drupal

With the current Drupal CMS work tracks well on the way to delivering for v1, we're planning ahead to define what's next on the roadmap. We also have a few tracks that were already in progress for v1, but never formally announced.

As we move beyond the basics of a CMS, things get complicated quickly! So several of these tracks are somewhat open-ended, and likely require multiple approaches or solutions.

Tracks already in progress

Project Browser

Project Browser is an ongoing initiative, to make it easy for site builders to find modules from within their Drupal sites, led by Leslie Glynn and Chris Wells Redfin. After several years of foundational work, the functionality is now working with a live API endpoint from drupal.org providing the module information. 

Since Project Browser is a critical part of the builder experience for Drupal CMS, we're formally adding it as a work track to recognize that and ensure it is aligned with the product strategy and other work tracks. If you're looking for a way to contribute to Drupal CMS, join the #project-browser channel on Slack for the latest.

Workspaces as content moderation

Drupal core has long provided tools for configurable content workflows, via the Workflows and Content moderation modules. In the meantime, the Workspaces module has become stable, and provides a more scalable method for staging content changes. Experience Builder will require workspaces to provide true content staging, because within XB a user can make changes to a number of different components at once, and content moderation does not allow for this. But right now, the complexity of workspaces makes it challenging for the most basic content moderation use cases.

The team from Tag1 already had a plan to completely replace content moderation with workspaces, and have now committed to delivering this functionality for inclusion in Drupal CMS. The goal of this track is to provide an experience similar to content moderation, where you can edit a single entity and create a draft, using workspaces but without exposing this to the user. So under the hood, workspaces is providing the draft/forward revision, but the user has no direct interaction with the workspace.

Telemetry

Telemetry is a crucial part of modern software development to provide information about how real-world users interact with a software application. Drupal has not integrated a formal telemetry system in the past, but Drupal CMS is a great opportunity both to try a telemetry system, and to take advantage of the insight it provides to rapidly improve the product.

We formed a working group to look into options for telemetry for Drupal CMS and have an early proposal for this now. Ideally, we will include some basic capability in the initial release, but would like to recruit a track lead to oversee this work ongoing, after the initial release.

If you are interested in taking the lead on this track, please apply here.

New tracks we're recruiting for

Content import / migration

Enabling users of other platforms to easily migrate their sites to Drupal is critical to delivering on the Starshot strategy. Drupal's migration tools provide a robust foundation, but this is a huge task to undertake, and may require more than one approach. 

So this track may split off into several different efforts. For example, there may be a simple import solution for basic sites that have a structured data source. Another might offer a migration via site scraping. And another might provide a jumping off point for more complex migrations. Rather than prescribing the approach, we are open to all proposals.

If you are interested in proposing a solution for this, please apply here.

Tours

Drupal has long had the capability to add tours, which are guided overviews of the site interface, via the Tour module. These guided tours are practically universal in our competitor products, and will be key to onboarding new Drupal users.

Several Drupal CMS recipes have provided or plan to provide a tour of the functionality they provide. In order to ensure that the tours provided by Drupal CMS are consistently applied and executed, we are seeking a lead to oversee this aspect of the product. This role is non-technical in nature, and requires skills in user experience, training, content writing and product design. The aim with tours will be to use them only where necessary, and not as a workaround for other fundamental UX improvements.

If you are interested in taking the lead on this track, please apply here.

Identity management / SSO

In user interviews with a number of people in our target person, they highlighted identity management and single-sign as a pain point with other platforms. Given Drupal's robust integration options, we feel this is an area where we can differentiate from our competitors, whose offerings may be more limited. But with flexibility comes complexity, and anyone who has tried to set up SSO in Drupal probably knows that it's not usually plug-and-play.

Part of the complexity is the wide range of providers, each with potentially different requirements. The Drupal CMS leadership team is currently undertaking an analysis of key integrations of all kinds, with a focus on user management, to formulate an approach to this that likely will open up one or more work tracks to build or refine the necessary functionality.

If you are interested in proposing a solution for this, please apply here.

Content translation tools

Drupal’s multilingual capabilities are robust, but there is an opportunity to make these tools even more accessible and efficient for content creators managing global audiences. This track focuses on enhancing Drupal’s translation and localization features to streamline content creation and support internationalization needs.

To achieve this, we could explore areas such as UX improvements to simplify translation workflows, AI-driven translation suggestions, integration with translation memories, notifications when content changes require re-translation, and more. Additionally, we can explore refining approval workflows and optimize the interface for managing multilingual content, making Drupal a more powerful, user-friendly platform for international sites.

If you are interested in proposing a solution for this, please apply here.

Front end design system

We are seeking strategic partners interested in designing and implementing a comprehensive design system to integrate with Experience Builder for Drupal CMS. The goal for this initiative is to create a modern and versatile design system that provides designers and front-end developers tools to accelerate their adoption of Drupal as their digital platform, by enabling them to easily adapt it to their own brand. This design system will enable content marketers to efficiently build landing pages and campaigns, allowing them to execute cohesive marketing strategies while maintaining the brand integrity.

More information on this track, including timelines and how to apply, is available in the full brief.

Conclusion

Each of these work tracks is aligned with the goals of the Starshot strategy, which aims to make Drupal CMS the go-to platform for marketers and content creators. 

The tracks we are recruiting for are not expected to be included in the initial 1.0 release of Drupal CMS. That said, development on these tracks could start soon, with target completion in the first half of 2025.

For those looking to apply or contribute, join us on Slack to connect with existing track leads or reach out to the Drupal CMS leadership team with questions. You can also follow developments in the Drupal.org issue queue.

LocalGov Drupal week + code contributions + getting elected on to the board of Open Digital Cooperative. It's been a busy week.

Authored by Nadiia Nykolaichuk.

AI is shifting our perception of the impossible. It does things that past generations would have never imagined. Indeed, it has long since become a routine to ask AI assistants to play music, turn on the lights, or even order groceries. With the advance of generative AI, boosting content management through various AI-driven tasks has also become increasingly common.

Authored by Nadiia Nykolaichuk.

Drupal modules often come with creative, inspiring names, and some even sound downright delicious. Join us on a culinary adventure through modules inspired by foods, and discover the rich features they can bring to your site! Each tool in this collection is powerful enough to supercharge your website’s capabilities, adding its own unique blend of flavors, nutrients, and zest.

The Drupal Association has published this guest blog on behalf of HeroDevs.

At HeroDevs, we’re no strangers to the importance of security—especially when it comes to open-source software. As the pioneers of securing deprecated open source software across various communities like AngularJS, Vue, and Spring, we’re excited to bring our expertise to the Drupal 7 ecosystem. We understand the challenges and vulnerabilities that come with maintaining legacy software, and our goal is to ensure your Drupal 7 websites remain secure, compliant, and fully functional for the long term.

Guaranteed SLA for Security and Compliance

When it comes to security vulnerabilities, having a guaranteed response is crucial for your business. HeroDevs offers a dedicated SLA that ensures your systems receive timely attention and resolution. Our service helps you stay compliant with important regulations such as FedRAMP, PCI, HIPAA, and SOC II. With HeroDevs, your business is backed by proactive security measures, so you never have to worry about delayed responses to critical security needs.

Reliable Terms & Conditions Throughout Your Subscription

We know how important stability and reliability are for businesses managing content management systems such as Drupal 7. That’s why our terms and conditions are mutually agreed upon and remain unchanged throughout your Subscription Term. With HeroDevs, you can rely on consistent, dependable support without the worry of unexpected changes to your agreement.

Guaranteed Subscription Term: No Termination for Convenience

Another aspect that sets HeroDevs apart is our Guaranteed Subscription Term. Unlike other providers, HeroDevs cannot terminate your subscription for convenience. This ensures that you receive full, uninterrupted service for the entire duration of your agreement, so you can have peace of mind knowing your Drupal systems are in safe hands for as long as you need them to be.

Warranties and Indemnification: Protecting Your Business

At HeroDevs, we stand behind the services we provide. Our subscription includes warranties and indemnification to ensure that the security services you receive are up to standard. Should anything go wrong, you’re covered—not just with fixes, but with assurances that keep your business protected.

Why Partner with HeroDevs for Drupal Support?

By choosing HeroDevs, you’re partnering with a team of security professionals with a proven track record across various open-source communities. We’re committed to helping your business meet compliance standards, avoid costly security incidents, and maintain seamless functionality—all with the added benefit of faster support and more secure systems.

Contact us to learn more about Drupal 7 NES.

The Summary

To ensure Drupal’s stability and independence, the project is managed through a well-established, transparent governance system. Dries Buytaert, the Founder and Project Lead, helped design a model that distributes power and prevents any single person or entity — even himself — from making unilateral decisions that could alter the project unexpectedly. The independent Drupal Association oversees Drupal.org and other key infrastructure, free from commercial pressures. This approach ensures that Drupal.org is reliable and creates a fair playing field for all contributors, embodying true open-source leadership.

Just as the Drupal software has grown and changed significantly over its 23-year history, so has its governance. And, while there’s always room for improvement, it is safe to say that Drupal’s seasoned governance is what allows it to be one of the largest, independent open source projects in the world. 

The Detail

Dries Buytaert, as the founder and project lead, ultimately guides the direction of Drupal, and is responsible for shaping the project’s philosophy and core principles. 

While Dries started Drupal on his own, he has helped evolve the governance model over the years to be mature and resilient.  To help govern the project's technical aspects, Dries established the core committer team and other supporting groups. To  oversee non-technical areas, he co-founded the Drupal Association. These initiatives were intentional efforts to scale and strengthen Drupal’s governance.

On the technical side, the governance model for Drupal core is very mature, as described in the Drupal Project Governance. Technical decision-making is distributed among the core committers and other maintainers, promoting a transparent, structured, and collaborative approach to managing Drupal core.     

Many other aspects of Drupal governance are managed by the Drupal Association, which is a U.S. 501(c)3 nonprofit organization formed in 2008 to support the Drupal project and the Drupal community.  I am currently the Chief Executive Officer of the Association.  Our mission is to drive innovation and adoption of Drupal as a high-impact digital public good, hand-in-hand with our open source community.  A fundamental obligation of the Drupal Association is to ensure that Drupal is available to anyone, anywhere in the world free of charge.  We primarily accomplish this task through Drupal.org.

The Drupal Association is a bona fide non-profit organization (not a pass-through), with assets of just over $3 million and an operating budget of over $4 million. We publish our finances annually (see: Find the reports in the Accountability section of D.org).  The Association is not controlled or funded by any single entity nor does it pass revenues onto another entity.  The Association’s revenue comes from hundreds of organizations and thousands of individuals.  No single financial contributor accounts for more than 10% of our revenue. This diverse support base prevents any one entity from having too much influence.

The Drupal Association employs a full-time team of 19 professionals located throughout the world.  These people include engineers, marketers, accountants, communication staff, and program administration team members.  I say all this to demonstrate that we have the capacity to legitimately, and independently, carry out our mission.

The Drupal Association owns and controls important components of the Drupal ecosystem that allow Drupal to be one of the largest independent FOSS projects in the world.

The Drupal Association owns and/or controls the infrastructure that powers Drupal.org.  The Drupal Association has complete control over who accesses Drupal.org, how they access it, and what they can do when accessing it.  These are covered by our Terms of Service.

In administering Drupal.org, the Drupal Association controls a number of services, including:

• The database of Drupal.org users/project contributors
• A self-hosted GitLab instance that includes all of the Drupal code repositories for core and contrib, testing with GitLab CI and documentation through GitLab Pages
• Drupal software packaging (the actual .zip and .tar.gz files containing Drupal code)
• Drupal Updates (the Updates.xml feed, Automatic Updates endpoint, Secure Signing server, and Packages.Drupal.org- the composer endpoint for Drupal projects).
• The Drupal namespace on GitHub
• The Drupal namespace on Packagist
• The Drupal namespace on NPM
• The Drupal Infrastructure namespace on gitlab.com (separate from our self-hosted instance)
• The contribution credit system
• Usage data about Drupal core and extensions

The Drupal Association also owns and controls the primary means by which the community communicates and gathers.  We organize DrupalCons and manage Drupal Slack.  We issue The Drupal Association Newsletter and TheWeeklyDrop (together with Bob Kepford).  We control and manage Mastodon, X/Twitter, YouTube, LinkedIn (Drupal, Drupal Association, Drupal Jobs), Facebook, Instagram, and TikTok.

Drupal has the Maker/Taker Problem that nearly all open source projects face.  There are companies that profit off Drupal who don’t give back to help maintain the project.  The Drupal Association has chosen to address this issue by restructuring our Drupal Certified Partner program to focus exclusively on those companies that give back to the community.  The goal is to incentivize the creation of a culture of contribution within companies that work in Drupal that provide the Drupal Project with sufficient resources to innovate and grow.  There is always work to be done in creating a more equitable program, but it is beginning to work as we have more than doubled the number of Drupal Certified Partners in the past 15 months.

The Drupal Association is governed by a 12-person Board of Directors that meets several times a year, including two public meetings at DrupalCons.  Nine directors are selected by a Nominating Committee of the board and two directors are elected by members of the Drupal Association.  The final seat is the “Founding Director”.  This is a voting seat that can only be filled by Dries Buytaert.  Like all board seats, this is an unpaid, voluntary role that carries with it a single vote on the board.  It has to be approved annually by the Board of Directors. Except for the trademark licensing, the Drupal Association has no contracts or agreements with Dries Buytaert or the Drupal Project, and Dries receives no funding from the Drupal Association or its operation of Drupal.org.

Dries Buytaert owns the trademark “Drupal”.  He has transparently communicated the Drupal Trademark and Logo Policy by which these are governed.  Under the policy, any changes to the policy go into effect sixty (60) days after publication.  Dries Buytaert also owns the domain names “drupal.org”, “drupal.com” and “drupalcon.org”.

Dries has granted the Drupal Association an exclusive license to use “Drupal”, “Drupal.org”, and “DrupalCon” and a non-exclusive license to use Drupal for non-commercial uses.  This license allows the Drupal Association to support the Drupal Project by providing the infrastructure to host and maintain the official version of Drupal and to organize its contributors.  It also allows the Association to support the Drupal Community in their work with Drupal.

The net effect of this arrangement is that Dries Buytaert retains ultimate control over what software can be named “Drupal” and what website can be named “Drupal.org.”  He can thus ensure that any software that calls itself “Drupal” or website that uses “Drupal.org” conforms with his vision.  This would likely cause the Drupal Association to fork the software and maintain it under a new name and url.  The high cost of such an action to both parties makes this option highly unlikely and unable to execute quickly.

What the trademark does not allow him to do is to block any person or organization from using any component of Drupal core or any modules housed on Drupal.org.  Those decisions are the sole discretion of the Drupal Association.  To date, we have exercised this authority in a very limited manner to protect and safeguard the website and its content from attacks and misuse.

Twenty-three years ago, Dries chose to release Drupal under an open-source license, inspiring tens of thousands to build careers and champion an Open Web. However, fulfilling this vision required more than just a General Public License. By creating the Drupal Association, setting up Drupal core's governance, and licensing the trademark, Dries ensured Drupal remained open-source without commercial entanglements, securing a strong, independent foundation.

Along with Dries Buytaert and many contributors, the Drupal Association is focused on the future of Drupal (see: Starshot Initiative). How can we support its adoption through marketing and create sustainable revenue streams for Drupal to flourish?  These are tough questions that confront many open source projects.  Our governance allows us to move forward in this work with great certainty.

Integrating Drupal with other systems is a common part of creating or developing a website or web application. Although Drupal offers many tools to facilitate this process, encountering minor or major difficulties is simply inevitable. Based on our knowledge from several hundred projects for clients, we’ve compiled a list of the common problems. It’s worth familiarizing yourself with them to effectively avoid them and speed up the implementation of integration projects.

In an increasingly globalized world, businesses are turning to multilingual solutions to reach an international audience. Drupal 10 offers a powerful multisite architecture that allows you to manage multiple sites from a single installation, ideal for organizations with a global reach.

Previously, we wrapped up migrating configuration to match the content model we specified in our upgrade plan. Ready to start migrating content? Hang in there — it’s coming up next. But first, let's address one of the hardest issues to resolve when they arise - entity ID conflicts in content migrations.