Decentral Digital Blog

News, facts, techniques, opinion and more.

WordPress 4.7.2 Security Release

WordPress 4.7.2 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately.

WordPress versions 4.7.1 and earlier are affected by three security issues:

The user interface for assigning taxonomy terms in Press This is shown to users who do not have permissions to use it. Reported by David Herrera of Alley Interactive.WP_Query is vulnerable to a SQL injection (SQLi) when passing unsafe data. WordPress core is not directly vulnerable to this issue, but we’ve added hardening to prevent plugins and themes from accidentally causing a vulnerability. Reported by Mo Jangda (batmoo).A cross-site scripting (XSS) vulnerability was discovered in the posts list table. Reported by Ian Dunn of the WordPress Security Team.An unauthenticated privilege escalation vulnerability was discovered in a REST API endpoint. Reported by Marc-Alexandre Montpas of Sucuri Security. *

Thank you to the reporters of these issues for practicing responsible disclosure.

Download WordPress 4.7.2 or venture over to Dashboard → Updates and simply click “Update Now.” Sites that support automatic background updates are already beginning to update to WordPress 4.7.2.

Thanks to everyone who contributed to 4.7.2.

Continue reading
366 Hits
0 Comments

What’s new on Drupal.org? - December 2016

Read our Roadmap to understand how this work falls into priorities set by the Drupal Association with direction and collaboration from the Board and community.

Our December update comes to you a bit later than our usual monthly posts, for all the usual practical reasons: holidays, vacations, and our staff retreat in early January. But also, because we've been reflecting on the past year, and planning for the year to come. You'll soon hear about our initiatives for 2017, but for now— let's dive into what we did in December.

Drupal.org updatesDrupalCon Baltimore

At the beginning of December we launched the full site for DrupalCon Baltimore, which is coming up April 24-28. For the first time, we launched the full event site including the call for papers, scholarship applications, and registration all on the same day.

Early bird pricing is available for a limited time, so we encourage you to register today.

Stable release of the Composer Façade

Drupal.org's support for Composer has been in development since the beginning of last year. We released the public alpha of our composer endpoints at DrupalCon New Orleans, and then entered beta over the course of this past summer. After a period of feedback, bug fixes, and further refinement with the help of core and contrib developers we announced the stable release of Drupal.org's composer support on December 21st.

Continue reading
364 Hits
0 Comments

Joomla! 3.7.0 Alpha 2 released

Details Published: 19 January 2017

We have now released the Alpha 2 version of the new 3.7 release. We moved the date a week to include some more features and now we think we have all features merged. That doesn't mean that all is perfectly running. There are issues to fix and we need a lot more testing. But we are thinking that the state is good enough that we can publish the version and ask for help in testing.

With the "Custom Fields" feature we had a good experience in merging it into a release early. Having it published and available for a larger group of people speeds up the process of making a feature better and solid.

The Joomla! 3.7.0 Alpha 2 Release has two new key features:Multilingual Associations Manager

This is a result of a GSOC project and some tweaks by Robert Deutz. The functionality is briefly explained here.

The Multilingual Associations Manager allows you to make translations from content into another language using one interface. Third-party extension developers can make their extensions ready for integrating this new feature.

Backend Admin Menu Manager

We had more than one attempt to extend our menu management to the admin area of the CMS. This time it looks as if we will have one in the next stable release. There is more work to do with this feature, but we have 11 weeks to go and we are sure we will make it happen.

Continue reading
395 Hits
0 Comments

Nominations are now open for the 2017 Aaron Winborn Award

The Drupal Community Working Group is pleased to announce that nominations for the 2017 Aaron Winborn Award are now open. This annual award recognizes an individual who demonstrates personal integrity, kindness, and above-and-beyond commitment to the Drupal community. It will include a scholarship and stipend to attend DrupalCon and recognition in a plenary session at the event.

Nominations are open to not only well-known Drupal contributors, but also people who have made a big impact in their local or regional community. If you know of someone who has made a big difference to any number of people in our community, we want to hear about it.

This award was created in honor of long-time Drupal contributor Aaron Winborn, whose battle with Amyotrophic lateral sclerosis (ALS) (also referred to as Lou Gehrig's Disease) came to an end on March 24, 2015. Based on a suggestion by Hans Riemenschneider, the Community Working Group, with the support of the Drupal Association, launched the Aaron Winborn Award.

Nominations are open until March 1, 2017. A committee consisting of the Community Working Group members and past award winners will select a winner from the submissions. Members of this committee and previous winners are exempt from winning the award.

Previous winners of the award are:

Continue reading
291 Hits
0 Comments

Predictions for 2017

Like last year around this date, it is the time of year where we predict what the future wil bring for Drupal. Will decoupled Drupal get a head start? Wil chatbots be written in Drupal, will our tool fuel the Internet of Things, will the Whitehouse still run Drupal and will there be an IPO of a Drupal company?

Time to put your predictions, deep thoughts and even deeper thoughts online, and post them as a comment here. And in case you lack inspiration, see the previous predictions for 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015 and 2016.

Original linkOriginal author: bertboerland
353 Hits
0 Comments

Recognizing more types of contribution in the Drupal.org Marketplace

Within weeks of introducing the contribution credit system on Drupal.org we realized we had created something powerful. Like all open source projects, Drupal has a behind-the-scenes economy of contribution in which individuals, organizations, and end users work together to maintain the software as a public good. That behind-the-scenes economy was brought to the fore when we chose to rank the Drupal Marketplace by issue credits. For the first time, Drupal.org gave businesses a direct financial incentive to contribute code.  

Being good stewards of these incentives is a sobering responsibility, but also a great opportunity. We can use this system to recognize the selfless effort of our community volunteers, to reward the organizations that sponsor their employees' time to give back to the project, and to connect end-users with the organizations that are the biggest contributors.

But as we often say in this community—contribution is more than code. It is the time provided by dedicated volunteers; the talent of community organizers, documentation maintainers, and developers; and the treasure provided by organizations that sponsor Drupal events and fund the operations and infrastructure that maintain the project.

What are we changing?

We’re updating the ranking algorithm for Drupal.org’s Marketplace of service providers and list of all organizations in the Drupal ecosystem. We've expanded on the issue credit system to create a more generic contribution credit system which lets us recognize more types of contribution. Each type of contribution is now weighted to give the organization an overall amount of contribution credit. We've built this system so that we can continuously evolve the incentives it creates by adjusting the weight given to each type of contribution as the project's needs change. To prevent gaming, we will not be publishing the exact weights or total contribution score, but those weights have been reviewed by the Association Board and Community Working Group.

We've carefully chosen a few new types of contribution to factor into the ranking. These were selected because they create incentives to reach specific goals: encouraging organizations to sponsor development of Drupal, gathering more Drupal 8 success stories that can be used to promote Drupal adoption, and recognizing the financial contributions that promote the fiscal health of the Drupal association.

Continue reading
288 Hits
0 Comments

Joomla! UX Team Call For Volunteers

Details Published: 12 January 2017

The Joomla! User Experience Team is looking for experienced Joomla! users and UX professionals to help in various areas of the UX process for the Joomla! Platform.

Role Information:Research, test and gather feedback from Joomla! users to better understand their goals, motivations and behaviours.Develop strategies to transform user based goals into real world solutions which can be implemented into the Joomla! core.Collaborate with Joomla! Production Teams and other areas of the Community through designs, interactive prototypes and recommendations based on user research.Qualifications

We are seeking people with backgrounds in UX, as well as specialists in various areas, to assist with a number of different tasks relating to upcoming releases of the Joomla! Platform.

Ideal JUX team member candidates:

Are able to commit time to the JUX team consistently on a weekly basisPossess excellent communication and collaborative skills (multi-lingual is a plus)Have high standards of quality with strong attention to detailHave a flexible, friendly approach and a team oriented attitudeAre creative, conceptual and forward thinkingAre proactive, self-starting and motivatedAre empathetic, supportive and compassionate

Ideal candidates have experience in one or more of these areas:

User ResearchUsability TestingBehaviour AnalysisData VisualisationInteraction DesignSystematic DesignTechnical or Copy WritingAccessibility

Experience with the Joomla! Platform is preferred but not necessary. All candidates should have knowledge of web and mobile technologies and experience with internet, graphic or UX design software.

Continue reading
562 Hits
0 Comments

WordPress 4.7.1 Security and Maintenance Release

WordPress 4.7 has been downloaded over 10 million times since its release on December 6, 2016 and we are pleased to announce the immediate availability of WordPress 4.7.1. This is a security release for all previous versions and we strongly encourage you to update your sites immediately.

WordPress versions 4.7 and earlier are affected by eight security issues:

Remote code execution (RCE) in PHPMailer – No specific issue appears to affect WordPress or any of the major plugins we investigated but, out of an abundance of caution, we updated PHPMailer in this release. This issue was fixed in PHPMailer thanks to Dawid Golunski and Paul Buonopane.The REST API exposed user data for all users who had authored a post of a public post type. WordPress 4.7.1 limits this to only post types which have specified that they should be shown within the REST API. Reported by Krogsgard and Chris Jean.Cross-site scripting (XSS) via the plugin name or version header on update-core.php. Reported by Dominik Schilling of the WordPress Security Team.Cross-site request forgery (CSRF) bypass via uploading a Flash file. Reported by Abdullah Hussam.Cross-site scripting (XSS) via theme name fallback. Reported by Mehmet Ince.Post via email checks mail.example.com if default settings aren’t changed. Reported by John Blackbourn of the WordPress Security Team.A cross-site request forgery (CSRF) was discovered in the accessibility mode of widget editing. Reported by Ronnie Skansing.Weak cryptographic security for multisite activation key. Reported by Jack.

Thank you to the reporters for practicing responsible disclosure.

In addition to the security issues above, WordPress 4.7.1 fixes 62 bugs from 4.7. For more information, see the release notes or consult the list of changes.

Download WordPress 4.7.1 or venture over to Dashboard → Updates and simply click “Update Now.” Sites that support automatic background updates are already beginning to update to WordPress 4.7.1.

Continue reading
313 Hits
0 Comments

Moving the Drupal 8 workflow initiative along

Republished from buytaert.net

Nine months ago I wrote about the importance of improving Drupal's content workflow capabilities and how we set out to include a common base layer of workflow-related functionality in Drupal 8 core. That base layer would act as the foundation on which we can build a list of great features like cross-site content staging, content branching, site previews, offline browsing and publishing, content recovery and audit logs. Some of these features are really impactful; 5 out of the top 10 most requested features for content authors are related to workflows (features 3-7 on the image below). We will deliver feature requests 3 and 4 as part of the "content workflow initiative" for Drupal 8. Feature requests 5, 6 and 7 are not in scope of the current content workflow initiative but still stand to benefit significantly from it. Today, I'd like to provide an update on the workflow initiative's progress the past 9 months.

The top 10 requested features for content creators according to the 2016 State of Drupal survey. Features 1 and 2 are part of the media initiative for Drupal 8. Features 3 and 4 are part of the content workflow initiative. Features 5, 6 and 7 benefit from the content workflow initiative.

Configurable content workflow states in Drupal 8.2

While Drupal 8.0 and 8.1 shipped with just two workflow states (Published and Unpublished), Drupal 8.2 (with the the experimental Content moderation module) ships with three: Published, Draft, and Archived. Rather than a single 'Unpublished' workflow state, content creators will be able to distinguish between posts to be published later (drafts) and posts that were published before (archived posts).

The 'Draft' workflow state is a long-requested usability improvement, but may seem like a small change. What is more exciting is that the list of workflow states is fully configurable: you can add additional workflow states, or replace them with completely different ones. The three workflow states in Drupal 8.2 are just what we decided to be good defaults.

Continue reading
315 Hits
0 Comments

Drupal.org's Composer endpoints are out of beta

Drupal.org's Composer endpoints have been available in beta for some time now, and in that time we've begun to see many, many people use Composer to manage Drupal modules and themes. We first launched these repositories before DrupalCon New Orleans as an alpha release, and move into beta a few months later. After receiving your feedback and bug reports we've made updates, and are ready to call this service stable.

What is Composer?

Composer is a tool for dependency management in PHP. It allows you to declare the libraries your project depends on and it will manage (install/update) them for you.

… Composer is strongly inspired by node's npm and ruby's bundler." - Source

In a nutshell, Composer allows you to declare the dependencies of your project in a composer.json file in the root of your PHP project. Those dependencies, which you then install through Composer, can have their own composer.json files and their own dependencies—all of which will be automatically managed and installed by Composer. When you need specific control over the versions of dependencies, you can use a composer.lock file.

You can read more about Composer at GetComposer.org.

Continue reading
343 Hits
0 Comments

Angular JS!

Why AngularJS?  HTML is great for declaring static documents, but it falters when we try to use it for declaring dynamic views in web-applications. AngularJS allows to you extend beyond the standard HTML vocabulary for your application. The resulting development environment is extraordinarily expressive, readable, and quick to develop.  O...
Continue reading
738 Hits
0 Comments

UIKit! We cannot stress how much we love UIKit.

UIKit is a lightweight and modular front-end framework for developing fast and powerful web interfaces. UIKIt is available at https://github.com/uikit/uikit for free under the open source MIT License. UIKit's open source status is a great thing for the evolution of the internet. This means the web development ...
Continue reading
613 Hits
0 Comments

What our clients are saying...

  • Exceptional

    Working with Decentral Digital has completely transformed my online brand. Now most of our leads come from our website...

  • Insightful

    Mike at Decentral Digital is knowledgeable, experienced and easy to work with. We are very pleased with our website.

  • Helpful

    Mike at Decentral Digital is professional, attentive and it always seemed like he cared about my business...

  • A Force

    My only regret was that I didn't find Decentral Digital sooner. The work and level of service has been fantastic...

Enough about us, let's talk about you!

DIGITAL
HAPPINESS