Skip to main content

5 posts tagged with "Newsletter"

View All Tags

Β· 3 min read
Klaus Purer

Welcome to the fifth D7Security newsletter!

d7security.org website launch​

Our website has launched at https://www.d7security.org/ πŸš€

This is a statically generated website built with Docusaurus in our Gitlab Pages repository. Thank you to our D7Security members Sinduri Guntupalli and Allison Vorthman for building and launching it!

Blog post about unsupported modules​

Klausi wrote a blog post about Drupal 7 modules losing security support before Drupal 7 core: What happens when a Drupal 7 module used by 70,000 sites gets unsupported?

Telemetry to collect D7Security usage data​

On drupal.org project usage data is collected to get an idea how many sites use Drupal 7 core or contributed projects. We want to do the same and implemented a small data collection server for D7Security. It stores only aggregated usage statistics (which projects are installed in which version) to preserve privacy of Drupal 7 sites. This will give us insights into which projects are most used.

Please help us collect statistics by installing d7security_client 7.x-1.3 according to our user guide!

New D7Security supported modules​

A couple of Drupal 7 modules have gone unsupported on drupal.org and we adopted them in the D7Security group:

New D7Security members​

I'm happy to report that we added new members to the D7Security group:

Commercial extended support for Drupal 7​

There are now 3 official commercial providers for Drupal 7 extended support listed on drupal.org. It is still unclear how they will cooperate to fix and release Drupal 7 security updates.

How you can help​

Here are some opportunities how you can get involved and help us:

That is all for today, please reach out in our communication channels if you have any questions!

Β· 3 min read
Klaus Purer

Welcome to the fourth D7Security newsletter!

Presentation at Drupal Austria meetup​


I did a short presentation about D7Security at the Drupal Austria March Meetup. I recorded the session afterwards and you can watch it on YouTube.


On June 26th I will talk about D7Security again at Drupal Dev Days Burgas. I will try to outline options for Drupal 7 site owners from migration to long term support and I'm looking forward to a discussion what developers need to handle their Drupal 7 projects in the future. Let me know if you have any topic that could fit and is not in the talk description yet!

Security advisory process established​


The D7Security group now publishes security releases with accompanying security advisory posts on the website, very similar to what the Drupal Security Team does on drupal.org. Check out our first advisory post for the Coffee module.

Help wanted for the D7Security website​


The work on the d7security.org website is ongoing, but the people working on it are busy and could use some help. We have a basic design and now need to fix links and dummy text. If you are interested to contribute please reach out to me or Allison!

Commercial extended support for Drupal 7​


I'm in contact with 2 commercial vendors that will offer extended support for Drupal 7 (HeroDevs and Tag1 Consulting). They could be interesting for organizations that need compliance security guarantees for their Drupal 7 projects or need other ongoing Drupal 7 coverage. My goal is to collaborate with those vendors in the D7Security group, so that they release their security fixes in the D7Security open source project. If we get a commitment from them to participate in the D7Security project then we can promote and recommend them for site owners seeking commercial contracts.

Drupal 7 beyond January 2025​


Roughly 300,000 sites are still running on Drupal 7, down from 400k sites a year ago. The official Drupal 7 end-of-life date is 8 months away and I expect more sites moving away from Drupal 7 at a faster rate before that. I assume that more than 100k Drupal 7 sites will still be running after January 2025. I'm working with clients that will likely still run on Drupal 7 beyond January. It is becoming even more clear to me that a Drupal 7 long term support solution is needed and that we need a central place to continue to maintain Drupal 7 core and selected contrib projects. D7Security could be the open source collaboration place to take over Drupal 7 maintenance. This will be interesting to plan in the next months and I hope to get Drupal 7 developers on board that need to do this work anyway. That is all for today, please reach out in our communication channels if you have any questions!

Β· 3 min read
Klaus Purer

Welcome to the third D7Security newsletter!

First security release​


On February 28th the D7Security group released their first security update of a contributed Drupal 7 module. In coordination with the Drupal Security Team new versions of the Coffee module were published on drupal.org for Drupal 10 and on gitlab.com for Drupal 7. The Coffee module is now in the list of supported D7Security projects. This is a big milestone for the D7Security group and proves that our technical setup is capable of distributing and notifying Drupal 7 site owners of new Drupal 7 security updates. Special thanks to Greg Knaddison and Oliver KΓΆhler for helping me with the Coffee release!

New supported modules: coffee, ldap, simple_gmap​


Besides the already mentioned Coffee module we took 2 more modules under the D7Security umbrella and released new versions for them: ldap and simple_gmap. This was only possible because of a new D7Security member that stepped up and contributed these 2 modules, which brings me to my next point ...

New D7Security member: Caroline Boyden​


I'm happy that Caroline joined and was able to release the ldap and simple_gmap module completely on her own just by following our release documentation. I'm relieved that other contributors find their way around how to get stuff done in the D7Security group, which also validates my ideas how to operate and that this project is not dependent on myself. Thanks a lot Caroline!

Planning security advisories​


Jen Lampton brought up the topic of security advisories, which the D7Security group does not publish yet. I opened a discussion on D7Security advisories, planning something similar as Drupal.org is doing at https://www.drupal.org/security/ or Backdrop at https://backdropcms.org/security/advisories . The main purpose of D7Security is to provide security alerts and updates, so I think advisory posts are a good idea as well.

Improved Wiki documentation​


I improved the start page and menu sidebar in our Wiki to make it more clear. I also added an overview page how D7Security works, check it out! Presentation at Drupal Austria meetup I will do a short presentation about D7Security at the Drupal Austria March Meetup. I will post the slides afterwards and maybe I can also find the time to do a video recording.

d7security.org website​


The D7Security website is still work in progress, we have some designs that we are currently reviewing. More updates will follow! That's it for this newsletter, let me know if you have any questions!

Β· 2 min read
Klaus Purer

Welcome to the second D7Security newsletter!

Podcast episode about D7security​


I did an episode on the Drupal 7 End-of-Life podcast with Mark and Chris from Chromatic. It was a pleasure to talk with them and you can get a lot of background information on the D7Security group motivation.

New D7Security members​


I'm very happy to announce that several more people have stepped up as members of the D7Security group:

  • John Locke
  • Jen Lampton Backdrop CMS Security team member who can can help us coordinate with them
  • Gregor SΓ½kora
  • Greg Knaddison Drupal 10 Security team member who can help us coordinate with them
  • Allison Vorthmann from Herodevs, who are planning a Never Ending Drupal 7 support product

If you are interested in continuing security support for a Drupal 7 module please check our members page about how to join!

Drupal 7 Message module support​


The Drupal 7 version of the Message module got unsupported on drupal.org and D7Security group took it over. We forked it on Gitlab.com, made a 7.x-1.13 release and marked it as supported in the D7Security group. If you would like to get update notifications about D7Security supported projects please follow the user guide.

d7security.org website​


Allison Vorthmann is looking into implementing a design for the d7security.org static website, to provide information and news. Thank you Allison! If you would like to help with the website or any other topic feel free to reach out to us

Β· 2 min read
Klaus Purer

Welcome to the first D7Security newsletter! The D7Security initiative is now starting up and we have accomplished a couple of things so far:

Gitlab wiki documentation​


There is a lot of written documentation in the Gitlab wiki already. I would like to highlight the mission and values page here that outlines the D7Security philosophy.

User Guide​


The first version of a user guide is now available in the wiki. It describes how Drupal 7 site administrators can get updates of supported modules by the D7Security initiative.


A dummy page is now live at https://www.d7security.org/ and we have a logo for the D7Security group! Special thanks to Sebastian Gilits for generating the logo. I'm looking for help to make the website pretty, accessible and informative. Please get in touch at the Gitlab issue if you would like to contribute!

Technical prototype validated​


With the fork of the Drupal 7 Devel module we have validated in a prototype that the release process and update status functionality works on Gitlab. The release process was also documented in the wiki. We are ready to release more Drupal 7 modules in the D7Security group!

New D7Security members​


I'm happy to announce that I could add 3 senior developers as members to the D7Security group. Thanks a lot Ivan, Juraj and Andrii for joining! I'm in contact with more developers as well, please check the wiki page if you are interested in joining!

Next steps​


Besides building out the d7security.org website there are a couple of small TODOs being collected. The next bigger milestone will be the first security release of a module in the D7security group, once we encounter such a case. Thank you all for your input and support!