In this article, I’ll show you how to build a system to keep track of your company assets using Drupal. This system allows you to easily create and manage an equipment list with resources such as laptops, phones, monitors, or desks that are assigned to employees. It’s ideal for remote or hybrid companies, where control over issued equipment is crucial. Read the blog post or watch an episode of the “Nowoczesny Drupal” series (the video is in Polish).

Join us THURSDAY, October 17 at 1pm ET / 10am PT, for our regularly scheduled call to chat about all things Drupal and nonprofits. (Convert to your local time zone.)

We don't have anything specific on the agenda this month, so we'll have plenty of time to discuss anything that's on our minds at the intersection of Drupal and nonprofits.  Got something specific you want to talk about? Feel free to share ahead of time in our collaborative Google doc: https://nten.org/drupal/notes!

All nonprofit Drupal devs and users, regardless of experience level, are always welcome on this call.

This free call is sponsored by NTEN.org and open to everyone. 

• Join the call: https://us02web.zoom.us/j/81817469653

  • Meeting ID: 818 1746 9653
    Passcode: 551681

  • One tap mobile:
    +16699006833,,81817469653# US (San Jose)
    +13462487799,,81817469653# US (Houston)

  • Dial by your location:
    +1 669 900 6833 US (San Jose)
    +1 346 248 7799 US (Houston)
    +1 253 215 8782 US (Tacoma)
    +1 929 205 6099 US (New York)
    +1 301 715 8592 US (Washington DC)
    +1 312 626 6799 US (Chicago)

  • Find your local number: https://us02web.zoom.us/u/kpV1o65N

• Follow along on Google Docs: https://nten.org/drupal/notes

View notes of previous months' calls.

Under certain uncommon site configurations, a bug in the CKEditor 5 module can cause some image uploads to move the entire webroot to a different location on the file system. This could be exploited by a malicious user to take down a site.

The issue is mitigated by the fact that several non-default site configurations must exist simultaneously for this to occur.

Install the latest version:

• If you are using Drupal 10.2, update to Drupal 10.2.10.
• Drupal 10.3 and above are not affected, nor is Drupal 7.

All versions of Drupal 10 prior to 10.2 are end-of-life and do not receive security coverage. (Drupal 8 and Drupal 9 have both reached end-of-life.)

This advisory is not covered by Drupal Steward.

• Pierre Rudloff

• catch of the Drupal Security Team
• Lee Rowlands of the Drupal Security Team
• Benji Fisher of the Drupal Security Team
• Kim Pepper
• Wim Leers
• xjm of the Drupal Security Team

• xjm of the Drupal Security Team
• Dave Long of the Drupal Security Team
• Juraj Nemec of the Drupal Security Team

If you are searching for the best content management system or CMS, then Drupal is the one that can power your website. In case you have not looked into Drupal before this, then you might not know its perks. 

Well, do not worry, in this read, you are going to learn about the benefits of using Drupal for your website development. Whether you are an individual, agency, small business, or enterprise, with Drupal you can now create powerful websites and apps.

Top 10 Benefits Of Using Drupal For Your Website Development 

There are many advantages of using Drupal for your website development. Let us delve more into it.

You have likely upgraded Drupal to version 10.3.0 and noticed a new message in the reports regarding the State Cache:

The message reads as follows:

The State Cache flag $settings['state_cache'] is not enabled. It is recommended to enable it in settings.php unless too many keys are stored. Starting with Drupal 11, State Cache will be enabled by default.

What is the State API?

Let's begin by understanding what the State API is. The State API in Drupal is a system that allows the storage and retrieval of small data fragments that are necessary for site operation but are not part of the overall configuration. Unlike the Config API, which focuses on data that must be consistent across different environments (like production, development, etc.), the State API is intended for environment-specific data that can change more dynamically and do not need to be synchronized across different environments.

Why does it…

Marc Berger

Senior Backend Engineer

Always looking for a challenge, Marc tries to add something new to his toolbox for every project and build — be it a new CSS technology, creating custom APIs, or testing out new processes for development.

January 1, 1970

For higher ed institutions and nonprofits, Localist is a powerful resource that provides a valuable means of centralizing your organization’s events into a single branded calendar. However, integrating that event data into a Drupal website in a seamless way can pose a significant challenge.

At Four Kitchens, we recently completed a custom module for a client that can regularly import events from Localist into their higher ed site. After finishing the project, it dawned on us that the Drupal community could benefit from our work. In keeping with our commitment to sharing knowledge with our community, we rebuilt it as a contrib module, so it’s available for your organization, too.

During this rebuild, there were several lessons that we thought were valuable to share to aid other developers who also build custom modules.

Setting functional goals

Before we get into the challenges and lessons we learned, let’s talk about what this module does and how it can help your organization import event data from Localist.

The Localist platform offers an API, but it requires time and development resources to create a custom Drupal module that satisfies your organization’s data requirements. This module simplifies the work needed to import event data from Localist into Drupal by using Drupal’s plugin architecture. Fundamentally, this module uses Drupal’s migration APIs to handle all of the heavy lifting. However, we needed to add custom plugins and functions to handle the Localist API specifically.

Additionally, migrations in Drupal are usually a one-time import — for example, migrating data from an older Drupal 7 site to a newer Drupal 11 site. With event data, importing needs to happen regularly, so this module is designed to import data roughly every hour.

Finally, we decided to build a UI, include optional installable examples (using Drupal’s new Recipes initiative!), and include a code generator that guides a developer to quickly get started building their own event migrations required to import the data.

The information imported from Localist is then stored in fields on a Drupal content type to display however you’d like. If your organization already uses Localist to manage events, you can now display that information in a consistent way on your own website.

Shifting a custom solution to a community contribution

Transforming a client-specific module into a contrib module for the wider Drupal community required extra work, but those efforts are true to our values of sharing knowledge and enabling others to benefit from our research.

Remember the last time you went searching for a module to perform a specific functionality, found it, and installed it? Not only did that experience save you development time, but it also showed the power of the open source community.

Shared modules provide ready-made solutions to common challenges, allowing developers to focus on innovation rather than reinventing the wheel.

Challenges and lessons in developing a community-ready module

When building a custom module, you develop with many assumptions in place because the config and code are already in place for a known environment. When building for the community, you have to consider a multitude of scenarios and edge cases. You have to factor in how the module may be used, how it may interact with other modules, and other unknowns.

Additionally, sometimes there can be some very client-specific requirements that don’t make sense for a contributed module. For the client we originally built this for, we built in special functions to handle the formatting and styling of the event dates. To translate this module into a contrib module, that functionality had to be removed, as we can’t make those same assumptions for everyone. We just want to ensure the baseline functionality is in place so your team can then build off that foundation — ultimately saving you time.

Of course, these modifications work both ways. Your organization may need this type of contrib module, but perhaps its functionality doesn’t align with your website’s requirements. Four Kitchens can work with your organization to tailor the module to your needs. Just let us know how we can help.

Translating a custom module for broader use

Rebuilding this custom module to a contrib version required extra time, planning, and testing to suit the broader Drupal community’s needs. It ultimately helped us learn that in the future, we may want to flip the script and try to develop a contrib module first, and then override in our own code to customize per client. In this way, the base functionality is available to all.

If you are a developer who creates custom modules, think about the goals of your module and ask yourself if your idea would also benefit the community as a whole. Building a contrib module from the get-go may be far more efficient than taking a custom module and turning it into a contrib module later.

Below, we’ll share some examples of a few changes we made as part of the rebuild of the Localist module and the reasoning behind the change. We hope this helps other developers think outside the box and determine if a contrib module may be a better idea as a starting place.

The value of contributing to the Drupal community

Contributing to the Drupal ecosystem through contributed modules benefits the entire Drupal community. By making our work available to others, we collectively elevate the capabilities of the platform and empower developers worldwide.

While this specific rebuild required a bit of extra time, it fosters a culture of knowledge exchange and mutual support. Each contribution, no matter how small, adds to the platform’s versatility and appeal.\We hope that by sharing our experience of moving a module from custom to contrib, we empower other developers to consider building contrib first to give back to the community, collaborate with others on additional features, build more robust and better documented modules, and hopefully save a little time in the end.

The post From custom to contrib: Rebuilding our Localist module to import event data into Drupal appeared first on Four Kitchens.

Top 10 presentations from DrupalCon Barcelona 2024

Hansa Pandit

20 employees from Ramsalt Lab had the opportunity to attend one of the most awaited Drupal events of the year, DrupalCon 2024 in the beautiful city of Barcelona.

It was a great event with inspiring sessions and hands-on workshops. Our team have made this list of the top 10 session from Barcelona:

1. Driesnote: DrupalCon Barcelona 2024
   Our top recommendation is Driesnote, where Dries Buytaert, the founder of Drupal, presents the revolutionary Drupal CMS (being built under the Starshot Initiative). This will be a new era in Drupal with AI-enabled website building for non-developers.
2. Drupal Recipes Initiative Update
   This session gives an update on Drupal’s Recipes initiative, and how you can contribute to it. You'll also learn about recipes that you can start using right away!
3. Building Safer Digital Communities - The Mission of "Defend Iceland"
   In this keynote, Theódór Gislason shares his journey, ignited by a life-altering accident thirty years ago, and discusses the vision for the "Defend Iceland" hacker platform. He addresses the challenges of democratizing cybersecurity and highlights how a united community of responsible companies and ethical hackers could enhance our collective cyber resilience.
4. Running a fleet of websites with ease via LocalGov Drupal Microsites Platform
   Learn how to create and manage a fleet of websites, all hosted within a single Drupal installation, the "LocalGov Drupal Microsites" module.
5. Implementing AI solutions for the French government
   This session gives you an insight into how an Artificial Intelligence system can be integrated into a Drupal website and, more broadly, into any digital experience platform.
6. Drupal LMS: A new, modern, easy-to-use Learning Management System
   Explore the structure of a Learning Management System (LMS), the ongoing work on the project, key structural differences from Opigno and ANU, and opportunities for contributing to its development.
7. Drupal AI: Once again leading the way with the new golden era of the web - The AI Module and Starshot
   Watch this session to discover how AI is transforming Drupal site building in Starshot and how to utilize the Drupal AI module to create advanced web applications.
8. Everything you need to know about cookies but are afraid to ask!
   This beginner-level session will help you learn about cookies, their purpose, and emerging alternatives. You will also explore how to optimize user experience, insights, and marketing strategies while maintaining privacy and compliance.
9. Practical exploitation of Drupal security vulnerabilities
   This session aims to understand the importance of addressing web application vulnerabilities, moving beyond the typical "alert" XSS pop-up scenario. It also covers various approaches for detecting, mitigating, and preventing these vulnerabilities to ensure stronger overall security.
10. Supply Chain Security in Drupal and Composer
    This session provides a foundational understanding of supply chain security, with a deeper focus on Composer's features and their impact on it. Learn best practices for securing Drupal sites from supply chain attacks and explore how the Drupal Association is developing solutions to safeguard the entire community.

The Ramsalt team at our favorite tapas restaurant.

We hope you enjoy these sessions as much as we did! You can find all of the sessions from DrupalCon Barcelona 2024 on the official YouTube channel of the Drupal Association.

The Drupal Association has published this guest blog on behalf of HeroDevs.

The official end-of-life (EOL) date for Drupal 7 is January 5, 2025. However, as outlined in the PSA issued on June 7, 2023, the Drupal Security Team announced a change in their support strategy that would take effect before the official EOL date. Starting August 1, 2023, they implemented a reduced support structure for moderately critical Drupal 7 issues.

Why the Reduced Support Structure Matters

When a Drupal 7 module is marked as unsupported, it means that no further updates or security patches will be provided. This situation can leave your site vulnerable to potential security risks and negatively impact performance. As highlighted in the PSA, the Drupal Security Team follows a structured process: they first notify maintainers and provide them with a two-week window to respond and address the issue. If maintainers do not act within this timeframe, the module may be marked as unsupported, and support will cease altogether. This can create significant challenges, particularly for sites reliant on these modules. 

HeroDevs’ Proactive and Comprehensive Approach  

At HeroDevs, we understand the urgency of this issue. We’ve proactively stepped in to bridge the gap by forking and maintaining modules that are no longer supported by their original maintainers, with Drupal 7 Never-Ending Support. Our approach means that even as official support dwindles, your modules continue to receive the necessary updates and fixes. By taking over security maintenance, we help keep your site secure and operational, allowing you to focus on what matters most without worrying about vulnerabilities or disruptions.

Forking and Maintaining Unsupported Modules: HeroDevs has already begun forking and maintaining modules that have been dropped by their original maintainers in the last year. This approach makes sure that essential functionality remains intact and that any emerging security vulnerabilities are promptly addressed. By doing so, we help maintain the security and integrity of your site even as support from the Drupal community wanes.

Guidance for Custom and Legacy Modules: While custom modules and unique code are not covered under the standard SLA, HeroDevs provides guidance and support to help you integrate and maintain these solutions. We collaborate with you to ensure that your custom developments are compatible and functional with our Drupal 7 NES offering.

Maintaining Compatibility and Functionality: Beyond just security patches, HeroDevs works to test the compatibility of your modules with the evolving web landscape. We address compatibility issues and provide a seamless experience for developers working with legacy systems. This comprehensive support approach helps you avoid disruptions and maintain smooth operations.

Conclusion

As the Drupal 7 ecosystem transitions into its extended support phase, HeroDevs is committed to delivering robust and proactive support for unsupported modules. Our dedication to maintaining security, functionality, and compatibility means you can rely on us to safeguard your Drupal 7 site and navigate the end-of-life transition with confidence. With HeroDevs by your side, you can focus on planning your migration or upgrades while we handle the challenges of unsupported modules. Contact us to learn more about Drupal 7 NES.

Today we are talking about Freemium Drupal Modules, The WordPress hub-bub, and Drupal, Now with AI with our hosts. We’ll also cover FullCalendar as our module of the week.

For show notes visit: https://www.talkingDrupal.com/471

• Freemium Drupal
• Wordpress controversy
• Drupal CMS and AI

• Dries Wordpress Blog Post
• Non-Code Contribution: Using your passion and skills to power open source.
• DrupalCon Barcelona Driesnote
• Drupal AI

Nic Laflin - nLighteneddevelopment.com nicxvan John Picozzi - epam.com johnpicozzi Aubrey Sambor - star-shaped.org starshaped Martin Anderson-Clutz - mandclu.com mandclu

Martin Anderson-Clutz - mandclu.com mandclu

• Brief description:
  • Have you ever wanted an interactive calendar to display your Drupal events with drag-and-drop rescheduling, and without using jQuery? There’s a module for that.
• Module name/project name:
  • FullCalendar
• Brief history
  • How old: created in Sep 2010 by ablondeau, though I’ve been behind the most recent releases
  • Versions available: 7.x-2.0 and 3.0.0-beta2 versions available, the latter of which supports Drupal 10 and 11
• Maintainership
  • Actively maintained, latest release was this morning
  • Security coverage, though technically the 3.0.x branch will have it once it’s stable
  • Test coverage, minimal but on the roadmap
  • Documentation - does have a user guide, but created for the D7 version, so newer documentation is needed
  • Number of open issues: 337 open issues, none of which are bugs against the 3.0.x branch
• Usage stats:
  • 3,388 sites, though the vast majority of those are for the D7 version, since the 3.0.x branch is very new
• Module features and usage
  • No jQuery!
  • Lots of configurability plus some extras specifically for Drupal
    • Drag-and-drop to alter events
    • Option to require confirmation
    • Can display toast-style notifications when updates are save
    • Double-click on a day or time to create an event at that time
    • Can display events from different content types, even if they use different fields to store dates, and yes, even different kinds of fields, so a mixture of core and Smart Date fields will work
    • You can set default colors and output type (block or the newer, list-item display), and the ability to override color based on content type or a taxonomy reference
  • This module had been essentially dormant for over 4 years, but I decided to work with Jürgen Haas on reviving it after a similar and popular project called Fullcalendar View was not only marked as “Minimally maintained” and “Maintenance fixes only”, but the project page directed users to contact the maintainer to pay for a premium version, in order to use the current version of the Fullcalendar JS library, or to load events via AJAX, which as been an often-requested feature because Fullcalendar View has had common reports of performance problems on sites with lots of event data.
  • Worse, the maintainer has closed as “won’t fix” issues that had community-provided patches, because he only wanted to provide said improvements in the paid, premium version
  • In my work on the Events recipe for Drupal CMS, I knew that having a solid calendar would be important, and I didn’t feel good about relying on a module that seemed to be pushing users more and more towards a paid model. I’m grateful to Jurgen and everyone who worked on FullCalendar before us for creating such a robust and extensible code base