After several years of hard work, the Drupal Association and the Drupal Security team are pleased to announce that Drupal Steward is now available to all. What is Drupal Steward?Drupal Steward is a web application firewall that bridges the gap between the time when a security release is announced and when your site is fully updated with the new security patch. This globally distributed service from the Drupal Security Team and the Drupal Association provides immediate, affordable protection for your website while giving your IT team the flexibility to implement site updates without disrupting other priorities. How can Drupal Steward help me?Drupal security releases happen on Wednesdays. Both the good actors, site owners like you, and bad actors, people trying to hack your site, learn about a vulnerability at the same time. Rare highly critical vulnerabilities could potentially be exploited within four hours of the release. Because of this, your teams must stay on alert during any security release window for a highly critical vulnerability to update your site as soon as possible. With Drupal Steward, you can update on your own time. In the event of a highly critical vulnerability, the Drupal security team publishes a notification(PSA) in advance to warn users. When you're protected, you *do not* have to be on red alert or pay staff overtime to be on call. You can schedule testing and implementation of the security update on a timeline that works for you. Please note: Not every vulnerability can be protected by the Drupal Steward program, but it is ideally suited to help protect you from those that are mass exploitable. Drupal Steward can only apply to vulnerabilities that involve exploiting a request to the webserver, which may not apply to some security issues. Also, a zero-day vulnerability (one that is discovered and publicized without the security team's knowledge) is always possible. How much does it cost, and how do I sign up?We've worked very hard to supplement our pricing so that Drupal Steward is affordable to as many site owners as possible. Drupal Steward scales to the number of requests you receive, so check out the calculator on drupalsteward.org to estimate your pricing. Signing up for the service is as simple as creating an account on drupalsteward.org, adding your domain names to be covered, and updating your DNS settings to route requests through the Drupal Steward service. Why isn't Drupal Steward free? How does Drupal Steward support the security team and the community?Code is and always will be free in the Drupal project, but a service by its nature is not. Drupal Steward requires a globally distributed infrastructure to ensure that the security layer doesn't increase latency and degrade the experience of users anywhere in the world. Funding from Drupal Steward directly supports the Drupal Association and our mission to help the community build Drupal. Furthermore, a portion of the funds are set aside specifically for proposals made by the Drupal Security Working Group on behalf of the Drupal Security team. Thank you to our PartnersWe want to thank our founding partners, Acquia and Pantheon who have implemented Drupal Steward protection across their entire platforms so that any of their clients are already covered by this program. Their early support made it possible to bootstrap this community tier for all. We also want to thank our Supporting Partners, who are able to offer Drupal Steward to their clients at the preferred pricing level through the Drupal Association community tier. Originally from Drupal.org aggregator https://ift.tt/2UitJKf
0 Comments
... In recent decades, voice interfaces have grown in both performance and popularity as users begin to seek novel ways to access information, especially through the uniquely human medium of spoken content. Services such as Alexa, Apple’s Siri, Google Home, Cortana, and so on drive more transactions and interactions every day. ... Originally from Drupal.org aggregator https://ift.tt/3duRbea
We released Commerce Core 2.25 on June 30th, 2021. This release kicks off a new schedule that focuses on feature releases once a quarter with bug fix / minor patch releases in the intervening months, giving us time to focus on our other modules as well. Our efforts for this release centered around store administration improvements, Layout Builder integration, and general performance and stability improvements. We also reviewed our code to ensure we had solutions or a roadmap for changes required by Brexit and the EU July 2021 eCommerce VAT package. Store administration improvementsAs with the 2.24 release, our work with multiple large merchants continued to drive store administration improvements throughout the 2.25 development cycle. This release packs in features related to payment administration, coupon administration, and promotion configuration in addition to quality of life improvements in one of our main dependencies, State Machine. New payment entry optionsUntil this release, store administrators wanting to enter a new payment for an order could only do so using stored payment methods previously created by the customer. Several years ago, Drupal Commerce contributor Brad Jones kicked off development of a major feature patch to add support for the creation of new payment methods in the order management interface. This is particularly helpful for customer service representatives placing orders for customers who do not have accounts or stored payment methods on their sites yet. Read moreOriginally from Drupal.org aggregator https://ift.tt/3dtj3zq Infinite scrolling is a technique used to show more content as the user scrolls down a page eliminating the need for the user to click to go to the next page. This is commonly implemented in popular social media apps. This tutorial will demonstrate how to use the Views Infinite Scroll module to achieve this and also show options that can be used to customize the user interaction with the infinite scrolling behavior. Originally from Drupal.org aggregator https://ift.tt/3hpliF5
Version:
8.9.x-dev
Date:
2021-June-29
Description:
Drupal 8 will reach its end-of-life on November 2, 2021, before the release of Drupal 9.3.0, due to Symfony 3's end-of-life. If you are using Drupal 8, you must upgrade to Drupal 9.2 before November to keep your site secure. (Drupal 9.1 security coverage ends shortly after the Drupal 8 end-of-life, so updating to 9.2 directly is best.) There is no vendor extended support program for Drupal 8.
Solution:
How do I upgrade my Drupal 8 site to Drupal 9?The Drupal 8 to Drupal 9 upgrade process is much easier than previous major-version upgrades. There are many automated tools available to assist with the upgrade. Learn more about upgrading your Drupal 8 site to Drupal 9. What if a module I need doesn't have a Drupal 9 release?Many modules can be upgraded automatically. Check the module's issue queue for an issue created by "Project Update Bot".
If you cannot find anyone to maintain the module, try using the patch directly with composer. The Drupal Association will also be taking additional steps to help with the creation of Drupal-9-compatible releases in the coming months. What about Drupal 7?Drupal 7 will still have community-based security coverage until November 28, 2022. The paid Drupal 7 Vendor Extended Support program will continue until November 2025. Originally from Drupal.org aggregator https://ift.tt/3622A16
Second chances are expensive. Why? Because it takes five positive experiences to counterbalance the effects of a negative one. If someone’s first experience with your platform is disappointing, you have a long way to go to win back their confidence — if they even complete your sign-up form. More than 67% of site visitors will completely abandon a sign-up process if they encounter any complications. If you’re lucky, maybe 20% of them will follow up with your company in some way. Whether you’re trying to get people to sign up for your mobile app, e-commerce platform, or company intranet, you…
Originally from Drupal.org aggregator https://ift.tt/3dswBv0 Drupal.org blog: Call For Interest: The Update Framework (TUF) signing server for Drupal packages6/29/2021 Drupal.org is the home of the Drupal community. In its 20 year history, Drupal.org has always been the central source for downloading Drupal core and all the contributed extensions that are part of the ecosystem. As the Drupal project has first moved to support Composer for php-based dependency management, and now looks to implement an automatic updates system - we intend to significantly strengthen the security of our central package delivery. Successful completion of this project will include implementing the python-based The Update Framework (TUF) signing server in a reliable and scalable way on Drupal.org infrastructure. These TUF signatures will be validated by the new PHP-TUF client being built for inclusion in Drupal core. ScopeProject scope should include Discovery, Project Management, Development, Security Review, and Quality Assurance for the following key features:
Technical constraints and additional requirementsThe chosen solution must meet the following additional technical constraints and requirements:
Vendor requirementsThe Drupal Association will consider contracts from both individual developers and agencies. An individual must:
An agency must:
Other Considerations:Please indicate if you’re willing to accept in-kind benefits if your bid comes in higher than our allocated budget. The cash portion of the budget should not exceed $30,000 USD. The point person for this project at the Drupal Association is generally available between 4:00 PM - 11:00 PM UTC. We welcome global responses but we’d prefer meeting times to be within our standard business hours. We will make every effort to accommodate times outside of standard Pacific Time business hours. TimelineWe would like the TUF package signing solution implemented no later than October 31st, 2021. Individuals or Agencies who intend to participate should provide their bids and samples of portfolio work to the Drupal Association via email ([email protected]) no later than Friday, July 29th at 5pm U.S. Pacific. Respondents will be notified of the decision no later than August 20th. Originally from Drupal.org aggregator https://ift.tt/3h4mBuf Drupal.org is the home of the Drupal community. In its 20 year history, Drupal.org has always been the central source for downloading Drupal core and all the contributed extensions that are part of the ecosystem. As the Drupal project has first moved to support Composer for php-based dependency management, and now looks to implement an automatic updates system - we intend to significantly strengthen the security of our central package delivery. Successful completion of this project will include implementing the python-based The Update Framework (TUF) signing server in a reliable and scalable way on Drupal.org infrastructure. These TUF signatures will be validated by the new PHP-TUF client being built for inclusion in Drupal core. ScopeProject scope should include Discovery, Project Management, Development, Security Review, and Quality Assurance for the following key features:
Technical constraints and additional requirementsThe chosen solution must meet the following additional technical constraints and requirements:
Vendor requirementsThe Drupal Association will consider contracts from both individual developers and agencies. An individual must:
An agency must:
Other Considerations:Please indicate if you’re willing to accept in-kind benefits if your bid comes in higher than our allocated budget. The cash portion of the budget should not exceed $30,000 USD. The point person for this project at the Drupal Association is generally available between 4:00 PM - 11:00 PM UTC. We welcome global responses but we’d prefer meeting times to be within our standard business hours. We will make every effort to accommodate times outside of standard Pacific Time business hours. TimelineWe would like the TUF package signing solution implemented no later than October 31st, 2021. Individuals or Agencies who intend to participate should provide their bids and samples of portfolio work to the Drupal Association via email ([email protected]) no later than Friday, July 29th at 5pm U.S. Pacific. Respondents will be notified of the decision no later than August 20th. Originally from Drupal.org aggregator https://ift.tt/3h4mBuf |
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
April 2023
Categories |