Drupal News Feed
Just two months after the milestone release of Drupal AI 1.3.0, we are thrilled to announce that Drupal AI 1.4.0 is officially here!
With the 1.x branch reaching a high level of maturity and stability, we are excited to transition into a more predictable, bi-monthly minor release cadence. Moving forward, the Drupal community can look forward to a steady, reliable stream of improvements, new...
DrupalCon Rotterdam is one of those events that naturally attracts attention across the Drupal ecosystem. Not only because it brings the community together, but because it creates a space where technology, strategy, contribution and real-world digital projects meet.
For anyone working with Drupal, open source or digital experience platforms, the question is not just “...
Project: Drupal coreDate: 2026-June-17Security risk: Moderately critical 11 ∕ 25 AC:Complex/A:User/CI:Some/II:Some/E:Theoretical/TD:UncommonVulnerability: Improper validationAffected versions: <10.5.12 || >=10.6.0 <10.6.11 || >=11.2.0 <11.2.14 || >=11.3.0 <11.3.12 || 11.0.* || 11.1.*CVE IDs: CVE-2026-55808Description: The JSON:API and REST...
Project: Drupal coreDate: 2026-June-17Security risk: Moderately critical 10 ∕ 25 AC:Basic/A:User/CI:Some/II:None/E:Theoretical/TD:DefaultVulnerability: Server-side request forgeryAffected versions: <10.5.12 || >=10.6.0 <10.6.11 || >=11.2.0 <11.2.14 || >=11.3.0 <11.3.12 || 11.0.* || 11.1.*CVE IDs: CVE-2026-55807Description: The Media module...
Project: Drupal coreDate: 2026-June-17Security risk: Less critical 9 ∕ 25 AC:Basic/A:None/CI:None/II:None/E:Theoretical/TD:DefaultVulnerability: Cache poisoning and open redirectAffected versions: <10.5.12 || >=10.6.0 <10.6.11 || >=11.2.0 <11.2.14 || >=11.3.0 <11.3.12 || 11.0.* || 11.1.*CVE IDs: CVE-2026-55806Description: Drupal core ships a...
Project: Drupal coreDate: 2026-June-17Security risk: Moderately critical 14 ∕ 25 AC:Complex/A:Admin/CI:All/II:All/E:Theoretical/TD:UncommonVulnerability: Gadget chainAffected versions: <10.5.12 || >=10.6.0 <10.6.11 || >=11.2.0 <11.2.14 || >=11.3.0 <11.3.12 || 11.0.* || 11.1.*CVE IDs: CVE-2026-55804Description: Drupal core contains a chain of...
Project: Drupal coreDate: 2026-June-17Security risk: Critical 18 ∕ 25 AC:None/A:User/CI:All/II:All/E:Theoretical/TD:UncommonVulnerability: PHP object injectionAffected versions: <10.5.12 || >=10.6.0 <10.6.11 || >=11.2.0 <11.2.14 || >=11.3.0 <11.3.12 || 11.0.* || 11.1.*CVE IDs: CVE-2026-55803Description: SA-CORE-2019-003 added protection for...
QED42 has opened a waitlist for EventHorizon, a Drupal-focused code-intelligence suite built on the scanning engine behind its open-source EventHorizon CLI. The CLI runs static analysis locally without AI, cloud upload, or telemetry, addressing audit environments where client code is covered by NDAs, data residency clauses, and security review. The broader suite adds visual dependency maps, code...
The Drupal marketplace is driving a shift toward high-quality, accessible, and easily maintainable templates tailored for specific industry verticals (like government, healthcare, and education).
Good news for everyone still polishing their entry, we've extended the submission deadline for the International Splash Awards 2026 by four weeks. You now have until 16 July 2026 to submit your project.As part of our commitment to a fair process, we want to give every Drupal community and agency ample time to put their best work forward. So we're opening the doors...