DrevOps Releases Vortex 1.38.0 “Prism” with Testing, Mail Controls, and Security Hardening

Version 1.38.0 of Vortex, codenamed “Prism”, updates the open-source Drupal project template maintained by DrevOps with changes focused on testing, deployment control, and baseline security. The template is used to scaffold and operate Drupal projects with built-in CI/CD, hosting integrations, and development tooling.

The update adds JavaScript unit testing with Jest for custom modules and theme code, alongside existing PHPUnit and Behat test suites. CI now runs ahoy test-js and reports coverage.

Email handling has been modified to prevent non-production environments from sending real outbound mail. The default configuration now includes the Reroute Email module, with environment-aware controls for rerouting, allowed recipients, and disabling rerouting where needed.

The release also blocks public access to Drupal core text and markdown files, including files such as CHANGELOG.txt, INSTALL.txt, and README.md. The change reduces version fingerprinting by preventing those files from being exposed through the web server.

CI workflow changes include the ability to manually redeploy branches through the GitHub Actions interface, removing the need for trivial commits to retrigger pipelines. Configuration imports with dependency ordering issues can now use an optional second-pass mode by setting VORTEX_PROVISION_CONFIG_IMPORT_REPEAT=1.

Deployment notifications can now be filtered by branch for each channel, including Email, New Relic, Jira, GitHub, Slack, and Webhook. Teams can set channel-specific variables to control when each notification path is triggered.

Dependency management has been adjusted through updates to Renovate configuration, including limits on concurrent pull requests, auto-merge rules for trusted GitHub Actions updates, and labels for grouped updates in the dependency dashboard.

The runtime stack has been updated to PHP 8.4, Lagoon containers 26.4.0, and Drupal core 11.3.x. PHP 8.4 is a breaking requirement for projects still pinned to PHP 8.3, requiring updates to Composer platform settings, PHPStan, and PHPCS configuration before CI runs.

The release also includes reliability fixes for fallback profile provisioning, cache rebuilds after database updates, Acquia database downloads, and CI failures related to legacy data and missing moderation fields.

Vortex has been maintained by DrevOps since 2018 as a reusable project template for Drupal development. The 1.38.0 release continues its focus on operational consistency, though the announcement provides limited detail on performance impact or adoption beyond existing users.