Drupal 8 Security
With more than one million websites running on Drupal, this PHP-based CMS platform is one of the top three most popular content management systems in the world[1]. Unfortunately Drupal is also well-known for its security issues. Notably, in autumn 2014, Drupal released a security patch to address a serious SQL Injection vulnerability, which affected all of the Drupal websites and was rated as a highly critical security issue with a maximum security risk rating, 25/25. Websites which were not patched within seven hours of the security announcement were considered compromised.
Since then, three more security patches were issued. The most recent one addressed OpenID module vulnerability, which allowed hackers to login as website administrators (security risk: 15/25).
With Drupal 8 on the horizon, security of the platform will come under new scrutiny. Architectural changes and new modules that come with Drupal 8 release will introduce additional security risks. In an attempt to address these concerns, Drupal announced Drupal 8 Security bug bounty program which will pay for valid security issues found in Drupal 8. This initiative is funded through Drupal 8 Accelerate.
Interested to take part? Find and report security issues by August 31, 2015 at Drupal 8 Bugcrowd.
Wimbledon Extends Partnership with IBM
IBM, Wimbledon’s trusted partner for more than 15 years, extends the contract for another five years and makes headlines promoting the redesigned and enhanced Wimbledon website. When it comes to rising customer expectations, Wimbledon website is a case in point. Tennis fans want it all – they want to see the scores, the queuing times, read the interviews, watch the matches, compare today’s stats with last year’s, you name it. Tennis fans don’t care about fragmented governance of tennis events, which gets in the way of collecting data. They don’t care who owns the copyright on the interviews, and they don’t care about the high traffic that the website has to cope with at peak times (last year, Wimbledon’s website had 17 million unique visitors during the two weeks of the tournament). Tennis fans want outstanding customer experience. Nothing less will do.
IBM claims to match and exceed these expectations with “unparalleled access to real-time live scoring, courtside action and insights, via a radical redevelopment and redesign of wimbledon.com and advancement of the mobile apps experience”. With player statistics and other key tournament features becoming available next week, on June 29 2015, it won’t be long before tennis fans themselves give their verdict.
Web CMS for Higher Ed
HannonHill announced Cascade CMS 7.14 release. The main two features introduced in this release are:
- Content ownership.
- Login as user.
Content ownership functionality allows to assign content owners to content assets. This feature is particularly important in the context of the Higher Ed industry, where web managers are fighting the battle against the incorrect, irrelevant and out-of-date content every day.
Login as user allows administrators to temporarily log in as another user without the need to enter their password.
For more information on this release, read the overview of the features on Hannon Hill website, watch this webinar recording on what’s new in Cascade CMS 7.14 and 7.12, or look through the release notes.
Service Provider Incentro Becomes Hippo CMS Gold Partner
Incentro, a digital agency and systems integrator with offices in Netherlands, Spain and Turkey, became a Hippo CMS Gold Partner. The gold partnership title reflects Incentro’s expertise and experience in Hippo CMS implementations – the company has a track record of six completed Hippo CMS projects and employs 18 Hippo CMS certified developers.
Recognition and Awards
Winners of Umbraco Awards 2015 were announced at this year’s Codegarden annual conference. They are:
- Power, built by Novicell (Best Integration Category)
- Britax, built by Crumpled Dog (Best Technical Category)
- Opera Philadelphia, built by Blix and Karma (Best Design Category)
Upcoming Industry Events
- DrupalCon Barcelona will take place on September 21-25, 2015. Early-bird tickets are available until July 10, 2015.
- Plone conference will take place in Bucharest on Oct 12-18, 2015. Early bird discount (limited to the first 100 tickets) is still available.
- J. Boye Aarhus 2015 will take place on November 3-5, 2015 in Aarhus, Denmark.
- Don’t miss Open Source vs Proprietary Debate on June 30 2015 on CMS Connected. The show features Arjé Cahn, CTO from Hippo representing the Open Source side of the debate, and Bryan Soltis, Technical Evangelist from Kentico representing the Proprietary side.
This blogpost was first published on Digital Clarity Group website in 2015.