Feed aggregator

Scholarly Lite

Drupal Themes News - Thu, 10/30/2014 - 16:29

Scholarly Lite is a free Drupal theme and the core of the Premium Scholarly product, which helps you create a great looking education-oriented website.

Highlights
  • Based on Bootstrap 3 framework
  • 1, 2 and 3-column layout support
  • HTML5 and CSS3
  • Support for Font Awesome
  • 12 carefully selected, awesome Color Schemes to choose from: Blue, Green, Orange, Red, Pink and Purple each of which in two different versions. Just pick the one that fits your brand with a single click through the theme-settings
  • Mobile Menu options
  • Drupal Commerce Ready

Drupal Core - Highly Critical - Public Service announcement - PSA-2014-003

Drupal.org News - Wed, 10/29/2014 - 15:39
Description

This Public Service Announcement is a follow up to SA-CORE-2014-005 - Drupal core - SQL injection. This is not an announcement of a new vulnerability in Drupal.

Automated attacks began compromising Drupal 7 websites that were not patched or updated to Drupal 7.32 within hours of the announcement of SA-CORE-2014-005 - Drupal core - SQL injection. You should proceed under the assumption that every Drupal 7 website was compromised unless updated or patched before Oct 15th, 11pm UTC, that is 7 hours after the announcement.

Simply updating to Drupal 7.32 will not remove backdoors.

If you have not updated or applied this patch, do so immediately, then continue reading this announcement; updating to version 7.32 or applying the patch fixes the vulnerability but does not fix an already compromised website. If you find that your site is already patched but you didn’t do it, that can be a symptom that the site was compromised - some attacks have applied the patch as a way to guarantee they are the only attacker in control of the site.

Data and damage control

Attackers may have copied all data out of your site and could use it maliciously. There may be no trace of the attack.

Take a look at our help documentation, ”Your Drupal site got hacked, now what”

Recovery

Attackers may have created access points for themselves (sometimes called “backdoors”) in the database, code, files directory and other locations. Attackers could compromise other services on the server or escalate their access.

Removing a compromised website’s backdoors is difficult because it is not possible to be certain all backdoors have been found.

The Drupal security team recommends that you consult with your hosting provider. If they did not patch Drupal for you or otherwise block the SQL injection attacks within hours of the announcement of Oct 15th, 4pm UTC, restore your website to a backup from before 15 October 2014:

  1. Take the website offline by replacing it with a static HTML page
  2. Notify the server’s administrator emphasizing that other sites or applications hosted on the same server might have been compromised via a backdoor installed by the initial attack
  3. Consider obtaining a new server, or otherwise remove all the website’s files and database from the server. (Keep a copy safe for later analysis.)
  4. Restore the website (Drupal files, uploaded files and database) from backups from before 15 October 2014
  5. Update or patch the restored Drupal core code
  6. Put the restored and patched/updated website back online
  7. Manually redo any desired changes made to the website since the date of the restored backup
  8. Audit anything merged from the compromised website, such as custom code, configuration, files or other artifacts, to confirm they are correct and have not been tampered with.

While recovery without restoring from backup may be possible, this is not advised because backdoors can be extremely difficult to find. The recommendation is to restore from backup or rebuild from scratch.

For more information, please see our FAQ on SA-CORE-2014-005.

Written by Coordinated by Contact and More Information

We've prepared a FAQ on this release. Read more at FAQ on SA-CORE-2014-005.

The Drupal security team can be reached at security at drupal.org or via the contact form at https://www.drupal.org/contact.

Learn more about the Drupal Security team and their policies, writing secure code for Drupal, and securing your site.

Drupal version: Drupal 7.x

Next Steps for the Drupal.org Terms of Service and Privacy Policy

Drupal.org News - Wed, 10/29/2014 - 14:11

Thanks to the hard work of staff and the Drupal.org Content Working Group, we have completed another round of updates to our draft privacy policy and terms of service. We were able to respond to much of the feedback provided in our earlier announcement.

The biggest issues pointed out by the community had to do with the tone of the language in the documents. Many pointed out that it did not match the values of our community. We took a closer look at organizations such as the Wikimedia Foundation and Mozilla, incorporating some of the approaches they took to make our terms a bit more human. We trimmed and shortened what we could. We clarified where things were ambiguous. The end result is much more in line with our community values.

Some examples of changes include the following:

  • When possible, we changed the tone of both documents to make them more friendly.
  • We removed capital letters and used other means to make specific parts of the document noticeable.
  • We deleted a couple of references to collecting data that we do not actually collect.
  • We clarified that we won’t block accounts “for any and no reason”, but only in cases of Terms of Service, Code of Conduct and Git access policy violations.
  • We clarified active notification of users about material changes to policy. We will send an email at least 72 hours prior to changes going into effect. This will give users time to delete their accounts if they don’t want to accept new policies.
  • We added contact info and updated all phone numbers, addresses etc. to be formatted according to international standards.
  • We clarified that you don’t need to create an account to access the Website, just some parts of it.
  • We clarified how to notify us in case of unauthorized access to user account.
  • We clarified how long do we store data after it has been removed from user profile.

We did leave some things from the previous draft without major changes, such as bullet points under section C, for example. And we did it for a reason. One of our goals is to make Drupal.org a place where everyone feels comfortable. Additionally, we have to ensure that Drupal.org is protected if a legal issue does arise. Those bullet points are there not because we want to be able to police or censor the activity on the site. This language exists because it protects Drupal.org if one user takes issue with content from another user. We will still use the process outlined in the Drupal Code of Conduct to resolve any issues whenever we can.

With that in mind, please take a look at the latest drafts:

Terms of Service
Privacy Policy

We will be putting these documents into place on Wednesday, 5 November, 2014. All comments added to this thread will be included in our planning for the next revision. We hope to review the Terms of Service and Privacy Policy quarterly and update them with community feedback.

Thank you for all your help in building these documents.

Drupal.org Maintenance: Oct 23rd 14:00 PDT (21:00 UTC)

Drupal.org News - Wed, 10/22/2014 - 17:58

Drupal.org will be affected by maintenance Thursday, October 23rd 14:00 PDT, 21:00 UTC.

An increase of the MySQL innodb_buffer_pool_size will cause a short downtime for Drupal.org while MySQL is restarted. We plan on a 30 minute window of potential instability, though the actual outage should be 5 minutes or less.

Please follow the @drupal_infra Twitter account for any issues encountered during the maintenance window.

Thanks for your patience!

nfinity

Drupal Themes News - Thu, 10/16/2014 - 11:58

N*finity is a Drupal Design template & Theme build for Drupal 8.

1. The N*finity Design Template
The Sketch Design file is made so a Drupal theme designer quick can design all the elements that a Drupal site is using.

The file contains Designtiles, Forms, Typography, grid definition, Drupal UI elements so the design is not just a website but a system

2. The N*finity Drupal theme
available at drupal.org/projects/nfinity

The theme is setup with everything you need for easy implementing the design elements from the Design Template

Development will be done at github cause pull request are awesome & patches sucks.

https://github.com/mortendk/Nfinity

Symphony Zymphonies Theme

Drupal Themes News - Wed, 10/15/2014 - 20:38

Symphony Zymphonies Theme is a professional drupal theme that is perfect for all sorts of corporate and small business websites.The theme is not dependent on any core theme. Its very light weight with modern look and feel. Professional responsive clean layout and light weight code make it a great theme for small or medium-sized business to get up and running quickly.

Theme Live Demo

GET MORE ADVANCED THEMES >>

Theme Designed by FreeBiezz.com

Theme Developed by Zymphonies.com

  • Font awesome icons
  • HTML5 & super clean markup
  • Responsive banner
  • 1-column and 2-columns layout
  • Implementation of nivo slider
  • A total of 16 regions
  • Drupal standards compliant
  • Nivo slider, Views modules styles
  • Minimal design and nice typography
  • Social media (Facebook, Twitter, Google+, Linkedin, Pinterest, Vimeo)
Nivo Slider (Banner)

Nivo Slider Installation Tutorial

Free Zymphonies Theme Support Forum

Zymphonies maintains a customized support forum at FreeBiezz site. for support, installation, bug reporting

Drupal 7.32 released

Drupal.org News - Wed, 10/15/2014 - 13:47

Drupal 7.32, a maintenance release which contain fixes for security vulnerabilities, is now available for download. See the Drupal 7.32 release notes for further information.

Download Drupal 7.32

Upgrading your existing Drupal 7 is strongly recommended. There are no new features or non-security-related bug fixes in this release. For more information about the Drupal 7.x release series, consult the Drupal 7.0 release announcement.

Security information

We have a security announcement mailing list and a history of all security advisories, as well as an RSS feed with the most recent security advisories. We strongly advise Drupal administrators to sign up for the list.

Drupal 7 and 6 include the built-in Update Status module (renamed to Update Manager in Drupal 7), which informs you about important updates to your modules and themes.

Bug reports

Both Drupal 7.x and 6.x are being maintained, so given enough bug fixes (not just bug reports) more maintenance releases will be made available, according to our monthly release cycle.

Changelog

Drupal 7.32 is a security release only. For more details, see the 7.32 release notes. A complete list of all bug fixes in the stable 7.x branch can be found in the git commit log.

Security vulnerabilities

Drupal 7.32 was released in response to the discovery of critical security vulnerabilities. Details can be found in the official security advisory:

To fix the security problem, please upgrade to Drupal 7.32.

Known issues

None.

Front page news: Planet DrupalDrupal version: Drupal 7.x

Starfish Responsive Theme

Drupal Themes News - Mon, 10/13/2014 - 04:11

Startfish responsive theme is a professional drupal theme that is perfect for all sorts of corporate and small business websites.The theme is not dependent on any core theme. Its very light weight with modern look and feel. Professional responsive clean layout and light weight code make it a great theme for small or medium-sized business to get up and running quickly.

Theme Live Demo

GET MORE ADVANCED THEMES >>

Theme Designed by FreeBiezz.com

Theme Developed by Zymphonies.com

  • Font awesome icons
  • HTML5 & super clean markup
  • Responsive banner
  • 1-column and 2-columns layout
  • Implementation of nivo slider
  • A total of 16 regions
  • Drupal standards compliant
  • Nivo slider, Views modules styles
  • Minimal design and nice typography
  • Social media (Facebook, Twitter, Google+, Linkedin, Pinterest, Vimeo)
Nivo Slider (Banner)

Nivo Slider Installation Tutorial

Free Zymphonies Theme Support Forum

Zymphonies maintains a customized support forum at FreeBiezz site. for support, installation, bug reporting

Garuda

Drupal Themes News - Fri, 10/10/2014 - 06:10

Garuda theme is a community initiative project from Drupal Indonesia.

Designless

Drupal Themes News - Thu, 10/09/2014 - 08:08

Bootstrap 3 theme with minimalistic design intended for personal blogs and other content centered sites.

This is an official mirror for the Github project https://github.com/konstantin-komelin/designless

GovBR Theme

Drupal Themes News - Mon, 10/06/2014 - 16:45

Drupal 8.0.0 beta 1 released

Drupal.org News - Wed, 10/01/2014 - 07:30
Update: Drupal 8.0.0 Beta 2 is available now, with important security fixes

Drupal 8.0.0-beta1 has just been released for testing and feedback! This key milestone is the work of over 2,300 people who have contributed more than 11,500 committed patches to 15 alpha releases, and especially the 234 contributors who fixed 177 "beta blocker" issues. To read about the new features in Drupal 8, see Drupal.org's Drupal 8 landing page.

Drupal 8 beta 1 for testers

Betas are good testing targets for developers and site builders who are comfortable reporting (and where possible, fixing) their own bugs, and who are prepared to rebuild their test sites from scratch if necessary. Beta releases are not recommended for non-technical users, nor for production websites.

Start by downloading Drupal 8.0.0-beta 1 and installing it! Drupal 8 definitely still has bugs, and we need your help to discover them. Let us know what bugs you find in the Drupal core issue queue. (Please search the known issues before filing.)

Drupal 8 beta 1 for module and core developers

The main differences between the previous Drupal 8 alphas and the new beta are:

  • The fundamental APIs in Drupal 8 (like the entity, configuration, and menu APIs) are now stable enough so that contributed module and theme authors can start (or resume) their #D8CX pledges and port their projects to Drupal 8.
  • We have locked down Drupal 8's data model enough that developers should generally not need to perform data migrations between beta releases of Drupal 8. We will start providing a beta-to-beta upgrade path in a later beta release.
  • Limited API and data model changes will still happen, though core maintainers will try to isolate these changes to only non-fundamental APIs or critical bug fixes.

We need your help to fix critical bugs by reviewing patches and creating patches.

If you're new to core development, check out Core contribution mentoring, a twice-weekly IRC meeting where you can get one-on-one help getting set up and finding a Drupal 8 task.

Drupal 8 beta 1 for designers, translators, and documentation writers

Drupal 8's user interface, interface text, and markup are not finalized until the first release candidate, so it's too early to focus on user-facing documentation, translations, or themes (though by all means, adventurous contributors should start now to provide feedback while we can still fix things). Note that localize.drupal.org does not yet support the full Drupal 8 API and does not have all translatable strings.

When does 8.0.0 get released?

Beta 1 will be followed by a series of additional beta releases with bug fixes, performance improvements, and improved stability.

The release version of Drupal 8.0.0 will be ready after there are no more critical issues (as of today, there are 97 remaining) and we've had at least one release candidate (RC) without adding any more critical issues to the list.

When will that be? "When it's ready." The more people help, the faster we can find and fix bugs, and the faster 8.0.0 gets released. The faster 8.0.0 gets released, the faster we can start adding new features for Drupal 8.1.0. So help out where you can, and let's deliver the best release of Drupal ever! :)

Thank you!

A massive thank-you to everyone who helped get Drupal 8 beta 1 done, especially the contributors who have focused on beta-blocking issues (pictured below).

Front page news: Planet DrupalDrupal version: Drupal 8.x

Fabist Zen Sub Theme

Drupal Themes News - Fri, 09/26/2014 - 14:59

Some Key Features of This Theme.
-- It is Zen Sub Theme.
-- Zen Theme should be installed to use this Theme.
-- Install Zen Theme from this link https://www.drupal.org/project/zen
-- Install Fabist Zen Sub Theme
-- This Theme has Slider in the header.
-- Blocks with different sizes.
-- Different layouts are available in this theme.
-- This theme is responsive. It works in all browsers and mobile devices.

Dependency : Zen Theme should be be installed first before installing this theme.

You can see the live Demonstration

Drupal.org Maintenance: Sep 23rd 14:00 PDT (21:00 UTC)

Drupal.org News - Mon, 09/22/2014 - 21:50

Drupal.org will be affected by maintenance Tuesday, September 23rd 14:00 PDT, 21:00 UTC.

Switching version control systems for Drupal.org deployment will cause a short downtime as docroot files are migrated. We plan on a 30 minute window of potential instability.

Please follow the @drupal_infra Twitter account for any issues encountered during the maintenance window.

Thanks for your patience!

Drupal Security Team update.

Drupal.org News - Thu, 09/18/2014 - 19:07
Joint Security release with WordPress

In big news, we had our first joint release with WordPress. We collaborated together with the WordPress team on a PHP security issue discovered by a security researcher. We’re thrilled that we had an opportunity to work together with others in the open source CMS community. We shared a few tips and tricks and it was great working with the WordPress team.

Keeping Drupal Secure

In keeping with our mission to showcase security best practices at Drupal’s online home, we’ve upgraded https://security.drupal.org to Drupal 7. This ensures we’re on a supported platform. We also took the opportunity to add some new features that help us enhance our team’s efficiency by automating a number of routine tasks.

As part of our dedication to keeping Drupal users safe, we’ve written and announced the Long Term support (LTS) plan for Drupal 6 (https://www.drupal.org/d6-lts-support). This is an important step as we look forward to the release of Drupal 8. Soon we will be introducing two-factor authentication to Drupal.org, thanks to hard work from security team members Ben Jeavons, Greg Knaddison , Neil Drumm, and Michael Hess. (https://groups.drupal.org/node/439868 and https://drupal.org/node/2239973)

And here’s one last, fun note: Security.Drupal.org issues now show up on the drupal.org dashboard if you add the widget. You can get it clicking on dashboard after logging in and adding the widget.


Securing Drupal E-Commerce

Some Drupal security team members were recently involved in putting together a compliance White paper for keeping track of PCI compliance. Anyone who runs a Drupal site and takes credit cards should read the whitepaper. Here’s a little more information:

Version 3.0 of the PCI compliance standard becomes mandatory on January 1st, 2015 and will be a complete game changer for many Drupal eCommerce sites. This includes triple the number of security controls if your website touches credit card information and more. The community supported Drupal PCI Compliance White Paper (http://drupalpcicompliance.org/) will give you a high level overview of what PCI compliance is, why you need to comply, and (most importantly) how to get started. This paper was written and reviewed by several members of the Drupal security team, including Rick Manelius, Greg Knaddison, Ned McClain, Michael Hess, and Peter Wolanin.

Simplifying Security

We’ve redesigned our Security Advisory system to make evaluating and analyzing security threats easier and more intuitive. This came about after several core contributors informed us that they wanted a better way to address security threats. We sent out a survey through Twitter to learn more about how people write and read the Security Advisories. Based on the responses we put together a new Security Advisory system that takes much of the guesswork out of the process of evaluating threats. We’ve added and reordered elements on the Security Advisory’s criticality scale and added explanations to help people understand where a security problem is on the spectrum of potential threats.

Our Growing Team

We’ve brought a number of new members onto the security team. Please help us give a very warm welcome to our newest security team members:

Alex Pott (alexpott) - IRC nick: alexpott, Organization: Chapter Three
Cash Williams (cashwilliams) - IRC nick: CashWilliams, Organization: Acquia
Dan Smith (galooph) - IRC nick: galooph, Organization: Code Enigma
David Snopek (dsnopek) - IRC nick: dsnopek, Organization: MVPcreator
Rick Manelius (rickmanelius) - IRC nick: rickmanelius, Organization: NewMedia!

We’re always looking for more qualified people who place a high priority on security. If you’d like to join the security team: https://security.drupal.org/join

Drupal version: Drupal 7.x

Drupal.org Maintenance: Sep 16th 16:00 PDT (23:00 UTC)

Drupal.org News - Mon, 09/15/2014 - 23:34

Drupal.org will be affected by maintenance Tuesday, September 16th 16:00 PDT, 23:00 UTC.

A regular module update will alter some larger tables, which will block other queries. We plan on up to 30 minutes of downtime while these updates run.

Please follow the @drupal_infra Twitter account for any issues encountered during the maintenance window.

Thanks for your patience!

Front page news: Drupal News

Cultura Bootstrap

Drupal Themes News - Thu, 09/04/2014 - 17:50

Cultura Bootstrap is a Bootstrap Subtheme built for use by live Cultura Exchanges and the main Cultura site.

It features an uploadable banner (in addition to the uploadable logo), usernames that aren't truncated artificially short, title-less comments, removal of reply links (so comments are not merely displayed only in a flat list, but truly are not threaded— far safer comment deletion), use of Merriweather from Google fonts, and side-by-side textareas for the double field used in building Cultura Exchange questionnaires.

Coming soon are a host of improvements to styling to use Bootstrap stylings on appropriate Drupal elements (Bootstrap forms, 'new' as a badge, etc.).

Alpha Responsive Theme

Drupal Themes News - Wed, 09/03/2014 - 19:21

Phoenix responsive theme is a professional drupal theme that is perfect for all sorts of corporate and small business websites.The theme is not dependent on any core theme. Its very light weight with modern look and feel. Professional responsive clean layout and light weight code make it a great theme for small or medium-sized business to get up and running quickly.

Theme Live Demo

GET MORE ADVANCED THEMES >>

Theme Designed by FreeBiezz.com

Theme Developed by Zymphonies.com

  • Font awesome icons
  • HTML5 & super clean markup
  • Responsive banner
  • 1-column and 2-columns layout
  • Implementation of nivo slider
  • A total of 16 regions
  • Drupal standards compliant
  • Nivo slider, Views modules styles
  • Minimal design and nice typography
  • Social media (Facebook, Twitter, Google+, Linkedin, Pinterest, Vimeo)
Nivo Slider (Banner)

Nivo Slider Installation Tutorial

Free Zymphonies Theme Support Forum

Zymphonies maintains a customized support forum at FreeBiezz site. for support, installation, bug reporting

Multipurpose Theme

Drupal Themes News - Mon, 09/01/2014 - 20:23

Multipurpose theme is an elegant and flat responsive Drupal theme design by Devsaran. This theme could easily be used for a blog, small business, portfolio or a variety of other websites. The theme was designed using flat elements for the header, navigation, buttons and more. This sharp design is elegant, modern and functional. The clean elements are easy for users to understand and make navigating your website a pleasure.

Features
  • Responsive, Mobile-Friendly Theme
  • Simple, Minimal and Clean Design
  • 1-column and 2-columns layout
  • Mobile support (Smartphone, Tablet, Android, iPhone, etc)
  • Flex Image Slideshow
  • Multi-level drop-down menus (Multilingual menu)
  • HTML5 & super clean markup
  • A total of 12 block regions
  • Drupal standards compliant and Supported standard theme features
  • Google Font and nice typography
  • Ideal for business, company and portfolio sites
  • Detailed CSS rules for Typography, Forms Elements, Node Teaser, Comments, etc.
Like this? Have a look at our Free Themes.

View the Multipurpose Theme demo.

We will continue to maintain, improve and enrich our free themes with new features as they occur by discussions in the community. Members of our team will be always participating actively and help out in support requests to the maximum extent possible. Nevertheless, sometimes there might be needs related to a theme that go beyond the typical support and knowledge sharing and require either premium support or even implementation-on-request. In all such cases, do not hesitate to get in touch with us :)

Installation
  • Install jQuery Update module.
  • Ensure that jQuery Update has been configured to a minimum version of 1.7 or higher.
Corporate Contributors Help and Support Us

Please consider Cash Contribution for our free Drupal Modules, Themes & Projects which helps us creating new and free quality drupal modules, themes & projects in the future.

Maintainers can give credit to organizations that support Drupal projects

Drupal.org News - Thu, 08/28/2014 - 05:09

This week, we added a feature to projects on Drupal.org to help highlight the contributions made by supporting organizations. Maintainers of distributions, modules, and themes can give credit to organizations that have materially contributed to projects on Drupal.org using the new “Supporting Organizations” field.

How do you use this field? When an organization funds the development of a project or when a company takes on maintainership of a key module in the community, the maintainers of that project can add a reference to one or more of them on the project node. Maintainers may chose to give this credit to any organization that contributes significant code or support to a project.

We noticed that many projects would manually follow this pattern in the project description, but wanted to take it a step further. Not only will this provide a link to the organization, it will also show up on the organization’s marketplace page.

This is just the first step, we are also looking for community feedback and help in providing credit to companies, organizations and customers that contribute to the development of Drupal. Implementing this step will be a key way to show how organizations are giving code and support to Drupal Core. Look for it in the coming months.

Dries has written an excellent post on how we might give credit to organizations and another on the value of hiring a core contributor to help push Drupal forward that were a basis for much of this work.

If you are a project maintainer, take a moment to give some credit to the organizations that have helped build the Drupal ecosystem.

Front page news: Drupal News
Syndicate content