Drupal Resources

Drupal Resources

Drupal Security Advisories

Project: BibleDate: 2018-January-17Security risk: Critical 17∕25 AC:Basic/A:User/CI:Some/II:All/E:Proof/TD:AllVulnerability: Multiple Vulnerabilities Description: 

This module enables you to display a Bible on your website. Users can associate notes with a Bible version.

This module has a vulnerability that would allow an attacker to wipe out, update or read notes from other users with a carefully crafted title.

A user must have the "Access Bible...

Project: Node View PermissionsVersion: 8.x-1.x-dev7.x-1.x-devDate: 2018-January-10Security risk: Moderately critical 14∕25 AC:None/A:None/CI:Some/II:None/E:Theoretical/TD:DefaultVulnerability: Access BypassDescription: 

The Node view permissions module enables the "View own content" and "View any content" permissions for each content type on the permissions page.

This module has a vulnerability that allows users with these...

Project: StacksDate: 2018-January-10Security risk: Critical 18∕25 AC:None/A:None/CI:Some/II:Some/E:Theoretical/TD:AllVulnerability: Arbitrary PHP code executionDescription: 

This module enables content editors to create complex pages and layouts on the fly without the help from a developer, using reusable widgets.
The module does not sufficiently filter values posted to its AJAX endpoint, which leads to the instantiation of an arbitrary PHP class.

Recent Article

This articles features links and information from the Peerless design Security presentation from various Drupal Camps in the Eastern US. Audio from New Jersey's impromptu presentation can be found on the Drupal Camp NJ site for 2014. The PDF version contains all info removed to accommodate time constraints. The entire presentation is available in a white paper available here.

Drupal Weekly Drop

Issue 321 - January, 11th 2018
Issue 320 - January, 4th 2018
Issue 319 - December, 14th 2017 Hard to believe 2017 is coming to an end. This is the last newsletter for the year and I want to thank you all for making it a good one.

Planet Drupal

How to update Drupal 8 core?

Let's see how to update your Drupal site between 8.x.x minor and patch versions. For example, from 8.1.2 to 8.1.3, or from 8.3.5 to 8.4.0. I hope this will help you.

  • If you are upgrading to Drupal version x.y.z

           x -> is known as the major version number

           y -> is known as the minor version number

           z -> is known as the patch version number.


Direct .mp3 file download.

David Rogers, Senior Front End Engineer at Pendo.io, joins Mike Anello to discuss from a Drupal-specific standpoint. They discuss the road to the Drupal community selecting React for use in Drupal core, when a typical Drupal developer should start thinking about React, and what the best first steps are for learning it.


Thank you to the 1,670 people who joined us at DrupalCon Vienna!

So many volunteers! So many sandwiches! We had a wonderful time in Vienna and can't wait to see you all for DrupalCon Europe 2019.

Until then - we hope to see you in Nashville 2018.

What our clients are saying