Drupal feeds

LakeDrops Drupal Consulting, Development and Hosting: A new chapter for the Drupal Association - and why I want you in it

Drupal Planet -

A new chapter for the Drupal Association - and why I want you in it Jürgen Haas Fri 17 Jul 2026 - 14:00

The Drupal Association is changing CEOs, and the community reacted with the intensity it usually reserves for controversy. Jürgen, who sent the DA a formal four-page letter of concern in May, makes the case for constructive engagement over outrage. Leadership means disappointing half the room on almost every decision - disagree with choices without turning decision-makers into enemies. The practical call to action is the 2026 board election. Become a member now to earn the right to vote. If you are already a member, vote. Show up on the quiet days, not only when the alarm goes off. A transition is rare - a moment where the direction is genuinely open.

Droptica: What to do after Drupal 7: new website, Drupal 11 migration, or another CMS?

Drupal Planet -

Official Drupal 7 support ended on January 5, 2025 - yet many organizations still run sites on it in 2026. The real question is no longer “should we update?” but what platform you want for the next 5-10 years.

A practical decision guide: rebuild on Drupal 11 or Drupal CMS, migrate content, switch CMS, go static, or buy time with extended support - plus a prep checklist for pricing and board-ready options.

Webpro Company blog: Drupal core July security updates: what site owners should check now

Drupal Planet -

On July 15, 2026, Drupal published several core security advisories. If an organisation's website, portal or service platform runs on Drupal, now is the time to check not only the version number, but the whole update process. Drupal core July security updates: what site owners should check now On July 15, 2026, Drupal published several core security advisories. According to Drupal.org, the issues include cross-site scripting, commonly known as XSS, and information disclosure risks. The relevant fixes point to Drupal 11.4.4, Drupal 11.3.14 and Drupal 10.6.13. This does not mean every Drupal site is automatically under attack. It does mean that Drupal cannot be treated as a platform to look at "later". For a school, municipality, public-sector body, university, NGO or larger…

DDEV Blog: DDEV July 2026: New Screencasts, Partner Perks

Drupal Planet -

DDEV v1.25.3 Released

DDEV v1.25.3 is out, with:

  • New Docker Compose library → Improved UX during ddev start and ddev stop; the separate ~/.ddev/bin/docker-compose binary is no longer needed
  • Way Faster ddev start, ddev stop, and ddev restart → See below
  • MariaDB 12.3 LTS support
  • Podman and Docker rootless are no longer experimental → Both are now stable and ready for general use
  • Node.js improvements → nodejs_version is preserved in .ddev/config.yaml, and you can install several Node.js versions with n install <version> inside the web container

See the release announcement and the release notes↗.

Start-Time Improvements: Test Them Yourself

ddev start in v1.25.3 runs post-healthcheck tasks concurrently (thanks to @jonesrussell), and a fixed bug in the web server startup script removes a ~10-second delay from ddev stop. In our benchmarks, ddev start from a stopped state is about 28% faster on macOS and 21% faster on Linux.

Don't take our word for it — a new script lets you benchmark the difference on your own machine:

bash scripts/compare-start-perf.sh v1.25.2 v1.25.3

See scripts/compare-start-perf.sh↗ and the demonstration GIFs in the release announcement.

Perks for $100+/month Partners

Organizations sponsoring at $100/month or more now receive additional partner perks. Become a sponsor↗ or contact us to learn more.

$100/month+ Partners get

  • Full unrestricted access for your whole organization to coder.ddev.com for every member of their organization.
  • One year of free diffy.website Visual Regression Testing.
What's New on the Blog: TYPO3 Screencasts and coder.ddev.com

A run of short screencasts landed on the blog this month, mostly using TYPO3 as the example project:

New Usage Stats Page

The Usage Stats page replaces our old static usage-stats blog post with live charts pulled directly from Amplitude at build time. It's now the up-to-date place to see DDEV adoption and usage trends.

Community Highlights

Knecht.works Beta Testers Wanted: Dashboard for Agencies — The team at knecht.works is building a dashboard for agencies managing many DDEV projects. It automates tasks like security updates by booting projects with full database environments and generating pull requests with previews. They're looking for beta testers. Read the announcement↗ and see the LinkedIn post (German)↗ on why Dependabot can't update a CMS.

How a Broken Installer Reload Led to Two Patches — Michael Staatz debugged a TYPO3 installer issue, uncovered a SQLite PRAGMA ordering quirk, and ended up submitting patches to both TYPO3 Core and DDEV. A nice story about how one bug report can improve two projects. Read it↗

Community Tutorials from Around the Web
  • Switching from nvm to Node.js Versions in DDEV → John Henry covers moving from host-side nvm to DDEV's built-in Node.js version management. Read on johnhenry.ie↗
  • Setting Up DDEV for WordPress Development, Part One → Ryan Stubbs walks through DDEV project configuration, WordPress installation with WP-CLI, Mailpit, Adminer, and using bind mounts to keep plugins and themes organized outside the main WordPress installation. Read on ryanstubbs.co.uk↗. We're holding our breath for part 2!
  • Alias Your Local DDEV Commands → Martin Anderson-Clutz shares shell wrappers that let you type drush, composer, and friends without the ddev prefix — automatically detecting whether you're in a DDEV project and falling back to host execution when you're not. Read on mandclu.com↗
  • Porting a DDEV MySQL/MariaDB Database to PostgreSQL with pgloader → Erik Pöhler walks through migrating a DDEV project's database to PostgreSQL 17 using pgloader, then reconfiguring the project for PostgreSQL. Read on erikpoehler.com↗
  • What's New in DDEV for TYPO3 Folks, July 2026 → A TYPO3-focused wrap-up covering v1.25.3, Docker/Podman rootless stability, new diagnostic utilities, and DDEV Foundation governance milestones. Read on news.typo3.com↗
Governance
  • The DDEV Foundation Board is meeting quarterly, with formal governance and growing board authority as key strategies for the Foundation.

    The board members are there to represent you and the project. If you have insights, thoughts, or direction about where DDEV should go, please contact them. If you see possibilities for them at your community events, invite them!

  • DDEV has a new Privacy Policy, part of the Foundation's ongoing work on formal governance.

  • The next DDEV advisory group meeting, open to everybody, is September 2, 2026 at 8:00 AM US Mountain / 10:00 AM US Eastern / 16:00 CEST. Add to Google Calendar • See the agenda. We love to hear from our community!

Sponsorship Update

Sponsorship dipped slightly this month, people on vacation! — thank you to everyone who has contributed!

June 2026: ~$10,075/month (84% of goal)

July 2026: ~$9,931/month (82.8% of goal).

If DDEV has helped your team, consider sponsoring. → Become a sponsor↗

Contact us to discuss sponsorship options that work for your organization.

Stay in the Loop—Follow Us and Join the Conversation

Compiled and edited with assistance from Claude Code.

Drupal Association blog: Tiffany Farriss to lead the Drupal Association

Drupal Planet -

This article is cross-posted with permission from Dries Buytaert's blog.

The Drupal Association is entering a new chapter. Tim Doyle is stepping down as CEO, and the Board has appointed Tiffany Farriss as interim CEO.

I am grateful to Tim for his leadership and his impact on the Association. He built a strong leadership team that helped guide Drupal through an ambitious period of innovation. That team is well positioned to continue supporting Drupal and its community.

Tiffany brings continuity and deep expertise to the Drupal Association. She has contributed to Drupal for many years and served on the Drupal Association Board for more than a decade, including on its Finance Committee. She helped organize DrupalCon and built and ran a successful agency in the Drupal ecosystem. She understands our project, the Association's finances, and the realities our partners, contributors, and users face.

I have worked with Tiffany for many years. She is thoughtful, deeply committed to Drupal, and unafraid of hard questions. Although her title is interim CEO, she has the full authority and confidence of the Board, as well as my full support.

We expect Tiffany to serve for six to twelve months. During that time, she will focus on strengthening the Association's financial and operational foundation and preparing it for long-term leadership. Later in that period, the Board plans to launch a search for the next permanent CEO.

Turning innovation into momentum

Tiffany is stepping into the role at an important moment for Drupal.

Over the past few years, our community has done some of its most ambitious work. Contributors have continued to modernize Drupal Core. We launched Drupal CMS to make Drupal easier to adopt, introduced Drupal Canvas to rethink how people build, and rapidly advanced Drupal AI to change how people create and manage content.

We have also taken important steps toward marketing Drupal with the seriousness it deserves, so more organizations understand why it remains one of the most powerful and trusted platforms for building serious websites and applications.

This progress was made possible by our contributors and the organizations that invest in Drupal every day. The Drupal Association's role is to support that work and help turn it into wider adoption, a stronger ecosystem, and more opportunity for Drupal businesses.

Sustaining Drupal's essential work

The Drupal Association operates much of the infrastructure the project depends on, from Drupal.org and our collaboration tools to the services that help keep Drupal secure.

Drupal's infrastructure alone costs roughly $3 million each year. Today, it is funded through DrupalCon revenue, partnerships, sponsorships, donations, donated services, and volunteer contributions. That model has supported Drupal for many years, but it is not durable enough for the scale of the work ahead.

This is a challenge shared by open-source stewards everywhere. The software may be free to download, but the infrastructure and stewardship that make it dependable are not free to provide.

Building a stronger Drupal Association

Our commitment to Drupal's infrastructure and community will not change. Supporting them well requires a stronger Drupal Association, and that may mean exploring new approaches. We will weigh the options carefully, guided by what is best for Drupal and the people who depend on it.

This work will not be easy, but our ambition is clear: make the Association more sustainable, help Drupal innovate faster, strengthen how we bring it to market, and better support Certified Partners.

As this work takes shape, we will be transparent about what we are learning, the choices we are considering, and what they could mean for the Association and the community.

Tiffany understands what makes Drupal special and what the community values most. She also has the experience and mandate to shape what comes next.

Every new chapter depends on people willing to step forward. I am thankful to Tim for all he has done, to the Association's staff for their dedication, and to Tiffany for taking this on. With their commitment, I am confident in Drupal's direction and excited about the work ahead.

Four dimensions that decide whether an AI engine can cite you.

Phase II Technology -

Four dimensions that decide whether an AI engine can cite you. jgroh Wed, 07/15/2026 - 18:03 Summary Phase2 scores a firm's public digital presence the way an AI engine reads it: across the layers that determine whether your expertise is legible, verifiable, and worth surfacing. It's the same rubric we've run against 26 peer firms and six professional-services benchmarks.

Dries Buytaert: Tiffany Farriss to lead the Drupal Association

Drupal Planet -

The Drupal Association is entering a new chapter. Tim Doyle is stepping down as CEO, and the Board has appointed Tiffany Farriss as interim CEO.

I am grateful to Tim for his leadership and his impact on the Association. He built a strong leadership team that helped guide Drupal through an ambitious period of innovation. That team is well positioned to continue supporting Drupal and its community.

Tiffany brings continuity and deep expertise to the Drupal Association. She has contributed to Drupal for many years and served on the Drupal Association Board for more than a decade, including on its Finance Committee. She helped organize DrupalCon and built and ran a successful agency in the Drupal ecosystem. She understands our project, the Association's finances, and the realities our partners, contributors, and users face.

I have worked with Tiffany for many years. She is thoughtful, deeply committed to Drupal, and unafraid of hard questions. Although her title is interim CEO, she has the full authority and confidence of the Board, as well as my full support.

We expect Tiffany to serve for six to twelve months. During that time, she will focus on strengthening the Association's financial and operational foundation and preparing it for long-term leadership. Later in that period, the Board plans to launch a search for the next permanent CEO.

Turning innovation into momentum

Tiffany is stepping into the role at an important moment for Drupal.

Over the past few years, our community has done some of its most ambitious work. Contributors have continued to modernize Drupal Core. We launched Drupal CMS to make Drupal easier to adopt, introduced Drupal Canvas to rethink how people build, and rapidly advanced Drupal AI to change how people create and manage content.

We have also taken important steps toward marketing Drupal with the seriousness it deserves, so more organizations understand why it remains one of the most powerful and trusted platforms for building serious websites and applications.

This progress was made possible by our contributors and the organizations that invest in Drupal every day. The Drupal Association's role is to support that work and help turn it into wider adoption, a stronger ecosystem, and more opportunity for Drupal businesses.

Sustaining Drupal's essential work

The Drupal Association operates much of the infrastructure the project depends on, from Drupal.org and our collaboration tools to the services that help keep Drupal secure.

Drupal's infrastructure alone costs roughly $3 million each year. Today, it is funded through DrupalCon revenue, partnerships, sponsorships, donations, donated services, and volunteer contributions. That model has supported Drupal for many years, but it is not durable enough for the scale of the work ahead.

This is a challenge shared by open-source stewards everywhere. The software may be free to download, but the infrastructure and stewardship that make it dependable are not free to provide.

Building a stronger Drupal Association

Our commitment to Drupal's infrastructure and community will not change. Supporting them well requires a stronger Drupal Association, and that may mean exploring new approaches. We will weigh the options carefully, guided by what is best for Drupal and the people who depend on it.

This work will not be easy, but our ambition is clear: make the Association more sustainable, help Drupal innovate faster, strengthen how we bring it to market, and better support Certified Partners.

As this work takes shape, we will be transparent about what we are learning, the choices we are considering, and what they could mean for the Association and the community.

Tiffany understands what makes Drupal special and what the community values most. She also has the experience and mandate to shape what comes next.

Every new chapter depends on people willing to step forward. I am thankful to Tim for all he has done, to the Association's staff for their dedication, and to Tiffany for taking this on. With their commitment, I am confident in Drupal's direction and excited about the work ahead.

Drupal Association blog: Leadership changes at the Drupal Association

Drupal Planet -

Our CEO, Tim Doyle, has stepped down from his role. We are grateful to Tim for his leadership and impact on our organization. Tim has built a strong leadership team that is positioned to continue the mission and vision that he and the Board share for Drupal.

As part of this process, the Board has been working to identify Tim’s successor. We anticipate that the important work and mission of our organization will continue under new leadership, building on the strategy and plans we led during Tim’s time with Drupal.

Likewise, the Board has been working with the senior team to ensure that interim leadership will be in place to facilitate a smooth transition.

We are grateful to Tim for all of his contributions as the leader of Drupal, and we look forward to his continued success in his future endeavors.

The Drupal Association board has appointed Tiffany Farriss as the Interim CEO, who brings more than a decade of experience as a Drupal Association board member, to guide the organization and community through this transition period.

Security advisories: Drupal core - Moderately critical - Cross-site scripting - SA-CORE-2026-012

Drupal Planet -

Project: Drupal coreDate: 2026-July-15Security risk: Moderately critical 13 ∕ 25 AC:Basic/A:User/CI:Some/II:Some/E:Theoretical/TD:DefaultVulnerability: Cross-site scriptingAffected versions: <10.6.13 || >=11.3.0 <11.3.14 || >=11.4.0 <11.4.4 || 11.0.* || 11.1.* || 11.2.*CVE IDs: CVE-2026-55805Description: 

The Layout Builder module doesn't sufficiently sanitize block labels in certain scenarios, which can lead to a cross-site scripting (XSS) vulnerability.

This is mitigated by the fact that both the attacker and the targeted user need to be using the Layout Builder editing interface.

Solution: 

Install the latest version:

Drupal 11

  • If you use Drupal 11.4.x, update to Drupal 11.4.4.
  • If you use Drupal 11.3.x, update to Drupal 11.3.14.
  • Drupal 11.2.x and below are end-of-life and do not receive security coverage.

Drupal 10

  • If you use Drupal 10.6.x, update to Drupal 10.6.13.
  • Drupal 10.5.x and below are end-of-life and do not receive security coverage.

Drupal 8 and Drupal 9 have both reached end-of-life.

Reported By: Fixed By: Coordinated By: 

Security advisories: Drupal core - Moderately critical - Cross-site scripting - SA-CORE-2026-011

Drupal Planet -

Project: Drupal coreDate: 2026-July-15Security risk: Moderately critical 14 ∕ 25 AC:Basic/A:User/CI:Some/II:Some/E:Theoretical/TD:AllVulnerability: Cross-site scriptingAffected versions: >=11.3.0 <11.3.14 || >=11.4.0 <11.4.4 || 11.2.*CVE IDs: CVE-2026-15917Description: 

Drupal core 11.2 and above integrate the HTMX JavaScript library.

Drupal core's XSS filter does not sufficiently sanitize certain HTMX attributes, which can lead to a cross-site scripting (XSS) vulnerability.

The vulnerability is mitigated by the fact an attacker must be able to insert HTML with specific attributes.

Solution: 

Install the latest version:

Drupal 11

  • If you use Drupal 11.4.x, update to Drupal 11.4.4.
  • If you use Drupal 11.3.x, update to Drupal 11.3.14.
  • Drupal 11.2.x and below are end-of-life and do not receive security coverage.

Drupal 10

  • Drupal 10 core is not affected. However, certain contributed modules may be affected, so a Drupal 10.6 fix is included as hardening.

Drupal 8 and Drupal 9 have both reached end-of-life.

Reported By: Fixed By: Coordinated By: 

Security advisories: Drupal core - Moderately critical - Information disclosure - SA-CORE-2026-010

Drupal Planet -

Project: Drupal coreDate: 2026-July-15Security risk: Moderately critical 10 ∕ 25 AC:Complex/A:None/CI:Some/II:None/E:Theoretical/TD:UncommonVulnerability: Information disclosureAffected versions: <10.6.13 || >=11.3.0 <11.3.14 || >=11.4.0 <11.4.4 || 11.0.* || 11.1.* || 11.2.*CVE IDs: CVE-2026-15916Description: 

The Image module allows you to define and configure image fields.

The module doesn't sufficiently check access to image style derivatives when those files are served via a file stream other than private://.

This vulnerability is mitigated by the fact that Drupal must be configured to use a contributed (non-core) file scheme to serve private derived images.

Information disclosure issues like this one are not generally given security advisories (as described in PSA-2023-07-12)). This fix is provided as a hardening. Contributed modules implementing custom stream wrappers may need to add similar hardenings.

Solution: 

Install the latest version:

Drupal 11

  • If you use Drupal 11.4.x, update to Drupal 11.4.4.
  • If you use Drupal 11.3.x, update to Drupal 11.3.14.
  • Drupal 11.2.x and below are end-of-life and do not receive security coverage.

Drupal 10

  • If you use Drupal 10.6.x, update to Drupal 10.6.13.
  • Drupal 10.5.x and below are end-of-life and do not receive security coverage.

Drupal 8 and Drupal 9 have both reached end-of-life.

Reported By: Fixed By: Coordinated By: 

Centarro: Let Shoppers Change Their Minds Without Leaving the Cart

Drupal Planet -

Checkout is fragile. Every extra step between "I want this" and "order placed" is an opportunity for a shopper to abandon their cart entirely. And one of the most common moments of hesitation happens when a buyer realizes they added the wrong item to their cart. Maybe it was the wrong format or the wrong bundle. Or, maybe the wrong billing cycle for a donation or subscription.

The fix is simple. Navigate back to the product page, add the correct item, and remove the old one from the cart. But this friction, however small, can cost conversions.

The Commerce Product Alternative module for Drupal Commerce solves this by letting shoppers swap a product variation directly in their cart. One click. No detours.

Cart decisions, by design, shouldn't be final

Shoppers change their minds. Someone adds a hardcover book to their cart, then realizes they want the bundle that also includes the digital download. A new member selects a one-time membership fee, then notices the auto-renewal option is more cost-effective. A donor commits to a single gift, then considers whether a recurring contribution would be better.

In each of these cases, the shopper has already committed to buying something. They're in the cart. They're ready.

Why force them to start over?

Read more

Talking Drupal: Talking Drupal #561 - The Aaron Winborn Award

Drupal Planet -

Today we are talking about Aaron Winborn, The award named after him, and what winning is like with guests George DeMet & April Sides. We'll also cover Summit as our module of the week.

For show notes visit: https://www.talkingDrupal.com/561

Topics
  • Who Was Aaron Winborn
  • Award Origin Story
  • How Winners Are Chosen
  • Why Community Matters
  • What Winners Share
  • April Learns She Won
  • Handcrafted Award Stories
  • On Stage Emotions
  • After Winning Reflections
  • How To Contribute
  • Nominations And Makers
  • Surprise Award Ideas
  • Wrap Up And Contacts
Resources Guests

April Sides - weekbeforenext George DeMet - palantir.net gdemet

Hosts

Nic Laflin - nLighteneddevelopment.com nicxvan John Picozzi - epam.com johnpicozzi Ashraf Abed - drupito.com ashrafabed

MOTW Correspondent

Martin Anderson-Clutz - mandclu.com mandclu

  • Brief description:
    • Have you ever wanted to create a website purpose-built for an event like a Drupal camp, that collects, moderates, and schedules user-submitted sessions, and do all of that within the Drupal CMS installer? There's a site template for that.
  • Module name/project name:
  • Brief history
    • How old: created in June 2026 by yours truly
    • Versions available: 1.0.0, released yesterday
  • Maintainership
    • Actively maintained
    • Security and test coverage
    • Documentation some in the repo we'll talk about later
    • Number of open issues: no open issues, though there are a couple of open issues on the Event Platform Starter, from which Summit was created
  • Module features and usage
    • We've talked before on this podcast about the Event Platform that grew out of an initiative from the Event Organizers Working Group. The goal is to remove friction for anyone organizing a Drupal camp or similar event in creating a website that sets them up for success
    • The Event Platform was created before Recipes were a thing in the Drupal-verse, even though it was initially built in ways that were similar to recipes
    • A couple of years ago, I started working on the Event Platform Starter recipe to help spin up a fully-built event website in a single step. That ran into some technical complexities, so it ended up being being a time-saver, but still required a number of manual steps
    • As the newer concept of site templates took shape, I could see that the Event Platform ecosystem had the necessary elements to become a site template, in particular a theme and a battle-tested a content architecture
    • I ended up needing to decouple the configuration and the functional code that had previously been in Event Platform. The configuration would reside solely in the site template, so the functional code was moved to a new project, Event Platform Helper
    • Along the way, there have been a number of significant changes: Canvas integration for a fully customizable homepage, also a set of Canvas components to allow building new, custom layouts, a new, custom cache context, improved management of event information, and more
    • Now, you set everything up with a single click in the Drupal CMS installer. There's an open issue to get it into the Drupal CMS installer by default, but today it's just a composer require away
    • The repo does also include an AGENTS.md and CONTENT-STRUCTURE.md files, to help human or AI agents who want to work a site built using Summit to understand the initial state of the content architecture it provides, as well as the different logical components and how to troubleshoot them, individually or in combination

BloomIdea: Dynamic Multibanco references in Drupal Commerce: Commerce ifthenpay 3.0 has arrived

Drupal Planet -

In 2018 we released Commerce ifthenpay, the module that brought Multibanco references to Drupal Commerce. Seven years later, we are publishing version 3.0.0: the module's biggest evolution since then, with dynamic Multibanco references generated by the ifthenpay API, MB WAY payment retries and full support for Drupal 10 and 11.

The silent problem of locally generated references

A Multibanco reference has 9 digits, and the classic local generation algorithm reserves only 4 of them for the order number. It works perfectly up to order 9999. Beyond that, the number has to be compressed to fit, and this is where mathematics turns against the store.

Version 2.x mitigated the problem by spreading order numbers across 9000 possible combinations. It sounds like a lot, but the birthday paradox is relentless: around 112 simultaneously open references are enough for a 50% chance that two different orders share exactly the same reference. In a busy store, that means payments that can be matched to the wrong order, or never reconciled at all. Worst of all, the problem is invisible: everything seems to work, until the day a customer pays and their order stays "unpaid".

The solution: references generated by ifthenpay

Version 3.0.0 introduces a new mode on the Multibanco gateway: instead of computing the reference locally, the module requests it from the ifthenpay REST API, using the account's MB Key. The differences are structural:

  • The order number is sent in full (up to 25 characters): no truncation, no compression, no collisions;
  • Each transaction receives a unique identifier, and the payment confirmation is validated against it;
  • References can have an expiry date (from 1 day to 2 years), something impossible in local mode;
  • There is a sandbox environment to validate the integration without real transactions.

The local mode remains available for backwards compatibility, and open references generated the old way keep reconciling after the switch: stores migrate with no downtime window.

MB WAY: promise delivered, and then some

When we wrote about version 2.x, MB WAY was "future development". Version 3.0.0 closes the loop: besides push payments at checkout, customers can re-send the payment request from their order history without going through checkout again, and the store team can trigger a push directly from the backoffice. Fewer orders abandoned because a push expired on someone's phone.

Ready for Drupal's future

Version 3.0.0 supports Drupal 10 and Drupal 11, and Commerce 2.x and 3.x. The module now runs continuous integration on drupal.org, with more than 50 automated tests validating every change on both Drupal versions, and stable releases are covered by the community's security advisory policy.

If your store runs version 2.x, we recommend upgrading: the 2.x branch is no longer supported and does not include the protections against reference collisions.

composer require 'drupal/commerce_ifthenpay:^3.0' Need help with payments in Drupal Commerce?

Bloomidea develops and maintains Commerce ifthenpay and has been building Drupal Commerce stores for the Portuguese market for more than a decade: Multibanco, MB WAY, cards, Stripe and PayPal, with ERP and logistics integrations. Talk to us about your project.

Droptica: Why your Drupal site feels broken (even though it's not): 14 common mistakes

Drupal Planet -

Your Drupal site is on a current version, gets security updates, and technically works - yet editing is painful and every small change waits in a developer queue. The platform is rarely the problem.

Fourteen common implementation mistakes that make a Drupal site feel broken - with symptoms, diagnosis, and fixes for each. Most cost a fraction of a rebuild to put right.

Tag1 Insights: A New Direction for Authentication in Drupal Core

Drupal Planet -

Take Away At Tag1, we believe in proving AI within our own work before recommending it to clients. This post is part of our AI Applied content series, where team members share real stories of how they're using Artificial Intelligence and the insights and lessons they learn along the way. Here, Lucas Hedding, Senior Backend Engineer & Migration Lead and Drupal core subsystem maintainer for authentication/authorization, used Claude to work through over 1,200 open issues in the Drupal auth/authZ issue queues and co-architect a new pluggable authentication system for Drupal core, without writing a single line of code.

When approaching AI, I've done so warily. Maybe it was because I was a skeptic, but my first endeavors were not glowing success stories. My first real attempt to kick the tires ended with me kicking AI to the curb and doing some regex and search/replace to finish what it started. I chalk it up to a mix of model maturity and, let's be honest, my own ill-directed uses.

But more recently I've been finding wins. I find AI very useful for writing test cases for test-driven development (TDD). It's also really good at troubleshooting. It takes a bug report, follows the code paths, and writes a failing test that reproduces the bug. When you solve the problem, you can be sure you have solved it. And more importantly, that it was even a problem in the first place.

Putting AI to Work on a Real Problem

It was at this point, I realized that AI might be able to help me with my Drupal Core maintainer duties. For those that don’t know, I maintain an insane number of contrib modules and am a core subsystem maintainer in 3 areas, namely migrate, image, and authentication/authorization. The last area of auth/authZ is in desperate need of modernization.

The planning issue requirements and roadmap are all open. The community design review hasn't started yet, so now is a good time to take a look: [Plan] YAML-Based Pluggable Authentication Flow

The first part of the problem for auth/authZ is that there aren't any core components in the core issue queue for the sub system. I have to look in a few module queues and the base system to find relevant issues. I filed this issue to establish a dedicated auth/authZ component in the Drupal core queue.

To help me get my mind around the space, I had AI query all 1,200 issues in the module-based issue queues. Then it spun out from there to find referenced issues. I leveraged a local file cache of d.o issues so I didn’t have to hit the drupal.org API repeatedly as I was tweaking the discovery.

This demonstrates the first lesson I’ve learned with AI. It is really good at doing directed research and planning. But you need to give it guard rails. I had to tell it to add a cache. I had to tweak the issue filters. I had to think about what I wanted. AI wouldn’t think for me. But at the end, I had several hundred issues downloaded locally.

Making Sense of 1,200 Issues

Then came the next step. I asked AI to create a mind map using mermaid.live. With over 1,000 issues, I didn’t want something that was too unmanageable. I picked a couple issues that seemed key to me and asked AI to give me a mind map with issues directly related to authentication (excluding authorization for the moment). That shrank things down to just a few hundred. But the large picture of categorized issues in a mind map started to tell a story.

The mind map story led me back to the planning phase again. This time I used BMAD, an AI methodology specifically structured to guide planning a task using AI. I fed it the pain points and asked it to look at some reference PHP and non-PHP authentication frameworks. It researched Laravel, Symfony, Drupal and Keycloak. At this point I had enough data to request it to write some pros/cons and possible pseudo implementations.

Somewhere in this whole process DrupalCon Chicago happened. Then a few weeks later MidCamp in Chicago happened. This gave me ready access to real people to bounce ideas off. They asked some really great questions. I fed these questions back into AI and refined the design even further.

Then more recently, I had the opportunity to speak at a Drupal meetup on Zoom. I took all the data I’d gathered, the mind maps, the design artifacts generated by BMAD and created a nice slideshow presentation. But the source data was from research provided by AI. The attendees at the meetup had even more feedback. I fed this feedback back into AI and now have a pretty defensible architecture for a new authentication system in Drupal core — the YAML-Based Pluggable Authentication Flow outlined in the planning issue. Broken down into phases with dependencies identified between phases of work.

The Blank Sheet Problem

We haven’t built the new system. No code has been written. But AI helped architect everything. I don’t think a human could parse that many hundreds of drupal.org issues, create a mind map, and build a new architecture without massive amounts of effort. AI is great at holding lots of nuggets of data in memory all at once. It is optimally designed to help with just such a task as I went through.

Time will tell if the architecture co-developed by AI proves useful. I do know it has helped with the “blank sheet of paper” -syndrome. The feeling where you know you need to do something but don’t know where to start. You just sit there staring at the blank sheet of paper hoping for inspiration. Even if we entirely threw out the new architecture, we have something to start.

For those interested in the artifacts from this discovery, you can visit https://www.drupal.org/project/drupal/issues/3593328.

Pages

Subscribe to www.hazelbecker.com aggregator - Drupal feeds