On Monday 18th July 2016 Drupal 8 will receive a critical patch to the system. Instead of Drupal itself, this issue is a part of a third party library that Drupal uses Normally the Drupal security team releases patches on Wednesdays, but in this case it has been moved to Monday. There will be no releases on the upcoming Wednesday, July 20th.
The issue at hand is the Guzzle library, which in turn stems from a much larger issue, now known as httpoxy which is a low level issue in how FastCGI and PHP-CGI work together:
Drupal is a popular open source content management system (CMS) that is used by hundreds of thousands of websites. Drupal relies heavily on third party modules to extend functionality. On July 13th 2016 a number of critical patches will be released to modules that are often used with Drupal to expand functionality in the following modules:
Angular is a popular framework for creating front end web applications. These run in the browser and provide great experiences for headless CMS scenarios and custom web applications alike. Together with server side rendering coming in Angular 2, it is perfect for building fluent content experiences on Drupal 8 REST APIs.
GraphQL is a high level communication protocol that can be used as an alternative to REST APIs. Ever since the keynote DrupalCon 2015 in Barcelona the interest in GraphQL has increased in the Drupal community. GraphQL is a great match for Drupal as the use of Drupal as a headless CMS continues to rise.
Apple is hard at work for making it's entry to the Search industry. It's crawler, AppleBot is now scouring the web for results and you may have seen this in your server logs:
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/600.2.5 (KHTML, like Gecko) Version/8.0.2 Safari/600.2.5 (Applebot/0.1; +http://www.apple.com/go/applebot)
RESTful interfaces and headless implementations have been on the minds of developers and less technical people alike. This has been the state for a number of years now and frankly the REST hype is getting a bit long in the tooth.
While REST is a technology with merits, the problem is that REST is only used as a baseline technology definition in most cases. There is no specific definition on what a REST API is, that's why many resort to calling them RESTful - to describe that they sort of fulfil the definition. But without knowing exactly what is meant by REST, it's hard to say.
JWT (JSON Web Token) is a contemporary authentication method that is gaining popularity. Instead of sending back and forth cookies with each request, the JWT token is stored by the client and then sent to the server on each request.
Once the server receives the request with a token in the headers, then it is validated and the server then acts depending on if the user is considered valid or not. This is very commonly needed when working with a decoupled setup using GraphQL or RESTful APIs with rich front ends built with technologies such as Angular or React.js.