Aggregator

Still have Drupal 7 (D7) website? That’s okay for now. But let’s be honest: in today’s threat landscape, security is not optional. With D7 reaching its official end-of-life, staying protected means relying on more than just luck or legacy systems. That’s where Extended Support comes in, and why it matters now more than ever.

Cyber threats have evolved. So have regulations. Older platforms like D7 are prime targets if not properly maintained. Without official support, vulnerabilities go unpatched, and your organization could face:

• Data breaches or theft
• Damage to your brand reputation 
• Compliance issues (GDPR, PCI, HIPAA, etc.)
• Unexpected downtime and recovery costs
• Technical problems (e.g. unsupported modules affecting your website’s SEO)
• Complete lack of updates

In short: no security = high risk.

With Extended Support (ES), you're not left in the dark. At Dropsolid, we’re one of only three official D7 ES partners worldwide and the only one based in Europe. 

From day one, we have focused primarily on Drupal. Many of our senior developers have worked with D7 for years. Unlike many young developers, they do have the deep knowledge to keep your website secure and performing. This makes us part of a highly specialized group with the tools, access, and knowledge to keep your site secure long after official support has ended.

Here’s how we protect your D7 site:

• Proactive security patches
  We receive enterprise-grade patches before release, backed by a bug bounty program and ethical hackers 
   
• Continuous vulnerability monitoring
  We proactively scan for threats and respond before damage can occur
   
• Infrastructure hardening
  Whether you stay on your current hosting or migrate to our Experience Platform, we secure your environment at every level
   
• Expert D7 knowledge
  Our ISO 27001-certified team, with thousands of Drupal contributions,  ensures that patches are applied correctly and modules remain compatible
   
• Custom code support & compliance auditing
  We help maintain your custom functionality and monitor GDPR/accessibility compliance

Sticking with D7 doesn’t mean compromising on safety. With ES, your platform stays stable and protected, buying you valuable time to plan a thoughtful migration without rushing under pressure. And let’s face it: nothing beats peace of mind when your digital presence is at stake.

Extended Support is not forever, but it is your strongest shield in right now. At Dropsolid, we help you stay secure today while preparing you for what’s next. We can help you with:

• Drupal 7 Extend Support to stay secure today
• Seamlessly migrate to a newer Drupal version
• Unlock future innovation through Drupal AI, helping you automate content, personalize user experiences and streamline workflows 

As a founding partner of the Drupal AI Initiative, Dropsolid is helping shape the future of AI in Drupal. From training to implementation, we bring the tools and expertise to turn AI into real value for your organization. 

Get in touch with us and have a call with our Drupal experts. We’ll assess your current setup, explore your goals, and help you choose the smartest path forward.

Contact us: https://dropsolid.com/en/contact

Drupal core will adopt Gin admin theme to replace Claro -- how does this affect you and how to get involved? https://www.drupal.org/about/core/blog/drupal-core-will-adopt-gin-admin-theme-to-replace-claro

Posted on 20 Jun 2025 - 2:00 pm

A long while back, security researcher Sam Mortenson reported a cross-site scripting vulnerability in Drupal core's Link module. Essentially, the options property on link fields was not being properly sanitized. This meant cross-site scripting was possible under some circumstances -- and, as always for cross-site scripting, we were concerned that the XSS could be combined with other attacks and escalated to more serious exploits.

Drupal effectively has two default administration themes: Claro for core, and Gin for Drupal CMS. This causes difficulty for UX designers and product managers, because new features must work well with both themes.

Gin is no longer an experimental fork of Claro to experiment with new ideas. It has matured into a state-of-the-art admin theme, while Claro has fallen behind, as evident by the decision to use Gin as the admin theme for Drupal CMS. As a result, we feel it is time for Gin to become the default theme for Drupal core.

We are aspiring to have this work completed by November 2025 in order to get Gin into core for the release of 11.3 in December.

A core-ready version of Gin will be developed outside of core in a 6.x branch of Gin. Our goal is for the Gin maintainers to collaborate with the Drupal Core Product, UX, Release, and Frontend Framework Managers to identify which issues are blockers for Gin in core.

Once the identified blockers are completed, the result would be merged into core for Drupal 11.3 by the beta deadline in November 2025. The most important step for including Gin in core is to remove its dependency on Claro, since Gin will replace Claro as the default admin theme.

Other work will include removing features that are not needed for core; simplifying the code now that Gin only needs to support the version of core that includes it; and other tasks like adding necessary test coverage to ensure a smooth transition from contrib to core.

Although Claro will not be the default theme anymore for new sites, it will remain in Drupal 11 for use on existing sites. Claro is planned to be removed from core in Drupal 12, at which point it may become available as a contributed theme outside of core.

This is a big job with an ambitious timeline, so we will need many contributors to meet it. For contribution, you can get started with the two meta issues (#3530849 Gin 6.x and #3530852: Admin theme modernisation) to track this work, one for core tasks and one for Gin tasks. These will be updated and many new tasks created as the scope of work is clarified.

The Gin maintainers are also seeking sponsors for their time, which is a great way to contribute to this effort if you want to see this happen but are not able to work on tasks directly.

All those interested, please join us in the #admin-ui Drupal Slack channel for collaboration.

One of the things that decision-makers in nonprofits fear most is that they’ll their limited energy and funding into a project that will need to be scrapped within a few years. We minimize this needless risk by building collaboratively in open source software.

I’m resharing my recent interview with The Drop Times about my platform for the Drupal Association 2025 Board Election  because I want to give our community a clear look at where I stand, what I believe Drupal needs next, and how I’d approach my role if elected to the Drupal Association Board. From making events and contribution pathways more inclusive to strengthening Drupal’s brand while reaching new audiences, I hope these ideas spark conversation and reflect the practical, community-first mindset I’d bring to the board. 

Voting is now open and will be until July 11 23:59 UTC. You need to have been a Drupal Association Ripple Maker 24 hours before voting opened on June 18 in order to be eligible to vote. Ripple Makers be sure to look out for the email from the Drupal Association with your voter id, password and instructions. 

Below you will find my interview with Ben Beter of the DropTimes and my vision for the future of Drupal: 

1. You’ve welcomed 40% of attendees from outside Drupal at EvolveDrupal—what concrete steps would you take as a board member to ensure that those first-time or non-technical participants feel empowered to contribute beyond in-person events?

What we’ve seen at EvolveDrupal is that getting someone through the door is only step one. A good event might spark someone’s interest—but what they really need afterward are clear, approachable next steps.

If I were on the board, I’d push for things like regular beginner-friendly webinars, ideally led by agency folks who can break things down in a way that’s not intimidating. I’d also love to see more storytelling—hearing from people who work in marketing, UX, content, etc., who are already using Drupal, so newcomers can actually see themselves in this space.

On the practical side, we could build out a non-technical contributor guide on drupal.org. Right now, the site is very developer-focused, and it’s not always easy for someone from a design or communications background to know where they fit in.

I’d also like to see a post-event “what’s next” guide—a simple follow-up email with curated links, a breakdown of contribution options, and how to join the community or a working group. And at events like Digital Collegium or Educause, the DA should absolutely have a presence. These are the types of places where we can reach non-technical people who are using—or could use—Drupal every day.

2. Running events in six North American cities post-pandemic showed incredible momentum. How would you advise the Drupal Association to scale that model globally, balancing centralized strategy and local autonomy, without diluting what makes each gathering unique?

I think the key is to support, not control. What made EvolveDrupal work is that we kept things lightweight, flexible, and community-focused. The DA could definitely help other organizers by offering a basic playbook—just something that outlines what’s worked for us, especially around getting non-Drupal folks in the door, and tips for outreach and sponsorship.

Templates, branding assets, or just having a shared doc of what speakers or formats worked well—that would go a long way. But at the end of the day, each region should have the freedom to do what fits their audience. What works in Ottawa might not land in Lagos or São Paulo—and that’s okay.

Also, the DA could make a real difference by offering even small sponsorships or in-kind support—like signal boosts, intros to speakers, or even just showing up. And there’s already an event organizer group—I'd love to connect more with that crew and share what we’ve learned.

Lastly, I think it would be really helpful to build a community of practice—just a way for organizers around the world to share ideas, speakers, and lessons learned. That way, we keep the energy up without trying to clone the same event everywhere.

3. You aim to be a voice for marketers, designers, and communicators. What is one current board decision or policy that you believe doesn’t adequately engage non-technical contributors, and how would you address that imbalance if elected?

Honestly, I think a lot of DA programs are still geared toward developers. Even something like the "Ripple Maker" term—it’s clever, but it doesn’t really speak to folks in marketing or comms. And while I do think the Drupal.org rebrand was a great step forward, we’re still missing content that’s actually tailored to non-technical people.

For example, Supporting Partner benefits mostly focus on things like commit credits and developer recognition. If I were on the board, I’d push to also highlight contributions in areas like accessibility, UX, design systems, and community outreach.

We also need to be more present in non-Drupal spaces—but not just with a booth. Booths are fine, but what matters is what happens at them. If we show up to conferences like Educause or HighEdWeb, we should be doing live demos, sharing case studies, and talking to people on their terms. That part is often missing.

Another thing: we should ask agencies to help spread the word. I know GDPR limits how we share contact info, but we can still create referral-friendly content, like newsletter templates or event invites that agencies and end-user organizations—like universities—can pass on internally.

I also think DrupalCon could do more to intentionally invite marketers. Maybe a marketing track, or something like a dedicated Marketing & Comms Summit, just like we do for government or higher ed. And, of course, keeping event prices low is key to getting more diverse voices in the room.

4. Your growth of EvolveDrupal into EvolveDigital signals openness beyond Drupal. In the context of the Promote Drupal initiative, how would you ensure Drupal maintains brand identity and technical depth while engaging broader audiences and digital disciplines?

EvolveDigital isn’t about stepping away from Drupal—it’s about making space for the broader ecosystem around it. The reality is, Drupal doesn’t exist in a vacuum. It’s always used alongside other tools and strategies. So rather than trying to wall it off, we should lean into that and show how Drupal fits into modern digital teams.

I think Promote Drupal can support this with a two-track approach:

1. Keep speaking to technical folks—architects, CTOs, site builders—with deep case studies and strong messaging around flexibility, scalability, and performance.
2. At the same time, create sector-specific narratives for content teams, marketers, and digital strategists—stories that highlight accessibility, ownership, integration, and total cost of ownership.

We should also make sure that people from these roles are involved early in the process—not just reviewing messaging, but helping shape it.

At the end of the day, I don’t think widening the conversation weakens Drupal’s brand. If anything, it shows how versatile and future-proof it is. We just need to get better at telling that story to all the right people.

If I were on the board, I’d focus on helping Drupal grow beyond its current edges—by making the project more welcoming to non-technical contributors, easier to access for new users, and more visible to sectors that don’t yet realize how much Drupal can offer. My experience organizing EvolveDrupal (now EvolveDigital) has shown me what’s possible when we create spaces that are inclusive, cross-functional, and community-powered. I’d bring that same mindset to the DA—supporting meaningful events, clearer contribution pathways, and smarter communication that reflects the full diversity of our ecosystem.

In short, if elected, I would:

• Help make drupal.org and DA programs more welcoming for non-developers—marketers, designers, strategists, and first-time users
• Support the growth of regional events with playbooks, shared resources, and lightweight DA support
• Bring community energy and real-world event experience to DA discussions and strategic planning
• Help evolve Promote Drupal to speak to a broader audience—while protecting Drupal’s depth and technical strengths
• Push for more recognition and visibility for non-code contributions like accessibility, UX, content, and outreach
• Work with product marketers from Drupal Association, Acquia, Pantheon and other community leaders to help define and communicate Drupal’s strengths
• Build on the progress of the Drupal.org redesign and the brand refresh that’s already underway, (using my marketing background to keep this momentum) and help deliver a more cohesive, engaging Drupal brand and website for everyone

I’m excited about what’s ahead for Drupal—and I’d love to help shape that future from a place of inclusion, energy, and practical momentum.

 If my vision resonates with you, I’d be honoured to have your support in this election.

In today’s fast-paced digital economy, successful organizations must align their technical architecture with strategic business goals. DrupalCon Vienna 2025 isn’t just a gathering of developers, it's a dynamic intersection where business leaders, marketers, technical architects, and product managers come together to explore how Drupal drives innovation and delivers measurable impact.

Whether you're launching global digital platforms, scaling personalization, improving time to market, or enhancing user experience   this year’s DrupalCon is where you’ll find the insights, tools, and partners to make it happen.

Modern digital strategies depend on a solid technical foundation. At DrupalCon Vienna, you’ll hear directly from digital leaders and enterprise teams who have successfully:

• Modernized outdated platforms
  
   
• Integrated Drupal with CRM, CDP, and analytics tools
  
   
• Delivered omnichannel content at scale
  
   
• Aligned marketing, IT, and product teams for cohesive execution
  
   

Case studies, panel discussions, and solution showcases will provide practical takeaways that go beyond buzzwords from project planning and governance to content strategy and performance optimization.

Drupal has evolved far beyond a CMS. It's a flexible, enterprise-ready digital experience platform (DXP) capable of powering everything from campaign websites to enterprise portals. At DrupalCon Vienna 2025, sessions will explore:

• Composability: How modular architecture lets businesses adapt quickly
  
   
• Integration-first thinking: Making Drupal the backbone of your digital ecosystem
  
   
• Scalability: Supporting millions of users while maintaining performance and agility
  
   
• Data and analytics: Building data-driven content strategies
  
   

If you're leading digital transformation efforts, this is your opportunity to see how Drupal is enabling organizations to innovate with confidence.

DrupalCon Vienna provides unmatched opportunities for networking with people who share your challenges and ambitions  from digital directors and CTOs to agency leaders and product strategists.

You’ll meet:

• Enterprise users running Drupal at scale
  
   
• Solution architects building custom platforms
  
   
• Technology vendors and service providers
  
   
• Decision-makers planning their next investment
  
   

These conversations often spark partnerships, ideas, and collaborations that last long after the event ends.

For teams focused on long-term planning, DrupalCon offers curated content designed to guide your strategic roadmap. Attend workshops and sessions on:

• Project architecture for growth and flexibility
  
   
• Governance models for distributed teams
  
   
• Digital asset management, personalization, and localization
  
   
• Open source procurement and risk mitigation
  
   

Whether you're managing your first Drupal rollout or optimizing a mature platform, there’s content here for every stage of your digital journey.

DrupalCon Vienna 2025 is more than a conference, it's a catalyst for growth, innovation, and alignment. Join us to discover how forward-thinking organizations are leveraging Drupal to unlock digital success across departments and markets.

🗓️ Dates: October 14–17, 2025
 📍 Location: Austria Center Vienna, Vienna, Austria
 🌐 Official Website & Registration: https://events.drupal.org/vienna2025/registration-information
 🐦 Follow the buzz: #DrupalConVienna #DrupalCon2025

This blog is just the beginning. Over the next few weeks, I’ll be sharing:

• Technical spotlights on Drupal CMS features
• Speaker highlights and session previews
• Tips for first-time technical attendees and contributors
  
   

So bookmark this space, and get ready to experience DrupalCon Vienna 2025 like never before.

Are you coming? Let’s connect!

By Iwantha Lekamge

Technical Lead
WSO2

Drupal 11.2.0 improves backend and frontend performance and scalability, completes the introduction of OOP support of hooks, adds JSON Schema support, includes AVIF image format capability, supports SDC variants, and more. https://www.drupal.org/blog/drupal-11-2-0