On Wednesday we received an announcement that there were a number of contributed Drupal modules that had Remote code execution vulnerabilities.
According to the Drupal security team this would only affect around 1000-10,000 Drupal sites, this accounts for around 1% of all Drupal sites. From this we knew it wouldn't affect significant contrib modules, like Views, as they're fairly standard on most Drupal installations.
At 5pm BST yesterday, the following contrib module announcements were released:
In this blog post I'll discuss some methods of ensuring that your software is kept up to date, and some recent examples of why you should consider security to be among your top priorities instead of viewing it as an inconvenience or hassle.
Critics often attack the stability and security of Open Source due to the frequent releases and updates as projects evolve through constant contributions to their code from the community. They claim that open source requires too many patches to stay secure, and too much maintenance as a result.
In line with our constant strive to continually improve, we're on the path to ISO 9001 and 27001 certification.
As a lean, agile, and bureaucracy free outfit we had been quite content in self managing our methods and processes and not being held back with the weight of outdated and bloated standards; we left all that back in the 1990s surely? Then, for a large government body we were working with to migrate away from a traditional dedicated datacentre type setup to a container based bleeding edge type setup, an audit was commissioned to satisfy their own internal security department due to the lack of certification to prove our competence in this area.
Over the last couple of years, we have been using Codeception at Ixis for running automated acceptance tests during development work. Over this time we attempted to distil some of the ideas and abstract custom code into Codeception modules, which are all available on GitHub.
In learning about custom Drupal 8 module development, I found plenty of very simple field module examples, but none that covered how to store more than one value in a field and still have it work properly, so it's time to fix that.
Movements such as HTTPS Everywhere and Google’s initiative to ensure that all search queries and all Gmail actions are secured using HTTPS have challenged the concept that HTTPS is only needed for small sections of sites, such as payment gateways.
This months Northwest Drupal User Group (NWDUG) in Manchester had a lovely visit from a non developer to talk about how the Internet has changed his life and the challenges of using the Internet as a blind person.
Being blind since he was a child has meant that some activities weren't possible before the Internet became accessible to everyday people - such as reading the news or magazine articles. Now Sunil works with the Internet everyday at his job in the British Red Cross.