Drupal Planet

Security advisories: Drupal core - Critical - Arbitrary PHP code execution - SA-CORE-2022-014

2 months 1 week ago
Project: Drupal coreDate: 2022-July-20Security risk: Critical 15∕25 AC:Basic/A:Admin/CI:All/II:All/E:Theoretical/TD:UncommonVulnerability: Arbitrary PHP code executionDescription: 

Drupal core sanitizes filenames with dangerous extensions upon upload (reference: SA-CORE-2020-012) and strips leading and trailing dots from filenames to prevent uploading server configuration files (reference: SA-CORE-2019-010).

However, the protections for these two vulnerabilities previously did not work correctly together. As a result, if the site were configured to allow the upload of files with an htaccess extension, these files' filenames would not be properly sanitized. This could allow bypassing the protections provided by Drupal core's default .htaccess files and possible remote code execution.

This issue is mitigated by the fact that it requires a field administrator to explicitly configure a file field to allow htaccess as an extension (a restricted permission), or a contributed module or custom code that overrides allowed file uploads.


Install the latest version:

All versions of Drupal 9 prior to 9.3.x are end-of-life and do not receive security coverage. Note that Drupal 8 has reached its end of life.

Drupal 7 core is not affected.

Auditing your files directory's .htaccess to ensure it has not been overwritten or overridden in a subdirectory

If your web server uses Apache httpd with AllowOverride, you should check within your files directories and subdirectories to ensure that any .htaccess files present are intentional. You can search for files named .htaccess by running the following command in the roots of both your public and private files directory:

find ./ -name ".htaccess" -print

Drupal automatically creates .htaccess files like the following in the root of the public files directory:

# Turn off all options we don't need. Options -Indexes -ExecCGI -Includes -MultiViews # Set the catch-all handler to prevent scripts from being executed. SetHandler Drupal_Security_Do_Not_Remove_See_SA_2006_006 <Files *> # Override the handler again if we're run later in the evaluation list. SetHandler Drupal_Security_Do_Not_Remove_See_SA_2013_003 </Files> # If we know how to do it safely, disable the PHP engine entirely. <IfModule mod_php7.c> php_flag engine off </IfModule> <IfModule mod_php.c> php_flag engine off </IfModule>

Check with your system administrator for the correct .htaccess configuration for the given files directory.

This advisory is not covered by Drupal Steward.

Reported By: Fixed By: 

Security advisories: Drupal core - Moderately critical - Access Bypass - SA-CORE-2022-013

2 months 1 week ago
Project: Drupal coreDate: 2022-July-20Security risk: Moderately critical 12∕25 AC:Basic/A:User/CI:Some/II:Some/E:Theoretical/TD:UncommonVulnerability: Access BypassDescription: 

Under certain circumstances, the Drupal core form API evaluates form element access incorrectly. This may lead to a user being able to alter data they should not have access to.

No forms provided by Drupal core are known to be vulnerable. However, forms added through contributed or custom modules or themes may be affected.

This advisory is not covered by Drupal Steward.


Install the latest version:

All versions of Drupal 9 prior to 9.3.x are end-of-life and do not receive security coverage. Note that Drupal 8 has reached its end of life.

Drupal 7 core is not affected.

Reported By: Fixed By: 

Security advisories: Drupal core - Moderately critical - Information Disclosure - SA-CORE-2022-012

2 months 1 week ago
Project: Drupal coreDate: 2022-July-20Security risk: Moderately critical 13∕25 AC:None/A:None/CI:Some/II:None/E:Theoretical/TD:UncommonVulnerability: Information DisclosureDescription: 

In some situations, the Image module does not correctly check access to image files not stored in the standard public files directory when generating derivative images using the image styles system.

Access to a non-public file is checked only if it is stored in the "private" file system. However, some contributed modules provide additional file systems, or schemes, which may lead to this vulnerability.

This vulnerability is mitigated by the fact that it only applies when the site sets (Drupal 9) $config['image.settings']['allow_insecure_derivatives'] or (Drupal 7) $conf['image_allow_insecure_derivatives'] to TRUE. The recommended and default setting is FALSE, and Drupal core does not provide a way to change that in the admin UI.

Some sites may require configuration changes following this security release. Review the release notes for your Drupal version if you have issues accessing files or image styles after updating.


Install the latest version:

All versions of Drupal 9 prior to 9.3.x are end-of-life and do not receive security coverage. Note that Drupal 8 has reached its end of life.

Reported By: Fixed By: 

OpenSense Labs: A comprehensive guide to omnichannel content delivery

2 months 1 week ago
A comprehensive guide to omnichannel content delivery Maitreayee Bora Wed, 07/20/2022 - 18:22

Today the shopping culture is designed in a manner where the customers prefer going through a lot of content prior to making a purchase. Be it product reviews, articles, or influencer posts, they make an effort to consume it on every channel. 

Even though companies are offering great content experiences on their applications, websites, Facebook pages, and stores following a robust multichannel strategy. 

But the companies which are ensuring a consistent online and offline interaction with their customers, building a very holistic omnichannel customer experience tend to get more popularity and success in comparison to the rest. 

This article gives you a closer look at how an omnichannel approach can be considered effective and beneficial for both customers and progressive companies. 

Why should you adopt an omnichannel content approach?

What is an omnichannel content approach? An omnichannel content approach is simply all about bringing together all content channels in order to make them work parallelly to improve and customize the user’s experience. 

It is observed that brands adopting omnichannel strategies show an average retention rate of around 89 percent, and 69 percent of customers look for a consistent omnichannel experience. 

Most importantly, the impact of COVID 19 showed how customers are prioritizing the omnichannel trend. 2020 witnessed e-commerce sales growth of 55% and at the same time, shoppers additionally spent $107 billion online. To know more, read how businesses reimagined themselves post-pandemic and the impact of pandemic-driven digital transformation.

Also, by August 2020, BOPIS (Buy Online Pay in Store) reached a growth of 259%. Isn’t the number huge? Yes it is! 

By adopting an omnichannel approach you can reach your customers exactly where they are. 

They do not have to put an effort to find you, and regardless of where they are, your products and your team are just a click away. They even find it way more convenient to purchase your products on various platforms and channels. 

Therefore, getting the opportunity to purchase your product effortlessly irrespective of their preferred platform or device through several methods, the customers tend to be happier and satisfied in the long run. 

And it is to be kept in mind that customer satisfaction is the key to decreasing customer churn and letting them return to you for their necessities. To know more, read about how to deliver the perfect digital commerce experience to your customers. 

How to build an omnichannel content management platform? 

After understanding the significance of adopting an omnichannel approach, let’s now learn the ways to build an omnichannel content management platform that is highly essential for progressive businesses.  

Understanding your customers’ wants

The very first step in creating effective omnichannel content is by getting an idea about the people who will consume it. 

Thankfully, technological advancements have made this possible to a great extent. Since your customers leave data footprints each time they interact with the digital properties, it can help in developing customized marketing content and strategies. 

So, to conduct such smart analytics, artificial intelligence (AI) can be really helpful. And you can learn all the necessary information about your customers and offer them what they exactly want.  

By personalizing platforms

Personalization can be considered as the practice of personalizing the content that a consumer is offered based on their behaviors and preferences. Companies tend to grow their revenue by up to 15% prioritizing personalization. 

In the year 2018, 90% of customers revealed to Accenture that they would like to shop with brands that provide relevant offers based on their personal choices and preferences.  

By efficiently delivering content across channels Source: Contentstack 

By utilizing outdated legacy CMSes, you cannot offer integrated, and holistic content experiences to your customers across every channel. 

But by using headless CMS you can decouple the frontend (content presentation) from the backend (content organization and storage) and use APIs to deliver content to any and every digital channel. 

This allows organizations to quickly and seamlessly manage and publish content across multiple channels from just one central command hub. 

To know more, read about the state of headless architecture in 2021 and when and how to choose headless CMS for your business.

Choosing Drupal for omnichannel content delivery

Let us explore the reasons why choosing Drupal for omnichannel content delivery can be considered as the best option.

Since we know that brands today reach their customers not only via their websites but also through multiple channels. 

Therefore, CMS is not just utilized to send content to web browsers but it also pushes content to several other places. So, Drupal can be considered the source of content for several consumers. 

Apart from delivering content for a frontend website, decoupled Drupal can even deliver content through an API to be utilized by multiple other mediums, upon which the brand wishes to be present such as IoT, mobile applications, kiosk displays, etc. 

At times companies look for creating several websites that are separate (e.g., one for each event, brand, promotion, country), but that will share a huge amount of content. 

In a situation like this, it will be much easier to build one content engine (Drupal) that will offer content to all the microsites. 

Also, the microsites can be created very quickly and even closed whenever a need appears, and also the content can be contained in one single hub. 

Often Drupal is chosen when there is a requirement for headless CMS. The reason behind this is Drupal’s out of the box that has most of the necessary functionality. 

In fact, Drupal is regarded as the most mature CMSes and also has the most amazing APIs. There has been immense progress in enabling Drupal to serve and receive content through APIs as well. Therefore, Drupal CMS can be regarded as the best choice for omnichannel content delivery. 

Learn more:

What the future holds for omnichannel?

The rapid increase of the omnichannel approach will certainly be affected by several technical developments in the coming times. Presently, the driving forces behind it consist of adaptive presentation technologies. 

As a result, developers tend to use frameworks like Angular, React, and Vue.js in order to build single web pages and web applications reaching customer expectations. 

Also due to the rise of design thinking and design systems, organizations are prioritizing the user experience and also in what ways the technologies will impact the customers. 

Therefore, the future of omnichannel seems to place the users’ needs at the topmost priority leading to customer satisfaction and retention.

Also, to survive in the future of omnichannel, companies seriously need to look after their content services including content architecture, content structure, content variations, and metadata. 

Hence, we see a great future for omnichannel where companies will continue to handle all of their content efficiently, also offering consumers the customization and optimized experience they want.


This piece of work clearly defined the need for an omnichannel approach for offering seamless content delivery to potential customers across various channels. 

So, if you’re an entrepreneur of a progressive company, then you must know how to anticipate the customer’s needs and meet them accordingly by adopting omnichannel practices.

Articles Off

Community Working Group posts: New Drupal Community Working Group Conflict Resolution Team member: JD Flynn

2 months 1 week ago

The Drupal Community Working Group (CWG) is happy to announce the addition of JD Flynn to the Conflict Resolution Team. Based in Indiana, United States, JD has been a long time member of the Drupal community – for more than 7 years and has been one of the Community Working Group's mental health subject matter experts for more than 2 years. JD is a senior software engineer with Nerdery, has completed the Code of Conduct contact training, and is a frequent attendee and speaker at US-based Drupal events.

One of the 2022 goals of the Conflict Resolution Team is to expand, both bringing in new perspectives and allowing veteran members to retire. As part of the onboarding process, JD will serve as a provisional member of the Conflict Resolution Team with limited access to previous issues as well as mentoring on current issues. Per the CWG charter, JD has been approved by the CWG review panel.

In the coming months, we anticipate adding additional new members to ensure the long-term health of the Conflict Resolution Team and its ability to effectively serve the Drupal community. 

The CWG is responsible for promoting and upholding the Drupal Code of Conduct and maintaining a friendly and welcoming community for the Drupal project. To learn more about the group and what we’ve been up to over the last year, check out our recently-published annual report. 

Specbee: 7 Reasons Drupal is the Best CMS for Your Business in 2022

2 months 1 week ago
7 Reasons Drupal is the Best CMS for Your Business in 2022 Priyanka Phukan 19 Jul, 2022

With the ever-changing digital landscape, consumer demands are steeping. Most traditional consumers expect to have customized experiences from website layouts over multiple devices. In other words, if you visit on your mobile device, your experience will be catered to touch screen interaction and vice/versa for desktop.

A lot of the big guns in the market rely on modern content management systems that can mutate with the developing technologies.

Which is one of the reasons why Drupal is a high-in-demand CMS in this dynamic online ecosystem. With more than 1.7 million websites, Drupal has thrived to be the consistent choice of many businesses and organizations such as Tesla, NASA, NCAA, among many others.

Seeing those kinds of trends and growth, many companies not using Drupal might wonder about its standing in the world. Here are some examples of what many non-users might already know about Drupal:

  • Drupal is an open-source CMS platform providing interactive website layouts for small-to-large businesses and organizations.
  • It has a huge library of community-built and supported code and modules.
  • As a CMS, Drupal is highly scalable.

But there is so much more to it!


This article talks about the most important things you should know about Drupal to better understand its value and to help validate it with your team. Keep reading to find out how Drupal can help you continuously modernize with the current and future consumer needs.

Why Drupal Might be the Best CMS for Your Business?

You already know the basics about Drupal and its advantages on the outside. Let’s acquaint you with some in-depth out-of-the-box advantages that can be beneficial for your business in 2022.


When you plan to grow your business, it’s recommended to have all your content stacked together on one platform. That requires high security to ensure your data is well protected and secure on your website.

Drupal has a dedicated team of security experts who monitor and solve all the security issues reported to their Security Advisory. Additionally, the growing Drupal community is always on the watch-out for bad or infected codes, constantly checking for vulnerabilities. 

Drupal's security is also enhanced by a variety of core and contributed modules that support two-factor authentication, password security, and out-of-the-box password encryption capabilities.

Open Source Community

Drupal, being an open-source software platform, has a large community of developers. This is also why it becomes easier to get your issues solved in challenging circumstances. 

Additionally, the community includes developers and various technical professionals. The Drupal community is constantly working towards building thousands of Drupal modules that you’ll find in Drupal’s module library. Drupal modules are collections of files entitled to certain functionalities that are written using PHP. Besides these modules, the community also works with many third-party vendors.

Third-Party Integrations

Businesses rely on dynamic content to market across various channels. For this purpose, you need a trustworthy and effective web CMS that can keep you updated with the latest sales and tech customer engagement trends. 

The most basic reason for relying on a CMS is efficient productivity via marketing automation strategies. Drupal makes it easier to integrate with popular marketing tools, such as Hubspot, Marketo, Webform, Eloqua, etc.

Drupal is the solution for eCommerce platforms as well. It has made it super easy for companies like Tesla, Motorola, Puma, Magento, and IBM WebSphere Commerce to drive better sales through customer acquisition and retention methods.

Extensibility via APIs:

Apart from third-party integrations, every modern CMS needs extensive access to a robust collection of APIs. Such a collection helps enhance and integrate all the needs of your customer’s journey. For example:

  • RESTful Web Services API - It supports a decoupled Drupal site, integration with web services, and powers communication among native iOS and Android apps and Drupal sites.
  • Translation API - It’s the API that adjusts the language of the website depending on the user’s geolocation.
  • JSON API - This module uses JSON to serialize and communicate on your website.

In addition to these APIs, Drupal’s architecture is designed and molded with Drupal’s API, querying, and GraphQL, along with microservices models. All customers, developers, and admins can benefit from using these tools and features to improve user experiences.

Customized User Experiences

Drupal delivers custom experiences, unlike the cookie-cutter solutions you might come across these days. Using Drupal, businesses and organizations can meet customers’ needs while leading them toward impactful purchasing decisions.
How does Drupal do it? Drupal comes with many built-in and contributed modules that offer some of the most robust features on the market. Take a look at this list of some specs you’ll find in Drupal:

  • Personalization - You can access several personalization modules for Drupal like Commerce Recommender, Smart Content module, Acquia Lift Connector integration module, Browsing History Recommender, Context-Menu Block, and even the Personalization Module.
  • Flexible Marketing Campaign Layouts - Drupal core provides an amazing Layout Builder module to fulfill all your visual design requirements for your marketing campaigns. With multiple ways to distribute customer-centric experiences, you can customize and build consistent and flexible landing pages.
  • Multilingual Functionality - The latest version of Drupal core allows you to translate and personalize your site to the user’s ease of understanding by changing the language depending on the user’s geolocation.
  • WYSIWYG Editor - Drupal makes it very easy to preview the content you’re uploading, make edits in the text editor and review them before publishing. It simplifies the integration of content with other editors, including HTML editors, pseudo-editors, and even Flash-based applications. 
  • Built-in Block System - With Drupal, it becomes quicker and easier to change the appearance of the content, be it text, image, or the layout, shape, and size of the blocks of a particular area or region by clicking on a button Place Block. Using the Custom Block module, you can build custom blocks for your UI, maintaining content uniformity throughout your website.

Using Drupal can guarantee you a solid working ground, giving enhanced UX and UI designs that are presentable and customized.

Drupal Modules

Besides using the custom features for Drupal websites, you also get access to the Lego-like framework that allows for personal customization. Hundreds of thousands of members of the Drupal community contribute to its big module library.

With contributions coming from everyone and anyone in the Drupal community, businesses and organizations can select from a huge repository of website features such as Admin Toolbar, Layout Builder, Drupal GraphQL Module, CAPTCHA, Google Analytics, ShareThis, and meta tag plugins.

Effective Editorial Workflows

Almost all the organizations using Drupal value its effectiveness in editorial workflows. Its content moderation and configuration features allow you to use it effectively by reviewing and approving the content before publishing it on the website. Developers can remove, pull, and make changes to the content using the configuration management facilities.

Additionally, the scalability and compatibility of Drupal as a CMS make it secure as your business grows through your website. You can simply manage multiple data contents in real-time, ensuring no downtime or availability issues come up during data surges. 
Thus, you can expect modern website designs via Drupal even in the bustling traffic of online ecosystems.

SEO Friendliness

The purpose behind marketing your content for your business is to get more and more reach by the day. And this purpose can only be fulfilled with the best Search Engine Optimization (SEO) practices implemented. Google SERP is crucial for growing your business.

Yes, that’s right! Drupal also poses as a great tool to make your website SEO friendly to enhance your organic traffic.

Drupal is a robust content management system that ensures your website’s search engine optimization using its modules. It provides a set of pre-installed SEO automation tools to help control all the elements of your website resulting it at the top search ranks of SEO-friendly CMSs. Here’s how it does that:

  • SEO-friendly URLs -  As a process directly built into the core of Drupal, you can create SEO-friendly URLs for different websites. So, a website URL that was originally “website.com?p=news&id=123” becomes “website.com/news/article-title” with Drupal using SEO best practices. With Drupal, curating SEO-friendly URLs becomes effortlessly easy.
  • Highly Effective Taxonomy - With Drupal, it becomes very easy to categorize everything with the built-in taxonomy system. You can organize and tag content with rich keywords easily. Categorization is a critical element of a search engine optimized website and with Drupal’s flexible taxonomy, organization and categorization become simply easy to use. 
  • Page Titles - The page title of your website is one of the most important elements to enhance your website's SEO. It attracts the attention of search engines and helps rank better in search results. Drupal provides a page title module to help you create interesting page titles automatically.
  • Meta Tags - Meta tags were previously critical in helping your website reach the top of the first page of search results. Although it may no longer be as influential, using effective meta tags can help in terms of SEO for your website if you choose to do so.
The Launch of Drupal 10

Drupal 10 is all set for its big release in December 2022.

Drupal 10 will be built on Drupal 9, delivering an out-of-the-box user experience. It will be featuring its frontend theme, Olivero, built into Drupal’s core by default. With the intent of providing a modern look and feel, Olivero is the only frontend accessible theme that Drupal has ever shipped.

And the new backend theme, Claro, is stable and will be simplifying the content creation, moderation, and editorial workflows of the users. 
All in all, Drupal 10 is set to make the lives of Drupal developers easier and help them build customized digital experiences.

Final Thoughts - Drupal is Here to Stay!

There you go!

You’re now well aware of the power points of Drupal that make it the go-to CMS for your business in 2022.

To conclude, Drupal is the versatile CMS platform that has continuously grown with innovative features and several contributions from the community all needed in this competitive age of demanding consumers.

Having said that, hiring Drupal development services for your business would be your next best alternative to growing your business. Specbee is a leading Drupal Development Company, delivering an extensive range of Drupal solutions to grow your business.

After all, Drupal has been ruling the industry for the last decade and is here to stay!

Author: Priyanka Phukan

Meet Priyanka, a Junior Content Writer and Marketer at Specbee. Priyanka’s a Grammar-Freak with a knack for creating impactful content with ‘words’ being her weapon of choice. A foodie who likes all things chicken. When not writing, she likes to play the Uke and sing. On blue days, you’ll find her binge-watching Asian dramas.

Drupal Drupal 9 Drupal 9 Module Drupal 10 Drupal Development Drupal Planet Subscribe to our Newsletter Now Subscribe Leave this field blank

Leave us a Comment

  Recent Blogs Image 7 Reasons Drupal is the Best CMS for Your Business in 2022 Image Integrate your eCommerce website with these must-have Drupal Modules Image 7 Ways to Keep a Check on Your Mental Wellbeing in a Remote Work Setting Want to extract the maximum out of Drupal? TALK TO US Featured Success Stories

Upgrading and consolidating multiple web properties to offer a coherent digital experience for Physicians Insurance

Upgrading the web presence of IEEE Information Theory Society, the most trusted voice for advanced technology

Great Southern Homes, one of the fastest growing home builders in the United States, sees greater results with Drupal 9

View all Case Studies

Chapter Three: A Global View of Quality of Life: Introducing the New HDRO Website for the United Nations Global Development Programme

2 months 1 week ago
It’s not every day you have an opportunity to help rethink and redesign a website that is global in its impact and audience. We've been honored to work on such an important endeavor and so we're thrilled to announce that we have launched our first website on behalf of the United Nations Development Programme (UNDP). The Human Development Reports Office (HDRO) of the United Nations Development Programme is home to the Human Development Index (HDI), the key measure by which the United Nations ranks human development / quality of life issues for every member country. We've partnered with the HDRO team to bring new data and storytelling to the redesigned website.

Talking Drupal: Talking Drupal #356 - The Book Module

2 months 1 week ago

Welcome to Talking Drupal. Today we are talking about The Book Module with Chad Hester.


  • Book Module
  • High level overview
  • Unique about the module
  • Real world use cases
  • Why not entity reference
  • Should it be in contrib
  • Where does it not make sense
  • Future?
Resources Guests

www.chadkhester.com @chadkhester


Nic Laflin - www.nLighteneddevelopment.com @nicxvan John Picozzi - www.epam.com @johnpicozzi Ryan Price - ryanpricemedia.com - @liberatr


Purge The purge module facilitates cleaning external caching systems, reverse proxies and CDNs as content actually changes. This allows external caching layers to keep unchanged content cached infinitely, making content delivery more efficient, resilient and better guarded against traffic spikes.

Lullabot: The Dangers of Inline Editing Structured Content

2 months 1 week ago

In our previous article, we went over the basics of how Drupal handles revisions and content moderation. But one of Drupal's strengths is what we call "structured content" and its ability to implement complex content models, as opposed to a big blob of HTML in a WYSIWYG field. Entities can have lots of different fields. Those fields can refer to other entities that also have lots of other fields. It is easy to establish content relationships. 

OpenSense Labs: The new features and improvements in Drupal 10

2 months 1 week ago
The new features and improvements in Drupal 10 Esha Banerjee Mon, 07/18/2022 - 19:20

“Is there anything new on the horizon?”

This is one of the most frequently asked questions about software and technology, such as what's new in computers, what's new in smartphones, or simply what's new in digital spaces.

Everyone is curious about what's new in Drupal 10 now that it's been released.

Now that we have heard about the arrival of  Drupal 10, we all must be aware of what new advancements it is bringing on to the table.

When’s Drupal 10 releasing?

Drupal 10 release date is estimated in late 2022. This update, like the transition from Drupal 8 to Drupal 9, will be a smooth transition for any well-built and maintained Drupal site. 

Since Drupal 8, the Drupal maintainers have taken a methodical approach to releasing new versions of the CMS. This benefits everyone who creates, manages, or maintains a Drupal site by providing a clear path for updates from one major version to the next. 

But the most important question is why Drupal 10 is being released in December rather than August? There can be two reasons for the date shift:

Why not releasing it in August: 

Core Development developers have been working hard over the last few months to complete Drupal 10 release date, requirements and strategic goals. 

The community has been working hard to remove deprecated code, remove unnecessary dependencies, update our JavaScript, and prepare modules for contribution.

The integration with CKEditor version 5 is the most critical requirement for Drupal 10. Because CKEditor 4 will be deprecated at the end of 2023, Drupal 10 should use CKEditor 5. 

Thousands of hours have been invested in integrating this new version of CKEditor into Drupal, as well as close collaboration with the CKEditor team. 

Additional critical issues that need to be resolved for CKEditor 5 to be stable have been discovered as a result of the work done, and these issues will not be completed in time for the May 13 beta deadline required for the August release.

Advantages of releasing Drupal in December 2022:

The main advantage of releasing Drupal 10 in December rather than August is that it allows us more time to stabilize CKEditor. 

It also allows site owners more time to test moving their content from CKEditor 4 to the new version in Drupal 9, ensuring a smooth and secure upgrade path for this major change.

The best news for PHP developers like me is that Drupal 10 will be released in December with Symfony 6.2, which will include improvements and bug fixes over the current 6.0 release, as well as reduce the workload on security teams.

As previously announced, Drupal 10 will require PHP 8.1, and the December release means that most hosting providers will support PHP 8.1, allowing sites to begin updating without waiting for platform fixes. Drupal 10. 

PHP 8.2 is also due out in November, and Drupal 10 will have as much compatibility with it as possible. (Until November 2024, PHP 8.1 will be the minimum requirement for Drupal 10.) To know more, read this complete guide on PHP 8 and the importance of updating PHP.

What’s new in Drupal 10

Version 10 will include numerous new features.. So let us understand some of the features that Drupal 10 will provide us with for a better experience.

Claro theme Source: Drupal.org

Claro theme will replace the tired Seven theme, designed in 2009 for Drupal 7 and slightly updated in Drupal 8, was discouraging new users by giving the impression of an out-of-date system. 

Drupal 10 has been designed in accordance with the latest standard and has been adapted to take full advantage of the new versions of this CMS. 

Front end theme Olivero Source: Drupal.org

The administration panel will be redesigned as well. The modern appearance will also appeal to the page's visitors. 
The Olivero theme was designed to take full advantage of the new system's capabilities and to work with user-favorite features like Layout Builder. The theme will be WCAG AA compliant.

New starterkit theme Source: Drupal.org

In comparison to Drupal 8 or 9, the approach to template development will be altered. We won't extend the base theme because of the new starterkit, but we will generate a clean template as a starting point for building our theme.
This avoids inheriting the entire template, which has very limited update options due to the need to maintain backward compatibility. 
The concept of sub-theming remains unchanged – we can still create additional themes that inherit the design elements from our main theme. The theme generation process will be automated and handled by Drupal scripts.

Decoupled Menus

Drupal is a trustworthy CMS because it supports REST, JSON, and GraphQL APIs. The plan for Drupal 10 is to increase the number of web service endpoints available, allowing you to create a large repository of web components and JavaScript framework integrations. 

Drupal 10 roadmaps to accomplish this with the Decoupled Menus feature. This feature can be used to build a small web component that ships quickly and addresses a common use case.

Drupal's leadership can significantly extend both headless development and composability by creating more web service endpoints and JavaScript components. As a result, Drupal can continue to be one of the most powerful and adaptable tools for developers. To know more, read this complete guide on the Decoupled menus initiative.

Automatic updates

As a developer, how would you feel if your website could update itself? Drupal 10 features provide developers with secure and smooth updates.  The update feature will be added to the core and will be available for Composer-based sites. 
The Automatic Updates Initiative is working on several major projects, including UX improvements, package signing for improved security, testing with various host providers, and so on. To know more, read this comprehensive guide on automatic updates initiative.

The Project Browser Source: Drupal.org

Site builders can find and install modules from the admin dashboard when using Drupal 10. The feature will be added to the Drupal core. 

However, the feature is currently only available as a contributed module and is still in its early stages of development. A "Try it now" button lets developers test the feature on a fresh Drupal installation.

Removed Deprecated Code

 Drupal core code and libraries marked as "deprecated" in Drupal 9 will be removed. When code is improved, it is likely that some other code cannot be added or retired.

Because retiring code cannot be removed immediately because it may break functionality in a site's custom code or contributed modules, it is marked as deprecated to indicate that it will be removed in the next major version of Drupal. 

This gives developers plenty of time to update their code to be Drupal 10 compatible.

Removal of some core modules

 A few modules that are redundant or are not widely used will be removed from the Drupal 10 core. These modules will be moved to the Contributed Module space for consistency.

  • Aggregator - Gathers and displays syndicated content from external sources (RSS, RDF, and Atom feeds).
  • QuickEdit - Content editing in-place.
  • HAL - Uses Hypertext Application Language to serialize entities.
  • Activity Tracker - Allows users to keep track of recent content.
  • RDF - Adds metadata to pages so that other systems can understand their properties.
  • Forum - Offers discussion boards.
Improvements in editing experience Source: Drupal.org

In Drupal 10 roadmap, the default rich text (WYSIWYG) editor will be CK Editor 5. It brings a slew of new features that will enhance the content editing experience. 

Autoformatting, for example, allows you to add bold with **asterisks**, headings with #, inline code with 'text', code block with "', and bulleted lists with *. The paste-from-document functionality has also been improved. 

The ability to remove extraneous markup from pasting from Word or Google Docs is highlighted in the new version of CK Editor. Read this complete guide on editing provisions in Drupal to know more.

Updated Third Party Software
  • jQuery UI: Drupal 10 runs on PHP 8, and PHP 7 will be phased out by November 2022. Furthermore, Drupal 10 will not be compatible with Internet Explorer 11. The jQuery UI could eventually be replaced by modern JavaScript components.
  • Symfony: Symfony is one of Drupal's main drivers, and it will be decommissioned in November 2022. As a result, Symfony 5 compatibility issues have been resolved, and developers can now use it with Drupal 10. The team is also excited about updating Symfony 6.

To know more, read about the Drupal 10 readiness initiative.


Drupal 10 is on its way, and the best way to prepare is to stay informed. Organizations are less likely to hesitate to make that change now that Drupal has adapted to a flexible update schedule and easier migration processes. 

You can rely on our Drupal migration expertise and experience if you want to migrate your website to Drupal 9 and prepare for Drupal 10. We'd love to chat!

Articles Off

DinoTechno.com: Significantly Improve the Search Speed of Drupal 9 & 10

2 months 1 week ago
If you use the default search function, which is available in Drupal core, while the number of published articles on your Drupal sites increases, you will notice a slower search function. In some cases, it may take more than 15 seconds for Drupal to return search results. It has a reason. By default, the Drupal […]

Peoples BLOG: Read Data to Paragraph Template in Drupal Application

2 months 1 week ago
In this article we are going to see how to read the dynamic data of the node or entity or field values to the template file, which are specific to the paragraph template. Generally while the Paragraph module is used, default template suggestions given by the paragraph module or the template suggestions provided by the hooks are used and further template design is done. Here’s the article wh

Community Working Group posts: Code of Conduct team update: July 13, 2022

2 months 1 week ago

As previously reported, the Community Health Team has started to have regular, bi-weekly meetings in an effort to develop and update the Code of Conduct (CoC) for the Drupal community.

Community Health Team members present at this week's meeting were

We began the meeting with a review and updates related to our community outreach plans. We also briefly discussed how best to collect feedback, especially from individuals who want to provide anonymous feedback. We also discussed some additional Drupal community groups we want to reach out to for this effort.

In an effort to continue familiarizing ourselves with other communities' Codes of Conduct, we  decided that we'd ask our community members which Codes of Conduct they'd like us to review. If you have any thoughts on this, please let us know at drupal-cwg at drupal dot org. We will also utilize the @drupalcommunity Twitter account for this effort.

We discussed what the next few steps in this process should be. One option is to figure out the "categories" of Code of Conducts that exist for open source communities, review relevant examples and categorize them. With this research, we'll be in a much better position to decide on the category(ies) of CoC we envision for Drupal. After that, we'll draft a list of elements we feel should be included in our updated CoC.

Finally, we set a goal for the completion of a new, revised, ready-to-adopt CoC: December 14, 2022.

A number of Drupal-related groups and individuals have confirmed their willingness to provide feedback to this effort as the process proceeds. If you, or a Drupal-related group, is interested in being part of this process, please let us know at drupal-cwg at drupal dot org.

2 hours 26 minutes ago
Drupal.org - aggregated feeds in category Planet Drupal
Subscribe to Drupal Planet feed