Drupal people?

Drupal is a platform to structure and present loads of content in a scalable way.

5. How did you see Drupal evolving over the years? What do you think the future will bring?

I think the challenge for the Drupal community is to provide straightforward and accessible means for anyone to install, use, and customize Drupal. The great “tout” of Drupal is its scalability. And it certainly has and does scale. This presents a great challenge. How do we provide functionality, tools, documentation, and training for a platform that can be used for such a wide range of use cases? How do we make it easier to use the kinds of tools that are necessary for such a complex platform? I know that a lot of people are hard at work on these kinds of problems. I think the future of Drupal will mean gaining a better understanding of our user base and not assuming that everyone falls into an “enterprise” category or whatever.

6. What are some of the contributions to open source code or to the community that you are most proud of?

At the moment, I’m most proud of the line-up of speakers for the Builder Track for DrupalCon Seattle. The program team worked really hard choosing speakers and in the midst of a lot of changes to the ‘Con.

7. Is there an initiative or a project in Drupal space that you would like to promote or highlight?

Register for DrupalCon Seattle!

8. Is there anything else that excites you beyond Drupal? Either a new technology or a personal endeavorment.

I’ve been a web developer since about 2001 or so. That has added up to a lot of raging against the screen. I have discovered open source hardware and the “maker” community and have discovered the joy and pleasure of coding on a variety of microcontrollers and single-processor boards in a variety of applications from breadboarding to learn concepts in electronics to sewing with conductive thread to making a variety of fun and whimsical projects. Working with physical computing objects has brought back a level of sanity to the otherwise (come on, admit it) insane world of web development.

Apr 02 2020
Apr 02
Accessibility for Teams in a Hurry: Steps for Getting Started | ThinkShoutVisit ThinkShout's Facebook PageVisit ThinkShout's Twitter Feed

Skip to main content

Start Small

Give yourself a scope that is reasonable. For example, committing to make all new content accessible is more doable than retrofitting hundreds of pages of old articles. Set goals that are both ambitious and reasonable.

Read the Guidelines

Select the compliance level you’re working toward to get a better understanding of what accessibility means. Then it won’t feel so complicated.

Simplify the Language on Your Team

If you decide to meet WCAG 2.1 AA, don’t make people say that. Just call them ‘the guidelines’. Have a shared vocabulary so everyone can participate without having to be overwhelmed by a bunch of new acronyms.

This way, your team is measuring success in the same way. Define when testing should happen in your process and who is doing it. Build in redundancies so you can look out for each other as you go.

Most Importantly, Support Each Other!

We’re learning new things all the time, and it’s just part of the process. You’ve got this! Just take it one step at a time.


Get In Touch

Questions? Comments? We want to know! Drop us a line and let’s start talking.

Learn More Get In Touch

Related Blog Posts

Drupal 9: An AFAQ

There are already lots of articles out there if you want to get excited about Drupal 9, so we’re going to focus on the more practical questions with an AFAQ (Anticipated Fearfully Asked Questions).

Four Questions Your Website Accessibility Statement Should Answer

Your accessibility statement is not just another contact form on your website.

Accessibility for Teams in a Hurry: Navigation

A reliable and accessible navigation system is a priority for any website.

Mar 29 2020
Mar 29

I have recorded a video tutorial highlighting some of the features of a module I created for Drupal a while ago. This is the Warmer Drupal module.

Cache warming may not be a critical piece for sites with a lot of traffic, because traffic organically warms caches. However, it is critical for these sites to deploy with warm caches after a release that cleared all caches. This will prevent overloading the server or even cache stampedes.

[embedded content]
Mar 27 2020
Mar 27

Enjoy a random 404 video.

Or explore more of what we do.

We offer strategy, design and development services across industries and using a wide array of tech.

Read more about each below.

  • Business
  • Branding
  • User Research
  • Content Strategy
  • SEO
  • Accessibility
  • Responsive
  • Experience
  • Styleguides
  • Performance
  • Security
  • Migrations
  • Support
  • Training


  • Finance
  • Healthcare
  • Higher Ed
  • Nonprofit
  • Tech


  • PHP
  • Drupal
  • WordPress
  • Laravel
  • Javascript
  • Node
  • Vue
  • Nuxt
  • Electron
  • DevOps
  • Docker
  • Lando


  • Magic
  • Localdev
  • Testing
  • Events
  • Webinars
Mar 20 2020
Mar 20

Huge thanks for responding to our call for contributors posted at the beginning of the month. All must-have beta requirements have been completed, so, we've released Drupal 9.0.0-beta1! Drupal 8.9.0-beta1 will be released next week (the week of March 23).

The release of the first betas is a firm deadline for all feature and API additions. Even if an issue is pending in the Reviewed & Tested by the Community (RTBC) queue when the commit freeze for the beta begins, it will be committed to the next minor release only.

  • Developers and site owners can begin testing the betas after their release.

  • Sites must be on 8.8 or later to update to 9.0.0-beta1. Therefore, we will also provide bugfix releases of 8.8 and 8.7 that resolve known upgrade path criticals, so sites that have not been able to update to 8.8 can test the upgrade.

  • Once 8.9.0-beta1 is released, the 9.1.x branch of core will open for development. This branch is where feature and API additions should be made. All outstanding issues filed against 8.9.x will be automatically migrated to 9.1.x.

  • Alpha experimental modules have been removed from the 8.9.x and 9.0.x codebases (so their development will continue in 9.1.x only).

  • Additional fixes will be committed to 9.0.x under the beta allowed changes policy through the end of the beta phase on April 28.

  • The release candidate phase will begin the week of May 4th.

See the summarized key dates in the release cycle, allowed changes during the Drupal 8 and 9 release cycle, and Drupal 8 and 9 backwards compatibility and internal API policy for more information.

Drupal 9.0.0 and Drupal 8.9.0 are both scheduled to be released on June 3, 2020.

Bugfixes and security support of Drupal 8.8 and 8.7

Drupal 8.8 will receive additional bugfix releases through May 4, 2020, and it has security coverage through December 2, 2020. Drupal 8.7 has security coverage until the release of 8.9.0 on June 3.

Mar 20 2020
Mar 20

Huge thanks for responding to our call for contributors posted at the beginning of the month. All must-have beta requirements have been completed, so, we've released Drupal 9.0.0-beta1! Drupal 8.9.0-beta1 will be released next week (the week of March 23).

The release of the first betas is a firm deadline for all feature and API additions. Even if an issue is pending in the Reviewed & Tested by the Community (RTBC) queue when the commit freeze for the beta begins, it will be committed to the next minor release only.

  • Developers and site owners can begin testing the betas after their release.

  • Sites must be on 8.8 or later to update to 9.0.0-beta1. Therefore, we will also provide bugfix releases of 8.8 and 8.7 that resolve known upgrade path criticals, so sites that have not been able to update to 8.8 can test the upgrade.

  • Once 8.9.0-beta1 is released, the 9.1.x branch of core will open for development. This branch is where feature and API additions should be made. All outstanding issues filed against 8.9.x will be automatically migrated to 9.1.x.

  • Alpha experimental modules have been removed from the 8.9.x and 9.0.x codebases (so their development will continue in 9.1.x only).

  • Additional fixes will be committed to 9.0.x under the beta allowed changes policy through the end of the beta phase on April 28.

  • The release candidate phase will begin the week of May 4th.

See the summarized key dates in the release cycle, allowed changes during the Drupal 8 and 9 release cycle, and Drupal 8 and 9 backwards compatibility and internal API policy for more information.

Drupal 9.0.0 and Drupal 8.9.0 are both scheduled to be released on June 3, 2020.

Bugfixes and security support of Drupal 8.8 and 8.7

Drupal 8.8 will receive additional bugfix releases through May 4, 2020, and it has security coverage through December 2, 2020. Drupal 8.7 has security coverage until the release of 8.9.0 on June 3.

Mar 18 2020
Mar 18
Project: Drupal coreVersion: 8.8.x-dev8.7.x-devDate: 2020-March-18Security risk: Moderately critical 13∕25 AC:Complex/A:User/CI:Some/II:Some/E:Proof/TD:DefaultVulnerability: Third-party libraryDescription: 

The Drupal project uses the third-party library CKEditor, which has released a security improvement that is needed to protect some Drupal configurations.

Vulnerabilities are possible if Drupal is configured to use the WYSIWYG CKEditor for your site's users. An attacker that can create or edit content may be able to exploit this Cross Site Scripting (XSS) vulnerability to target users with access to the WYSIWYG CKEditor, and this may include site admins with privileged access.

The latest versions of Drupal update CKEditor to 4.14 to mitigate the vulnerabilities.


Install the latest version:

Versions of Drupal 8 prior to 8.7.x have reached end-of-life and do not receive security coverage.

The CKEditor module can also be disabled to mitigate the vulnerability until the site is updated.

Note for Drupal 7 users

Drupal 7 core is not affected by this release; however, users who have installed the third-party CKEditor library (for example, with a contributed module) should ensure that the downloaded library is updated to CKEditor 4.14 or higher, or that CDN URLs point to a version of CKEditor 4.14 or higher. Disabling all WYSIWYG modules can mitigate the vulnerability until the site is updated.

Mar 13 2020
Mar 13

Drupal 9 release date has been pinned for June 3, 2020, and it's coming up super fast. What does that mean for your site?

First of all, don't panic. Drupal 7 and 8 end of life are scheduled until November 2021, so there is plenty of time to upgrade. However it is always good to plan ahead with time and take advantage of the new features and security releases with the new version.

If you are on D7

Moving to Drupal 9 will be very similar as moving to Drupal 8, and in fact, there is no reason to wait, and the recommendation is to move to D8 as soon as possible, incorporating the tools described in the next section to search for possible incompatibilities.

Coming from D7, the greatest challenge might be the availability (or not) of the modules you already have installed, and finding and implementing replacements wherever needed. Take this as a chance to audit your site and plan a migration with a new architecture that fits your needs.

Also try out the Upgrade Status module, as it "checks the list of projects you have installed and shows their availability for newer versions of Drupal core".

If you are on Drupal 8

At its core, Drupal 9 will be the same as the latest release of Drupal 8, minus the deprecated components removed, and third party dependencies updated. This means that an upgrade from D8 should be fairly easy as it only involves making sure your codebase isn't making use of deprecated code.
Checking your site for readiness is simple using the mglaman/drupal-check utility. It is a simple CLI tool to generate a report of deprecation errors. Install it as a development package on your site and use:

# Install:
composer require mglaman/drupal-check --dev

# Run on a directory:
drupal-check web/modules
Drupal Check CLI tool example

Some things to keep in mind while checking deprecation notices:

  • Update all modules to the latest development version, to ensure testing against the latest code.
  • Don't just check the contrib modules, run it against themes, profiles and custom code.
  • If your project has continuous integration, aim to incorporate this tool into the workflow to verify readiness and avoid regressions.
  • Don't run this tool in a production environment :)

If CLI tools aren't your fancy or would like a nicer UI to show to project managers and clients, the Upgrade Status module will provide a nice dashboard with a summary and detailed information for each module of your site. It uses drupal-check as it's underlying tool.

Upgrade Status module report

Fixing deprecations

Now that you've got a report of deprecated code usage, it's time to fix it. The deprecation notices should state clearly what is deprecated, and suggested changes. I also like to look at the source code of the deprecated function and see what Drupal core is using inside it, as it shows unequivocally what needs to be done.

Let's take an example:

Call to deprecated constant REQUEST_TIME: Deprecated in drupal:8.3.0 and is removed from drupal:9.0.0. Use \Drupal::time()->getRequestTime();

Fixing the error can be as simple as replacing REQUEST_TIME with:


In fact, a tool called drupal-rector is under development to help automate this process. A handy list of deprecation fixes can be found in the drupal/check documentation as well.

However be aware that \Drupal calls should be avoided in classes whenever possible, and dependency injection used instead. So for the example above, if REQUEST_TIME was used inside a service class, we'd inject the 'datetime.time' service into it (the service returned by \Drupal::time()) and then call getRequestTime() on it. For more in-depth information on how to call services using dependency injection, read Accessing services from the drupal.org docs.

Mark your modules as D9 ready

If you have fixed all deprecation notices, and are a module maintainer or have custom modules in your site, mark them as compatible with Drupal 8 and 9 in the info.yml file:

name: My Module
type: module
core_version_requirement: ^8.8 || ^9

A note on third party dependencies

Drupal 9 will have it's third party dependencies updated, most notably Symfony 4.4 components. Be sure to test your site in a D9 beta using these dependencies to avoid potential conflicts when D9 is released. Make sure you are running with the recommended dependencies versions by using the 9.0.x branch of drupal/core-recommended.

Finally, if you are starting a new build

Start with the latest D8 release! As mentioned, Drupal 9 is D8 at its core, so it is safe to start development with Drupal 8 and wait for the release date to upgrade. Just keep an eye out on module deprecation notices using the suggested tools from above.

Mar 13 2020
Mar 13

Read our roadmap to understand how this work falls into priorities set by the Drupal Association with direction and collaboration from the Board and community. You can also review the Drupal project roadmap.

Project News

Drupal 9 beta is closer than ever!

At the time of writing this post, there are fewer than three beta-blockers for Drupal 9. This hopefully means that we'll be seeing a beta release of Drupal 9 very soon. 

What does this mean for you?

Now's the time to get familiar with what's coming in Drupal 9, and to check your contributed or custom modules to see if you're ready to go. The community has put together a number of tools that you can use: the upgrade status module, the Drupal Check command line tool, and Drupal Rector.

We also need your help! We're looking for more individuals and organizations to participate in the Drupal Beta Test program. It's a great way to contribute to Drupal.

Call for Sponsors & Contributors: Automatic Updates

We're really proud of the work we accomplished in the first phase of the automatic updates initiative; in Drupal 7 and Drupal 8, sites that don't depend on Composer workflows now have complete support for securely and automatically updating Drupal Core. In the second phase of this work we want to extend that support to contributed projects, and to support Composer-based site installations. 

We need your help to make the second phase happen. Will you contribute?

Learn more on our call for sponsors & contributors post.

Drupal.org Updates

DrupalCon Minneapolis Program Update

In preparation for releasing the full DrupalCon Minneapolis speaker schedule, we've made some updates to the accepted sessions page. 

The newly redesigned page now highlights our excellent keynote speakers (to include Mitchell Baker from Mozilla!) as well as other featured speakers for this year's event. On top of that you can filter the list of sessions by track, to get a jumpstart on finding your favorite sessions, before the full schedule is released. 

Ready to enable Semantic Versioning for Contributed Projects

We've rearchitected the version management for contributed projects, so that they can begin using Semantic Versioning as we enter the Drupal 9 era. You can see an example of this in practice on this sample project: semver_example. 

We're coordinating with the Drupal core maintainers to select a window for enabling the new semver functionality across all projects. We want to ensure that Drupal end-users will still be able to find and easily understand which projects they can use once projects are able to be compatible with both D8 and D9, and are using semver version numbering. 

Not familiar with semantic versioning

The three digit numbering scheme (MAJOR.MINOR.PATCH) is designed to provide guide rails around API breaking changes. In Drupal core for example, patch releases are incremented whenever there are bug fixes or security releases. Minor releases indicate that new features have been introduced. And the Major version only changes when deprecated APIs are removed and fundamental architectural changes have been introduced.  Contributed project maintainers are encouraged to adopt the same pattern.

Updated display of releases

Speaking of releases - we've recently updated the display of releases to provide a cleaner view of release metadata. This should make it much easier to understand the history of recent releases, and to see at a glance which ones were bug fixes vs. feature releases vs. security releases. 

New Release Meta Data

You can see a detailed example by looking at the release history for Drupal core

Drupal usage stats by branch

Because of the six-month minor release cycle, it's become much more important to have more granular insight into what minor versions of Drupal are in use in the wild. 

Usage stats by branch

As you can see above, we've updated the usage stats for Drupal to display usage by branch. This is mostly useful for Drupal Core, but may be valuable for contrib maintainers as well as they look to understand which versions of their projects are in highest demand. 

Coming soon: An updated UX for project browsing

With the release of Drupal 9, it will be possible for contributed projects to be compatible with both major versions of Drupal. Perhaps more interestingly, because of the release of new features with minor versions, there are some projects that may only be compatible with a certain range of minor versions (e.g: 8.6.x - 9.2.x). 

This is a powerful improvement in ensuring that key modules are ready to use with Drupal 9 on day one, but it also has the potential to be confusing for Drupal site owners and evaluators who are trying to discover what projects they can use. We're looking to update the project browsing on Drupal.org to make sure discoverability doesn't suffer with this change. If you have good ideas about this user experience, please feel free to share them on the issue!

Drupal 9 Readiness

Packaging enhancements

Beginning with Drupal 8.8.0, Drupal needed to be packaged from the output of Composer create project, rather than as the simple contents of a git clone. These changes to packaging have additional ramifications for how we manage tagged releases for Drupal core, and in particular for how we manage security releases. We've been making a variety of updates to the Packaging pipeline since Drupal 8.8 to make the process more transparent, resilient, and performant, and that work continues. 


DrupalCI: Support for new Postgres environments

Because minimum requirements are changing with Drupal 9, we've added new test environments for both Postgres 10 and Postgres 12

DrupalCI: Updated SQLite version

SQLite has also been updated within the DrupalCI test environment to version 3.26, to support testing on the correctly supported version. 

DrupalCI: Support for MariaDB environments

MariaDB forked from MySQL after the acquisition by Oracle, but at first had remained fairly consistent. However, with recent versions MariaDB has had to diverge, and so we are now providing explicit testing support for MariaDB, with test environments for versions 10.2.7 and 10.3.22. 


As always, we’d like to say thanks to all the volunteers who work with us, and to the Drupal Association Supporters, who make it possible for us to work on these projects. In particular, we want to thank: 

If you would like to support our work as an individual or an organization, consider becoming a member of the Drupal Association

Follow us on Twitter for regular updates: @drupal_org, @drupal_infra

Mar 12 2020
Mar 12

Enjoy a random 404 video.

Or explore more of what we do.

We offer strategy, design and development services across industries and using a wide array of tech.

Read more about each below.

  • Business
  • Branding
  • User Research
  • Content Strategy
  • SEO
  • Accessibility
  • Responsive
  • Experience
  • Styleguides
  • Performance
  • Security
  • Migrations
  • Support
  • Training


  • Finance
  • Healthcare
  • Higher Ed
  • Nonprofit
  • Tech


  • PHP
  • Drupal
  • WordPress
  • Laravel
  • Javascript
  • Node
  • Vue
  • Nuxt
  • Electron
  • DevOps
  • Docker
  • Lando


  • Magic
  • Localdev
  • Testing
  • Events
  • Webinars
Mar 09 2020
Mar 09

Since tickets are no longer required, sign up for our mailing list to get all the latest updates. Links to join sessions will be on the session pages on the day of the event.

Due to the worldwide Coronavirus/COVID-19 response and in consideration of the health of our community, we have reconsidered the implications of moving forward with business as usual for MidCamp. While there are currently no travel or gathering warnings for Chicago, we need to consider that historically, >40% of our attendees travel to the event. Additionally, current advice and historical evidence suggest that proactive steps are essential in containing the network effects of the virus.

Fortunately, we have the tools and ability to share our information in a remote manner, and as such we’re moving MidCamp to a 100% remote format this year. There’re many details to work out, but our aim is to deliver the same quality content on the same schedule as we would have done in person.

What does this mean for attendees?

  • In-person social events will be cancelled and replaced with virtual events where possible

  • All Wednesday trainings will be cancelled.

  • Thursday & Friday sessions will be presented and attended via videoconference (details to come). We will have no in-person events at DePaul.

  • All tickets will be refunded.

    • We are still accepting individual sponsorship donations. Donations will go toward deferring cancellation costs, toward costs of the virtual event, and towards our 2021 event.

  • If you’ve booked accommodations with the Midcamp 2020 group at Hotel Versey, call (773) 525-7010 to cancel. 

Our goal is to maintain the high-quality content you've come to expect from MidCamp without adding any risk to the community we care so deeply about. We appreciate your patience and flexibility with this change of format. If you have any questions at all, feel free to contact us at [email protected], or hop into our Slack https://mid.camp/slack.

Thanks again for your support!

Mar 09 2020
Mar 09

What is the future?

Our future user experience with computers is going to be significantly based on the intersection of personalization and voice assistants. Simply put, voice assistants are going to completely understand every question being asked, find the perfect personalized answer to every question, and empathetically return an appropriate response.

I have become slightly obsessed with voice assistants. In my limited free time, I am exploring both Alexa and Google Assistant. Both technologies have their strengths, weaknesses, and differences but their underlying user interaction and even their back-end code is glorified if/then statements. For example, “if” an end-user asks a question like, “What is the weather?”, “then,” the back-end code looks up the weather for the user’s current location and returns a response.

One of the key challenges for building useful voice assistant applications is conversational design. Although we all know how to have a conversation, designers and developers will need to discuss the problem and figure out the solution. A secondary challenge that I am noticing for creating engaging voice user experiences is providing the data behind the voice. Organizations are going to have to restructure their data to be more omnichannel and consumable by voice applications. For example, Mayo Clinic recently discussed how they had to rethink their editorial process to create content that is more distributable to voice channels.

As we begin to develop voice assistant applications and strive to build personalized user experience, everyone is going to come to the realization that we need to rethink how we structure, share, and consume data. If we collectively want to succeed, we need to collaborate and work together to define and implement standardized data structures.

Defining, standardizing, and structuring our data using Schema.org

The internet and modern computing exist because collectively we have become good at collaboratively creating and sharing open standards and open-source software. Schema.org is the most recent standard to emerge and the blog post excerpt below established who is behind Schema.org and why these organizations are working together.

“On June 2nd (2011) we announced a collaboration between Bing, Google and Yahoo to create and support a standard set of schemas for structured data markup on web pages. Although our companies compete in many ways, it was evident to us that collaboration in this space would be good for each search engine individually and for the industry as a whole.”

-- http://blog.schema.org/2011/07/on-june-2-nd-we-announced-collaboration.html

The homepage of Schema.org succinctly defines what is Schema.org.

“Schema.org is a collaborative, community activity with a mission to create, maintain, and promote schemas for structured data on the Internet, on web pages, in email messages, and beyond.”

-- https://schema.org/

Based on the popularity of Schema.org, there is little need for any further explanation or even examples because everyone is implementing it…we are just doing it wrong. “Wrong” is a very harsh and critical word, and I hesitate to ever use it. At the same time, in this context I am now required to justify its usage and illustrate the mistake that we are collectively making when thinking about Schema.org.

First off, for many existing websites and internet applications, schema is an afterthought that is being implemented on top of our existing web pages and content. Fortunately, adding schema to our web pages usually results in improved SEO and Google page ranking. If we spend the time implementing speakable schema, we can also have our content promoted in voice applications.

To address the growing need to include schema within our webpages, every enterprise CMS offers some mechanism to add schema to generated content. Drupal has a Schema Metatag module. WordPress has a Schema plugin. Adobe Experience Manager has the ability to create, add, and manage metadata schemas. Laying schema on top of our existing content architecture feels more like a workaround or band-aid to the challenge of collectively defining, standardizing, and structuring our data. Everyone is still defining their unique content architecture.

We are failing to address one of the biggest challenges in computer science... naming things

If we step back and think about it, there are many different ways to describe something as simple as an image object. For example, should the text associated with the image be called title, caption, label, or text, and then how do we want to describe the image’s URI and metadata?

Would it be possible for everyone to standardize on one canonical definition on an image object? What would happen if a content management system adopted a Schema-First approach?

A Schema-First approach

Several people have begun talking about the benefit of a well-defined schema at the very beginning of a project.

“I think it would be fantastic if most vendors would be able to use schema.org as a starting point.”

-- Using schema.org as a starting point for (headless) WCM

“What’s the solution, then? Establishing a single source of truth through the use of schema-first design can help align software development. Identifying a common goal, and establishing a source for teams and processes to align themselves with is incredibly important, and in this piece, we’ll give you the understanding, and some tools, to do exactly that.”

-- Using A Schema-First Design As Your Single Source of Truth

As we start creating decoupled, headless content management solutions, it becomes more critical that the front-end teams get the expected data in the expected format. “Communication” is the single word that best describes the overarching benefit to a Schema-First approach. The idea that our websites and applications communicate using the same data structures would make the concept “Omnichannel publishing” a thing of the past and change how we syndicate and aggregate information.

Besides “Communication” there are several secondary benefits worth highlighting and using to as arguments to stakeholders who need to understand the benefits of going Schema-First.

“Google uses structured data that it finds on the web to understand the content of the page, as well as to gather information about the web and the world in general.”
-- https://developers.google.com/search/docs/guides/intro-structured-data

Everyone especially, site owners and marketers want to have a website with excellent SEO, which increases the website's overall Google page ranking. Schema.org’s structured data is specifically designed to help improve how search engines understand shared content. SEO is the reason most organizations have added schema to the web pages. Now, we are just taking it one step further and building web pages on top of a well-defined shared schema.


Omnichannel is a cross-channel content strategy that organizations use to improve their user experience and drive better relationships with their audience across points of contact.
-- https://en.wikipedia.org/wiki/Omnichannel

COPE (Create, Once, Publish, Everywhere) approach to content management, which has been rebranded as “Omnichannel,” has helped people understand the importance of creating and distributing content. COPE and Omnichannel is still focused on an organization reaching users across an organization’s contact points. A Schema-First approach would make the “everywhere” in COPE mean “everyone”. Everyone inside and outside an organization would be able to share and consume data.

Syndication & Aggregation

Any organization that has implemented schema on their web content has seen the benefit of their content - that it is more accessible within search results and voice applications. It’s very hard for people to conceptualize what it would be like if websites and applications could seamlessly push and pull data from one website to another. It is hard to imagine that every single webpage with biographical or location information could have the data structured in the same way.

Even though we are creating API First Content Management Systems, it still requires developers to document the data being syndicated, and the developer aggregating this data needs to understand, transform, and consume the data. It pains me to admit that many organizations’ internal teams still struggle with sharing and consuming data.

Shouldn’t an organization press release be automatically consumable by any application?

An amazing proof-of-concept would be Schema-First CMS being able to pull in any NewsArticle from a website, like The New York Times, which implements Schema.org for their articles. A content manager should be able to cut and paste a URI, and with absolutely no code to normalize or massage the data, the external content should be available with the CMS.


“Now, one thing that schema.org won’t do for you is map to your product strategy, content strategy or layout.”

-- https://markdemeny.com/2019/09/using-schema-org-as-a-starting-point-for-headless-wcm/

A Schema-First approach is not a solution but provides a rock-solid foundation for building out an organization’s digital strategy and user experience. We also have to recognize that Schema.org is continually evolving, improving, and even deprecating some entities and properties. Fortunately, as one of my next steps, I want to explore prototyping a Schema-First Content Hub/Repository using Drupal, which as a community in their upgrade from Drupal 8 to Drupal 9, is learning how to evolve and properly deprecate code and data structures.

Next steps

Analyze, Prototype, Evangelize

The concept of taking a Schema-First approach to the Information Architecture behind a Content Management System is not going to be difficult to sell; the challenge is going to be implementing it successfully.

Schema.org is an evolving standard, and its shortcomings need to be analyzed and discussed. Examining how we are transforming our legacy content structures to conform to Schema.org’s specifications could show us what is missing from Schema.org’s specifications. We also need to determine what data should and should not be modeled via schema. For example, we should also think about how to manage presentation information and where it should live.

I am more of an implementation person and not necessarily a specification person. Everyone has their strengths and weaknesses. This is why I frequently use the word collaboration throughout my blog posts, to encourage everyone to contribute. The best feedback which I am going to be able to provide is going to come from implementing and prototyping a Schema-First content management solution. Fortunately, there are people like Peter F. Patel-Schneider at Nuance Communications, Inc. analyzing Schema.org (Article - Video),

Of course, I am guiltily optimistic in thinking that Drupal and its community can solve any problem. At the very least, Drupal is the open-source leader for enterprise content management and user experiences. And fortunately, I am not alone in thinking that Drupal could be a forerunner for a Schema-First CMS.

“So that’s why I’ve been thinking about how it would be if we just had one CMS which would, obviously, be perfect. The perfect CMS, or PCMS, for short...PCMS doesn’t exist, but many of the concepts mentioned in this article do. Drupal has something called the Content Construction Kit which brings ‘custom fields’ to a new level.”
-- A proposal for a perfect CMS

For me, I want to follow up this post with a proposal on how we can prototype a Schema-First implementation of a decoupled Drupal application, or maybe even more specifically, a “Content Hub/Repository.”


For open source and open standards to succeed, we collectively need to evangelize our thoughts and ideas. I know some organizations have invested time and resources in building better content models based on Schema.org. Organizations need to share their experience and get involved by encouraging clients to use and improve these standards.

For now, when your organization is layering Schema.org on top of your existing websites you should think about the possibility of a single way for everyone to organize, structure, and share data because I believe there is one, and Schema.org might be the solution.

Mar 09 2020
Mar 09
Reading time 3 mins clock

Many production websites out there are still happily running on Drupal 7, whilst newer ones have been started on Drupal 8, but the question keeps coming up - should we wait for Drupal 9, and if so, when is it due for release?

What is Drupal 9?

Drupal 9 will be, from a code perspective, a cleaned-up version of Drupal 8. It will be the same as the last Drupal 8.9 version with the deprecated code removed and third-party dependencies updated. Drupal 9 is mostly already built in Drupal 8.

Why does Drupal 9 exist?

Since version 8 of Drupal, the CMS has benefited from being built on top of a common PHP framework known as Symfony. As a CMS user, you don’t need to know or care about this as far as publishing content and changing settings goes.

However, the underlying framework is now reaching the end of life and as such will not receive support and security coverage - resulting in Drupal 8 also becoming vulnerable to any Symfony exploits in the future.

Drupal 8 uses Symfony 3 which goes end of life in November 2021. Therefore Drupal 8 will also need to go end of life.

With this impending date in mind Drupal 9 has been scheduled for release to move the codebase to the new Symfony 4 framework and at the same time remove some of the older no longer needed Drupal 7 code from the CMS.

The big deal about Drupal 9 is … that it should not be a big deal.

Dries Buytaert

Dries Buytaert

Upgrading and Planning

The window between Drupal 8 being unsupported and Drupal 9 being released is over a year - so plenty of time to plan and update your existing website if necessary. But it’s also worth noting that the move from version 8 to 9 is a much simpler and hassle-free journey for developers - resulting in a speedy process and much less time and cost for website owners.

It's worth planning and executing a move from Drupal 7 to Drupal 8 now - with an eye on the quick succession to Drupal 9 when ready. The removal of technical debt and analysis of your Drupal 7 site features is something you should be planning to execute soon.

Because Drupal 9 will be basically Drupal 8 streamlined, trying to skip the upgrade will not bring any benefits. It simply means you have less time to execute the upgrade and therefore more risk in your project.

Doing the upgrade to Drupal 8 with an eye to Drupal 9 is the best approach. You can already benefit from all the functionality in Drupal 8 with an easier upgrade path going forward.

Following the Alpha release of Drupal 9 in February the Beta release is aiming for release during the first week of March 2020.

The Summer is coming...

The release date for Drupal 9 has been set to June 3rd 2020, so not long at all. As with all new major releases, there’s always the case for incomplete or non-functioning features to creep in. What is different about Drupal 9 is that it’s mostly just a quick evolution of the Drupal 8 codebase and features - meaning a lot of the modules will instantly be compatible without major re-architecting of the codebase.

To track the Drupal 9 release and new features being introduced be sure to keep an eye on the dedicated Drupal 9 Drupal.org page and the up to the minute DropIsMoving Twitter news account.

Drupal 8 and 9 releases

Thanks to Gábor Hojtsy for putting together the "State of Drupal 9" slide deck where the above release diagram came from.

If you’d like to talk to us about your Drupal 7 or 8 site and the upgrade process call our team on 01925 320041 or email [email protected].


Mike C

Managing Director

12 years of Drupal development wrangling and a background in digital project architecture.

Mar 06 2020
Mar 06

The mission of the Community Working Group (CWG) is to foster a friendly and welcoming community for the Drupal project and to uphold the Drupal Code of Conduct. 

- https://www.drupal.org/community/cwg 

As the Drupal Community Working Group (CWG) moves into its seventh year, we have been thinking a lot about how we can evolve it to better serve the changing needs of the Drupal Community. 

At the moment, the four members of the CWG split our time between reactive issues (conflict resolution and Code of Conduct enforcement) and proactive issues (community health resources, workshops). While the work is often emotionally taxing, it is also often extremely rewarding. We believe the proactive work has a large impact on the community, but our time is often filled with reacting to issues in the community. 

To this end, we have been working with Tara King (sparklingrobots) on identifying new CWG roles, mainly focused on proactive tasks. These new roles will not play a part in conflict resolution matters and will not receive access to any incident reports or other confidential information that has been shared with the group, with the exception of subject matter experts, who may see some limited information when brought in to consult on specific cases. These new roles are designed for individuals to help provide insight and expertise into how we can better support and grow our community.

It is important to note that all CWG members must abide by the CWG Code of Ethics, regardless of if they consult on conflict resolution or Code of Conduct enforcement cases or not.

The list of new CWG roles follows below. In some cases, we have already reached out to individuals to fill some of the roles. Full details about the roles can be found on the Community Working Group's Community Health Team page.

  • Community health - develops and produces community health initiatives like workshops and tweaks to drupal.org processes.
  • Community event support - assists Drupal community events with Code of Conduct template, playbooks, and other resources. It is our hope that this role be filled by members of the newly established Drupal Event Organizers Group. 
  • Subject matter experts - includes individuals with knowledge of specific geographic, industry, and mental health areas. In some cases, subject matters experts will be provided with limited information about specific conflict resolution issues they have been brought in to assist with.
  • Ambassadors - coordinators between the CWG and other groups, including the Drupal Association, other open source projects, Drupal.org maintainers, and Diversity and Inclusion.

We are strong believers that the more proactive work we do, the stronger and healthier our community will be and the less reactive work we will have. 

If you, or someone you know, are interested in any of the new roles, please drop us a line at drupal-cwg [at] drupal.org. Include your name, drupal.org username and which role (or roles) you are interested in. 


About Drupal Sun

Drupal Sun is an Evolving Web project. It allows you to:

  • Do full-text search on all the articles in Drupal Planet (thanks to Apache Solr)
  • Facet based on tags, author, or feed
  • Flip through articles quickly (with j/k or arrow keys) to find what you're interested in
  • View the entire article text inline, or in the context of the site where it was created

See the blog post at Evolving Web

Evolving Web