Stories by Staff Reporter

Organisations running Drupal sites face common web application risks, including cross-site scripting, SQL injection, authentication bypass, and remote code execution. A new Acquia guide by Kevin Funk reviews how site administrators can reduce exposure through timely updates, Drupal security advisories, access controls, backups, HTTPS, HTTP security headers, security-focused contributed modules, and infrastructure protections such as web application firewalls and DDoS mitigation. ...more

DrupalCamp Tokyo 2026 has published its programme for the event scheduled on 27 June 2026 in Tokyo. The schedule confirms a keynote by James Abrahams, a video message from Dries Buytaert, and sessions covering artificial intelligence, Drupal development practices, open-source governance, security, hosting platforms, and community participation. Organisers expect the event to bring together contributors, agencies, educators, and organisations involved in the Drupal ecosystem. ...more

A proposal to introduce “Module Families” on Drupal.org aims to help users compare contributed modules that solve similar problems through structured comparison pages and ecosystem signals. The proposal argues that Drupal’s challenge is not excessive choice but insufficient context, an issue that becomes more important as Drupal CMS introduces curated module selections and opinionated workflows. ...more

WordCamp Europe 2026 is set to bring together thousands of contributors, developers, agencies and publishers in Kraków from 4–6 June. The event follows the release of WordPress 7.0 and is expected to feature discussions spanning artificial intelligence, accessibility, security, enterprise publishing and open-source governance. ...more

LocalGov Drupal contributor Mark Conroy has published a summary of his work during May 2026, covering maintenance, bug fixes, testing improvements and release preparation across multiple projects. The update spans the Modules List project, LocalGov Microsites and core LocalGov Drupal initiatives, highlighting ongoing efforts to improve stability and support future development. ...more

Choosing how pages are built and maintained has become a strategic decision for Drupal teams as newer visual tooling emerges alongside established workflows. A recent WebWash tutorial compares the traditional Drupal approach built around blocks and templates with UI Suite and Display Builder, and Drupal Canvas, outlining how each model serves different site-building and editorial needs. ...more

A newly released Drupal module aims to eliminate much of the manual work involved in managing uploaded files in custom forms. Form File Usage automatically tracks file references, updates file status, supports CKEditor 5 embedded images and handles cleanup when files are removed, reducing the need for custom submit handlers and file usage logic. ...more

As autonomous AI agents become more common in development workflows, conventional testing approaches can struggle with behaviour that varies between runs while still producing correct results. GitHub engineers Gaurav Mittal and Reshabh Kumar Sharma have proposed a validation framework that identifies the states required for success and evaluates agents against those outcomes rather than a single prescribed execution path. ...more

Salesforce's planned acquisition of Contentful has prompted renewed discussion about digital sovereignty and long-term technology control. In a blog post, Drupal founder Dries Buytaert argues that the deal demonstrates the limits of treating vendor nationality as a sovereignty guarantee, contending that ownership changes can quickly alter the legal and governance frameworks under which software platforms operate. ...more