Updates for critical vulnerabilities in Drupal 8

Submitted by dryer on Wed, 09/21/2016 - 03:42

The Drupal security team has announced critical updates in the Drupal software. Related to comment visibility, cross site scripting and unauthorised export of all configurations:

For the comments editing a user without the permission to administer comments the visibility of nodes can be set. Whoever has rights to edit a node can also change the visibility of comments for that node. This issue is not critical.

Drupal and CQRS/ES (Command Query Responsibility Segregation and Event Sourcing)

Submitted by dryer on Sat, 09/17/2016 - 08:10

Drupal is a very popular content management framework that is used for all kinds applications. With global web applications and sites relying on Drupal, performance is one question that is often pops up. Most of the performance techniques for scaling out Drupal have to do with optimising the infrastructure.

For read performance additions high performance Java-based solutions like Elastic search and Drupal are used to improve performance. These advantage technologies offer superior performance for querying data over the baseline PHP and MySQL solutions that Drupal is founded on.

How to install Drupal on Windows Subsystem for Linux (WSL/Ubuntu)

Submitted by dryer on Sun, 08/07/2016 - 10:11

Windows 10 can now run a native Linux shell using a novel technology. Previously running PHP applications like Drupal was cumbersome under the world's most popular desktop operating system, but with the Windows Subsystem for Linux developers can enjoy a near-native Ubuntu shell within Windows.

Drupal 8: Critical vulnerability in Guzzle library / httpoxy (PSA-2016-002)

Submitted by dryer on Mon, 07/18/2016 - 06:32

On Monday 18th July 2016 Drupal 8 will receive a critical patch to the system. Instead of Drupal itself, this issue is a part of a third party library that Drupal uses Normally the Drupal security team releases patches on Wednesdays, but in this case it has been moved to Monday. There will be no releases on the upcoming Wednesday, July 20th.

The issue at hand is the Guzzle library, which in turn stems from a much larger issue, now known as httpoxy which is a low level issue in how FastCGI and PHP-CGI work together:

Highly critical vulnerabilities allowing remote code execution in Drupal

Submitted by dryer on Wed, 07/13/2016 - 06:17

Drupal is a popular open source content management system (CMS) that is used by hundreds of thousands of websites. Drupal relies heavily on third party modules to extend functionality. On July 13th 2016 a number of critical patches will be released to modules that are often used with Drupal to expand functionality in the following modules:

Drupal and WordPress tech stacks diverge to PHP and JavaScript

Submitted by dryer on Fri, 07/08/2016 - 21:00

WordPress and Drupal are both very popular Content Management Systems (CMS) that power large parts of the internet. The two projects share quite a few things. They were started early in the 2000's and have grown to be large players in a market that used to be owned by Proprietary Software.

When is Angular 2 released? Can I start headless Drupal projects today?

Submitted by dryer on Sun, 06/19/2016 - 15:07

Angular is a popular framework for creating front end web applications. These run in the browser and provide great experiences for headless CMS scenarios and custom web applications alike. Together with server side rendering coming in Angular 2, it is perfect for building fluent content experiences on Drupal 8 REST APIs.


Introduction to GraphQL for Drupal Developers

Submitted by dryer on Sat, 06/18/2016 - 11:10

GraphQL is a high level communication protocol that can be used as an alternative to REST APIs. Ever since the keynote DrupalCon 2015 in Barcelona the interest in GraphQL has increased in the Drupal community. GraphQL is a great match for Drupal as the use of Drupal as a headless CMS continues to rise.

Headless CMS

Submitted by dryer on Sat, 06/18/2016 - 10:23

Content Management Systems (CMS) are the most popular type of software powering websites. As the name clearly states they are used to create and manage information of all types. Content is no longer limited to being just text, but video and sound as well.

Search Engine Optimisation (SEO) for Applebot

Submitted by dryer on Thu, 06/16/2016 - 19:14

Apple is hard at work for making it's entry to the Search industry. It's crawler, AppleBot is now scouring the web for results and you may have seen this in your server logs:

Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/600.2.5 (KHTML, like Gecko) Version/8.0.2 Safari/600.2.5 (Applebot/0.1; +http://www.apple.com/go/applebot)