drupal

TL;DR: The new binary ddev-hostname shipped with DDEV now takes care of hosts file editing when needed. hosts editing only happens when you use a non-ddev.site URL.

One of the core principles of secure software development is the principle of least privilege: give a program only the minimal permissions it needs to do its job. With DDEV v1.24.7, we've taken a significant step forward in applying this principle to how DDEV manages hostname resolution on your development machine.

If you don't use an alternate top-level-domain (TLD) or custom FQDNs, you won't notice any changes here. Read on, but DDEV will continue to work as it always has for most users.

Why DDEV Sometimes Needs Elevated Privileges

Most of the time, DDEV projects work seamlessly with URLs like https://yourproject.ddev.site without any special setup. That's because DDEV maintains DNS records for ddev.site and all its subdomains that resolve to 127.0.0.1 (your local machine). As long as you have an internet connection, your browser can look up these hostnames automatically.

However, there are situations where DDEV needs to edit your system's hosts file (/etc/hosts on Linux/macOS or C:\Windows\System32\drivers\etc\hosts on Windows):

• When you don't have an internet connection
• When your DNS is broken or blocks 127.0.0.1 resolution (DNS rebinding protection)
• When you use custom hostnames with additional_fqdns that aren't under ddev.site
• When you've configured a project_tld other than the default ddev.site or disabled DNS with use_dns_when_possible: false

For a deeper dive into how DDEV hostname resolution works, see our detailed guide on DDEV name resolution and wildcards.

The Security Challenge: Minimal Elevated Access

When DDEV does need to edit the hosts file, it requires elevated permissions (root on Linux/macOS, Administrator on Windows). This is the only thing DDEV does with elevated privileges—but from a security perspective, how we handle that elevation matters a lot.

Previously, the main DDEV binary—which handles containers, databases, files, and many other tasks—also had to manage hostname editing with elevated permissions. When you elevate privileges for one specific task (editing hosts files), you want to minimize what else that elevated process can do. The old approach meant a larger binary with more dependencies running with elevated permissions, increasing the potential attack surface.

The Solution: Meet ddev-hostname

DDEV v1.24.7 introduces a new dedicated ddev-hostname (and ddev-hostname.exe for Windows and WSL2) binary that handles hostname management exclusively. This specialized tool follows the security principle of least privilege in several important ways:

Minimal Capabilities

The ddev-hostname binary has been stripped down to do exactly one thing: manage hostname entries in your system's hosts file. It doesn't include Docker utilities, global configuration management, or the dozens of other features that the main DDEV binary provides.

Reduced Attack Surface

By removing unnecessary dependencies, we shrunk the ddev-hostname binary significantly. More important, though, we eliminated dependencies on several libraries that were previously included in the main DDEV binary but aren't needed for hostname management.

Each removed dependency is one less potential entry point for security vulnerabilities in the elevated binary.

Platform-Specific Security

The new implementation provides native elevation techniques for each platform instead of relying on third-party tools like gsudo.exe on Windows. This reduces external dependencies and gives us better control over the security model.

Special Benefits for WSL2 Users

If you're using DDEV with Windows WSL2, you'll especially appreciate another improvement that comes with these changes. The new ddev-wsl2 package provides the Windows-side binaries you need, including ddev-hostname.exe and mkcert.exe, directly within your Linux distro.

This means you no longer need to install DDEV on the Windows side when using WSL2. The ddev-wsl2 package gives you everything you need for proper WSL2 integration with Windows hostname and certificate management.

To install it:

This streamlines the WSL2 setup process significantly and ensures you always have the correct versions of these critical utilities.

What This Means for You

As a DDEV user, these changes are largely transparent—your development workflow remains the same. But under the hood, you're now benefiting from:

1. Better security: Elevated processes now have minimal capabilities and smaller attack surfaces.
2. Simpler WSL2 setup: No need for Windows-side DDEV installation.
3. More reliable hostname management: Native platform elevation instead of third-party tools.

The Bigger Picture

These improvements reflect our ongoing commitment to making DDEV not just powerful and easy to use, but also secure by design. By applying established security principles like least privilege and minimal attack surface, we're building a development tool that you can trust with your local environment.

Getting Started

DDEV v1.24.7 with these security improvements is available now. If you're using WSL2, install the new ddev-wsl2 package.

As always, we'd love to hear your feedback on these changes. Join us on Discord to share your experience or ask questions about the new hostname management approach.

Follow our blog, LinkedIn, Mastodon, and join us on Discord. And we'd love to have you sign up for the monthly newsletter.

Tired of those complex PowerShell scripts we used to provide to get DDEV running on Windows? The new GUI installer changes everything.

In DDEV v1.24.7 we've eliminated the complexity of Windows setup. What used to require a privileged PowerShell script and manual WSL2 configuration now takes just a few clicks.

Why This Changes Everything for DDEV Users on Windows

✅ Almost No Command Line Required for Setup
✅ Handles WSL2 Setup Automatically - No more manual configuration
✅ Works with Your Preferred Docker Setup - Docker Desktop, Rancher Desktop, or Docker-CE, in WSL2 or with Traditional Windows
✅ Beginner-Friendly - Perfect for users new to DDEV

The new installer supports:

• WSL2 Docker-CE
• WSL2 Docker Desktop and Rancher Desktop
• Traditional Windows installation

See It In Action

Watch me transform a fresh Windows machine into a fully functional DDEV development environment in about 10 minutes:

What you'll see:

• Starting from a Windows machine without WSL2
• Complete WSL2 and Docker CE setup
• DDEV installation and first project

This setup process is detailed in Get Started - Windows and explained further in the official docs.

Ready to Try It?

🚀 Download the new Windows installer

Cross-Platform Compatibility: DDEV works the same on macOS, Linux, Traditional Windows, and WSL2, see Getting Started. Your whole team can work on their preferred environment instead of fighting about it. It supports development of so many different web environments, so you're not stuck with using different tools for different CMSs.

Support the Project: DDEV is fully open-source and free to use, and run by the nonprofit DDEV Foundation. We ask you to help make us a sustainable project by sponsoring yourself or getting your organization to sponsor the project. Sponsor us on GitHub.

Questions? Issues? We're here to help:

• 💬 Contact our team
• 📖 Simple installation docs
• 📖 Full installation docs

Have you signed up for the monthly DDEV Newsletter? We'd love to have you.

The best technology is designed to meet real world needs of organisations. Doing so ensures the impact technology can generate is maximised. Drupal is used by a wide range of end users and we want to ensure our roadmap for AI is well informed by end users.

For this reason today we invite you to participate in a short survey to communicate what capabilities your organisation values the most, a unique opportunity to have a direct influence on where we focus our investment. 

Not only this, we want to hear through this survey what use cases you have for AI. If you have barriers in place slowing AI adoption what are these and therefore how can we deliver solutions which break down these barriers?

With just a few minutes of your time, participation in the survey will be instrumental in informing our approach but in the near future and long term.

Make sure your views are considered, help shape the future of AI, take part in the survey today.

Take the Survey

Analysis of survey results will be shared on Drupal.org in an anonymised format. Your contact information will not be shared or used for any other purpose other than directly related to the survey.

To receive an update when the survey results are available sign up to our newsletter, follow us on LinkedIn.

Thank you!

Today we are talking about The Member Platform, Why it was created, and How you can get involved with guest JD Leonard. We’ll also cover Profile as our module of the week.

For show notes visit: https://www.talkingDrupal.com/512

• Introduction to Member Platform
• Member Platform: Origin and Vision
• Member Platform Features and MVP
• Post-MVP Vision and Challenges
• SaaS Solutions and Drupal Forge
• CRM Project and Member Platform Vision
• Evaluating CRM Options
• Integrating External CRMs with Drupal
• Targeting Different Market Segments
• Current Progress and Future Plans
• Community Involvement and Contributions
• Getting Involved with Member Platform

• Member Platform
  • https://www.drupal.org/project/member
  • Drupal Slack #member-platform
  • Sign up for Member Platform news
• CRM
  • https://www.drupal.org/project/crm
  • Drupal Slack #crm
• Drupal forge
• Drupito
  • https://debugacademy.com/
  • https://drupito.com/
• Erpal
• CRM Core
• CIVICRM
• Contributors to Drupal Core

Nic Laflin - nLighteneddevelopment.com nicxvan John Picozzi - epam.com johnpicozzi JD Leonard - jdleonard

Martin Anderson-Clutz - mandclu.com mandclu

• Brief description:
  • Have you ever wanted to store user information in one or more configurable profiles, independent of the user entity itself? There’s a module for that.
• Module name/project name:
  • Profile
• Brief history
  • How old: Project created in Oct 2015 by bojanz (boy-yan Z), but seems to originate in code that was in the 4.0.x branch of Drupal core. Recent releases are by Jonathan Sacksick (jsacksick) or Centarro
  • Versions available: 8.x-1.12, which supports Drupal 9, 10, and 11
• Maintainership
  • Actively maintained
  • Security coverage
  • Test coverage
  • Number of open issues: 125 open issues, 53 of which are bugs
• Usage stats:
  • 34,338 sites
• Module features and usage
  • Profiles are conceptually separate from the user account, and users will even edit their profile in a separate tab, which is a pretty common pattern
  • A site can have multiple profile types, and then use permissions and roles to determine who can create which kind of profile
  • Profile forms can optionally be shown during registration
  • Profile fields can also be set as private, meaning that the value will only be visible to the user and site admins
  • By default profiles will be displayed on the user’s view page, and this can be configured in the “Manage Display” tab on accounts
  • Profiles are also optionally revisionable
  • The project page also notes that profiles are not currently translatable, but there is an issue with a patch, so you can try that if it’s a requirement for you

Drupal has attempted to package reusable site builds before, remember distributions? Most of them either broke over time, went stale, or required more effort to customise than starting fresh. The new Template Marketplace looks smarter on paper, leaner “site recipes,” less overhead—but there’s still a real risk of history repeating. A template that works great today could still fall apart in two years if it is not maintained. If there’s no clear accountability for updates, we’re just shuffling the same deck.

For agencies, though, this might open a door that’s been closed for years: a way to productize their internal boilerplates. Agencies already build site kits in-house to speed up work. If the marketplace makes it viable to share (or sell) those setups in a standardised format, they could stop reinventing the wheel on every project. But this only works if the process to publish and support templates is dead simple and scoped because no one wants to sign up for extra maintenance overhead.

And let’s be real: Drupal needs this to help new users stick around. Right now, too many devs bounce after install because it feels like getting a toolbox with no instructions. A solid set of community-maintained templates could finally give people a usable starting point. Unless there’s a clear plan for upkeep and trust, the marketplace could fade into something people stop relying on.

INTERVIEW

• The AI Guy from QED42: Alphons Jaimon in Talks with TDT

DISCOVER DRUPAL

• Drupal Community Pulls Fabricated Form API Article from Planet Drupal

• Drupal AI 1.2.0-alpha1 Released and Open for Testing

• Drupal Views Infinite Scroll Module Introduces Page Control Feature

• BackupScale Releases Drubernetes Terraform Module for Drupal on Kubernetes

• Paul Taylor Launches Docker Development Environments for WordPress and Drupal

• Drupal 10 Support Extended to December 2026; Deprecations Deferred to Drupal 13

EVENTS

• AI Webinar: How to Choose the Right Tools for Content and Marketing – July 24

• SouthWestern Ontario Drupal Camp Scheduled for October 24, 2025

• Call for Training Proposals for DrupalCon Chicago 2026

• DrupalCamp Spain 2025 Opens Call for Volunteers Ahead of September Event

• PNW Drupal Summit 2025 Tickets Now Available – Early Bird Discounts, Student Rates, and More

• Call for Speakers: New England Drupal Camp 2025 Opens Session Proposals

• DICTU Hosts Cooperation Day for GIDD Social Intranet in Zwolle

ORGANIZATION NEWS

• Symfony Launches Symfony AI Initiative for PHP Developers

SECURITY

• HIPAA & ISO 27001 Compliance for Enterprise Websites in 2025

We acknowledge that there are more stories to share. However, due to selection constraints, we must pause further exploration for now.

To get timely updates, follow us on LinkedIn, Twitter and Facebook. You can also join us on Drupal Slack at #thedroptimes.

Thank you, 
Sincerely 
Kazima Abbas
Sub-editor, The DropTimes. 

DrupalCon Chicago will be held next year from 23-26 March 2026 in Chicago, Illinois!

Historically, DrupalCon North America has been the largest gathering of Drupalists worldwide. We seek to offer a program that captures the community's excitement and makes good things happen!

Call for Speakers is now open

Do you have Drupal knowledge to share? We invite you to submit your session! Contributing your voice and expertise drives Drupal's continued evolution and success.

Submit your session proposal!

The Call for Speakers submission deadline is Friday, 26 September at 23:59 UTC.

Speaker Resources

When it comes to planning your session, we have many resources available, including session checklists and presentation support. Visit the Speaker Resources page to view all of the available resources. We especially welcome submissions from speakers with diverse backgrounds and expertise! We highly encourage everyone to submit, including those who have not spoken at DrupalCon before.

Do you have questions about speaking at DrupalCon Atlanta? Send them to speaking@association.drupal.org. You can also get tips and request session feedback from fellow community members anytime in the #session-help on Drupal Slack.

We cannot wait to see YOU in Chicago!

In a constantly evolving digital world, being strategic about where to focus the social media efforts is essential for effective community building and outreach. At the same time, it is also important to choose the platforms that align with the values of the community being represented. This has been a growing conversation within the Drupal community, especially around the ethical use of platforms. You can read more about the community’s discussions and perspectives here.

After reviewing the engagement metrics and audience reach across platforms, we're implementing a tiered approach that balances our commitment to Drupal's values of openness, inclusiveness, and digital freedom with our responsibility to grow the Drupal ecosystem and serve our global community effectively.
We are choosing to focus our resources where we can create the most meaningful engagement and build genuine community connections. This approach allows us to be more responsive, create better content, and foster stronger relationships with our community.

The Platform Choices Explained

Here’s how we are approaching each platform going forward:

Preferred Platform: LinkedIn

LinkedIn is going to be the primary platform for community communication. After analyzing our performance data, LinkedIn consistently delivers our strongest engagement rates and reaches our core professional audience most effectively.

As a professional platform, LinkedIn allows us to share updates, highlight community achievements, showcase member contributions, and connect with developers, decision-makers, and organizations across the Drupal ecosystem.

Emerging Preferred Platforms: Mastodon & Bluesky

As open source advocates, we are enthusiastic about the platforms Mastodon and Bluesky. These are decentralized, community driven and privacy conscious platforms that align with the Drupal community values.

We will be doing focused growth efforts on these platforms for the upcoming six months. If either platform reaches 5,000 followers during this period, we'll promote it to preferred platform status alongside LinkedIn. We're optimistic about their potential to become key channels for our community.

Instagram & Facebook

While Instagram and Facebook will be a conscious choice for selective updates, we recognize their strengths in visual storytelling and broad audience reach. They serve better as amplifiers rather than primary communication channels.

We'll maintain selective engagement on these platforms for:

• Event promotions and DrupalCon marketing
• Product announcements and major initiative updates
• Reaching audiences who may not be active on our preferred platforms
   

Transitioning from X/Twitter

After reviewing engagement data and platform dynamics, we're transitioning away from regular posting on X (formerly Twitter). 

Our existing presence will be maintained to direct our followers to our preferred platforms, helping facilitate community migration while preserving connections with our established audience.

Channels We Manage

The Drupal Association manages social media accounts for multiple brands within its ecosystem:

• Drupal: Our primary project accounts focusing on product news, project updates, community news, and developer resources
• Drupal Association: Organizational updates, partnership announcements, and community support initiatives
• DrupalCon: Event-specific marketing, speaker highlights, and attendee engagement
   

Moving Forward

This strategic approach ensures we can maintain effective community communication and product marketing while being thoughtful about where we invest our time and resources. By focusing our efforts on platforms where we can create the most value, we're better positioned to serve our global community and promote Drupal's mission of building the open web.

Follow us on

Preferred Platforms

LinkedIn

Drupal

https://www.linkedin.com/company/drupal-project

Drupal Association

https://www.linkedin.com/company/drupal-association

DrupalCon North America

https://www.linkedin.com/company/drupalcon-north-america

YouTube

Drupal Association

https://www.youtube.com/@DrupalAssociation

Emerging Preferred Platforms

Mastodon

Drupal

https://mastodon.social/@drupal

Drupal Association

https://mastodon.social/@drupalassoc

DrupalCon North America

https://mastodon.social/@drupalcon

Bluesky

Drupal (brand new)

https://bsky.app/profile/drupalofficial.bsky.social

Drupal Association

https://bsky.app/profile/drupalassociation.bsky.social

DrupalCon North America

https://bsky.app/profile/drupalcon.bsky.social

Other Platforms

Instagram

Drupal Association

https://www.instagram.com/drupalassociation/

DrupalCon North America

https://www.instagram.com/drupalcon/

Facebook

Drupal

https://www.facebook.com/DrupalOpenSource/

DrupalCon North America

https://www.facebook.com/DrupalCon