The JSON:API module was added to Drupal 8.7 as a stable module!
See Dries’ overview of why this is an important milestone for Drupal, a look behind the scenes and a look toward the future. Read that first!Upgrading?
As Mateu said, this is the first time a new module is added to Drupal core as “stable” (non-experimental) from day one. This was the plan since July 2018 — I’m glad we delivered on that promise.
This means users of the JSON:API 8.x-2.x contrib module currently on Drupal 8.5 or 8.6 can update to Drupal 8.7 on its release day and simply delete their current contributed module, and have no disruption in their current use of JSON:API, nor in security coverage! 1What’s happened lately?
The last JSON:API update was exactly two months ago, because … ever since then Gabe, Mateu and I are have been working very hard to get JSON:API through the core review process. This resulted in a few notable improvements:
- a read-only mode that is turned on by default for new installs — this strikes a nice balance between DX (still having data available via APIs by default/zero config: reading is probably the 80% use case, at least today) and minimizing risk (not allowing writes by default) 2
- auto-revisioning when PATCHing for eligible entity types
- formally documented & tested revisions and translations support 3
- formally documented security considerations
Get these improvements today by updating to version 2.4 of the JSON:API module — it’s identical to what was added to Drupal 8.7!Contributors
An incredible total of 103 people contributed in JSON:API’s issue queue to help make this happen, and 50 of those even have commits to their name:
Wim Leers, ndobromirov, e0ipso, nuez, gabesullice, xjm, effulgentsia, seanB, jhodgdon, webchick, Dries, andrewmacpherson, jibran, larowlan, Gábor Hojtsy, benjifisher, phenaproxima, ckrina, dww, amateescu, voleger, plach, justageek, catch, samuel.mortenson, berdir, zhangyb, email@example.com, malik.kotob, pfrilling, Grimreaper, andriansyahnc, blainelang, btully, ebeyrent, garphy, Niklan, joelstein, joshua.boltz, govind.maloo, tstoeckler, hchonov, dawehner, kristiaanvandeneynde, dagmar, yobottehg, firstname.lastname@example.org, keesee, caseylau, peterdijk, mortona2k, jludwig, pixelwhip, abhisekmazumdar, izus, Mile23, mglaman, steven.wichers, omkar06, haihoi2, axle_foley00, hampercm, clemens.tolboom, gargsuchi, justafish, sonnykt, alexpott, jlscott, DavidSpiessens, BR0kEN, danielnv18, drpal, martin107, balsama, nileshlohar, gerzenstl, mgalalm, tedbow, das-peter, pwolanin, skyredwang, Dave Reid, mstef, bwinett, grndlvl, Spleshka, salmonek, tom_ek, huyby, mistermoper, jazzdrive3, harrrrrrr, Ivan Berezhnov, idebr, mwebaze, dpolant, dravenk, alan_blake, jonathan1055, GeduR, kostajh, pcambra, meba, dsdeiz, jian he, matthew.perry.
Thanks to all of you!Future JSON:API blogging
I blogged about once a month since October 2018 about JSON:API, to get more people to switch to version 2.x of the JSON:API module, to ensure it was maximally mature and bug free prior to going into Drupal core. New capabilities were also being added at a pretty high pace because we’d been preparing the code base for that months prior. We went from ~1700 installs in January to ~2700 today!
Now that it is in Drupal core, there will be less need for frequent updates, and I think the API-First Drupal: what’s new in 8.next? blog posts that I have been doing probably make more sense. I will do one of those when Drupal 8.7.0 is released in May, because not only will it ship with JSON:API land, there are also other improvements!
Special thanks to Mateu Aguiló Bosch (e0ipso) for their feedback!
We’ll of course continue to provide security releases for the contributed module. Once Drupal 8.7 is released, the Drupal Security Team stops supporting Drupal 8.5. At that time, the JSON:API contributed module will only need to provide security support for Drupal 8.6. Once Drupal 8.8 is released at the end of 2019, the JSON:API contributed module will no longer be supported: since JSON:API will then be part of both Drupal 8.7 and 8.8, there is no reason for the contributed module to continue to be supported. ↩︎
Existing sites will continue to have writes enabled by default, but can choose to enable the read-only mode too. ↩︎
Limitations in the underlying Drupal core APIs prevent JSON:API from 100% of desired capabilities, but with JSON:API now being in core, it’ll be much easier to make the necessary changes happen! ↩︎
With robust and flexible infrastructure, innovative design and some great out of the box features, Drupal CMS is one of the top web solutions considered by businesses around the world to stay abreast with the surge in demand for personalization, interactivity and scalable tools. However, it turns out that a lot of marketers are quite unfamiliar with Drupal's potential.
As you may know, Drupal 6 has reached End-of-Life (EOL) which means the Drupal Security Team is no longer doing Security Advisories or working on security patches for Drupal 6 core or contrib modules - but the Drupal 6 LTS vendors are and we're one of them!
Today, there is a Moderately Critical security release for Drupal core to fix a Cross Site Scripting (XSS) vulnerability.
Folks have been asking us, so this is just a short note to say that this issue does NOT affect Drupal 6. So, you can focus just on updating your Drupal 7 and Drupal 8 sites today. :-)
Under certain circumstances the File module/subsystem allows a malicious user to upload a file that can trigger a cross-site scripting (XSS) vulnerability.Solution:
- If you are using Drupal 8.6, update to Drupal 8.6.13.
- If you are using Drupal 8.5 or earlier, update to Drupal 8.5.14.
- If you are using Drupal 7, update to Drupal 7.65.
Versions of Drupal 8 prior to 8.5.x are end-of-life and do not receive security coverage.Reported By:
Here are ideas to help you prepare for this exciting week among thousands of other Drupalers, while hundreds of sessions, summits, trainings, just-for-fun events, and more are all happening—some simultaneously. We have tips for during the conference and afterward, so make the most of this new experience!
From a quarter to almost one-third of content in the World Wide Web repeats itself. According to Google's head of search spam, Matt Cutts, around 25-30% of web content is duplicate. Your website is also likely to have duplicate content, even if it follows web content writing rules. In this post, we will touch upon the reasons and risks of duplication, as well as review useful modules that fix duplicate content in Drupal.
Between February 21-24, Team Axelerant traveled to beautiful Goa, India from their homes all over the world to attend our annual retreat. We had almost 60 of us there on the beach.
Drupal 8.6 became one of the most interesting releases in Drupal 8’s history. It brought us the oEmbed feature, the Media Library, the Workspaces module, and more. But it’s time to move forward, and in May 2019 we expect Drupal 8.7. Its “alpha” version has just been released. Although an alpha version is not a final one, we will gladly take a look at it and discuss what to expect in Drupal 8.7.Drupal 8.7: the alpha version
Drupal 8.7.0-alpha1 has come out on March 14, 2019. Alpha versions are far from being ready for production sites. They are just preliminary releases that allow developers to do a good testing, receive feedback, make final preparations, and fix bugs.
Agiledrop.com Blog: The Story of Agiledrop: A Company Culture That Benefits Both Employees and Clients
We've started a series of blog posts that tell the story of what makes our developers successful when working with other Drupal teams. The fourth and final chapter ties things together by presenting our company culture which strikes the perfect balance between the needs and wants of both our employees and our clients.READ MORE
Team Axelerant went to beautiful Goa, India for a few days this February for our annual company retreat. It was a fantastic gathering, full of warmth, energy and incredible vibes.
The answer is Drupal's Migrate API, which is incredibly powerful but can feel overwhelming. When I migrated MSKCC.org from Drupal 6 to Drupal 8, the Migrate API was just being introduced into Drupal 8 core, and I felt more comfortable writing a custom migration script instead of using code that was still under development. Migrate API is now stable and if you are an experienced Drupal developer, you should use it.
The level of expertise required to build and maintain a Drupal 8 website has changed from Drupal 7, mainly because we are creating more ambitious digital experiences. The Drupal community struggles to simplify our flexible and sometimes complex product. My approach is to make the Webform module as flexible and robust as possible, while not forgetting that people need a simple way to start building a form. This is exactly why I include an introduction video on the Webform module's main page. Besides making the Webform module an awesome tool for experienced Drupal site builders, the Webform module needs to be welcoming to new users and make it easy for them to move their existing forms to Drupal.
Either an organization is starting from scratch and building a new Drupal site, or more commonly an organization has decided they need to provide a more ambitious digital experience and they have chosen to switch to Drupal. In both situations, we need to make it easy for someone to switch from other form builders to Webform.
The problem that needs to be addressed is…Solution
The simplest way to migrate to the Webform module is to rebuild an external form and then import the existing data. Building a webform is fun and easy, forms are a critical aspect to most websites; it is worth taking the time needed...Read More
At Phase2 we’re always looking to pinpoint the real problem and solve it. Let’s say we have a new project to implement a design system for The First Order. We’ve done work for their parent organization in the past and already have a design system in place for The Empire. The site architecture calls for creating a multi-site and multi-design implementation to make use of The Empire’s assets for The First Order.
The most salient points of the talk are probably the "defense in depth" mechanisms we built for scalability and fault tolerance, and the business results, like -85% full page load time or +50 iOS users.
Ryan Price, Principal Engineer, Drupal and Web with Autodesk joins Mike Anello to discuss the hurdles involved with implementing a continuous integration system, OpenDevShop, improving hook_help(), a Drupal 8 Feeds-like module, and DrupalCon Seattle!Interview
- Autodesk Knowledge
- Article by juampy at Lullabot.
- DrupalCon NOLA presentation: Production is an Artifact of Development by @dev_meshev
- Composer template for Drupal projects.
- OpenDevShop They recently started crowdfunding.
- Reuse the README.txt file of a modules/theme in hook_help
- Entity Import module introduction
- Professional local development with DDEV - 2-hour, hands-on, online workshop held monthly (April 17).
- Local Web Development with DDEV Explained - new book from Mike - version 2!
- Drupal Aid - Drupal support and maintenance services. Get unlimited support, monthly maintenance, and unlimited small jobs starting at $99/mo.
- WebEnabled.com - devPanel.
If you'd like to leave us a voicemail, call 321-396-2340. Please keep in mind that we might play your voicemail during one of our future podcasts. Feel free to call in with suggestions, rants, questions, or corrections. If you'd rather just send us an email, please use our contact page.
Drush 9 has removed dynamic site aliases. Site aliases are hardcoded in YAML files rather than declared in PHP. Sadly, that means that many tricks you could do with the declaration of the site aliases are no longer available.
The only grouping possible is based on the YAML filename. So for example, with the Acquia Cloud Site Factory site aliases generated by the 'blt recipes:aliases:init:acquia' command, you can run a command on the same site across different environments.
But what you can't do is run a command on all the sites in one environment.
One use case for this is checking whether a module is enabled on any sites, so you know that it's safe to remove it from the codebase.
Currently, this is quite a laborious process, as 'drush pm-list' needs to be run for each site.
With environment aliases, this would be a one liner:drush @hypothetical-env-alias pm-list | ag some_module
('ag' is the very useful silver searcher unix command, which is almost the same as the also excellent 'ack' but faster, and both are much better than grep.)
While site aliases are fixed, they can be altered with Drush hooks. I considered that these might allow something to dynamically declare aliases, or a command option. There's an example of altering aliases with a hook in the Drush code.
In the meantime, a much simpler solution is to use xargs, which I have recently found is extremely useful in all sorts of situations. Because this allows you to run one command multiple times with a set of parameters, all you need to do is pass it a list of site aliases. Fortunately, the 'drush sa' command has lots of formatting options, and one of them gives us just what we need, a list of aliases with one on each line:drush sa --format=list
That gives us all the aliases, and we probably don't want that. So here's where ag first comes in to play, as we can filter the list, for example, to only run on live sites (I'm using my ACSF aliases here as an example):drush sa --format=list| ag 01live
Now we have a filtered list of aliases, and we can feed that into xargs:drush sa --format=list| ag 01live | xargs -I % drush % pm-list
Normally, xargs puts the input parameter at the end of its command, but here we want it inserted just after the 'drush' command. The -I parameter allows us to specify a placeholder where the input parameter goes, so:xargs -I % drush % pm-list
says that we want the site name to go where the '%' is, and means that that xargs will run:drush SITE-ALIAS pm-list
with each value it receives, in this case, each site alias.
Another thing we will do with xargs is set the -t parameter, which outputs each actual command it executes on STDERR. That acts as a heading in the output, so we can clearly see which site is outputting what.
Finally, we can use ag a second time to filter the module list down to just the module we want to find out about:drush sa --format=list | ag live | xargs -t -I % drush % pml | ag some_module
The nice thing about the -t parameter is that as it's STDERR, it's not affected by the final pipe to ag for filtering output. So the output will consist of the drush command for the site, followed by the filtered output.
And hey presto.
In conclusion: dynamic site aliases in Drush were nice, but the maintainers removed them (as far as I can gather) because they were a mess to implement, and removing them vastly simplified things. Doing the equivalent with xargs took a bit of figuring out, but once you know how to do it, it's actually a much more powerful way to work with multiple sites at once.Tags: drushdrupal planet
Planning to build a social network with Drupal? A business community maybe? A team or department collaborating on an intranet or portal? Or a network grouping multiple registered users that should be able to create and edit their own content and share their knowledge? What are those key Drupal 8 modules that would help you get started?
That would help you lay the groundwork...
And there are lots of social networking apps in Drupal core and powerful third-party modules that you could leverage, but first you need to set up your essential kit.
To give you a hand with that, we've selected:
Some of the most common questions our clients ask about procuring open source software.
The business world is competitive by nature. An organization’s intellectual property and the custom software that costs valuable time and money to develop is an incredibly prized possession - one that’s important to protect. That’s why the idea of procuring an open source solution (free software that can be used by anyone) can be such a foreign and challenging concept for many in the business world.
In this article, we’ll walk through some of the most common questions that clients have about procuring open source software, so that you’ll understand how this software is licensed, what you can and can't do with it, and hopefully help you make an informed decision about procuring and extending open source software services.How does open source licensing work, exactly?
Open source software turns the traditional software licensing model on its head by allowing users to modify and freely redistribute software. Open source is defined by criteria intended to promote and protect software freedom, and support the communities which contribute to the success of open source projects.Are there any laws that prevent someone from making changes to the software and repackaging the entire thing for sale?
Many open source projects are able to survive and thrive because there are protections in place that prevent someone from turning the project into something proprietary. Drupal and many other open source projects are covered under the GNU Public License or GPL, one of the most common open source licenses. The GPL prevents anyone from distributing the software that it covers without also sharing its source code. This ensures that the project covered by the GPL remains open source.Does this mean that if I pay a contractor for custom code to be developed that adds to an existing GPL-covered open source project, I’ll be required to release that work to the public for free?
The short answer is simply “no”. If you work on or pay for someone to work on custom code that modifies a GPL-covered open source project, you won’t be required to give that work away to the community at large.
The GPL only requires that you release your source code if you plan to sell or release (“distribute”) your custom code. If you’re just planning to use the code internally, or as part of a hosted solution that you control, there’s no need to share it with the world.But shouldn’t I share the code? Isn’t that how open source works?
Many users of open source software do decide to share their source code with the world through contributions to the open source project in question, such as a contributed module in Drupal. There is no requirement to do this, but there are some advantages.
Source code is the actual text document that a software developer creates. It’s uncompiled, meaning that it’s written in programming language that can be read and edited by a human. The reason that distinction is important here is that source code is raw and can be inspected and modified. This practice helps improve both the security and the usability of the software.
By sharing your source code, other people may decide to improve on it and fix it for free, because it’s mutually beneficial. It’s much harder to staff a team of internal developers to keep your code tested, maintained, and bug-free while planning an improvement roadmap to add new features and create new software integrations. Having others work on your code means it is made better both for you and for them. Sometimes the advantage of having software that works really well and has updates and features added more quickly outweighs the advantage of keeping your innovation secret from your competitors.
Curious if open source software is right for your business? Read our post on how you can save money using open source technologies.Open Source Industries Arts and Culture Corporate Government Healthcare Higher Education Media Non-profit
Join Palantir's CEO, Tiffany Farriss, for the keynote at this year's DrupalCorn Camp. With tech still struggling to achieve its diversity and inclusion goals and average job tenure down to less than 3 years, we need to transform how we think about our organizational cultures.
How do we create environments that succeed because of the teams, but where that success is not dependent on any one person? How do we align the company and individual interests so that everyone benefits from however much time that they work together? This presentation explores the role that culture and learning have for organizations and individuals as they work to answering those questions.
- Date: Friday, September 28, 2018
- Time: 9:00am
- Location: Gym - lecture room 2nd floor
Update: Recording of this session is now available on Drupal.tvSat, 09/15/2018 - 12:00