The Comment module allows users to reply to comments. In certain cases, an attacker could make comment reply requests that would trigger a denial of service (DOS).

Sites that do not use the Comment module are not affected.

Install the latest version:

• If you are using Drupal 10.2, update to Drupal 10.2.2.
• If you are using Drupal 10.1, update to Drupal 10.1.8.

All versions of Drupal 10 prior to 10.1 are end-of-life and do not receive security coverage. (Drupal 8 and Drupal 9 have both reached end-of-life.)

Drupal 7 is not affected.

• Alexander Antonenko
• Doug Green

• Lee Rowlands of the Drupal Security Team
• Benji Fisher of the Drupal Security Team
• Juraj Nemec of the Drupal Security Team
• xjm of the Drupal Security Team
• Lauri Eskola, provisional member of the Drupal Security Team

This post is brought to you from our partners at Skynet Technologies.

Uplifting the digital experience of your Drupal website by making it accessible is inevitable.

The reason behind digital evolution is its easy availability for all. But unfortunately, the web is still full of inaccessible experiences, which become a hindrance for users with any sort of disability. And that is the reason why Drupal incorporated various accessibility features with time to ensure its website accessibility.

Along with accessibility features, Drupal has accessibility modules as well that are contributed by its active community. The modules improve Drupal website accessibility without having to put much effort into coding.

Let’s know which are those modules that enhance Drupal website accessibility.

Top Drupal web accessibility modules!

#1 All in One Accessibility

Drupal All in One Accessibility is an AI based accessibility module to enable Drupal websites to be accessible among people with hearing or vision impairments, motor impaired, color blind, dyslexia, cognitive & learning impairments, seizure and epileptic, and ADHD problems. It manages website UI and design related alteration as an accessibility interface.

Drupal All in One Accessibility module installs in just 2 minutes. PRO version reduces the risk of time-consuming accessibility lawsuits.

This module improves accessibility compliance for the standards WCAG 2.0, WCAG 2.1, WCAG 2.2, ADA, Section 508, European EAA EN 301 549, Canada ACA, California Unruh, Israeli Standard 5568, Australian DDA, UK Equality Act, Ontario AODA, France RGAA, German BITV, Brazilian Inclusion law LBI 13.146/2015, Spain UNE 139803:2012, JIS X 8341, Italian Stanca Act, and Switzerland DDA.

It is a cornerstone of improving web accessibility through its ease of use for companies of all sizes. Top features of the module:

1. Accessibility statement
2. Accessibility interface for UI design fixes
3. Dashboard Automatic accessibility score
4. AI based Image Alternative Text remediation
5. AI based Text to Speech Screen Reader
6. Keyboard navigation adjustments
7. Content, Color, Contrast, and Orientation Adjustments
8. Supports 53 languages
9. PDF / Document Remediation Add-On
10. White Label Subscription
11. Live site translation add-on
12. Custom widget color, position, icon size, and type
13. Dedicated email support

#2 Monsido Tools

Monsido tool helps to optimize Drupal websites easily and swiftly. The tool ensures that the website is validated for the de facto international standard, which is WCAG 2.1. So that website will be accessible to everyone in each region.

Monsido scans your Drupal website to identify all persisting accessibility issues and gives you suggestions on addressing the issues to rectify them. It also finds SEO errors and helps you optimize every page of your website.

#3 Editoria11y Accessibility Checker

Editoria11y (editorial accessibility ally) is supported by Princeton University. It is made focusing on content quality and accessibility.

The module checks content automatically, authors are not required to get trained to use it. It detects issues that appear after Drupal assembles the pages by testing rendered content.

Editoria11y prioritizes content issues by inserting alerts and tooltips to help authors fix the problems without troubling them with complex code. It majorly supplements the accessibility issues and does not replace the elements.

#4 Civic Accessibility Toolbar

The Civic Accessibility Toolbar has a block with accessibility utilities which is an aid for end-users if they wish to switch between theme versions with higher color contrast and update text font sizes as well.

The module enables its users to create a block with both or at least one of the utilities to make your Drupal website accessible for visually impaired users. It is tested with Garland, Bartik, Zen Starterkit, Stark, and Olivero themes.

It uses colourContrast and fontSize cookies to remember user selection. The cookies only use functional or necessary details and don’t keep the user’s personal information.

#5 Accessibility toolkit

Basically, Accessibility Toolkit helps Drupal developers with reusable tools so that they can fulfil the requirements of people with disabilities by making websites compatible with assistive technologies. It is tested for Drupal 7, 8, and 9. It does this through aggressive CSS additions and remembers the setting using Drupal's built-in usage of jQuery Cookie.

It provides a block with all little settings to allow for –

• High contrast mode
• Dyslexic font support
• Text scaling
• Inverted colors mode
• Keyboard navigation (only for D8/D9)

#6 Fluidproject UI Options

The module is maintained by Ukrainian developers. It helps users to modify a web page’s line height, font size and style, contrast, and link style. All changes are retained using cookies for a longer span. Fluidproject UI options integrate Drupal libraries into non-admin pages.

To use this module, you need to have Grunt and NPM installed for compiling the infusion library, and a jQuery 1.7 version is required.

However, the module cannot do internationalization through the Drupal interface, JSON files within the module folder can perform this function. This Drupal accessibility module is tested with its most popular themes successfully. Please note here that some of its themes require additional CSS to adjust font size and line heights. Also, Contrast settings don’t work properly for website elements that use CSS gradients.

YOU MAY ALSO LIKE: PDF Document Accessibility Remediation

#7 High contrast

High contrast provides a quick solution for users to switch between an active theme and its high-contrast version.

It only needs to install it and press the tab from the keyboard, then click on the ‘Toggle high contrast’ link. You will find yourself in high contrast mode, returning to normal view is possible via following the same steps.

#8 Style Switcher

This Drupal website accessibility module enables every website visitor to select the stylesheet they want to view the site content with. They only require clicking on its link to get the new look of the website.

Style Switcher reduces the duplication of work since developers don’t need to create themes for alternative stylesheets. Themer has the capacity to provide a theme with alternate stylesheets and the Site builder can add alternate stylesheets in the admin section.

The module gathers and presents all the styles as a list of links in a block for site visitors. Thus, all visitors can easily choose their preferred styles. And the module uses cookies, so, if a user returns to the site, they get the same chosen style.

#9 Text Resize

The text resize accessibility module offers a block to end-users that helps in changing the font size of text on Drupal websites. The block includes a button to increase or decrease the text size, which is an aid for visually impaired users. Text resize uses JavaScript with jQuery and jQuery Cookie to bring accessibility.

#10 Automatic Alternative Text

The Automatic Alternative Text accessibility module uses the Microsoft Azure Cognitive Services API or Alttext.ai to generate alternative texts for images if the alt text is missing.

The module provides algorithms to process images. It can be used to understand if the image has relevant content or not. It also has features like categorizing the content of images, describing the images in human-readable language, and estimating the dominant and accent colors of the image.

P.S. All above-mentioned modules have free and premium versions available. You can select the best suited version.

YOU MAY ALSO LIKE: Voluntary Product Assessment Template (VPAT)

Some more contributed modules to fine-tune the Drupal website’s accessibility!

• CKEditor Abbreviation
• HTML Purifier
• Siteimprove
• htmLawed
• Block ARIA Landmark Roles

Read more for detail information.

Wrapping up

Having an accessible website is crucial and the need of an hour. All in One Accessibility is a quick and comprehensive solution with AI based features to improve your website accessibility compliance at next level. The cherry on top is its 2 minutes installation and 10 days free trial. Not limited to this, the dashboard add-ons and upgrades like PDF / document accessibility remediation, white label subscription, and live site translation helps in increasing digital accessibility.

Join us TOMORROW, January 18 at 1pm ET / 10am PT, for our regularly scheduled call to chat about all things Drupal and nonprofits. (Convert to your local time zone.)

This month we'll be discussing the return of the Nonprofit Summit to DrupalCon Portland 2024!  We're currently looking for breakout discussion leaders, and we'll be answering questions about what that involves, as well as throwing around ideas for potential topics. 

And we'll of course also have time to discuss anything else that's on our minds at the intersection of Drupal and nonprofits -- including our plans for NTC in March.  Got something specific you want to talk about? Feel free to share ahead of time in our collaborative Google doc: https://nten.org/drupal/notes!

All nonprofit Drupal devs and users, regardless of experience level, are always welcome on this call.

This free call is sponsored by NTEN.org and open to everyone. 

• Join the call: https://us02web.zoom.us/j/81817469653

  • Meeting ID: 818 1746 9653
    Passcode: 551681

  • One tap mobile:
    +16699006833,,81817469653# US (San Jose)
    +13462487799,,81817469653# US (Houston)

  • Dial by your location:
    +1 669 900 6833 US (San Jose)
    +1 346 248 7799 US (Houston)
    +1 253 215 8782 US (Tacoma)
    +1 929 205 6099 US (New York)
    +1 301 715 8592 US (Washington DC)
    +1 312 626 6799 US (Chicago)

  • Find your local number: https://us02web.zoom.us/u/kpV1o65N

• Follow along on Google Docs: https://nten.org/drupal/notes

View notes of previous months' calls.

Discover what sustainability really means in tech in our latest Tag1 Team Talks episode. Learn how the Drupal community contributes to this vital cause and how you can get involved

Building a Drupal website from scratch can be challenging and time-consuming. That’s exactly why we need Drupal recipes. These are a set of predefined configurations or components that can be used as the starting point for addressing specific needs such as creating an e-commerce platform, blog, and other projects. It doesn’t matter what type of Drupal development services you are interested in, Drupal recipes are available for all. They make Drupal project development much easier and faster.

Authored by: Nadiia Nykolaichuk.

Upon entering the new year, many of us have started working towards resolutions or aspiring achievements. In the digital space, Drupal websites, too, can aspire to be on the cutting edge of trends and provide the most compelling online journeys to users.

At The DropTimes (TDT), we constantly evolve. The formative steps for us were challenging. We might be just out of infancy, but still in childhood. That does not give us any excuse not to be a better version of what we were yesterday. As we align with the build-in-open philosophy, let us record our recent decisions in response to community feedback.

Embarking on a large-scale web development project demands a robust framework that not only supports your vision but also enhances your efficiency and scalability. With over 20 years of development, Drupal has become one of the leading content management systems for building complex and robust websites.

As part of my role in the Drupal Association, we are trying to find new ways to unleash innovation. Innovation as it happens is a key goal for the Drupal Association. What surprised me when I started with the Drupal Association was to meet companies that were contributors, (some of them known for being long-time contributors) or that are very interested in contributing, but then not knowing how they could maximize their contributions or even where they should be contributing to.

I don’t think that these are a few isolated cases, as it’s not the first time I've seen this trend. Back when I was working for a 100+ developer consultancy firm there was a big corporate push to increase our contribution to open source. And contribute we did. We started “Pizza Fridays”, which meant we were spending Fridays contributing, doing presentations between us, and having pizza for lunch. We had fun, but we lacked structure, purpose, and higher goals (and a healthy diet on Fridays). Our plan was not aligned with anything other than our own appetite to experiment or learn something.

If we had a structure that aligned us to the project we were contributing to, our contributions would have been more impactful, business would have benefited in a more meaningful way, and the whole team would have probably been allowed to contribute even further and longer in time. We did amazing things, don’t get me wrong, but the impact of those could have been much bigger.

That’s why, today, we are introducing the credit bounty program. The idea is to do an initial experiment, and if it has an impact on Drupal moving forward, we’ll tweak it if needed and continue with new iterations.

I expect that the issues and projects that we are promoting will change over time, so we’ll share soon how you can get updated information.

If you are a maintainer and you would like us to include your issues in this pilot program, that may be a possibility as well, so please send me an email: alex.moreno@association.drupal.org. Depending on how this first phase goes, we may start promoting contributed module issues as well based on the popularity of the modules, usage on sites, complexity, how innovative they are, etc, etc

For now, this is the list of issues where (core for now) maintainers need your help. The amount of credit we’ll be given is 50 credits, which is 5 times the normal amount of credits we would grant (normal core issues get 10 credits).

• Cannot save translated nodes after upgrading to 8.8 due to invalid path
  • https://www.drupal.org/project/drupal/issues/3101344
• Composer scaffolding fails when permissions on default.settings.yml or default.settings.php is not writable
  •  https://www.drupal.org/project/drupal/issues/3091285
• Configuration language being overwritten during module install
  • https://www.drupal.org/project/drupal/issues/2905295
• Prevent saving config entities when configuration overrides are applied
  • https://www.drupal.org/project/drupal/issues/2910353

Maintainers will grant credit as normal on these issues, and *all* of the contributing organizations and individuals that the maintainers credit will receive the full bounty. 

Make sure to read Drupal Core's Issue Etiquette for core contribution, and the Contributor Guide. 

Have questions or ideas? Please ping me: alex.moreno@association.drupal.org