- DrupalCon Europe Advisory Group, by Imre Gmelig Meijling
- Drupal Trivia, by Stella Power
- Bugsmash, by Kristen Pol
- Decoupled Menus, by Théodore Biadala
- Project Browser, by Mihaela Jurković
- Security Team, by Tim Lehnen
The takeaway message this month is that there are some key opportunities to get involved and help grow the Drupal community with fun and interesting contribution. Certainly, helping Stella with the curation of questions for one of the most fun parts of the Drupal year, Trivia, has to be a highlight!
If you spot a place where your skills fit, don’t hesitate to contact either the group’s spokesperson, or Community Liaison, Rachel Lawson.
DrupalCon Europe Advisory Group, by Imre Gmelig Meijling
What have been your priorities in the last three months?
Together with DrupalCon Europe Advisory Group, Kuoni, the Drupal Association and many local camp organisers and passionate Drupal volunteers from Europe and around the world, we have been working on DrupalCon Europe 2021.
While still being a COVID year and people getting weary of online events and sitting behind screens all day, DrupalCon will happen. We all need that place to connect and share, albeit online.
European Drupal camps are uniting with DrupalCon so Drupal enthusiasts will have 1 major conference to go to. Speakers, sponsors and attendees won’t have to take up so much effort to organize an online event themselves. Instead they can team with the DrupalCon team and the international community to create one big experience with a lower threshold to go yet another online event. Plus a bigger, international reach.
The world will see Drupal still going strong at DrupalCon and they will get a chance to connect with various regions and Drupal communities.
And what has been your greatest success in the last three months?
It’s been so great to see European Drupal Associations and community leaders get together to talk about maintaining a strong Drupal experience in Europe. Getting European countries as well as other international communities working together to create a united Eurovision Drupal experience is something that is really great!
What has been your greatest challenge in the last three months?
It’s been a challenge to align European communities and camps and have as many as possible to team up with DrupalCon 2021. It’s not so much about making money or spending time to create the experience, rather having one strong Drupal message and letting the world know Drupal is here to stay.
Do you have a “call to action” you want to make to the Drupal Community?
Please take a look at where DrupalCon and the local camps are at and see if it’s possible for your camp, association or local community to team up. This can be very small and with little effort.
It’s about uniting in common cause: the more camps will underscore this by teaming up, the stronger Drupal will come out of it.
Drupal Trivia, by Stella Power
What have been your priorities in the last three months?
The main priority in the last three months was, of course, writing the questions for Trivia Night at DrupalCon North America, as well as creating the picture clues.
And what has been your greatest success in the last three months?
Another very successful Drupal Trivia night at DrupalCon North America
What has been your greatest challenge in the last three months?
The greatest challenge was writing the quiz questions. It takes a lot of work, not just in writing the questions themselves, but also formulating the rounds so you hit the right mix of topics and the right difficulty level. Of course, the switch to the online/virtual format has also been a bit of a challenge – a different way of writing the questions is required.
Do you have a “call to action” you want to make to the Drupal Community?
Yes! I’m looking for someone else to help write the questions! It takes a fair bit of preparation work, so if someone would be willing to contribute their time to help write and curate the questions, with a view to taking on the role of being the primary question curator for one of the DrupalCons each year.
Bugsmash, by Kristen Pol
What have been your priorities in the last three months?
Recent priorities for the Bug Smash team have been to prepare for the DrupalCon North America initiative keynote and contribution event in April, including recruiting mentors, as well as our regular activities of issue triage and bug smashing. One fun thing we do each meeting is we nominate issue “targets” for the team to work on. These issues cover the gamut from views to form caching to ajax to media and so much more.
To see recent issue targets, our meeting transcripts are available in the issue queue.
But, one of the great things about the Bug Smash Initiative is that you have complete freedom to work on what you want and there are a wide variety of issues to choose from. Each person focuses on whatever interests them or fits within their available time. One person like mohit_aghera may focus on writing tests while others may focus on issue triage or accessibility reviews or testing.
And what has been your greatest success in the last three months?
The Bug Smash team has had some great successes over the last few months. The DrupalCon contribution event was a great way to mentor new contributors and onboard them to the initiative. larowlan ran an introduction workshop based on pameeela’s Bug Smash presentation previously given at the Sydney Drupal user group. As a result of DrupalCon’s success, we’ve had new team members jump into our Slack channel and start contributing!
Looking at the issue queue, there were more than 600 core issues worked on in the last 3 months with almost half of those fixed or closed. One fun issue that got fixed was from 2005! Big thanks to lendude and quietone for continuing to improve our bug statistics tools so we can better understand our initiative’s impact. A fun fact from quietone during the May initiative meetings was there had been a ~584 year reduction in total number of years of all open bugs in the previous month! Whoa!
What has been your greatest challenge in the last three months?
At the biweekly Bug Smash meeting, we always ask about people’s challenges during the previous fortnight. Some of them are fun personal distractions like new puppies or watching America’s Cup, or not so fun life things like dealing with expensive car problems. Sometimes it’s other Drupal activities that take people away from Bug Smash work like other initiatives or April’s full-on DrupalFest activities.
From a more tactical viewpoint, finding “low hanging fruit” issues can sometimes be a challenge when we are trying to find quick wins. Or, we’ll end up focusing on new issues rather than trying to get issues we’ve already worked on “over the fence”. But, there is one challenge that you, the reader, can help with, and that’s getting issues reviewed. If you have time to help, manually testing and reviewing fixes is immensely helpful. Search the queue for anything tagged as Bug Smash Initiative with status of “Needs review“.
But, all in all, the number one challenge for the Bug Smash team is usually time… not enough of it. And, often, that’s due to work being particularly busy. We highly encourage organizations who benefit from Drupal to free up some of their team’s time to help on initiatives like Bug Smash. And, we highly recommend you read our very own Derek Wright’s blog post on why organizations should support the Bug Smash Initiative.
Do you have a “call to action” you want to make to the Drupal Community?
A very simple call to action is simply attending one of the Bug Smash meetings. We meet every two weeks in Slack and it’s asynchronous, so you can still participate afterwards within a 24 hour window. They are very well-organized thanks to jibran who typically runs the meetings and are transcribed by quietone, so everyone can get credit for participating. You can introduce yourself and ask questions, and we’ll help you get acclimated. You can also review the helpful Bug Smash Initiative documentation to learn more (https://www.drupal.org/community-initiatives/bug-smash-initiative/workin…), thanks largely to the writing efforts of dww with help from other team members.
The Bug Smash docs specifically have a section on “how to help” (link to https://www.drupal.org/community-initiatives/bug-smash-initiative/workin…) but, as mentioned above in our challenges, if you are keen on helping review, that would be a great focus. Issue review involves reviewing code and/or manually testing the latest code fix works.
Based on the success of DrupalCon North America, we hope to have more mentored contribution events this year, so keep your eyes open or pop into the bugsmash Slack channel to check in on the status. If you are interested in helping mentor at these events, we very much welcome that contribution as well. Hope to see you soon!
Decoupled Menus, by Théodore Biadala
What have been your priorities in the last three months?
We published the results of the decoupled survey that shed some light into what sort of things people use and expect from Drupal when used in a decoupled fashion.
On the Technical side we have the decoupled menus module published that provides the missing pieces for API consumption of menus. This was started in contrib to try out a few things, when things are stable enough we’ll propose it for addition in Drupal Core to provide this for everyone. There are also a couple of helper JS libraries: Decoupled menu parser, Linkset.
The team also spent a significant amount of time preparing for DrupalCon, making sure we have things for people to do, test, and help.
And what has been your greatest success in the last three months?
The thing that tied everything together was DrupalCon, where Baddý Sonja Breidert, Liam Hockley, Gabe Sullice, Juanluis Lozano, Brian Perry, Joe Shindelar did an amazing job of preparing and running the Decoupled Day.
We’ve had very good participation on the different workshops and some great examples of menu consumption based on the decoupled menus module:
- Generic Drupal Web Components https://www.drupal.org/project/gdwc
- React Menu Component https://www.drupal.org/project/react_menu_component
- Drupal svelte component menu https://www.drupal.org/project/drupal_svelte_component_menu
A solid start at the documentation structure was made as well.
What has been your greatest challenge in the last three months?
Producing documentation has been a challenge, people prefer writing code!
DrupalCon helped with seeing what needs to be documented, the survey helped with what people expect, and what kind of tools people use.
Do you have a “call to action” you want to make to the Drupal Community?
By now most of the technical pieces are present and we need people to take charge of building the documentation for all this wonderful code so that it’s accessible to more people. This will in turn help us streamline the experience of consuming menu data from Drupal API.
You can head over #decoupled-menus-initiative slack channel and the Start an end-user-friendly technical documentation issue.
Project Browser, by Mihaela Jurković
What have been your priorities in the last three months?
The Project Browser initiative kick off meeting was only 10 days ago! Getting started has been the main thing so far, and we can’t wait to report on our further developments.
And what has been your greatest success in the last three months?
We have formed a group of people interested in contributing their ideas and efforts to the Project Browser. Several people stepped up to coordinate initial subtasks, and we started a list of potential features, the audiences they may cater to, and what might go into the Minimum Viable Product (MVP).
Our conclusion was that the Project Browser should help make Drupal more attractive to a general audience of site owners/builders as its first priority, by enabling them to easily expand the Drupal core site features through additional modules. The Project Browser will offer any audience a list of modules that is easy to understand, contains the relevant information, and filters out and sorts the modules reliably.
What has been your greatest challenge in the last three months?
The Project Browser needs to cater to multiple audiences at the same time. Our most important audience is the general public, or framed more specifically, site owners. Discovering their pain points is always a challenge. Without understanding exactly what problem we’re solving for them it’s difficult to prioritize the features we should focus on.
Do you have a “call to action” you want to make to the Drupal Community?
The Project Browser initiative needs input from site owners and builders who aren’t experienced with the technical aspects of Drupal. If you are able to conduct interviews with some of those people (or ARE some of those people!), please come to our Slack channel (#project-browser) and share your wishes/experiences about what would make it easier to expand your Drupal site with more features.
Security Team, by Tim Lehnen
Editor’s note: has kindly stepped in to help compile this information as you may well be aware that the Security Team have been fully occupied with the recent Drupal core security release. Thanks Tim!
What have been your priorities in the last three months?
The security team has been focused on two key areas in recent months. The first is our core mission of supporting responsible disclosure of security advisories and updates in the Drupal community. The second has been preparing for the Drupal Association’s release of the community tier of Drupal Steward, which will shortly be available to customers at drupalsteward.org.
And what has been your greatest success in the last three months?
In the last three months we’ve successfully two Drupal core security advisories, and twelve security advisories for contributed modules.
- Drupal core – Moderately critical – Cross Site Scripting – SA-CORE-2021-003
- Drupal core – Critical – Cross-site scripting – SA-CORE-2021-002
- OpenID Connect / OAuth client – Moderately critical – Access bypass – SA-CONTRIB-2021-014
- GraphQL – Moderately critical – Information Disclosure – SA-CONTRIB-2021-013
- Frequently Asked Questions – Moderately critical – Cross Site Scripting – SA-CONTRIB-2021-012
- Open Social – Critical – Authentication Bypass – SA-CONTRIB-2021-011
- Open Social – Moderately critical – SQL Injection – SA-CONTRIB-2021-010
- Chaos Tool Suite (ctools) – Moderately critical – Information disclosure – SA-CONTRIB-2021-009
- Facets – Moderately critical – Cross site scripting – SA-CONTRIB-2021-008
- Gutenberg – Critical – Access bypass – SA-CONTRIB-2021-007
- SAML Authentication – Moderately critical – Access bypass – SA-CONTRIB-2021-006
- Fast Autocomplete – Moderately critical – Access bypass – SA-CONTRIB-2021-005
- Webform – Moderately critical – Access bypass – SA-CONTRIB-2021-004
These advisories represent the hard work of Drupal core and contributed module maintainers, security researches, and the security team itself, and continue to prove that the Drupal security team is one of the best in the industry.
What has been your greatest challenge in the last three months?
Our greatest challenge came with the most recent Drupal core release, SA-CORE-2021-003. This core release came outside of the regular release window, and coincided with unplanned infrastructure instability that delayed the release. We know this impacted many members of our community waiting for the release to drop, especially those outside of US time zones, for whom the final release came quite late at night.
We’ve released a post-mortem blog to talk further about what happened and how we hope to mitigate these issues in the future.
Do you have a “call to action” you want to make to the Drupal Community?
To keep up to date with Drupal security information you can follow any of the channels described on the Drupal security landing page. In addition to the news page and sub-tabs, all security announcements are posted to an email list. To subscribe to email: log in, go to your user profile page and subscribe to the security newsletter on the Edit » My newsletters tab.
You can also get rss feeds for core, contrib, or public service announcements or follow @drupalsecurity on Twitter.
Lastly, you can join the #security-questions channel in Drupal Slack to ask real-time questions of other community members related to security.
Go to Source
Author: