Drupal

Drupal vs. WordPress: Which CMS Is Right For You?

While most people are happily browsing their favorite websites and content across the web, a relatively unknown yet important competition is happening between the major web CMSs. If you are a web developer, you have a stake in this competition, because it has a significant impact on how your website is perceived by the world.

Drupal 9 will be released in 2020, shares Dries Buytaert, Drupal’s founder

At Drupal Europe 2018, Dries Buytaert, the founder and lead developer of the Drupal content management system announced that Drupal 9 will be released in 2020. Yesterday, he shared a much detailed timeline for Drupal 9, according to which it is planned to release on June 3, 2020.

The Long Road to Drupal 9

When Drupal 9 is released, it will be the first major release since sematic versioning and six-month minor release cycles were adopted. When exactly Drupal 9 might get released has only been lightly discussed so far, and while it will likely still be some way off, the earlier we talk properly about it, the better prepared everyone will be when it happens.

 

Tags

Drupal patches vulnerability in Symfony library

Drupal issued an update to patch a vulnerability in its Symfony library that if exploited would give an attacker to gain access to higher level caches and web servers.

The issue, CVE-2018-14773, effects many Symfony versions, 2.7.0 to 2.7.48, 2.8.0 to 2.8.43, 3.3.0 to 3.3.17, 3.4.0 to 3.4.13, 4.0.0 to 4.0.13 and 4.1.0 to 4.1.2 versions of the Symfony HttpFoundation component. This issue is resolved by updating to 2.7.49, 2.8.44, 3.3.18, 3.4.14, 4.0.14, and 4.1.3.

That Drupal bug you were told to patch weeks ago? Cryptominers hope you haven't bothered

A set of high-severity vulnerabilities in Drupal that were disclosed last month are now the target of widespread attacks by a malware campaign.

Researcher Troy Mursch of Bad Packets Report has spotted hundreds of compromised Drupal sites being used to host "cryptojacking" malware that uses the CPUs of visitors to mine cryptocurrency via CoinHive.

Patch Drupal now: Yet another critical website bug found – a sequel to 'Drupalgeddon2'

Patch Drupal now: Yet another critical website bug found – a sequel to 'Drupalgeddon2'

After scrambling to patch a critical vulnerability late last month, Drupal is at it again.

The open source content management project has issued an unscheduled security update to augment its previous patch for Drupalgeddon2.

There was also a cross-site scripting bug advisory in mid-April.

 

Hackers Don't Give Site Owners Time to Patch, Start Exploiting New Drupal Flaw Within Hours

Hackers Don't Give Site Owners Time to Patch, Start Exploiting New Drupal Flaw Within Hours

 

Five hours after the Drupal team published a security update for the Drupal CMS, hackers have found a way to weaponize the patched vulnerability, and are actively exploiting it in the wild.

This vulnerability should not be confused with Drupalgeddon 2 (CVE-2018-7600), another Drupal CMS security issue patched last month, which is also heavily exploited. This issue —tracked as CVE-2018-7602— was patched today.