Drupal Planet

DrupalCon has always been a conference by the community, for the community—and as we look ahead to DrupalCon North America 2026 in Chicago, we’re making thoughtful changes to ensure it continues to reflect those values.

After a successful DrupalCon Atlanta, we’ve taken time to reflect, gather feedback, and make updates that prioritize access, sustainability, and community connection.  Each of the changes outlined below is rooted in one or more of these values—whether it's improving affordability, building lasting relationships, or creating a more efficient and inclusive event experience. With guidance from the DrupalCon North America Steering Committee, we’re excited to share a refreshed ticket structure, updated volunteer policies, a reimagined Expo Hall, and a renewed focus on summits, trainings, and collaboration.

We’ve simplified and lowered the cost of general admission tickets to make DrupalCon more accessible—without sacrificing the quality of experience our community expects. These changes were driven by feedback from past DrupalCon attendees, the North American Steering Committee, and the community at large, all of whom expressed a strong desire for more affordable access to the event.

Ticket Tier

Atlanta 2025

Chicago 2026

Savings

Early Bird

$890

$575

$315

Regular

$990

$700

$290

Late/Onsite

$1,190

$850

$340

Early Bird registration opens September 15, 2025 and is open for 16 weeks!
Secure your ticket early to lock in the best rate.

For every 5 tickets purchased from a Drupal camp or local association, that community will receive 1 complimentary ticket to share with a deserving community member, with a max of 10 complimentary tickets per local camp or association. It's our way of reinvesting in local leadership and participation.

This change reflects our focus on access and sustainability. In our DrupalCon Atlanta recap blog, we highlighted how streamlined operations improved the event experience for attendees and volunteers alike. Building on that momentum, we recognized the need for clearer guidelines to ensure volunteer opportunities are distributed fairly and effectively.

We’ve updated the volunteer ticket structure to make it more equitable and scalable:

• Volunteer under 20 hours → 25% discount
• Volunteer 20+ hours → Complimentary ticket

These tickets are non-transferable and may not be combined with other discounts.

Previously, volunteer ticket codes were sometimes misused or distributed without proper oversight. These updated guidelines help preserve full complimentary tickets for those who contribute a significant amount of time and effort, while also creating new opportunities for others to attend at a reduced rate.

Additionally, we’ve streamlined the on-site registration process with self-check-in, reducing the need for a large number of on-site volunteers and allowing us to focus support where it’s most impactful.

Learn more and sign up to volunteer.

Summits are one of DrupalCon’s most valuable opportunities for industry-specific collaboration and knowledge sharing. Designed to connect attendees working in the same verticals, these events offer focused access to speakers with real-world experience, engaging roundtable discussions with peers in similar roles, and meaningful conversations about shared challenges. Attendees walk away with practical takeaways and lasting connections, while participating sponsors have a chance to introduce themselves to leaders in the space in an organic, relevant way.

Taking place Monday, 23 March 2026.

Join peers in:

• Healthcare
• Higher Education
• Government
• Nonprofit
• Community

Each summit features two half-day sessions that do not conflict with the main conference program, creating space for meaningful discussion and idea sharing.

Summit Type

Atlanta 2025

Chicago 2026

Industry Summit

$250

$300

Community Summit

Free

Free for RippleMaker members, $50 for non-member
(Click HERE to become a Ripple Maker)

Lunch is not included with the Community Summit, but a lunch ticket add-on will be available for purchase during registration.

DrupalCon Trainings remain at $500 and offer deep-dive, expert-led learning opportunities on a wide range of Drupal skills.

You’ll notice more networking spaces, and informal meeting zones—especially in the Expo Hall and hallways. We’re doubling down on meaningful, unstructured connections.

These changes are only possible through thoughtful cost management and the continued support of our sponsors. Their partnership helps us keep ticket prices accessible while delivering the high-quality experience the community expects. We’re grateful to those who invest in DrupalCon and help us create an event that welcomes and supports everyone.

The Drupal Association is happy to issue official invitation letters for those requiring a visa.

Request your visa letter here.

Letters are generated automatically—just complete the form and check your email (including spam folders).

Milestone

Date

Program at a Glance Released

6 June 2025

Call for Speakers Opens

21 July 2025

Early Bird Registration Opens

15 September 2025

Call for Speakers Closes

26 September 2025

Grants & Scholarships Applications Open

1 October 2025

Grants & Scholarships Applications Close

31 October 2025

Session Notifications to Speakers

12 November 2025

Grant & Scholarship Recipients Announced

12 November 2025

Regular Registration Opens

5 January 2026

Conference Schedule Available

13 January 2026

Late Registration Opens

23 February 2026

DrupalCon Chicago

23-26 March 2026

Hilton Chicago is DrupalCon’s official headquarters hotel—and it's where the magic happens.

From morning coffee chats to late-night strategy sessions in the lobby, this is where the community connects. Staying on-site helps you maximize your time, make spontaneous connections, and be part of the full experience.

Book your room at the Hilton Chicago.

We’re reimagining our sponsorship offerings to better connect you with the Drupal community—bringing fresh opportunities and updated packages designed for greater visibility, value, and impact.

Want to be the first to know when they go live? Email [email protected] and we’ll make sure you're on the list.

DrupalCon is more than just a conference—it’s the beating heart of our community. These changes help us keep that heart strong, inclusive, and accessible.

We can’t wait to see you in Chicago, 23-26 March 2026. 

Working with Drupal requires certain experience, knowledge, and skills. Even if you successfully create a project on Drupal, in the near future, you will need to install updates and upgrade the site. To avoid doing this manually, use a convenient new solution.
Drupal Auto-Updates in 2025 is a new option for auto-website updates. Thus, you can forget about constant control of each patch or fix. The system will independently and automatically work through everything if necessary.
Today you will learn all the necessary details about Drupal auto-updates and how this will affect web development and website owners in the future.

Drupal is entering a new era, transforming into an AI-first CMS. Powered by open, ethical, and human-centred AI.

We’re proud to launch the free webinar training series offered in partnership with the European Commission. These free, public webinars are designed to equip the global Drupal community with practical skills, architectural understanding, and the ethical frameworks needed to work with AI inside Drupal. Whether you’re a developer, site builder, content strategist, or part of a digital agency team, there’s something here for you.

The series brings together contributors from across the open source AI ecosystem, featuring maintainers of the AI module, members of the Drupal AI Strategic Initiative, and the wider Drupal CMS innovation team.

We really believe that the process of contributing—of trying things out, experimenting on difficult problems—helps bring AI knowledge into both individuals and their organisations.
 Jamie Abrahams

“Bringing Drupal AI into your  DNA - How to Learn, Use and Contribute to the Drupal AI Ecosystem”, aired live on 10 June and is available to watch on YouTube. Hosted by Jamie Abrahams (FreelyGive) with a guest appearance from Drupal founder Dries Buytaert (Acquia), this session outlined the architecture, vision, and community momentum behind Drupal’s approach to AI.

It introduced viewers to:

• The AI module and its plugin-based approach to LLM providers
• Use cases like content automation, accessibility improvements, and semantic search
• The ethical principles guiding Drupal’s AI efforts: Trust, Transparency, and Choice
• Drupal AI Agents and Swarms: modular, no-code AI orchestration already in use today
• A strategic roadmap that includes tight integration with upcoming Experience Builder features and MCP (Model Context Protocol)

We imagine a future where site builders define the goal—like 300 event signups—and AI agents get to work alongside humans to make it happen.
Dries Buytaert

In the coming months, the webinar series continues with targeted training sessions that build upon each other. All sessions are free, recorded, and open to the public.

• 1 July: Installing the AI Module & Basic Features
• 2 September: AI Search
• 23 September: AI Agents (No-Code Creation)
• 7 October: Advanced: Build AI Agents with Code

Each webinar will include demonstrations, practical walk-throughs, and guidance on how to get started, contribute back, and explore AI ethically in your Drupal projects.

AI is not a substitute for human intelligence—it’s a tool to amplify human creativity and ingenuity.
Jamie Abrahams

You can sign up for upcoming sessions and explore the series details. This is your opportunity to learn from the team building the future of Drupal and to participate in shaping it. Are you interested in content automation, smarter search, accessibility tooling, or advanced AI orchestration? Then this series is for you.

We can’t skip the human-in-the-loop. It’s essential that humans stay in control, and that AI in Drupal remains transparent, auditable, and ethical.
Dries Buytaert

If you believe in the power of open source, ethical tech, and community-led innovation, this is where to begin.
 

When a client has a need or idea that other people might benefit from, it's a great opportunity to contribute a module back to the community. I recently created the new Autocreate Access module to solve a problem on a project where Drupal's autocomplete tagging widget for taxonomy terms didn't work as our client expected. Typically, Drupal sites utilise this field widget to allow users to create new categories for their content on the fly. However, our client wanted to prevent ordinary site visitors from being able to create new tags, but still be able to select from existing ones - whilst allowing privileged editors to create tags from the same widget. 

Without this module, Drupal doesn't make that distinction between different kinds of users: either everyone who can use the widget can create new terms, or none of them can!

Drupal already has excellent access controls in place, using roles and permissions for granular control over what different kinds of visitors can see and do. It even includes specific CRUD permissions for each vocabulary of terms that this widget allows picking from. So all I needed to do was wire up the autocomplete tagging widget to respect the existing permission for creating terms in the vocabulary for these tags. Install the module, and then configure it in any fields you want to use it for: simply tick the 'Respect access' box on Drupal's configuration form for editing a field:

As the description beneath the checkbox in that screenshot implies - this applies to any entity, not just taxonomy terms! The 'Tags style' autocomplete widgets are most commonly used with taxonomy terms, but they can be used on any entity reference field. Given that access controls around other entity types often need to be tighter, I can see this being an important tool to allow the easy editing that this widget provides, without circumventing restrictions!

Under the hood, the autocomplete widget uses Drupal's entity_autocomplete form element, which uses an #autocreate property to control how unmatched tags should be handled. (Hence 'autocreate' in my module's name!) The field widget simply populates this with the vocabulary/bundle selected in the field configuration. The Autocreate Access module just adds a check to enforce that the #autocreate property is only set when the currently logged-in user actually has access to create those terms/entities.

You might think that perhaps Drupal should do this by default - and it's an open question that's been asked before which is probably worth addressing in core. But I can appreciate that many websites still want to allow easy free-tagging without having to think about permissions (or giving direct access to full standalone forms for creating terms). Changing that behaviour could break backwards-compatibility, which might not be worth the hassle of delivering a change within core. At least this new module now makes it easy to choose whether to respect vocab permissions when creating tags on the fly. 

I've just tagged (get it?!) the first stable release of the new Autocreate Access module - please let me know how you get on with it or if you have any ideas for it!

In this episode of Talking Drupal, we dive into the world of Drupal user groups and meetups with guests Lee Walker, Bernardo Martinez, and Bo Shipley. Our guests share their experiences in organizing and participating in Drupal communities and the vital role these meetups play in fostering continuous learning and professional development. We also explore the newest features of Drupal Core 11.2 in the Module of the Week.

For show notes visit: https://www.talkingDrupal.com/508

• Meet the Guests: Lee, Bo, and Bernardo
• Module of the Week: Drupal Core 11.2
• Diving into Drupal User Groups and Meetups
• Personal Journeys into Drupal User Groups
• The Role of Meetup.com in Drupal Communities
• Organizing and Attending Meetups vs. Conferences
• Challenges and Strategies for Growing Meetups
• Virtual and Hybrid Meetups: Impact on Attendance
• Success Tips for Organizing Meetups
• Keeping Meetups Simple and Engaging
• Preventing Organizer Burnout
• Challenges and Changes in Meetup Cadence
• Finding and Retaining Meetup Members
• Communication Tools for Meetup Groups
• The Importance of In-Person Meetups
• Advice for Starting or Restarting Meetups
• Conclusion and Contact Information

Drupal.org Events The Drop Times Events Meetup.com Drupal Chattanooga Drupal Users Group Chattanooga Drupal Camp

Lee Walker - www.codejourneymen.com mr_scumbag Bo Shipley - simplyshipley Bernardo Martinez - linkedin bernardm28

Stephen Cross - stephencross John Picozzi - epam.com johnpicozzi JD Leonard - modernbizconsulting.com jdleonard

with Martin Anderson-Clutz - mandclu.com mandclu

Drupal Core 11.2

• Single Directory Components (SDCs) have been a focus of excitement for Drupal’s front end developers since they were added to Drupal 10.1 as an experimental module, and merged into 10.3 as a stable feature. With Drupal 11.2, SDCs now have a concept of variants, to allow for different ways of presenting a component’s information. Some component frameworks like Storybook have a somewhat different concept of variants, which is really a set of property value presets that are useful for testing. Variants with Drupal SDCs strike me as being analogous to view modes for content types, in that you can have separate template files for each variant, or you can have conditional logic within a single template based on the variant in use.
• Our own nicxvan, chx, and some others put some significant work into allowing preprocess hooks to be defined as OOP classes, which bring us a significant step closer to not needing .module files anymore. Hooks (and .module files) are Drupalisms, so removing the need for them is a big improvement for Developer Experience, and makes it easier for developers to get started with Drupal
• In Drupal 11.2 the module installer has been updated to only rebuild the container after several modules have been installed, which significantly speeds up installing multiple modules at once.
• Drupal 11.2 also brings us a Recipe Unpack composer extension, so when you composer require a recipe, the dependencies get automatically added to your site’s composer.json file, so you can apply and then remove the recipe and still have a fully functional site
• Package Manager is now a hidden module in Drupal core, which is critical for initiative like Automatic Updates and Project Browser, that the community has been working on for years
• Drupal core now also supports the next-generation AVIF format, with WEBP as a fallback with servers that don’t support generating them
• Of course there are also a variety of dependency updates as well, for CKEDitor, Symfony, composer and more, as well as too many minor improvements and bugfixes to cover in detail here

You have probably heard about the new strategic Drupal AI Initiative announced by Dries and the DA a couple of weeks ago. Let’s get together to learn more about it!

We’ll discuss:

• Initiative history and overview
• How we are organized
• Who’s involved, and how can you join
• Where to find the latest information
• Bring your questions for an AMA

Looking forward to seeing you. If the time doesn’t work for you, don’t worry, the webinar will be recorded and made available within a few days. And, you can ask follow-up questions in the #ai-initiative Slack channel.

Time: 26 June Thursday 1600 UK / 1700 CEST / 0800 Pacific / 1100 Eastern / 2030 India

To join the session, please, use this link to register.

Drupal CMS 1.0 was released earlier this year, and work is actively underway on the Experience Builder. This visual site-building tool enables users to create layouts directly in the browser, utilising drag-and-drop features. The project is currently in alpha and scheduled for full release by the end of 2025. At the same time, the Drupal AI Initiative has launched with $120,000 in funding to develop tools that help generate layouts, forms, and content based on user input. These tools are built with human oversight in mind: users can review, edit, or reject suggestions. This shift reflects a clear goal: make it faster to build and manage sites without relying entirely on developer resources.

The current board election connects directly to these developments. The Drupal Association is holding its 2025 at-large board member vote from June 18 to July 11. Seven candidates, Alexander Varwijk, Carlos Ospina, Matthew Saunders, Matt Glaman, Maya Schaeffer, Vladimir Roudakov, and Will Huggins, are running to fill the seat held by Fei Lauren. Each candidate has published a platform addressing key areas like onboarding, contributor experience, community inclusion, and responsible use of automation. These issues align with Drupal’s current work, including its focus on non-technical users and expanded access to site-building tools.

The Drupal Association board plays a direct role in supporting new features and community programs. Its decisions affect funding, contributor support, and how major initiatives, such as the Experience Builder and Drupal AI, are maintained over time. The individual elected to the at-large seat will help guide these efforts, ensuring they are aligned with both user needs and available resources. Voting is open to all eligible members through July 11, and participation ensures these decisions reflect the priorities of the wider Drupal community.

• A Look Under the Hood of Lupus Decoupled Drupal

• Meet Alexander Varwijk — Candidate for the 2025 Drupal Association Board Election

• Meet Carlos Ospina — Candidate for the 2025 Drupal Association Board Election

• Meet J Matthew Saunders — Candidate for the 2025 Drupal Association Board Election

• Meet Matt Glaman — Candidate for the 2025 Drupal Association Board Election

• Meet Maya Schaeffer — Candidate for the 2025 Drupal Association Board Election

• Meet Vladimir Roudakov — Candidate for the 2025 Drupal Association Board Election

• Meet Will Huggins — Candidate for the 2025 Drupal Association Board Election

• Drupal Core to Adopt Gin Admin Theme, Replacing Claro by 2025

• SPARC: Solar Powered Advanced Renewable Control

• Drupal 11.2.0 Released with Performance and API Upgrades

• Drupal AI 1.1.0 Introduces Agentic Framework, Enabling No-Code AI Agent Deployment

• Your Vote, Their Vision: 2025 Drupal Board Election Candidates

• DrupalCon Vienna Extends Splash Awards 2025 Submission Deadline to 23 June

• Sponsorship Opportunities Open for Drupal Developer Days 2026 in Athens

• Discover How Drupal Solves Business Challenges: Meetup in Bern, Switzerland – June 24, 2025

We acknowledge that there are more stories to share. However, due to selection constraints, we must pause further exploration for now.

To get timely updates, follow us on LinkedIn, Twitter and Facebook. You can also join us on Drupal Slack at #thedroptimes.

Thank you, 
Sincerely 
KAZIMA ABBAS
Sub-editor, The DropTimes.

Still have Drupal 7 (D7) website? That’s okay for now. But let’s be honest: in today’s threat landscape, security is not optional. With D7 reaching its official end-of-life, staying protected means relying on more than just luck or legacy systems. That’s where Extended Support comes in, and why it matters now more than ever.

Cyber threats have evolved. So have regulations. Older platforms like D7 are prime targets if not properly maintained. Without official support, vulnerabilities go unpatched, and your organization could face:

• Data breaches or theft
• Damage to your brand reputation 
• Compliance issues (GDPR, PCI, HIPAA, etc.)
• Unexpected downtime and recovery costs
• Technical problems (e.g. unsupported modules affecting your website’s SEO)
• Complete lack of updates

In short: no security = high risk.

With Extended Support (ES), you're not left in the dark. At Dropsolid, we’re one of only three official D7 ES partners worldwide and the only one based in Europe. 

From day one, we have focused primarily on Drupal. Many of our senior developers have worked with D7 for years. Unlike many young developers, they do have the deep knowledge to keep your website secure and performing. This makes us part of a highly specialized group with the tools, access, and knowledge to keep your site secure long after official support has ended.

Here’s how we protect your D7 site:

• Proactive security patches
  We receive enterprise-grade patches before release, backed by a bug bounty program and ethical hackers 
   
• Continuous vulnerability monitoring
  We proactively scan for threats and respond before damage can occur
   
• Infrastructure hardening
  Whether you stay on your current hosting or migrate to our Experience Platform, we secure your environment at every level
   
• Expert D7 knowledge
  Our ISO 27001-certified team, with thousands of Drupal contributions,  ensures that patches are applied correctly and modules remain compatible
   
• Custom code support & compliance auditing
  We help maintain your custom functionality and monitor GDPR/accessibility compliance

Sticking with D7 doesn’t mean compromising on safety. With ES, your platform stays stable and protected, buying you valuable time to plan a thoughtful migration without rushing under pressure. And let’s face it: nothing beats peace of mind when your digital presence is at stake.

Extended Support is not forever, but it is your strongest shield in right now. At Dropsolid, we help you stay secure today while preparing you for what’s next. We can help you with:

• Drupal 7 Extend Support to stay secure today
• Seamlessly migrate to a newer Drupal version
• Unlock future innovation through Drupal AI, helping you automate content, personalize user experiences and streamline workflows 

As a founding partner of the Drupal AI Initiative, Dropsolid is helping shape the future of AI in Drupal. From training to implementation, we bring the tools and expertise to turn AI into real value for your organization. 

Get in touch with us and have a call with our Drupal experts. We’ll assess your current setup, explore your goals, and help you choose the smartest path forward.

Contact us: https://dropsolid.com/en/contact

Drupal core will adopt Gin admin theme to replace Claro -- how does this affect you and how to get involved? https://www.drupal.org/about/core/blog/drupal-core-will-adopt-gin-admin-theme-to-replace-claro

Posted on 20 Jun 2025 - 2:00 pm

A long while back, security researcher Sam Mortenson reported a cross-site scripting vulnerability in Drupal core's Link module. Essentially, the options property on link fields was not being properly sanitized. This meant cross-site scripting was possible under some circumstances -- and, as always for cross-site scripting, we were concerned that the XSS could be combined with other attacks and escalated to more serious exploits.