Today we are talking about The United Nations Open Source Week, Digital Public Infrastructure, and Digital sovereignty with guest Tiffany Farriss & Mike Gifford. We'll also cover Local Association (EU Sites Project) as our module of the week.

For show notes visit: https://www.talkingDrupal.com/528

Topics

• Drupal at the United Nations Open Source Week
• The Role of Open Source in Digital Governance
• Global Collaboration and Open Source Initiatives
• Challenges and Opportunities in Open Source Adoption
• The Role of Open Source Program Offices
• Understanding Digital Public Infrastructure
• The Importance of Digital Sovereignty
• Challenges and Opportunities in Digital Public Goods
• Balancing Innovation and Standardization
• The Impact of Market Capture on Innovation
• Funding Open Source as Public Infrastructure
• Future of Drupal in Global Digital Infrastructure

Resources

• Funding Open Source like public infrastructure
• chaos gone global
• UN digital
• NEDCamp 2023 Keynote
• Enshittification
• Recording
  • https://govstack.global/
  • https://www.sovereign.tech/
  • https://www.drupal.be/en/drupal-eu-government-day-2026
  • https://govstack.global/
  • https://sdgs.un.org/goals
  • https://chaoss.community/
  • https://www.un.org/digital-emerging-technologies/content/open-source-week-2025
• Tiffany's talk about Drupal at UN
• EvolveDigital NYC summit on Nov 20-21

Guests

Tiffany Farriss - www.palantir.net farriss Mike Gifford - accessibility.civicactions.com mgifford

Hosts

Nic Laflin - nLighteneddevelopment.com nicxvan John Picozzi - epam.com johnpicozzi Maya Schaeffer - evolvingweb.com mayalena

MOTW Correspondent

Martin Anderson-Clutz - mandclu.com mandclu

• Brief description:
  • Are you looking to create a website for a local Drupal association? There's a project on drupal.org to help you get started.
• Module name/project name:
  • Local Association (EU Sites Project)
• Brief history
  • How old: created in Oct 2023 by Jeremy Chinquist (jjchinquist) of drunomics and Drupal Austria
  • Versions available: dev version only
• Maintainership
  • Security coverage - opted in, no coverage until stable
  • Documentation guide available to help with setup
  • Number of open issues: 49 open issues, 4 of which are bugs
  • No usage stats available
• Module features and usage
  • This is an unusual project because it's designed to help you quickly create a Drupal website but it doesn't follow any of the usual patterns I've seen: a distribution, composer project template, or Drupal site template
  • Instead, the recommended path is to clone the repo local, and run a setup script. That creates your DDEV project, runs a composer install and then drush site install, and even runs a drush uli so you can log into your built site with a single click once it's done
  • Along the way it will install a couple of custom modules. One populates a multitude of default content, so you have a populated site including navigation as your starting point. It will look like a clone of the 2022 Drupal Netherlands site, though there have been ongoing tweaks to the overall setup, with the most recent in June of 2025.
  • The other custom module provides some additional layouts for use with layout builder, and the project also includes a theme meant to be customized.
  • As you may have guessed by now, this project started when the Dutch Drupal Association rebuilt their website in 2022, and wanted to share their work with other local associations. Drupal France was the first to adopt it, and there was a BoF at DrupalCon Lille in 2023 to discuss sharing it more widely.
  • Following that, an international workgroup began collaborating to establish this project and it was adopted by Drupal associations in Belgium, Germany, Norway, Finland, and London, England.
  • Since today's topic is about positioning Drupal on the international stage, I thought it would also be interesting to talk about how local Drupal associations have also formed their own federation to reduce effort

Drupal CMS V2 alpha1 introduces Drupal Canvas, a modern page builder that changes how you create content and build sites.

In the video above we cover installation, key features, and hands-on use of Drupal Canvas. You'll learn the new interface, site templates, the Mercury theme, visual page building, and how to create code components.

The Layout Paragraphs module is a great way of combining the flexibility of the layout system with the content component sytem of the Paragraphs module. Using this module you can set up a Paragraph that can understand different layouts and then inject Paragraphs into that layout, all within the confines of a single field.

What this means is that you users can build the layout they want within the edit pages of your Drupal site, without having to guess where Paragraphs will end up in the final site. It makes the site a little easier to edit and means that there should be less previewing of pages before publishing.

When working on a recent project I found that layout Paragraphs was in use, which wasn't a problem. The problem was that the site was quite simple, but had 12 different layouts to pick from. As a consequence, the pages consisted of a variety of different layouts that not only made the site difficult to edit, but also made the end result look a little messy.

The solution was to move some of the existing layouts to a single type and remove those layouts from the selection. This made it easier to edit pages and also easier to predict how the site would look when we made some style changes.

Whilst it is certainly possible to do this by hand, it's not easy to track down every instance of a particular layout and convert them all. I also wanted a more automatic approach to the solution so that I could run a drush command and convert all of one type of Layout Paragraph to another.

In this article we will look at the structure of the Layout Paragraphs module and when how to move a Layout Paragraph from one layout to another using PHP.

Read more

Activepieces is an open source workflow automation platform, similar to Zapier or n8n. It connects different systems so they can work together in automated workflows. For example, you might create a workflow where publishing a Drupal article automatically creates a social media post, updates a Google Sheet, and notifies your team in Slack.

There are two main ways to run Activepieces:

• Activepieces Cloud: The easiest option for production use or for evaluating Activepieces. The limitation is that it cannot reach Drupal sites running on your localhost.

• Run Activepieces locally: Useful when you are developing or testing Drupal integrations. There are two ways to do this:

  1. Docker environment: If you are developing Drupal sites locally with tools like DDEV, the easiest option is to run Activepieces locally using Docker so both can communicate easily. See running Activepieces locally with Docker.

  2. Development environment: If you want to modify the Activepieces codebase or contribute to the Drupal Piece, you will need the full development toolchain. See setting up the Activepieces development environment.

Once you have Activepieces running, you'll want to connect it to your Drupal site. This note explains two ways to do that: a basic integration using Drupal's built-in APIs, and an advanced setup that unlocks deeper automation capabilities.

Setting up basic integration

You can connect Drupal with Activepieces without installing any extra Drupal modules.

Drupal ships with JSON:API support, a REST API that exposes your content and data through HTTP requests. This means Activepieces can query your content, fetch individual nodes, explore field definitions, and follow entity relationships without any custom code.

While JSON:API is part of Drupal Core, it may not be enabled yet. You can enable it with:

drush pm-enable jsonapi -y

Next, set up a dedicated Drupal user account with only the permissions needed for what you want Activepieces to do.

Activepieces can use Basic Authentication to connect to Drupal with the corresponding username and password.

Basic Auth sends credentials with each request, which makes it simple to set up. For production environments, I recommend using a more secure authentication method like OAuth, though I have not tried that yet.

Drupal Core comes with a Basic Auth module, but you might also need to enable it:

drush pm-enable basic_auth -y

Once both modules are enabled, you can create a connection to Drupal from within Activepieces. In the Activepieces interface, drag a Drupal trigger or action onto the canvas, and you'll be prompted to set up the connection.

Setting up advanced integration

For more advanced scenarios, we created the Orchestration module. It's an optional module. Installing this module unlocks deeper integrations that enable external systems to trigger Drupal ECA workflows, use Drupal AI agents, call Drupal Tools, and more.

The module is organized using specialized submodules, each connecting to a different part of Drupal's ecosystem. You can pick and choose the capabilities you want to use.

For starters, here is how to install the Drupal AI and ECA integrations:

composer require drupal/orchestration drupal/ai drupal/ai_agents drupal/tool drupal/eca drush pm-enable ai ai_agents tool eca orchestration_ai_agents orchestration_ai_function orchestration_tool orchestration_eca -y

Before you can use any of the AI agents, you also need to install and configure one or more AI providers:

composer require drupal/ai_provider_anthropic drupal/ai_provider_openai drupal/ai_provider_ollama drush pm-enable ai_provider_anthropic ai_provider_openai ai_provider_ollama -y

Clear the cache:

drush cache-rebuild

With these modules installed, you can build much more sophisticated workflows that leverage Drupal's internal automation and AI capabilities.

If you just want to use Activepieces with Drupal on your local development machine, the easiest option is to follow my guide on running Activepieces locally with Docker. That approach allows you to use Activepieces, but you can't make code changes to it.

If you want to contribute to the Drupal Piece integration or create a new Piece, the Docker setup won't work. To develop or modify Pieces, you'll need to set up a full Activepieces development environment, which this note explains.

First, fork the Activepieces repository on GitHub using the UI. Then clone your fork locally:

git clone https://github.com/YOUR-USERNAME/activepieces.git

Move into the project directory and install all dependencies:

cd activepieces npm install

After the installation finishes, start your local development instance:

npm start

Open your web browser and go to http://localhost:4200.

Sign in with the default development account:

• Email: dev@ap.com
• Password: 12345678

This account is preconfigured so you can start building and testing custom Pieces right away.

The Drupal Piece code lives in ./packages/pieces/community/drupal. When you make changes to the code, they're automatically compiled and hot-reloaded, so you can see your changes immediately without restarting the development server.

To complete your setup, see my guide on connecting Drupal with Activepieces.

Troubleshooting common issues

I've run into a few issues while working with the Activepieces development environment. Here is what usually fixes them.

Start by deleting all caches:

rm -rf node_modules cache dev

This removes node_modules (all installed dependencies), cache (build and runtime caches), and dev (temporary development files).

Activepieces uses Nx, an open source build system for monorepos. If Nx's cache is out of sync, reset it to start with a clean slate for builds and tests:

npx nx reset

For Drupal developers, Activepieces makes it easy to connect Drupal to other systems. Think of it as an open source alternative to tools like Zapier or n8n, but with an MIT license.

For example, you can create a workflow that runs when new content is published in Drupal and automatically sends it to Slack, Google Sheets, or social media. You can also trigger Drupal actions, such as creating new content or updating user data, when something changes in Salesforce, GitHub, or Airtable.

This guide covers running Activepieces locally using Docker. This setup is ideal if you're developing Drupal sites locally with DDEV and want to build workflows that connect to your local Drupal instance.

When you develop Drupal sites locally, Activepieces Cloud can't reach them. You could use a tunneling service like ngrok to expose your local environment to the internet, but that adds extra complexity.

Instead, we can run an open source copy of Activepieces locally using Docker. This gives you a fully configured Activepieces instance that can communicate directly with your local Drupal site. You can get up and running in just a few minutes with a single command.

Contributing to the Drupal Piece

In Activepieces, a Piece is an integration that connects to an external application or service. I helped build the original Drupal Piece, which now ships with Activepieces out of the box. It lets you create workflows that move data between Drupal and other applications.

If you want to contribute to the Drupal Piece, this Docker setup is not what you need. The Docker instance runs like a production environment. It's perfect for building and testing workflows in Activepieces, but it doesn't let you modify the Activepieces code or the Drupal Piece itself.

To make changes to Activepieces, including the Drupal Piece, you'll need to set up a full Activepieces development environment instead.

However, if your goal is simply to run Activepieces locally and connect it to your Drupal site, the Docker setup below is all you need.

Run Activepieces locally with Docker

This one-line command will download and run Activepieces on your computer:

docker run -d -p 8080:80 -v ~/.activepieces:/root/.activepieces -e AP_QUEUE_MODE=MEMORY -e AP_DB_TYPE=SQLITE3 -e AP_FRONTEND_URL="http://localhost:8080" activepieces/activepieces:latest

This pulls the latest Activepieces image from Docker Hub (if it isn't already cached) and starts a container with the following settings:

• Runs in detached mode (-d)
• Maps port 8080 on your computer to port 80 in the container
• Persists data by mounting ~/.activepieces to the container
• Uses in-memory queue processing and SQLite database
• Sets the frontend URL to http://localhost:8080

This might take a couple of minutes to boot up the container and get Activepieces up and running. After a couple of minutes, navigate to http://localhost:8080 (not https) to create an account and log into your local instance.

To start using Activepieces with your Drupal site, you still need to connect them. See my guide on connecting Drupal with Activepieces.

Upgrading the Activepieces Docker container

Activepieces regularly releases new versions. The Docker instance on your local machine does not update itself automatically, so you'll want to manually upgrade it from time to time.

First, list your running containers to find the container ID for Activepieces:

docker ps

Next, stop that container by replacing <container-id> with the actual ID you found:

docker stop <container-id>

Finally, pull the latest Activepieces image from Docker Hub:

docker pull activepieces/activepieces:latest

Start a new container using the same docker run command from above. Your flows and settings remain intact because they're stored in the mounted ~/.activepieces directory.

Keeping Drupal 7 Secure Beyond End of Life

Even as Drupal 7 reached end-of-life support January 2025, thousands of organizations continue to rely on it for mission-critical websites. Tag1’s Drupal 7 Extended Support (D7ES), program helps those teams maintain security and stability.

This month marks an important milestone: our first Drupal 7 core security release will be made available to the public, through the D7ES Announcements Page

This release is more than a patch, it represents Tag1’s continued commitment to the Drupal community and the open-source values that built it.

What’s in This Release

This update, already available to D7ES customers, introduces two key changes:

• A security fix for a vulnerability in JavaScript prototypes that can pollute all objects in an application

• PHP 8.4 compatibility updates, ensuring Drupal 7 sites continue running securely on modern infrastructure

  “This was our first official Drupal 7 core release under D7ES, a significant milestone that included both a critical security vulnerability fix and coordinated PHP 8.4 compatibility updates. This is important to me because releasing them together, the community only needs to regression test once.”

  Lucas Hedding — D7ES Security Lead, Tag1 Consulting

Why This Release Matters

Many organizations depend on Drupal 7 for active production environments. Without extended support, those sites are exposed to:

• Publicly known exploits (since vulnerabilities are disclosed on Drupal.org after fixes)

• Compliance failures tied to outdated PHP versions

• Dependency vulnerabilities from libraries like jQuery BBQ or CKEditor 4 (now end-of-life)

Tag1’s D7ES program bridges that gap by offering:

• Immediate access to verified, production-tested security patches
• Ongoing support for Drupal 7 core and key contrib modules
• Proactive compatibility updates for modern PHP versions
• One-on-one support for complex enterprise environments

Why Tag1 Publishes Its Patches

While D7ES customers receive all security updates first, Tag1 believes in balancing business continuity with open-source stewardship. That’s why we publish D7ES patches publicly one month after customer release, a commitment that reflects our belief in transparency and community responsibility.

“Even though it might be stronger business to keep them private, we think transparency and open collaboration make Drupal stronger overall”

Luke Pekrul — Project Manager, Tag1 Consulting

Why This Release Matters

Tag1 is the only D7ES provider sharing its patches publicly, helping ensure the entire Drupal 7 ecosystem remains more secure, even for those outside our customer base.

Stay Informed

You can follow future advisories and announcements here:

• D7ES Announcements Page
• RSS Feed for Security Updates

About Tag1’s D7ES Program

Tag1 Consulting is one of the official providers of Drupal 7 Extended Support (D7ES), a select group authorized by the Drupal Association to offer long-term support beyond end of life.

We help organizations:

• Keep Drupal 7 sites secure and compliant
• Maintain PHP and infrastructure compatibility
• Transition safely to modern Drupal or other platforms

If your organization still runs Drupal 7, you don’t have to choose between risk and rebuild. Tag1 D7ES keeps your site secure while you plan what’s next.

Learn more about D7ES or contact us today!

Join the global Drupal community in the historic city of Nara, Japan, for DrupalCon Nara 2025. From 16–19 November 2025 at Hotel Nikko Nara, immerse yourself in bilingual English/Japanese sessions, hands‑on contribution days, and a city‑wide treasure hunt through a UNESCO World Heritage landscape—all tailored for Drupal users, developers and contributors across Asia and the world.

We've overhauled Drupal's industry landing pages to better showcase the real-world impact of Drupal across critical business sectors. These refreshed pages represent a new, more strategic approach to how we position Drupal for enterprise audiences.

These redesigned industry pages create focused spaces where prospects in specific industries can see Drupal solving problems they recognize—at the scale and complexity they need. Instead of generic CMS messaging, decision-makers in retail, healthcare, government, and other sectors now find pages that speak directly to their pain points, featuring case studies from organizations facing similar challenges.

What's Changed

Curated excellence
We are moving away from allowing agencies to book slots, to instead carefully selecting the best projects that demonstrate Drupal's capabilities. This means visitors see the most compelling case studies—recognized brands, innovative solutions, and clear business results that sell Drupal effectively.

Updated design and brand
The pages now reflect Drupal's updated brand and modern website design, presenting a professional, enterprise-grade appearance that matches the quality of the projects we showcase.

Industry-specific messaging
Each page features value propositions tailored to that industry's pain points, rather than generic CMS benefits. Retail pages talk about campaign velocity and Black Friday traffic. Healthcare pages address compliance and patient experiences. The messaging speaks directly to what matters in each sector.

Current Industry Coverage

The refreshed pages now cover:

• Enterprise - Multi-brand governance and Fortune 500 scale
• Government - Citizen services and public sector digital transformation
• Education - Campus platforms and academic digital experiences
• Nonprofit - Mission-driven organizations maximizing impact
• Ecommerce - Commerce-driven digital experiences
• Fintech - Financial services and secure digital banking
• Healthcare - Patient experiences and healthcare digital transformation
• Retail - Omnichannel retail and campaign velocity
• Travel & Tourism - Destination marketing and travel experiences

Have ideas for new verticals or feedback on current pages?
Reach out to Ryan directly (ryan.witcombe@association.drupal.org)

How We Select Case Studies

To maintain quality and support the partners who support the Drupal project, we follow a clear selection process:

DCP exclusivity
Case studies featured on industry pages come exclusively from Drupal Certified Partners. These agencies support the Drupal project and allow us to maintain Drupal.org, create resources like these pages, and invest in the ecosystem. Featuring DCP work on these pages is one way we deliver value back to our partners.

Quality and credibility
We prioritize case studies that feature:

• Well-known, trusted brands that prospects will recognize
• Innovative approaches and technical sophistication
• Clear business results and compelling transformation stories
• Projects that best demonstrate Drupal's enterprise capabilities

Diversity and representation
Within each industry vertical, we aim for:

• Geographic diversity (not all projects from one region)
• A mix of project types and challenges
• Different DCPs represented (avoiding concentration with one partner)
• Variety in organization size and complexity
   

Regular review and updates
We review these pages quarterly to ensure they showcase the best current work. However, if an exceptional case study is posted to Drupal.org between reviews, we may add it immediately. This keeps the pages fresh while ensuring we never miss an opportunity to showcase outstanding work.

Also New: Monthly "Best of Drupal" Social Campaigns

The refreshed industry pages are part of a broader commitment to consistently showcasing Drupal excellence. We've also launched a monthly "Best of Drupal" carousels on social media that highlights outstanding projects from across the community.

These monthly campaigns:

• Celebrate exceptional work from DCPs and the broader Drupal community
• Build momentum by regularly showcasing what Drupal can do
• Create shareable content that partners can amplify through their own channels
• Keep Drupal visible in social feeds where decision-makers spend time

Together, the industry pages and monthly social campaigns create a consistent drumbeat of Drupal excellence—making it easier for prospects to discover what's possible and for partners to demonstrate their expertise.

Get Involved

These pages showcase industries where we have strong case studies and proven success. To keep them fresh and expand coverage, we need:

• Quality case studies from DCPs with recognized brands and clear results
• Client quotes - We're looking for compelling testimonials from your clients—the actual site owners, CMOs, CTOs, and end users who experience Drupal daily. Quotes that speak to business impact, technical capabilities, or how Drupal solved their specific challenges add authenticity and credibility to industry pages. Submit quotes alongside your case studies or send them separately.
• Your feedback on additional verticals that should be represented

Want your work featured? Maintain your DCP status, submit compelling case studies to Drupal.org with quantifiable results, and send us powerful quotes from your clients about their Drupal experience.

Not yet a Drupal Certified Partner? Becoming a DCP supports the Drupal project, gives you access to benefits like featured placement on these industry pages, and demonstrates your commitment to the Drupal ecosystem. Learn more about becoming a DCP.

Have ideas for new verticals or feedback on current pages?
Reach out to Ryan directly (ryan.witcombe@association.drupal.org)

At Dripyard we’ve been preparing our premium Drupal themes for Canvas. If you haven’t heard, Drupal Canvas is Drupal’s next-generation page builder built to rival tools like Gutenberg, Webflow, and AEM.

With Canvas, Drupal’s page-building capabilities finally match its powerful content modeling system. It feels fresh, intuitive, and fast compared to previous approaches.

A smart user role setup on your Drupal website delivers multiple benefits in one move. It brings consistency to workflows, reduces human error, and boosts website security through fine-grained access.

 

A smart user role setup on your Drupal website delivers multiple benefits in one move. It brings consistency to workflows, reduces human error, and boosts website security through fine-grained access.

 

A LinkedIn prompt by The DropTimes asking "What was your first version of Drupal?" drew nostalgic replies that span over two decades. From experimental beginnings with Drupal 3.4 to modern adoption in versions 9 and beyond, practitioners shared how each version marked their entry point—and growth—in the Drupal ecosystem. These reflections reveal not only technical evolution, but also how each wave of contributors shaped the community.

Drupal has always been about flexibility and control. The amazee.ai AI Provider takes that same spirit and applies it to artificial intelligence. It lets you connect a Drupal site to powerful AI models in less than two minutes. No hidden dependencies and no waiting around for credentials to propagate. All of this is free for the first 30 days so you can experiment and use recipes that require LLMs and VectorDBs, and build!

Fast, Open, and Built for Drupal

The provider installs on any Drupal site running 10.2 or higher. Once enabled, it connects you to enterprise-grade AI models and a vector database built directly into the service. There’s no need to configure an external database or manage API tokens across multiple vendors. Everything works inside your existing Drupal environment - no need to change your hosting provider.

It’s also open source and built by the Drupal community in partnership with amazee.ai. That means full transparency, data sovereignty, and no surprises about how your data is handled. You can choose processing regions in Switzerland, Germany, the US, or Australia to meet compliance needs without compromise. If you need a different region, just ask the amazee folks.

Try It Without Limits

Every new install comes with 30 days of unlimited AI tokens. That’s a full month to experiment, automate, and build without worrying about quotas. If you’re a developer contributing to Drupal AI, maintaining modules, or running trainings/workshops, you can request a developer account that gives you ongoing access at no cost.

When the trial ends, a regular account costs only $30 per month for a Pro Account, $100 per month for a Growth Account, and if you need more, amazee.ai can tailor an Enterprise account as well. It’s predictable, simple, and keeps you connected to the same infrastructure used for professional Drupal AI development.

In workshops, we’ve had participants install the provider, connect it, and build working AI features before the session break. The setup is fast enough that you spend time building, not troubleshooting. If you’re doing a talk, running a workshop, or conducting a training - reach out and we can explain how to spin up fully operational sites for you and your students in 2-3 minutes with no credit card.

Built for How the Community Works

The amazee.ai AI Provider was created to support Drupal’s open ecosystem. It’s maintained in public view, designed for collaboration, and made for people who want control over how AI runs on their sites. It works on any hosting platform, whether you’re using Acquia, Pantheon, Platform.sh, or a self-hosted stack.

It’s the easiest path yet to bring AI into Drupal without giving up data ownership or flexibility.

https://www.drupal.org/project/ai_provider_amazeeio

File attachments:  amazee image.jpeg

The standard eCommerce workflow requires users to navigate to a product page and click an “Add to Cart” button. Simple. Direct. Most people are familiar with it. But for certain applications, you want to streamline this experience and remove as much friction as possible.

Membership renewals, email or SMS campaigns for specific products, quotes generated from sales reps, and embedded purchases within content. We developed the Commerce Cart Links module for these situations, and more.

The module exposes a /cart-links route that accepts product variation IDs, quantities, and optional parameters for controlling cart behavior and redirects. When a user visits a cart link URL, the module processes the specified product variations, adds them to a cart, and optionally redirects to a specified destination.

Here's a quick demo:

Use casesMembership renewal workflows

Membership organizations with tiered structures can use cart links to send direct purchase links to members during renewal periods. Each member receives a URL specific to their membership tier, bypassing the need for them to navigate your website.

This approach reduces support overhead from members purchasing incorrect membership tiers and streamlines the renewal process for organizations managing thousands of members.

Read more

The DrupalFit Challenge – Vienna Edition 2025 has offered a revealing snapshot of how Drupal websites perform today. Conducted by OpenSense Labs ahead of DrupalCon Vienna, the audit examined 148 sites across key areas—security, performance, SEO, and accessibility. The findings show that while many Drupal sites maintain strong technical foundations, accessibility and performance remain widespread challenges. With 84.5% of sites showing accessibility issues and 83.1% facing performance concerns, the report underscores where developers and agencies should focus their next improvements to keep Drupal websites fast, secure, and inclusive.

Enhance your Drupal website’s visibility, performance and overall health with regular audits. Find a handy checklist of things to remember and tools to help you audit your Drupal site.

Today we are talking about AI, New Drupal Features, and the future of AI in Drupal with guest Jamie Abrahams. We'll also cover Orchestration as our module of the week.

For show notes visit: https://www.talkingDrupal.com/527

Topics

• Exciting Announcement: Object-Oriented Hooks in Themes
• The Drupal AI Initiative
• Canvas AI and Migration Challenges
• AI Powered Features and Future Directions
• AI's Role in Drupal vs. Other Platforms
• Human in the Loop AI in Drupal
• Canvas AI and Human Control
• Challenges with Customizability and AI Integration
• Transparency and Ethics in AI
• Modernizing Drupal's Core for AI
• Future of AI in Drupal
• Community Engagement and Events

Resources

• Flowdrop
  • https://www.drupal.org/project/flowdrop
  • https://flowdrop.xyz/
• Dries blog
  • Rethinking drupal in the world of AI
• Tool
• Paris event
  • API days
• Pune Event - 29th - 30th November
• Tracking
• Action API issue

Guests

Jamie Abrahams - freelygive.io yautja_cetanu

Hosts

Nic Laflin - nLighteneddevelopment.com nicxvan John Picozzi - epam.com johnpicozzi Maya Schaeffer - evolvingweb.com mayalena

MOTW Correspondent

Martin Anderson-Clutz - mandclu.com mandclu

• Brief description:
  • Have you ever wanted to expose Drupal's capabilities to external automation platforms? There's a module for that.
• Module name/project name:
  • Orchestration
• Brief history
  • How old: created in Aug 2025 by Jürgen Haas of LakeDrops, in collaboration with Dries, who some of our listeners may be familiar with
  • Versions available: 1.0.0, which supports Drupal 11.2 or newer
• Maintainership
  • Actively maintained
  • Security coverage
  • Documentation site
  • Number of open issues: 11 open issues, none of which are bugs
• Usage stats:
  • 3 sites
• Module features and usage
  • With the Orchestration module installed, external systems can trigger Drupal workflows, call AI agents, and execute business logic through a unified API
  • The modules functions as a bi-directional bridge, so Drupal events like content updates, user registrations, or form submissions can also trigger external processing
  • Using the Orchestration module with the Activepieces automation platform in particular was featured at about the one hour mark in the most recent Driesnote, from DrupalCon Vienna, and we'll include a link to watch that in the show notes. The complex example Dries shows is pulling content from a Wordpress site, using AI to evaluate whether or not each post met certain criteria, and then conditionally calling one of a couple of ECA functions, in addition to using AI to rewrite the incoming content to change Wordpress terminology into Drupalisms
  • Under the hood Orchestration provides an endpoint that will return a JSON list of services, including the properties that are needed for each service. The external service also needs to provide the username and password for a Drupal account, so you can control what services will be available based on permissions for the Drupal user that will be used
  • Already Orchestration works with ECA, AI Agents, Tool API, and AI function calls
  • There is also work underway for integrations using webhooks, for integration platforms that aren't ready to directly support Drupal's orchestration services
  • In his presentation Dries mentioned that they are looking for feedback. Specifically, they would like feedback on what platforms should have integrations available

Date: 2025-November-03Description: 

The upcoming Drupal core security release window has been rescheduled from November 19, 2025 to November 12, 2025. As normal, the window will occur between 1600 UTC and 2200 UTC.

Schedule change for back-to-back DrupalCons

This schedule change is due to DrupalCons Vienna and Nara overlapping the October and November core security windows. We do not schedule core security windows during DrupalCons so that site owners and agencies can attend these conferences without having to worry about their sites or clients.

December is also not typically used for core security releases due to the quick sequencing of the Drupal core minor releases and the end-of-year holidays. This would mean a period of four months where we could not provide any regularly scheduled security update.

No special release procedures

The schedule change is not due to any highly critical issue that would require special release procedures.

As a reminder, a Drupal core security window does not necessarily mean a Drupal security release will occur, only that one is possible.

Coordinated By: 

• catch (catch) of the Drupal Security Team
• Damien McKenna (damienmckenna) of the Drupal Security Team
• Neil Drumm (drumm) of the Drupal Security Team
• Greg Knaddison (greggles) of the Drupal Security Team
• Lee Rowlands (larowlan) of the Drupal Security Team
• Drew Webber (mcdruid) of the Drupal Security Team
• Juraj Nemec (poker10) of the Drupal Security Team
• Jess (xjm) of the Drupal Security Team
• Cathy Theys (yesct) of the Drupal Security Team

Experience Drupal in a new way with Drupal Canvas, the visual builder that makes creating and collaborating simple and intuitive.