DRUPALDEALS.COM

Web Wash: Getting Started with Bootstrap 5 using Radix in Drupal

Radix is a Bootstrap base theme for Drupal that provides a solid foundation for building your website. It includes built-in Bootstrap 4 and 5 support, Sass, ES6, and BrowserSync. This makes it easy to create a website that looks great on all devices and is easy to maintain.

In this video, you’ll learn the following:

Download and install Radix.
Generate a Radix sub-theme.
Integrate a Bootswatch theme in your site.
Implement the Carousel component using blocks and paragraphs.
Implement the Accordion component using paragraphs.
Display articles in a Bootstrap grid using Views.

ImageX: Drupal 10.1's Front-End Transformation: A Review of Impressive Updates

Front-end developers are committed to crafting website interfaces that are not just visually captivating but also a joy for users to interact with. It’s great to know that Drupal helps them along the way.

Salsa Digital: Drupal security — a complete Drupal self-help guide to ensuring your website’s security

Enhancing Drupal security for a safer online experience Drupal is a powerful and versatile open-source content management system (CMS) that offers extensive functionality and customisation possibilities for creating and managing dynamic websites. As more businesses and organisations choose Drupal for their web presence, ensuring the security and privacy of their data and user information has become increasingly important.

Salsa Digital: Cybersecurity, the National Institute of Standards and Technology (NIST) and Drupal

About the National Institute of Standards and Technology (NIST) NIST is a US-based agency that provides critical measurement solutions to promote equitable standards such as the NIST Cybersecurity Framework (NIST CSF). NIST CSF is recognised globally as one of the leading standards for organisational cybersecurity management. The CSF is based on existing standards, guidelines and practices for organisations to better manage and reduce cybersecurity risk. In addition, it was designed to foster risk and cybersecurity management communications among both internal and external organisational stakeholders. The NIST CSF covers the following five domains: Identify : Activities to understand and manage cybersecurity risk by identifying assets, vulnerabilities and threats.

Lullabot: Lullabot Podcast: Back to the Stage with Drupal GovCon

It’s back and more exciting than ever! We are thrilled to announce the highly anticipated return of Drupal GovCon, the third biggest Drupal Conference in the world! This notable event is returning to the Washington DC area on November 1 & 2, marking a lively return to in-person Drupal camps.

Join host Matt Kleve as he engages in insightful discussions with accomplished organizers Nina Ogor and Christoph Weber, unveiling the plans and expectations for the upcoming conference.

Zyxware Technologies: Why Choose Drupal? 7 Business Requirements it Seamlessly Addresses

Drupal isn't just a CMS anymore. It has evolved to become a central part of the larger digital experience platform ecosystem. Designed to cater to agile marketing and communication teams, its functionality extends far beyond a traditional CMS. It offers a vast array of capabilities, suitable for a wide range of digital projects, thereby showcasing Drupal's versatility. This article explores seven business requirements ideally suited for Drupal solutions.

Matt Glaman: My adventure up to Twin Cities DrupalCamp 2023

Last week, I drove up to Minneapolis and attended Twin Cities DrupalCamp. I have only made it to the conference once before, way back in 2016, to present about the beginnings of Drupal Commerce 2.x. This is the first time Twin Cities DrupalCamp has been held at the end-of-summer/beginning-of-fall period. Twin Cities DrupalCamp was always held in June, which always conflicted with other events and family time at the end of the school year.

Promet Source: An ASAP Guide to Drupal 10

With Drupal 9 slated for end of life within a matter of weeks, the time to jump on the Drupal 10 upgrade fast track is now. This November’s scheduled end of life for Drupal 9 (the Drupal Association has yet to publish an exact date) signals a true hard stop, with no possibility of extended commercial support or off-grid security and bug fixes. At issue is the November 2023 decommissioning of Symfony 4

Nonprofit Drupal posts: September Drupal for Nonprofits Chat

We're back from summer vacation!!! Join us TOMORROW, Thursday, September 21 at 1pm ET / 10am PT, as we resume our normally scheduled call to chat about all things Drupal and nonprofits. (Convert to your local time zone.)

No pre-defined topics on the agenda this month, so join us for an informal chat about anything at the intersection of Drupal and nonprofits. Got something specific on your mind? Feel free to share ahead of time in our collaborative Google doc: https://nten.org/drupal/notes!

All nonprofit Drupal devs and users, regardless of experience level, are always welcome on this call.

This free call is sponsored by NTEN.org and open to everyone.

Join the call: https://us02web.zoom.us/j/81817469653
- Meeting ID: 818 1746 9653
  Passcode: 551681
- One tap mobile:
  +16699006833,,81817469653# US (San Jose)
  +13462487799,,81817469653# US (Houston)
- Dial by your location:
  +1 669 900 6833 US (San Jose)
  +1 346 248 7799 US (Houston)
  +1 253 215 8782 US (Tacoma)
  +1 929 205 6099 US (New York)
  +1 301 715 8592 US (Washington DC)
  +1 312 626 6799 US (Chicago)
- Find your local number: https://us02web.zoom.us/u/kpV1o65N
Follow along on Google Docs: https://nten.org/drupal/notes

View notes of previous months' calls.

Security advisories: Drupal core - Critical - Cache poisoning - SA-CORE-2023-006

Project: Drupal coreDate: 2023-September-20Security risk: Critical 16∕25 AC:Complex/A:None/CI:All/II:Some/E:Theoretical/TD:DefaultVulnerability: Cache poisoningAffected versions: >=8.7.0 <9.5.11 || >=10.0 <10.0.11 || >= 10.1 <10.1.4Description:

In certain scenarios, Drupal's JSON:API module will output error backtraces. With some configurations, this may cause sensitive information to be cached and made available to anonymous users, leading to privilege escalation.

This vulnerability only affects sites with the JSON:API module enabled, and can be mitigated by uninstalling JSON:API.

The core REST and contributed GraphQL modules are not affected.

Drupal Steward partners have been made aware of this issue. Some platforms may provide mitigations. However, not all WAF configurations can mitigate the issue, so it is still recommended to update promptly to this security release if your site uses JSON:API.

Solution:

Install the latest version:

If you are using Drupal 10.1, update to Drupal 10.1.4.
If you are using Drupal 10.0, update to Drupal 10.0.11.
If you are using Drupal 9.5, update to Drupal 9.5.11.

All versions of Drupal 9 prior to 9.5 are end-of-life and do not receive security coverage. Note that Drupal 8 has reached its end of life.

Drupal 7 is not affected.

Reported By:

ghostccamm

Fixed By:

Drew Webber of the Drupal Security Team
Peter Wolanin of the Drupal Security Team
Nathaniel Catchpole of the Drupal Security Team
Alex Bronstein of the Drupal Security Team
Lee Rowlands of the Drupal Security Team
xjm of the Drupal Security Team
Wim Leers
Benji Fisher of the Drupal Security Team

Subscribe to