The open-source Drupal content-management system (CMS) is talking steps to help protect against multiple potential risks that have been publicly revealed. On Jan. 6, security research vendor IOactive first disclosed the issues, which are focused on the Drupal update process. The Drupal project's security team is aware of the concerns and is fixing all the issues, though it is also downplaying the overall risk.
The spotlight is back on Drupal with the 8.0.0 release. The successful launch is a testament to the hard work put in by members of the Drupal community, but Drupal 7 still has a huge install base and likely will for many years to come. To support Drupal 7 development, let's take a look at a testing platform built exclusively for the platform. Red Test is an open source integration testing framework aimed at making life easier for Drupal developers.
The update mechanism of the popular Drupal content management system is insecure in several ways, allowing attackers to trick administrators into installing malicious updates.
Researcher Fernando Arnaboldi from security firm IOActive noticed that Drupal will not inform administrators that an update check has failed, for example due to inability to access the update server. Instead, the back-end panel will continue to report that the CMS is up to date, even if it's not.
This can be a problem, considering that hackers are quick to exploit vulnerabilities in popular content management systems like Drupal, WordPress or Joomla, after they appear. In one case in 2014, users had only a seven-hour window to deploy a critical Drupal patch until attackers started exploiting the vulnerability that it fixed.
Drupal, one of the largest open source projects in the world, is a content management system and application framework that powers millions of websites, web services, and mobile applications. Individuals and organizations in every sector use Drupal for everything from simple blogs and micro-sites, to complex intranets and private internal applications, to some of the largest sites on the web, including several top 100 properties.
A couple of weeks ago, a Chief Digital Officer (CDO) of one of the largest mobile telecommunications companies in the world asked me how a large organization such as hers should think about organizing itself to maintain control over costs and risks while still giving their global organization the freedom to innovate.
When it comes to managing their websites and the digital customer experience, they have over 50 different platforms managed by local teams in over 50 countries around the world, she told me. Her goal is to improve operational efficiency, improve brand consistency, and set governance by standardizing on a central platform. The challenge is that they have no global IT organization that can force the different teams to re-platform.
The performance and scalability improvements promised by the upcoming, 8th version of Drupal are getting the attention of the Drupal website builders working for the European Commission. The open source content management system will also be able to accommodate larger sites, and will also improve delivery of turnkey web site solutions (Software As A Service, SAAS), the EC developers notice.
FarmOS is a Drupal-based software project aimed at easing the day-to-day management of a farm. It allows different roles to be assigned to managers, workers, and viewers. Managers can monitor how things are going with access to the whole system, workers can use the record-keeping tools, and viewers have read-only access to, for example, certify the farm's records.
After years of development and a few delays, the open source Drupal 8 content management system (CMS) is now generally and freely available. Among the most popular and widely deployed CMS technologies in use today, Drupal counts whitehouse.gov and the Federal Communications Commission among its notable users.
Drupal Hub will hold regular day time drop-in sessions as well as playing host to established Drupal events, thereby bringing people together to collaborate and contribute to the software.
Other plans are in place for Drupal training days, Drupal user group meets, Drupal sprints and the Drupal Academy, which provides intensive training for users of all abilities.
Cisco’s Jamal Haider acknowledged during a presentation this week that his team that works on the company’s open source-based customer support portal hasn’t given much back to the wider Drupal community yet, but he said this talk at the sold-out Acquia Engage conference in Boston is part of an effort to change that.
And why not? Cisco has plenty of reasons – more than $400 million of them, in fact – to be grateful for Drupal since migrating its Support Community portal to the open source content management system early last year. Cisco started working on project requirements in 2013 with Acquia, a SaaS provider that has commercialized Drupal offerings.