The holiday season was a lot of fun for the Drop Guard team, but also very busy. We've worked hard to deliver a whole package of impressive features and improvements to our update management platform. Big plans were also made for 2017. Without further hesitation let's start the New Year with the news!
Two days ago another highly critical security update affected Drupal and many other CMS systems. It was the PHPMailer Library which leaves millions of websites vulnerable to the remote exploit (see https://www.drupal.org/psa-2016-004 for details). In comparison to Drupalgeddon which had a risk of 25/25 this update has 23/25. BUT there are some things which make this update even riskier than Drupalgeddon:
Our CEO Manuel and Joe, Marcel and Serkan from our team visited the last Drupal event of this year in our calendar: DrupalCamp Munich alias #dugmuc. It's been a pleasure to support this event as Silver Sponsor! With the 4th of December, we closed the Drupal season with great “Days”, “Camps” and “Cons” in 2016.
It's no secret that Drupal's success depends heavily on the collaborative community culture and the continuous communication process between all members of the community. It’s not for nothing that we embrace the “come for the code, stay for the community” mantra.
Today we're asking you - an agency, freelancer or a lone webmaster - to think with us a little bit about the quality of security protection your service provider delivers to ensure your website and online services are running smoothly.
Dublin, 27. Sept. 2016. “Describe the DrupalCon in just one word!” - “EXCITING!”
First of all, I want to thank everyone who made my first DrupalCon this awesome and extra special!
Our whole team enjoyed a week full of new experiences, great sessions and - of course - old and new friends! The place, Dublin, was perfect to “seal” a new friendship or strengthen an old one with a good morning coffee (thanks to Commerce Guys by actualys and Mailchimp, the two coffee break sponsors!) or a good cold Guinness (I tried to remember the bar names, but actually I guess I sealed a lot of new friendships..).
Only 20 days are left until we head to Dublin to join the DrupalCon 2016! It’s the first time that we, the Drupal agency team from Bright Solutions (which is the "birthplace" of Drop Guard), arrive at a Con only with our Drop Guard team, so we can focus on our most famous contribution to the Community: our update management service tool “Drop Guard”.
Yes, we’d be happy to show people the great values which Drop Guard provides - but most of all we look forward to personal and honest conversations to progress in our work and as part of the Community!
Being casual about open source security is not funny. Headlines like the Panama Papers this year showed that an improvident dealing with security and updates can cause a huge damage. Fees are still a crucial reason for people to hesitate to secure their business by using charged services. This is not a pitty - this is grave.
There are many people out there who give a lot without receiving a reward. They see more benefits in helping and strengthen people, any kind of living being or purpose than in a regular salary.
More and more, midsize companies are excited by Drop Guard, recognising the benefits and values of using this tool.
This time we want to present undpaul to you, a Drupal agency from Hannover, Germany, that is built by an enthusiastic team of Drupal developers. Eleven team members support Anja Schirwinski and Johannes Haseitl, founders and CEOs, in their daily effort to please the needs of their customers best.
In doing so, the whole company let Drop Guard support them and let it provide continuous Drupal and website security for their clients. We asked the undpaul about what changed since they started to use Drop Guard on a daily basis.
Our existing users may have already noticed a few changes and improvements in Drop Guard. However, not everything is visible enough, so we decided to make a short list with the recent updates.
Drop Guard is now capable of managing your composer.json and composer.lock files, in the same fashion as you would do it normally via CLI.
When executing the update task, Drop Guard modifies the composer.json to accommodate the recommended module or core version and runs "composer update" command to keep the composer.lock in sync. Both files get pushed to the repository, and the only thing you need to take care about is running "composer install" to receive the updated packages.
As always, Drupal Security Team did an excellent job and the news on the security vulnerabilities reported on Wednesday wasn't a bombshell for most of us. Everyone had a chance to prepare and pre-allocate resources to take all measures necessary to patch the supported websites.
A quick recap for those who missed the buzz or just slowly waking up right now.