Four Kitchens: Drupal 10 is here: Is your website ready?

Image removed.

Back in 2020, Drupal delivered a surprise by estimating a June 2022 release for Drupal 10. While the release was ultimately pushed back to December 14, 2022, you need to know where your website stands for the upcoming upgrade.

For any IT team, changes to a site platform are cause for concern. With less than a year before Drupal 9 hits end-of-life, you need to start planning your preparations for the coming year.

Thankfully, Drupal has remained true to its word about its latest updates avoiding the complex migrations that were required moving from Drupal 7 (but I’ll touch more on that later). Still, the overall impact of Drupal 10 ultimately depends on the condition of your current site.

Platform updates are always cause for uncertainty, and your preparations will vary to navigate a move to Drupal 10. If you start by taking into account where your current site stands, you can best ensure it’s on steady ground for the benefits that lie ahead.

Advantages of upgrading to Drupal 10

The benefits of moving your site to Drupal 10 follow a familiar path. Drupal’s development team doesn’t pack major updates with flashy new features, unlike traditional hardware and software development. Instead, the community continues to refresh the latest version of Drupal with brand new tools.

The arrival of Drupal 10 will clear the system of old, backward-compatible code so the platform runs more efficiently. That way, as work begins to create new tools for version 10, Drupal developers are starting from a clean slate.

The promise of a clean codebase may sound a bit anticlimactic from the perspective of your users. But for developers, it’s an addition by subtraction. Drupal 10 will run much faster than your current platform by losing the clutter required to support out-of-date features.

What can you expect from the next version of Drupal?

Many of the features included with Drupal 10 have already been in use at various points in Drupal 9’s development. Here are a few benefits planned for Drupal’s new release:

  • CKEditor 5: Drupal 9 features version 4 of the open-source JavaScript text editor, which will be deprecated in 2023. This new version is already in use and features a similar-enough interface to be familiar with performance and security enhancements.
  • Updated frontend and admin themes: These features have been available in Drupal 9 but will become the default themes. In addition to offering improved capabilities for migrating a site into Drupal, the new administration theme is more intuitive with better spacing and readability.
  • New package manager: Though potentially unavailable until version 10.1, this feature enables admin users to install modules through the UI. Instead of requiring a developer to FTP modules to a server, you can install them directly from a menu in a way that resembles WordPress extensions.

More good news: Drupal 10 will last longer than 9

One of the third-party technical dependencies of Drupal is its PHP framework, Symfony. Symfony runs on two-year release cycles, which introduces the potential for Drupal to do the same. Drupal 9 uses Symfony 4, which was at the tail end of its development when Drupal 9 was launched. Consequently, as Symfony fell out-of-date in less than two years, so did Drupal 9.

These dependencies were a big part of why Drupal 9 had such a short lifespan as compared with the platform’s history. At one time, versions of Drupal required five to seven years of development. 

Drupal’s development team is releasing Drupal 10 on Symfony 6, which was released earlier in 2022. Drupal 10 will last at least four years before the next major version is released. By working to get ahead of schedule with Symfony, Drupal aims to deliver a platform that’s faster and more stable — with staying power.

Will upgrading to Drupal 10 be easy? It depends.

Drupal 9 will reach its end-of-life sooner than may be ideal, but you face an easier upgrade path to Drupal 10 if your site is currently running version 9.4 or 9.5. Just as with the upgrade from version 8 to 9, updates to Drupal 10 will run “in place.” Rather than needing to migrate to a new platform to upgrade, Drupal 10 is being built inside Drupal 9.

You won’t have to rebuild your site to upgrade to Drupal 10 if you’re up-to-date with its latest version. However, not every organization can keep its website current with every platform release. As with any journey, the road to Drupal 10 entirely depends on where you are now.

If your site is running Drupal 9:

Much like the shift from Drupal 8 to Drupal 9, moving to Drupal 10 can be seamless with the right planning. You need to monitor custom code in any platform update, and Drupal Rector streamlines the process. The module identifies your areas of need, and in many cases will update your code automatically. 

You still need an engineer to oversee the upgrade, but Drupal Rector eliminates the tedium of manually updating a bunch of APIs beforehand. As changes are made to Drupal 10, developers are required to add an automated rule to Rector. Consequently, your future upgrades will be even easier.

Once Drupal 10 is released, you have until November 23, 2023 to complete the upgrade before Drupal 9 reaches its end-of-life. At that point, your site will no longer receive security updates from the Drupal community.

If your site is running Drupal 8:

Drupal 8 reached its end-of-life in November 2021, which means your site may be at risk without the community’s support with security patches and bug fixes. To offset that danger, you should use Drupal Rector to identify deprecated code in your Drupal 8 site to automate a portion of your upgrade journey to Drupal 9.

Fortunately, the move from 8 to 9 is an easier transition than you may think. Once your site is up-to-date to version 9.4, then the jump to Drupal 10 should be fairly straightforward upon its release.

If your site is running Drupal 7:

If you’re still on Drupal 7 (or older), your platform is currently scheduled to reach its end-of-life in November 2023. While this date has been extended several times over the past few years, there is no guarantee it will be extended again. However, you’re not alone. According to estimates, more sites are on Drupal 7 than there are on 8 and 9 combined.  

Migrating your site from Drupal 7 is a complicated, labor-intensive undertaking, which is why the community extended the platform’s support during the pandemic. However, once Drupal 7 reaches its end-of-life next year, you’ll only be able to receive security updates through Vendor Extended Support. Those organizations remain an option to provide service for your site until 2025 — for a price.

To reduce support expenses, you should start working toward loading your site into Drupal 9.4 or 9.5 as soon as possible rather than waiting for the latest version. Drupal 10 will include migration tools from Drupal 7, but Drupal 9 already includes many of the modules you use. That may no longer be the case after Drupal 10 comes out.

Future-proof your site with an upgrade to Drupal 10

Whether you’re facing a migration from Drupal 7 or the end-of-life for Drupal 9, platform updates require planning to succeed. There is no sense in waiting to get started. If anything, upgrading to Drupal 10 from a much older version may grow more complex the longer you delay.

The days of launching a website and ignoring it for five or 10 years are over. The industry just moves too fast. Fortunately, with the right plan, your organization can get the platform you need to take on whatever lies ahead.

The post Drupal 10 is here: Is your website ready? appeared first on Four Kitchens.

Opensource.com: Simplify the installation of Drupal modules with Project Browser

Simplify the installation of Drupal modules with Project Browser Nadiia Nykolaichuk Wed, 12/14/2022 - 03:00

The Project Browser initiative is aimed at providing an easy process for discovering and installing contributed modules directly from the Drupal admin dashboard with the click…

Drupal's modular structure lets you extend your website with an endless array of features. Then again, discovering the right module and installing it on your website can be a…

Image removed.

Evolving Web: Drupal 10 is Coming. Here’s What to Expect.

Image removed.

The long-awaited Drupal 10 will be released on December 14. Are you ready? While some of us get excited about software updates, we get that some might be overwhelmed by what this new version will change for their sites. 

Here we’ll go over how you can be prepared for the latest version, the benefits of moving and the next steps to get there sooner rather than later.

And don’t worry: if you still need guidance by the end of this post, you can watch our recent Drupal 10 webinar, or request custom training for your team. 

Why Upgrade? Can’t I Just Keep Using an Earlier Version?

Drupal 7 and 9 will become obsolete as of November 2023, and having an outdated version of Drupal or any unsecured CMS means your website is more prone to downtimes and bugs. As an organization, implementing and maintaining security measures on your own can be very expensive. Coupled with the custom infrastructure configurations needed to fix bugs, it will invariably cost more than proactively moving to the latest version of Drupal.

Apart from Drupal 7 and 9 reaching end-of-life, Drupal 10 promises to provide an overall improved Drupal experience for content editors, developers and site owners. 

Drupal 10 makes it easy to create content through CKEditor 5, has a greater standardization for using Drupal as a headless CMS, and future features such as automatic updates will make your platform easy to maintain. Overall, this upgrade will provide a better platform for brands looking to create engaging digital experiences. 

Content Creation Front and Centre with CKEditor 5

D10 continues Drupal’s trend of prioritizing content creators and editors for better front-end development. Central to this trend is CKEditor 5, which was an experimental module introduced in Drupal 9.3 and is the sole WYSIWYG editor in Drupal 10.

This new version provides a significantly improved content authoring experience with in-place controls for object editing. It enables you to easily manage media and tables using advanced features. These include various out-of-the-box core features, including basic formatting and styling as well as advanced productivity features.

Shiny New Themes

Content creators will appreciate Claro, which replaces Seven as the new default admin. Meanwhile, Olivero – replacing Bartik as the new default - makes for a more usable front-end, putting accessibility best practices at the forefront. 

Claro is notably less cluttered with more “white space” right out of the box, making it easier on the eyes, less complex to learn and allows for greater accessibility overall. Olivero, first introduced in Drupal 9.4, is now the default front-end theme for Drupal 10. Featuring a simple and modern design, Olivero is focused on the needs of content creators. It is also WCAG AA compliant right from the start, with an accessible and beautiful interface that features a high-contrast colour palette that’s easier on the eyes.

New Dependencies

On the developer side, Drupal 10 has some noteworthy upgrades, including a new underlying technology stack – Symfony 6.2 – and a new version of PHP. 

PHP 8.1, in addition to being a requirement for Symfony 6.2, promises a longer support lifetime for Drupal 10 as well as more stability and predictability in its dependency requirements.

Additionally, Drupal 10 will use modern JavaScript components to replace some uses of jQuery UI and jQuery, as well as a new version of Twig (3.x), which promises to be a faster, more secure and more flexible PHP template engine. Plus, Drupal 10 will no longer support Internet Explorer 11.

Ready-to-Go Headless

Drupal has long been a dependable CMS for hybrid or fully headless configurations thanks to its support for REST, JSON, and GraphQL APIs, (read more about Headless). Drupal’s Decoupled Menus Initiative has sought to make headless design even easier by improving how JavaScript front ends consume configurable menus managed in Drupal.

Beyond Drupal 10.0, the platform’s headless capacity will be expanded further by adding read-only menus for Drupal HTTP APIs. This will make it easier for front-end developers to consume menu data to build navigation systems.

Site Builders Will Soon Have a Project Browser

Another exciting addition that will come in the next versions of Drupal 10 is Project Browsing, which meets the ultimate goal of taking the mystery out of starting and building a new project in Drupal. This handy feature makes it easier for users – especially novice site builders – to hunt down the perfect modules for their projects. It will have a visual browsing interface within the Drupal admin with a more intuitive filtering system and iconography to convey key quality measures faster. 

Three Cheers for Automatic Updates!

Automatic updates have long been one of the most requested features for inclusion in Drupal. The Automatic Updates Initiative has been one of Drupal’s key strategic initiatives for quite some time, and while not yet available in Drupal 10, is expected in version 10.1 or 10.2. With Drupal releasing new features every 6 months or so, it’s only a matter of time before it’s included. 

The upcoming automatic update module will rely on the following three components:

  • Public safety alerts regarding critical and highly critical updates from Drupal.org
  • Readiness checks, which trigger warnings of issues blocking your website from receiving automatic updates
  • In-place updates, which download the update from Drupal.org, check it and create backups of the files, perform the update and restore your backup files if anything goes wrong

The Automatic Updates module is yet another feature aimed at making life easier for content creators, particularly those who don’t have a development background who are tasked with managing Drupal websites and who lack a routine for checking and running Drupal updates upon release.

Need Help With Upgrading?

If you are already using Drupal 9, the upgrade to 10 will be smooth as the two share the same architectures. If you are still using an older version, you are looking at a migration of your site to Drupal 10, which involves replicating applications from the old product onto the new one.

As easy as it sounds to upgrade or adopt Drupal, sometimes you just need a little support. Follow along with Drupal experts as we do a deep dive and reveal some sneak peeks for Drupal 10 in our recent webinar or reach out to request custom training. We offer custom training for teams like yours, from sales and marketing to software development. 

Regardless of which version of Drupal you’re currently using, or even if you’re thinking of moving to Drupal from a different CMS, you can hire us to help. Fill out our contact form to schedule your move and let us do the heavy lifting.

+ more awesome articles by Evolving Web

Nonprofit Drupal posts: December Drupal for Nonprofits Holiday Hour

Join us Thursday, December 15 at 1pm ET / 10am PT, for a special edition of our monthly call. (Convert to your local time zone.)

Our usual informal get-together will be even more so, as we gather to celebrate the season with friends old and new.  We may end up talking shop -- since that's what happens when you get any two Drupalists in a room together -- but no specific topics are on the agenda this month.  (That said, if you've got something specific on your mind, feel free to share ahead of time in our collaborative Google doc: https://nten.org/drupal/notes!)

All nonprofit Drupal devs and users, regardless of experience level, are always welcome on this call.

This free call is sponsored by NTEN.org and open to everyone. 

  • Join the call: https://us02web.zoom.us/j/81817469653

    • Meeting ID: 818 1746 9653
      Passcode: 551681

    • One tap mobile:
      +16699006833,,81817469653# US (San Jose)
      +13462487799,,81817469653# US (Houston)

    • Dial by your location:
      +1 669 900 6833 US (San Jose)
      +1 346 248 7799 US (Houston)
      +1 253 215 8782 US (Tacoma)
      +1 929 205 6099 US (New York)
      +1 301 715 8592 US (Washington DC)
      +1 312 626 6799 US (Chicago)

    • Find your local number: https://us02web.zoom.us/u/kpV1o65N

  • Follow along on Google Docs: https://nten.org/drupal/notes

View notes of previous months' calls.

Specbee: 7 Drupal Security Strategies you need to implement right away! (Includes top Drupal 9 Security Modules)

7 Drupal Security Strategies you need to implement right away! (Includes top Drupal 9 Security Modules) Shefali Shetty 13 Dec, 2022 Subscribe to our Newsletter Now Subscribe Leave this field blank

Website security is not a one-time goal but an ongoing process that needs constant attention. It is always better to prevent a disaster than to respond to one. With a Drupal website, you can be confident that the Drupal security team will resolve reported security issues.
 
Drupal has powered millions of websites, many of which handle extremely critical data. Unsurprisingly, Drupal has been the CMS of choice for websites that handle critical information like government websites, banking and financial institutions, e-Commerce stores, etc. Drupal security updates and features address all top 10 security risks of OWASP (Open Web Application Security Project). 
 
However, the onus is ultimately on you to ensure your website is secure by following security best practices and implementing continuously evolving security strategies. Read more to find out how.

Drupal Security Vulnerabilities

It goes without saying that the community takes security in Drupal very seriously and keeps releasing Drupal security updates/patches. The Drupal security team is always proactive and ready with patches even before a vulnerability goes public. For example, the Drupal security team released the security vulnerability update - SA-CORE-2018-002 days before it was actually exploited (Drupalgeddon2). Patches and Drupal security updates were soon released, advising Drupal site admins to update their websites.
 
Quoting Dries from one of his blogs on the security vulnerability“The Drupal Security Team follows a "coordinated disclosure policy": issues remain private until there is a published fix. A public announcement is made when the threat has been addressed and a secure version of Drupal core is also available. Even when a bug fix is made available, the Drupal Security Team is very thoughtful with its communication.“


Some interesting insights on Drupal’s vulnerability statistics by CVE Details :

Image removed.

 

Image removed.

1. Keep Calm and Stay Updated – Drupal Security Updates    

The Drupal security team is always on its toes looking out for vulnerabilities. Patches / Drupal security updates are immediately released as soon as they find one. Also, after Drupal 8 and the adoption of continuous innovation, minor releases are more frequent. This has led to easy and quick Drupal updates of a better, more secure version. 
Making sure your Drupal version and modules are up-to-date is really the least you can do to ensure the safety of your website. Drupal contributors are staying on top of things and are always looking for any security threats that could spell disaster. Drupal updates don't just come with new features but also security patches and bug fixes. Drupal security updates and announcements are posted to users’ emails and site admins have to keep their versions updated to ensure security.

2. Administer your inputs 

Interactive websites usually gather input from users. As website admins, unless you manage and handle these inputs appropriately, your website is at a high-security risk. Hackers can inject SQL codes that can cause great harm to your website’s data.
Stopping your users from entering SQL-specific words like “SELECT”, “DROP” or “DELETE” could harm the user experience of your website. Instead, with security in Drupal, you can use escaping or filtering functions available in the database API to strip and filter out such harmful SQL injections. Sanitizing your code is the most crucial step toward a secure Drupal website.

3. Drupal 9 Security

How is Drupal 9 helping in building a more robust and secure website? 

  • Symfony – With Drupal 9 adopting the Symfony framework, it opened doors to many more developers other than limiting them to just core Drupal developers. Not only is Symfony a more secure framework, it also brought in more developers with different insights to fix bugs and create security patches.
  • Twig Templates – As we just discussed about sanitizing your code to handle inputs better, here’s to tell you that with Drupal, it has already been taken care of. How? Thanks to Drupal 9’s adoption of Twig as its templating engine. With Twig, you will not need any additional filtering and escaping of inputs as it is automatically sanitized. Additionally, Twig’s enforcement of separate layers between logic and presentation, makes it impossible to run SQL queries or misusing the theme layer.
  • More Secure WYSIWYG - The WYSIWYG editor in Drupal is a great editing tool for users but it can also be misused to carry out attacks like XSS attacks. With Drupal 9 following Drupal security best practices, it now allows for using only filtered HTML formats. Also, to prevent users from misusing images and to prevent CSRF (cross-site request forgery), Drupal’s core text filtering allows users to use only local images.
  • The Configuration Management Initiative (CMI) – This Drupal initiative works out great for site administrators and owners as it allows them to track configuration in code. Any site configuration changes will be tracked and audited, allowing strict control over website configuration.

4. Choose your Drupal modules wisely

Before you install a module, make sure you look at how active it is. Are the module developers active enough? Do they release Drupal security updates often? Has it been downloaded before or are you the first scape- goat? You will find all the mentioned details at the bottom of the modules’ download page. Also ensure your modules are updated and uninstall the ones that you no longer use.

5. Drupal Security Modules to the rescue

Just like layered clothing works better than one thick pullover to keep warm during winter, your website is best protected in a layered approach. Drupal security modules can give your website an extra layer of security around it.

Automatic Updates

This is currently a contributed module but will soon move to core in Drupal 10. The goal of the automatic updates initiative is to provide an easy, safe and secure way to update a Drupal website automatically. It helps automatically update your site with core patches and security releases. Any issues during the update process are detected and reported so you don’t have to find out later.

Login Security

This module ensures security in Drupal by allowing the site administrator to add various restrictions on user login. The Drupal login security module can restrict the number of invalid login attempts before blocking accounts. Access can be denied for IP addresses either temporarily or permanently.

Two-factor Authentication

With this Drupal security module, you can add an extra layer of authentication once your user logs in with a user-id and password. Like entering a code that’s been sent to their mobile phone.

Password Policy

This is a great Drupal security module that lets you add another layer of security to your login forms, thus preventing bots and other security breaches. It enforces certain restrictions on user passwords – like constraints on the length, character type, case (uppercase/lowercase), punctuation, etc. It also forces users to change their passwords regularly (password expiration feature).

Username Enumeration Prevention

By default, Drupal lets you know if the username entered does not exist or exists (if other credentials are wrong). This can be great if a hacker is trying to enter random usernames only to find out one that’s actually valid. This module enables security in Drupal and prevents such attacks by changing the standard error message.

Content Access

As the name suggests, this module lets you give more detailed access control to your content. Each content type can be specified with custom view, edit or delete permissions. You can manage permissions for content types by role and author.

Security Kit

This Drupal security module offers many risk-handling features. Vulnerabilities like cross-site scripting (or sniffing), CSRF, Clickjacking, eavesdropping attacks, and more can be easily handled and mitigated with this Drupal 9 security module.

Captcha

As much as we hate to prove our human-ness, CAPTCHA is probably one of the best Drupal security modules out there to filter unwanted spambots. This Drupal module prevents automated script submissions from spambots and can be used in any web form of a Drupal website

6. Check on your Permissions

Drupal allows you to have multiple roles and users like administrators, authenticated users, anonymous users, editors, etc. In order to fine-tune your website security, each of these roles should be permitted to perform only a certain type of work. For example, an anonymous user should be given the least permissions like viewing content only. Once you install Drupal and/or add more modules, do not forget to manually assign and grant access permissions to each role.

7. Get HTTPS

I bet you already knew that any traffic transmitted over just an HTTP could be snooped and recorded by almost anyone. Information like your login id, password, and other session information can be grabbed and exploited by an attacker. If you have an e-Commerce website, this gets even more critical as it deals with payment and personal details. Installing an SSL certificate on your server will secure the connection between the user and the server by encrypting the data that’s transferred. An HTTPS website can also improve your SEO ranking – which makes it totally worth the investment.

Final Thoughts

As the old adage goes - Expect the best but plan for the worst. By default, Drupal is a very secure content management framework, but you will still need to implement security strategies and follow Drupal security best practices for a good night’s sleep. Drupal 9 brings along a whole new bunch of security features for a more robust and secure website. Nonetheless, keeping your website up-to-date with Drupal security updates is indispensable. Writing clean and secure code plays a significant role in your website security. Choose an expert Drupal development agency that can provide you with effective security strategies and implementation services.

Found this article useful? Here’s a really tiny URL of this article for you to copy, embed, or share: //--> //--> //-->

shorturl.at/ehuxM

Click to Copy URL

Author: Shefali Shetty

​​Meet Shefali Shetty, Director of Marketing at Specbee. An enthusiast for Drupal, she enjoys exploring and writing about the powerhouse. While not working or actively contributing back to the Drupal project, you can find her watching YouTube videos trying to learn to play the Ukulele :)

Drupal 9 Drupal 9 Module Drupal Planet Drupal Development

Leave us a Comment

 

Recent Blogs

Image Image removed.

7 Drupal Security Strategies you need to implement right away! (Includes top Drupal 9 Security Modules)

Image Image removed.

Starterkit Theme in Drupal 10: Implementing a Better Starting Point for your Theme

Image Image removed.

Things you need for a Drupal 8 to Drupal 9 Upgrade - A Checklist

Do you want a robust and secure Drupal website ? We've built many and are happy to help. Talk to us

Featured Success Stories

Image removed.

Upgrading and consolidating multiple web properties to offer a coherent digital experience for Physicians Insurance

Image removed.

Upgrading the web presence of IEEE Information Theory Society, the most trusted voice for advanced technology

Image removed.

Great Southern Homes, one of the fastest growing home builders in the United States, sees greater results with Drupal 9

View all Case Studies

Salsa Digital Drupal-Related Articles: CivicTheme is now available with GovCMS

Image removed.CivicTheme for GovCMS It was great to participate in the GovCMS Mega Meetup last week, especially presenting and introducing CivicTheme — an open source, inclusive and component-based design system to the GovCMS community. More about CivicTheme Even more exciting was the announcement that CivicTheme is part of the official GovCMS roadmap. But what does this mean? CivicTheme is built and optimised for GovCMS SaaS out-of-the-box (OOTB) website projects. So if your website is hosted on GovCMS SaaS (or PaaS) you can use Civic OOTB immediately to build and manage your website, or you can adapt it to suit your GovCMS web project.

PreviousNext: Decoupled OpenSearch: A Case Study

Watch the video to learn how our team leveraged a highly available AWS OpenSearch service fronted by React to build lightning-fast, dynamic search interfaces backed by Drupal using Search API.

by adam.bramley / 13 December 2022

At DrupalSouth 2022 in Brisbane, I presented our experiences with Decoupled OpenSearch.

In my talk, I covered

  • our architecture, why it was chosen, and how you can set it up for yourself.

  • an overview of the Search API OpenSearch module.

  • a deep dive into the frontend technologies and methodologies we used to make building decoupled search apps a breeze.

I’ve also made the links from my talk available for you to investigate in your own time.