September 19th, 2017
Read our Roadmap to understand how this work falls into priorities set by the Drupal Association with direction and collaboration from the Board and community.
TLS 1.0 and 1.1 deprecated
Drupal.org uses the Fastly CDN service for content delivery, and Fastly has depreciated support for TLS 1.1, 1.0, and 3DES on the cert we use for Drupal.org, per the mandate by the PCI Security Standards Council. This change took place on 9 Aug 2017. This means that browsers and API clients using the older TLS 1.1 or 1.0 protocols will no longer be supported. Older versions of curl or wget may be affected as well.
Almost time for DrupalCon Vienna
DrupalCon Vienna is almost here! From September 26-29 you can join us for keynotes, sessions, and sprinting. Most of the Drupal Association engineering team will be on site, and we’ll be hosting a panel discussion about recent updates to Drupal.org, and our plans for the future.
We hope to see you there!
8.4.0 Alpha/Beta/Release Candidate 1
On August 3rd, Drupal 8.4.0 received its alpha release, followed on the 17th by a beta release, and on September 6th by the first release candidate. Several new stable API modules are now included in core for everything from workflow management to media management. Core maintainers hope to reach a stable release of Drupal 8.4 soon.
Improvements to Project Pages
We made a number of improvements to project pages in August, one of which was to clean up the ‘Project information’ section and add new iconography to make signals about project quality more clear to site builders.
In the same vein, we’ve also improved the download table for contrib projects, by making it more clear which releases are recommended by the maintainer, providing pre-release information for minor versions, and displaying recent test results.
Metadata about security coverage available to Composer
Developers who build Drupal sites using Composer may miss some of the project quality indicators from project pages on Drupal.org. Because of this, we now include information about whether a project receives security advisory coverage in the Composer ‘extra’ attribute. By including this information in the composer json for each project, we hope to make it easier for developers using Composer to ensure they are only using modules with security advisory coverage. This information is also accessible for developers who may want to make additional tools for managing composer packages.
Automatic issue credit for committers
Just about the last step in resolving any code-related issue is for a project maintainer to commit the changes. To make sure these maintainers are credited for the work they do to review these code changes, we now automatically add issue credit for committers.
Performance Improvements for Events.Drupal.org
With DrupalCon coming up in September we spent a little bit of time tuning the performance of Events.Drupal.org. We managed to resolve a session management bug that was the root cause of a significant slow down, so now the site is performing much better.
Syncing your DrupalCon schedule to your calendar
A long requested feature for our DrupalCon websites has been the ability to sync a user’s personal schedule to a calendar service. In August we released an initial implementation of this feature, and we’re working on updating it in September to support ongoing syncing – stay tuned!
Membership CTA on Download and Extend
We’ve added a call to action for new members on the Drupal.org Download and Extend page, which highlights some great words and faces from the community. Membership contributions are a crucial part of funding Drupal.org and DrupalCon, but much the majority of traffic we receive on Drupal.org is anonymous, and may not reach the areas of the site where we’ve promoted membership in the past. We’re hoping this campaign will help us reach a wider audience.
DrupalCI is one of the most critical services the Drupal Association provides to the project, and also one of the more expensive. We’ve recently added a very small section to highlight how membership contributions help provide testing for the project – and in the future we hope to highlight sponsors who will step up specifically to subsidize testing for the Drupal project.
More semantic labels for testing
In August we added more semantic labels for DrupalCI test configuration. This means that project maintainers no longer have to update their testing targets with each new release of Drupal, they can instead test against the ‘pre-release’ or ‘supported’ version, etc. More information can be found in the DrupalCI documentation.
Started PCI audit
In August we also began a PCI audit, and developed a plan of action to reduce the Drupal Association’s PCI scope. Protecting our community’s personal and financial information is critically important, and with a small engineering team, the more we can offload PCI responsibility onto our payment vendors the better. We’ll be continuing to work on these changes into the new year.
As always, we’d like to say thanks to all the volunteers who work with us, and to the Drupal Association Supporters, who made it possible for us to work on these projects. In particular we want to thank:
- Inclind Inc. – Renewing Premium Supporting Partner
- Blend Interactive – *NEW* Classic Supporting Partner
- PreviousNext – Renewing Classic Supporting Partner
- ADCI – Renewing Classic Supporting Partner
- GatherContent – *NEW* Premium Technology Supporter
- Datadog – Renewing Premium Technology Supporter
- HostPapa – *NEW* Classic Hosting Supporter
If you would like to support our work as an individual or an organization, consider becoming a member of the Drupal Association.