webjoke.de

Generally you see this error while you try to install the update manager module via UI or via Drush command. Not really sure how you came up with this issue. But if you are seeing this issue, you have an entry in your site's configuration saying that the update module is already installed. 1. You can simply delete this configuration with the below command $ drush cdel update.settings Which

The Drupal Association is excited to announce that our t-shirt design contest will be returning for DrupalCon Chicago! 

We want to see the Drupal community's design ideas for the official t-shirt, available for all attendees to wear and enjoy. Do you have a fantastic idea in mind? Let’s see your creativity!

The winner will get THEIR design on the front of the official t-shirt for DrupalCon Chicago!

What the judges are looking for

Judges are looking for a combination of creativity, impact, and relevance to the Drupal community. A design that tells a story and aligns with the values and aspirations of DrupalCon attendees is likely to capture attention.

While exploring bold ideas, consider how your design will resonate with a diverse audience. Think of classic elements that make a T-shirt memorable while pushing creative boundaries. Avoid overcomplicating things; sometimes less is more, especially if every element adds value to the message.

Now, for the finer details…

Your design must include the DrupalCon Chicago Logo and will only be featured on the front of the t-shirt. Sponsor logos will be added to the t-shirts sleeves after the design is finalized. 

Specs: 

• PNG or PDF preferred
• 16 inches tall
• graphics need to be 300 dpi

All designs must be submitted by 21 December 2025 at 23:59 UTC, after which the submission form will close.

The Drupal Association will then select 4 designs to go forward to a public vote.

The top three designs as chosen by the Drupal Association will then be voted upon by the public, with voting open 5 January until 12 January 2026 at 23:59 UTC.* 

The winning design will be printed on the front of the official DrupalCon Chicago t-shirt and the winner will receive a complimentary ticket to their choice of either DrupalCon Chicago 2026 or DrupalCon North America 2027.

References Winning designs from previous years

Graphic Elements

• DrupalCon Chicago Logos
• Modules [Colourful Square Icons]

How to enter

Simply create your design, then fill out our submission form by 21 December 2025 to submit your final design. We also ask that you include a sentence or two describing why you chose your design and how it represents the Drupal community.

So, what are you waiting for? Submit your design now, and please help us spread the word throughout the Drupal community!

Good luck!

* Dates for public voting dates are subject to change but will be open for a minimum of 1 week.
** Drupal Association staff and members of the DrupalCon Chicago Steering Committee will not be permitted to enter this contest.

With nearly 14 years at Open Social (via GoalGorilla), engineering lead Ronald te Brake has shifted from writing code to shaping how teams think, collaborate and solve problems. In this interview with TDT’s Alka Elizabeth, Ronald explains why he views AI not as a magic bullet, but as a teammate that demands context, guardrails and documentation. He shares how governance, decision records and meaningful standards help developers stay effective in a world where automation and intelligent systems are growing.

Vibe-coding versus Open Source - Security over the long haul Nov 20, 2025 By John Locke 0

Vibe-coding is all the rage today. Who needs a developer when you can get an AI to develop an application for you? There are scads of application development tools now that promise to create that app you always wanted -- and surprisingly, these often work!

Sustainable/Open Business Read More

MCP is released in a new 1.2 version

Omedia has put a lot of effort into getting the 1.2 version of MCP out. The module is now security covered, it works with the Tool API, adds OAuth authentication, a much better configuration system and a first preview of MCP Studio.

It now fully supports the HTTP and STDIO transports and independent where you want to source your tools, AI function calling, Drush commands or Tool API its all just available.

Read more about Giorgi Jibladze’s post on LinkedIn.

LMStudio is Stable

Thanks to Andrei Ivnitskii (ivnish), the first stable version of the LMStudio provider for the Drupal AI module is now available. This release introduces full integration with LMStudio, giving developers a local, flexible, and GUI-driven environment for running and testing AI models directly from their Drupal site.

This integration is built for developers and data scientists who need a controlled testing environment, but find Ollama or vLLM too complex to set up and use. By pairing Drupal AI with LMStudio, you can iterate quickly, test safely, and work offline - perfect for preparing models before scaling up to cloud-based providers.

Try it out and help out in https://www.drupal.org/project/ai_provider_lmstudio 

Meet the QA team!

I met with the awesome AI Initiative QA team a couple of weeks ago and they have set up processes for how both manual and automated QA can happen on issues.

They have an issue where you can follow their work on here: https://www.drupal.org/project/ai_initiative/issues/3550700 

The idea is to standardize the “Needs QA” tag, where you as a developer can request manual testing and get feedback on the process.

Next steps, include looking into how DrupalForge/DrupalPod can be used for AI purposes to start images based on an issue on DrupalForge with the push of a button and also local development environments.

If you want to get in touch with the team they are on #ai-quality-insurance Slack channel.

Work on the 2.0 release is on its way

We have already started working on deprecations of modules, and other code for an 1.3.0 release and the work on all the refactors needed for 2.0 is started. The goal is to have a version ready by the end of the year and that fixes up a lot of architectural decisions made in 1.x branch and also removes a lot of features that were experimental, but never really usable.

Note that there will not be that many features in the 2.0 branch, but the focus is rather on better code architecture, better UX, extraction of modules and removal of features that don't work well.

By removing modules, we hope we can have an even faster development and release pace going forward.

Check the issue queue for more information.

Multiple Automators on one field

One of the larger rewrites for 2.0 is Automators - and one of the features this will bring is the possibility to add multiple Automators one field. While this has been possible in theory in the 1.x branches, this required you to do complex config imports - now they will be a part of the native UI/UX of the Automators.

This together with the Field Widget Actions, means that you can have multiple ways of generating one part of a field, or one button per part of a field.

This means that on an image field for instance, you could setup a button that generates the image, another that renames the file name and a third that creates an alt text.

Or if you want a summarize button in a friendly manner and another in a formal manner, you can have both on the same field.

This is ready to be tested on 2.0.x-dev, but please note that the external Automators modules will also need changes due to breaking changes.

A huge thanks to Bryan Sharpe from ImageX for this and anyone helping with testing and reviewing.

Across every sector, leaders see the potential of AI, but many are struggling to turn that potential into measurable value.

Gartner’s 2023 and 2024 findings show that a significant proportion of AI projects stall before reaching production, often due to unclear use cases and limited organizational readiness. The MIT Sloan Management Review highlights that, while most executives recognize AI’s transformative potential, few can translate it into ROI.

That’s why we created our new series of Drupal AI Industry Guides, to help organizations understand where AI can deliver real, responsible, and measurable impact. Each guide is written by sector experts with firsthand experience implementing AI with Drupal.

Designed for Action, Not Theory

These guides are about doing more with less — a key message in today’s digital landscape. Each one features four practical AI use cases that your organization can adopt right now using Drupal AI.

Every use case is grounded in ROI and designed to show how AI can:
Simplify and speed up workflows

• Improve customer and citizen experiences
• Unlock data-driven insight
• Reduce operational costs and risk

Drupal AI brings freedom of choice and rapid innovation to AI adoption. It combines the trust of open source with the power of artificial intelligence.

Expert-Led Guides for Every Industry

Each guide is authored by a Drupal AI sector specialist, professionals who understand both the technology and the real-world challenges of their industries. These guides are designed to move teams from curiosity to capability, showing that

AI doesn’t have to be experimental — it can be effective, ethical, and immediate.

Explore the collection:

• Arts and Culture
• Enterprise
• Financial Services and Insurance
• Fintech
• Healthcare and Life Sciences
• High Tech
• Higher Education
• Local Government
• Media and Publishing
• Membership Bodies
• NGO and Nonprofit
• Public Sector
• Retail and Ecommerce
• Sports and Entertainment
• Travel

Responsible, Open, and Future-Ready

Every Drupal AI solution is built on the freedom of open source — giving you control, transparency, and flexibility to experiment safely. Drupal AI is:

• Trustworthy by design: safeguards and auditability built in.
• Human-centered: AI amplifies human creativity rather than replacing it.
• Open by default: integrate today’s best AI models and tomorrow’s breakthroughs without lock-in.

Drupal is the best AI-powered open-source CMS in the world — built for innovation, designed for trust.
From Curiosity to Capability

The AI opportunity is real, and with Drupal, it’s achievable right now. The Drupal AI Industry Guides are your starting point to:

• Identify where AI creates genuine valu
• Build a roadmap for measurable ROI
• Move from pilot to scale with confidence

By combining Drupal’s open web foundation with responsible, human-centered AI, you can deliver the innovation and productivity of AI while preserving the judgment, creativity, and context that only people can bring.

AI Makers are a select number of Drupal Certified Partners who are funding and actively working on Drupal AI to ensure it delivers a significant and strategic impact. They provide consulting services to help you build the best AI based digital experience for your needs.

Start Exploring Today

Visit the full collection of Drupal AI Industry Guides and discover how Drupal AI can help your organization move faster, innovate responsibly, and stay open to what’s next.

DrupalCon Nara just wrapped up, and it left me feeling energized.

During the opening ceremony, Nara City Mayor Gen Nakagawa shared his ambition to make Nara the most Drupal-friendly city in the world. I've attended many conferences over the years, but I've never seen a mayor talk about open source as part of his city's long-term strategy. It was surprising, encouraging, and even a bit surreal.

Because Nara came only five weeks after DrupalCon Vienna, I didn't prepare a traditional keynote. Instead, Pam Barone, CTO of Technocrat and a member of the Drupal CMS leadership team, led a Q&A.

I like the Q&A format because it makes space for more natural questions and more candid answers than a prepared keynote allows.

We covered a lot: the momentum behind Drupal CMS, the upcoming Drupal Canvas launch, our work on a site template marketplace, how AI is reshaping digital agencies, why governments are leaning into open source for digital sovereignty, and more.

If you want more background, my DrupalCon Vienna keynote offers helpful context and includes a video recording with product demos.

The event also featured excellent sessions with deep dives into these topics. All session recordings are available on the DrupalCon Nara YouTube playlist.

Having much of the Drupal CMS leadership team together in Japan also turned the week into a working session. We met daily to align on our priorities for the next six months.

On top of that, I spent most of my time in back-to-back meetings with Drupal agencies and end-users. Hearing about their ambitions and where they need help gave me a clearer sense of where Drupal should go next.

Thank you to the organizers and to everyone who took the time to meet. The commitment and care of the community in Japan really stood out.

In the first part of a new TDT tutorial series, Jeff Greenberg explains why taxonomy audits belong in the planning phase—not post-migration QA. Using real-world insights from Drupal 7 upgrade projects, he shows how proactive analysis reduces friction, errors, and cost during multilingual or complex site migrations.

If you’ve been hearing people in the Drupal world talk about “AI” and “Canvas,” you might think it’s some complicated feature only developers care about. Honestly, that’s what I assumed at first too. But the more I tried these things, the more I realised they’re not really built for developers — they’re built for the people who actually u

Join us THURSDAY, November 20 at 1pm ET / 10am PT, for our regularly scheduled call to chat about all things Drupal and nonprofits. (Convert to your local time zone.)

We don't have anything specific on the agenda this month, so we'll have plenty of time to discuss anything that's on our minds at the intersection of Drupal and nonprofits. Got something specific you want to talk about? Feel free to share ahead of time in our collaborative Google document!

All nonprofit Drupal devs and users, regardless of experience level, are always welcome on this call.

This free call is sponsored by NTEN.org and open to everyone.

Information on joining the meeting can be found in our collaborative Google document.

drunomics Celebrates Sinduri Winning the Women in Drupal Award oliver.berndt Tue, 11/18/2025 - 09:50 Sinduri Guntupalli recognized in the Build Category at DrupalCon Vienna 2025 for her dedication to community organizing, advocacy, and open source work.

Want a faster Drupal site? Start with your images. In this guide, you’ll learn the smartest ways to optimize, compress, and deliver images on your site without losing quality.

Nara, Japan – Sharp Europe detailed how it built a digital infrastructure for one of the world's most complex B2B operations on Drupal, managing 120,000 enterprise customers across 48 countries with 17 sites in 19 languages.

The electronics giant generates €13.5 billion in annual revenue, with 40% coming from B2B operations that serve vastly different audiences – from 110,000 small enterprises requiring low-touch transactions to mid-market companies needing sophisticated engagement.

"Big, complex, broad, deep," said Jason Cort, who leads European product management and marketing for Sharp. "That's what our martech stack has to support."

Image: Shigeru Kobayashi – COO Executive Officer, Head of B2B, Sharp

The Scale Challenge

Sharp Europe operates 63 offices across 48 countries, supporting 11 currencies and multiple sales channels. The product portfolio spans document solutions, IT services, and professional display systems – all requiring a unified digital presence for 2,500 employees and 120,000 enterprise customers.

Six years ago, the existing martech stack "was past its sell-by date," Cort said. But a complete refresh – including CRM and ecommerce portals – meant significant investment. The business case had to be airtight.

The Right Technology and the Right Partner

The public website became the starting point: "the biggest shop window with a global audience." With 80% of the buying cycle happening online, the digital experience had to work.

Sharp needed three things: the right technology, the right partner, and the right ROI.

Drupal checked the technology boxes: enterprise scale, open source, cloud-ready, secure, with the right APIs. But technology alone wasn't enough.

"Even with the best tech in the world, we need the right partner," Cort said. "If you fail with security, there is a very high price to pay."

Sharp selected 1xINTERNET, a Diamond Drupal Certified Partner.

Results and Cost Reality

The implementation now spans 17 sites in 19 languages. Internal stakeholders are "truly delighted," particularly the marketing teams.

Traffic optimization has improved, directing consumer traffic appropriately while focusing resources on B2B journeys. The platform enables rapid A/B testing and accessibility compliance – critical for operating across European markets.

"The platform gives us the agility and flexibility we need," Cort said. "1xINTERNET is able to deliver quickly for us."

One finding surprised the team: "We've found building custom things for our needs in Drupal is more cost effective than buying an off-the-shelf solution and tailoring it to our needs."

Drupal now sits at the heart of Sharp Europe's entire martech stack, integrating with CRM, analytics, and commerce systems.

Image: Members of hte DrupalCon Nara organizing team and Sharp Corporation, including Dries Buytaert, Jason Cort and Shigeru Kobayashi, and Baddy Breidert (1xINTERNET).

Lessons for Enterprise Buyers

Cort and Shigeru Kobayashi, Co-COO Executive Officer and Head of B2B at Sharp, shared three takeaways:

1. Treat your Drupal partner as an extension of your team. Sharp works closely with 1xINTERNET as an integrated part of operations, not a vendor.
2. Plan for ongoing investment, not one-time cost. Digital infrastructure requires continuous development and optimization.
3. Don't compromise on quality, especially security. The consequences of cutting corners are too high.

"Finding the right partner is as important as the right platform," Cort said. "Drupal is absolutely the right choice. Sharp will be on the platform for many years to come."

Why Certified Partners Matter

Sharp's partnership with 1xINTERNET demonstrates the value of the Drupal Certified Partner program. DCPs have demonstrated expertise, committed to best practices, and invested in the Drupal ecosystem – exactly what enterprise buyers need when stakes are high.

For organizations evaluating Drupal, Sharp's six-year journey offers a clear data point: a €13.5 billion global business betting its digital infrastructure on open source, delivered through a certified partner.

The Drupal Association maintains a directory of Drupal Certified Partners at Drupal.org.

DrupalCon Asia continues through November 20 in Nara, Japan.

DDEV is designed so that most people never have to change the configuration of their local workstation, and that includes not having to edit their hosts file. All the details are in DNS Name Resolution and Wildcards.

However, one particular brand of router, the Fritz!Box, has a different DNS configuration than most other routers, and it includes DNS Rebinding Protection that blocks local development domains.

TL;DR: If you use a Fritz!Box router, add ddev.site to the router's DNS Rebinding Protection exceptions.

The Problem

When you first set up DDEV with a Fritz!Box router, you might encounter a failure to resolve the domain name when trying to access your *.ddev.site project, even though your site is accessible via the 127.0.0.1 direct URL given in ddev describe. This happens because Fritz!Box routers enable DNS Rebinding Protection that suppresses DNS responses pointing to your own network.

What is DNS Rebinding Protection?

DNS Rebinding Protection is a security feature that guards against a sophisticated attack technique. In a DNS rebinding attack, a malicious website tricks your browser into accessing services on your local network (like your computer, router, printer, or other devices) by manipulating DNS responses. Here's how the attack works:

1. You visit a malicious website that includes JavaScript code
2. The website's DNS initially resolves to the attacker's server
3. The attacker then changes the DNS to point to a local IP address like 127.0.0.1 or 192.168.1.1
4. The JavaScript code in your browser can now access local services, potentially extracting sensitive data or changing settings

Fritz!Box routers protect against this by blocking DNS lookups that resolve to local IP addresses like 127.0.0.1, 192.168.x.x, and other private network ranges. While this security feature protects against real attacks, it also blocks legitimate local development domains (like DDEV's ddev.site).

Why DDEV is Safe

DDEV's use of 127.0.0.1 and the ddev.site domain is intentional and safe—it's not a DNS rebinding attack. Here's why:

• You control the configuration: You explicitly install and configure DDEV on your own machine
• Local-only access: DDEV projects only respond to requests from your own computer (127.0.0.1), not from external networks
• Transparent operation: DDEV openly documents exactly how it uses DNS and local networking

The Fritz!Box can't distinguish between a legitimate local development tool like DDEV and a potential DNS rebinding attack—both use domain names that resolve to 127.0.0.1. That's why you need to explicitly allow ddev.site as an exception.

The Solution

Rather than relying on DDEV's hosts file fallback, it's better to solve the underlying DNS problem by configuring your Fritz!Box router to allow the ddev.site domain.

Here's how to fix it:

1. Access your Fritz!Box router settings - the factory defaults are http://fritz.box and http://192.168.178.1
2. Navigate to Home Network (Heimnetz) > Network (Netzwerk) > Network Settings (Netzwerkeinstellungen)
3. Look for the DNS rebinding protection section
4. Add ddev.site to the exceptions list
5. Save your settings

After making this change, DDEV's DNS resolution will work as expected, and you can access your projects using the standard .ddev.site URLs.

Alternative Solutions

If you prefer not to modify your router settings, or you do not have access to them, you have two other options:

1. Configure your computer to use a less restrictive DNS provider such as Cloudflare's public DNS (1.1.1.1)
2. Use DDEV's hosts file fallback (this requires superuser privileges and modifies system files)

The router configuration approach is recommended because it preserves DDEV's design principle of not requiring system file modifications.

Additional Resources

• DDEV Documentation on Restrictive DNS Servers
• German blog post detailing the Fritz!Box issue
• Read all the details about DNS Name Resolution in DNS Name Resolution and Wildcards
• Article in the Fritz! knowledge base (in German) how to access the admin interface of a Fritz!Box

Contacting Fritz!Box Support to Ask for ddev.site to be added to their exceptions

If you want to request that AVM (the makers of Fritz!Box) consider adding ddev.site to their default DNS Rebinding Protection exceptions, consider contacting their support team. A friend of DDEV has already done this, but more requests may help.

Thanks!

Thanks to Ingo Schmitt for investigating and demonstrating the fix. Thanks to npostnik for already having documented this in a German blog post.

Keep in touch!

We'd love to hear your experience. Join us in Discord or open an issue if you have success (or failure

When you manage a website, one of your biggest priorities is keeping it safe. The challenge is that the web is full of tricks that attackers use every day. Cross-site scripting (XSS), clickjacking, and cross-site request forgery (CSRF) are just some examples of the creepy terms you wish you’d never have to hear. This may result in lost data, malicious links, stolen login sessions, the unfortunate list could go on.

 

Today we are talking about MCPs, AI Automators, and AI Agents with guest Marcus Johansson. We'll also cover AI Ecosystem Recipe as our module of the week.

For show notes visit: https://www.talkingDrupal.com/529

Topics

• Understanding Model Context Protocol (MCP)
• AI Automators in Drupal
• Creating Complex Workflows with Automators
• Simple and Effective Automator Use Cases
• AI Image Alt Text and Contextual Understanding
• AI Tagging and Content Management
• Introduction to AI Agents in Drupal
• Challenges and Future of AI Agents
• Real-World Applications and Future of AI in Drupal
• Proliferation of Orchestration Tools

Resources

• ai initiative issue queue
• Recipes from 1xInternet
  • https://www.drupal.org/project/ai_recipe_image_classification
  • https://www.drupal.org/project/ai_recipe_llm_optimized_content
  • https://www.drupal.org/project/ai_recipe_seo_optimizer
• MCP
• xkcd
• Tool API
• Slack MCP Server
• Drupal MCP
• MCP Client
• JSON API wrapper
• Tagify
• Views Agent
• Context control center
• Marriage podcast

Guests

Marcus Johansson - workflows-of-ai.com marcus_johansson

Hosts

Nic Laflin - nLighteneddevelopment.com nicxvan John Picozzi - epam.com johnpicozzi Martin Anderson-Clutz - mandclu.com mandclu

MOTW Correspondent

Martin Anderson-Clutz - mandclu.com mandclu

• Brief description:
  • Have you ever wanted to explore the AI capabilities of Drupal, but didn't know where to start? There's a Drupal recipe for that.
• Module name/project name:
  • AI Ecosystem Recipe
• Brief history
  • How old: created in Oct 2024 by Marcus Johansson (marcus_johansson of FreelyGive.io
• Versions available: 1.0.0-alpha2, which requires Drupal 10.3 or newer
• Maintainership
  • Actively maintained
  • Number of open issues: 2 open issues, both of which are bugs
• Module features and usage
  • When you require and apply this recipe to your Drupal site, you'll be able to start working with a variety of LLMs and specialized AI-based services
  • You'll be able to ingest unstructured content and map it to structured fields automatically. Or generate a detailed SEO analysis of your nodes. There are multiple translation tools, crawlers to help work across entire sites, and more.
  • This recipe is likely something you would apply to a sandbox site, to understand the various ways to achieve something specific with AI and Drupal, and then apply whatever is best for your use case to your actual site build.
  • But it's a useful resource for a Drupalist wanting to start exploring some of the growing list of options for working with AI, or someone familiar with AI tools who wants to start using them with Drupal.

Choosing a theme isn’t easy. There are a lot of choices including various free starter kits, non-standard page-builder themes, low cost commercial themes, and higher cost premium themes, such as what we sell.

Below we created a checklist you can use for any theme, regardless of vendor. We’ve included notes on how Dripyard addresses each topic so you can compare objectively.

FeaturesDoes the theme style the normal Drupal user interface items such as pagers, breadcrumbs, the node preview toolbar, etc?

Like most content management systems, Drupal will expose various patterns on the front-end including items like the node preview toolbar, exposed filters, as well as more standard components like pagers, breadcrumbs, etc.

Every community has unsung heroes—people who show up, lend a hand, mentor newcomers, and make everyone around them better. In the Drupal community, we have a special way of recognizing these exceptional individuals: the Aaron Winborn Award. 

Nominations are now open for 2026. 

This isn't about code commits or issue credits as this award celebrates the human qualities that make our community truly special: service, integrity, kindness, and that rare willingness to go above and beyond.

Why This Award Matters

Aaron Winborn was more than a talented Drupal contributor - he was the embodiment of community spirit. Even with ALS, Aaron continued contributing, mentoring, and uplifting others until his passing in March 2015. Thanks to Hans Riemenschneider's suggestion and the Drupal Community Working Group's efforts, we've honored Aaron's legacy every year since, shining a spotlight on people who carry forward his spirit of generosity and commitment.

The winner receives more than recognition (though the applause at DrupalCon North America's plenary session is pretty special). They also receive a beautifully crafted physical award as well as free registration to DrupalCon North America.

Most importantly, they receive the knowledge that their work - often done quietly, without fanfare - has been seen and valued.

Who Should You Nominate?

Think about the person who:

• Welcomed you when you were new to the community and (probably) a bit overwhelmed
• Consistently makes local meetups happen, month after month
• Patiently answers simple questions in Slack channels
• Advocates for accessibility, inclusion, or community health
• Organizes, teaches, translates, or documents without seeking credit

Their impact might be local or global, technical or social, recent or sustained over years. If they've made the Drupal community better through their character and contributions, we want to hear about them.

The Timeline

Submit your nominations by Friday, January 9, 2026. A selection committee made up of Community Working Group members and past winners will review all nominations and choose this year's honoree.

Note: Current CWG Conflict Resolution Team members and previous winners are not eligible for the award.

Past winners

Join these distinguished community members who've received the Aaron Winborn Award:

• 2015: Cathy Theys
• 2016: Gábor Hojtsy
• 2017: Nikki Stevens
• 2018: Kevin Thull
• 2019: Leslie Glynn
• 2020: Baddý Breidert
• 2021: AmyJune Hineline
• 2022: Angie Byron 
• 2023: Randy Fay 
• 2024: Mike Anello
• 2025: Kristen Pol

Submit Your Nomination Today

Nominations close on Friday, January 9, 2026.

Your nomination could shine a light on someone who's been making a difference all along. Don't let this opportunity pass - recognize someone extraordinary.

Calling All Creators!

Are you a designer, artist, or craftsperson who'd love to help create a future Aaron Winborn Award? The physical awards themselves are works of art, and we're always looking for talented creators to collaborate with. Reach out to the Drupal Community Working Group - we'd love to hear from you.

Questions? Contact the Drupal Community Working Group.  

Composer 2.9 delivered new CLI security improvements this week, but the bigger story for the PHP ecosystem is the work now underway on Packagist.org. With support from the Sovereign Tech Agency, the PHP Foundation, and Private Packagist, the team is building a transparency log aimed at strengthening PHP’s supply chain. Given the scale of Packagist today, introducing systematic visibility into package activity has become a practical necessity.

The transparency log will surface security-relevant events through a web interface and an API. That includes changes to package ownership, source URLs, maintainers, version releases or removals, and updates to underlying git tags, along with account security actions such as two-factor authentication status changes and password resets. Making these events publicly accessible gives researchers, companies, and tool builders the data they need to monitor dependency changes, spot suspicious patterns, and investigate incidents more effectively.

Implementation has begun, with features rolling out incrementally. This work aligns with the OpenSSF guidance for secure package repositories and moves the PHP ecosystem closer to stronger, audit-ready supply chain practices. Looking ahead, the team is also preparing a new model for organizational package ownership, set to address long-standing issues with shared accounts and improve security for both companies and open-source projects.

EVENT

• Heading to DrupalCon Asia 2025? Don't Miss the Magic of Nara
• Community, Code, and Columbia Gorge Views: PNW Drupal Summit 2025 Recap
• Drupal in a Day: Scaling Drupal Education from University Classrooms to Global Camps
• Rachael Censuales Debuts as a Speaker at DrupalCamp Italy 2025
• Drupal Association Invites Global Support for DrupalCamp Burkina Faso 2026
• Stanford WebCamp 2026 Seeks Volunteers Ahead of Spring Conference
• DrupalCon Chicago 2026 Sponsorships Now Open with Tiered Packages and Summit Add‑Ons
• Salim Lakhani to Demo Drupal Forge at Fox Valley Drupal Meetup on Nov 19

ORGANIZATION NEWS

• Drupal.org Relaunches Industry Pages to Showcase Sector-Specific Impact
• Dripyard Prepares Premium Themes for Drupal Canvas Ahead of Stable Release

TRAINING

• Drupal Open University Calls for Global Instructors for "Drupal in a Day" Course

DRUPAL COMMUNITY

• DCoE Finds: "The Drupal Economy Is Struggling, But There's Hope"

TUTORIALS

• Connect Drupal with Activepieces: Automate Content Workflows with JSON:API and AI

We acknowledge that there are more stories to share. However, due to selection constraints, we must pause further exploration for now. To get timely updates, follow us on LinkedIn, Twitter, Bluesky, and Facebook. You can also join us on Drupal Slack at #thedroptimes.

Thank you. 

Sincerely, 
Alka Elizabeth, 
Sub-editor, 
The DropTimes.

Explore the key takeaways from DrupalCamp Scotland 2025, highlighting open-source collaboration, community-driven innovation, and practical insights for digital teams.