Feed aggregator

We are pleased to announce that Peter Hinssen will be the keynote speaker at the Enterprise Drupal Summit Europe 2026 in Rotterdam on 28 September 2026.

Setting the stage

Peter Hinssen will open the summit with a session on how organizations deal with continuous disruption and long-term digital change — a topic he has spent decades researching, writing about, and bringing to stages around the world.

With over 1,500 keynote presentations delivered to Fortune 1000 companies and leading organisations globally, Peter brings a rare combination of strategic depth, clarity, and a dry sense of humour that turns strategy into clarity.

He is also the bestselling author of six business books, most recently The Uncertainty Principle (2025), a guide for leaders navigating what he calls the "Never Normal" — a world where disruption is not an exception but the baseline. 

Why this matters for your enterprise

The summit focuses on AI in enterprise environments, where change is structural rather than incremental. Peter's keynote sets the strategic context for the day's discussions across three key themes:

• AI in enterprise content systems
• Composable digital platforms
• Digital transformation in complex organizations

Because in enterprise environments, the question is no longer whether to adopt AI, but how to do it strategically.

Join us in Rotterdam

Enterprise Drupal Summit Europe 2026 brings together practitioners and decision-makers working on AI (and Drupal) at scale.

The program focuses on real implementations, architecture decisions, and operational lessons from enterprise and public sector environments.

A room full of decision-makers, and there's a seat with your name on it.

Read more

In Open Source software, competition works differently than in proprietary software.

Companies compete through their own products and services, but they all depend on the same commons: the software, the community, the project's reputation, and the shared work that helps people trust and adopt it.

That shared foundation creates a different kind of responsibility: sharing a commons means sharing the work of keeping it strong.

The Open Source companies I admire most show up in two ways. They compete on the merits of their own products: features, support, and price. And they help sustain the commons: through code, documentation, security, marketing, events, education, sponsorships, and more.

Judge companies by what they do

Over the past year, Pantheon, one of Acquia's competitors in the Drupal market, has focused much of its messaging on attacking Acquia, including making our private equity ownership part of its story.

I have no quarrel with Pantheon's products or the people who build them. Competition is healthy. My concern is with marketing that attacks another Drupal company, often with misleading or unwarranted messaging.

I've spent nearly twenty years building Acquia through different stages and ownership models. Acquia has grown from a startup into a company backed first by venture capital and later by private equity. Every ownership model creates different pressures, but ownership determines far from everything.

Customers don't choose a platform because of an ownership model. They choose it because it works, because they can get help, and because they trust it will keep getting better.

Read more

Cybersecurity remained a central concern across enterprise and open-source ecosystems this month as multiple high-profile incidents and critical vulnerability disclosures affected widely deployed platforms. Security teams continued to face pressure to patch faster, monitor exposed systems more closely, and respond to a growing volume of actively exploited vulnerabilities.

Verizon’s 2026 Data Breach Investigations Report found that the exploitation of vulnerabilities overtook stolen credentials as the leading initial access method in analysed breaches for the first time. Microsoft’s May Patch Tuesday also addressed roughly 120 vulnerabilities affecting Office, SharePoint Server, and Windows enterprise infrastructure.

The open-source sector saw renewed urgency around patch management after the Drupal Security Team released SA-CORE-2026-004, a highly critical SQL injection vulnerability affecting supported Drupal core versions using PostgreSQL databases. The advisory prompted emergency patching efforts across enterprise Drupal deployments.

Security agencies continued to warn about the growing number of actively exploited vulnerabilities tracked in CISA’s Known Exploited Vulnerabilities catalogue.

Elsewhere in the open-source ecosystem, discussion turned toward the widening gap between technological capability and public perception. In a recent post, Dries Buytaert argued that Drupal’s reputation has not kept pace with its technical evolution despite continued investment in structured content architecture, APIs, and AI-oriented tooling.

Read more

Does your content team know how much Drupal accessibility depends on them? From headings to tables, the choices editors make every day shape whether assistive tech users can navigate your site.

Managing a patchwork of digital systems? Discover why 2026 is the year for membership bodies and charities to trade platform fragmentation for integration.

Johanna Bates reflects on Drupal’s nonprofit ecosystem, the value of structured content, and the stewardship needed to support contributors, clients, and mission-driven organisations.

Today we are talking about Web Education, Level up Tutorials, and life after Drupal with guest Scott Tolinski. We'll also cover Views Row SDC as our module of the week.

For show notes visit: https://www.talkingDrupal.com/554

Read more

AI is unbundling both agencies and software. The rebundling is coming — will it be open or closed? Open platforms offer freedom, sovereignty, and portability.

A problem I've been struggling with for a while now is managing my bookmarks. Every time I come across an interesting article I want to read, a good resource I want to keep, or a neat tool I want to try I create a bookmark.

Over time I have collected a large collection of bookmarks so when I add a new one to the list it gets lots in the pile. I've tried to create directories to keep "new" bookmarks or organise them into sections, but I always end up scrabbling to find them.

The problem is that web browsers don't allow you to categorise or search bookmarks so I can never find them again. Also when I swap browsers (which I have done twice this year) I end up having to migrate them over and set up synchronising between computers. This always removes the favicons of the sites so I have even more trouble finding the right link.

After losing yet another bookmark again recently I decided to do something about it. I realised that #! code was the best place for it as I'm always logged into the site, so I set about creating a link directory on the site. I didn't just want a big list of links though. In my mind a good link directory takes a screenshot of the site when the link is created so that it is easy to see what links are there from the screenshot of the original site.

In this article I will go through how I set up the link directory, how links are added, and how the site is able to take screenshots of the links as they are added to the directory. 

Creating The Link Content Type

To store the links I created a content type called "Link" and added a few fields to it.

Read more

The Night the Internet Tried to Kill Your Website John Locke Fri, 05/22/2026 - 11:30 May 2026

The rain had been falling on the city for weeks.

Not real rain. The kind that falls on the internet — a constant drumbeat of probes, scans, and automated fists rattling every doorknob on every block, every hour of the day. Most people don't hear it. That's fine. That's what we're here for.

My name doesn't matter. Call me the op. I run a small shop — we keep websites alive, patch the holes before the wrong people find them, and make sure that when something goes sideways, there's always a way back. It's not glamorous work. But this spring? This spring was something else.

• Read more about The Night the Internet Tried to Kill Your Website
• Add new comment

Drupal Core Accessibility Maintainer Mike Gifford says organisations risk accelerating inaccessible digital experiences when accessibility remains dependent on isolated advocates instead of embedded governance systems. Speaking as part of The DropTimes’ continuing Global Accessibility Awareness Day coverage, Gifford argued that sustainable accessibility depends on integrating accountability, workflows, testing, and organisational culture directly into development infrastructure before automated systems amplify poor practices at scale.

Visualization of Drupal Core Change records over the years

How many Drupal Core change records (CR) has there been over the years? Is it a manageable amount for contrib maintainers?  How many are about something new or deprecated? This is what it looks like since 2018. For visual effect I grouped CRs in 4 buckets: 

theodore May 22, 2026

AI is accelerating content creation, making estate-scale governance critical. Learn the 5 dimensions of content governance and why it must live natively in your CMS.

Ahead of Global Accessibility Awareness Day, contributors associated with A11yTalks and the Drupal community discussed how accessibility initiatives deteriorate when governance, training, and operational responsibility are not sustained over time. The discussions also examined the role of AI-assisted development workflows and why open-source communities often became early spaces for accessibility collaboration and inclusion.

Keyword search struggles with natural language and exploratory questions. Daniel walked the DrupalSouth 2026 audience through how OpenSearch and Skpr enable semantic search that understands intent and meaning, and how Retrieval-Augmented Generation (RAG) transforms results into clear, human-friendly answers grounded in your actual content.

by daniel.veza / 21 May 2026

 

Last week, the PreviousNext team headed over to Wellington for DrupalSouth 2026, and what a week it was.

by ana.beltran / 21 May 2026

The highlight of the week was the Splash Awards - and this year, we are honoured to have won:

• Best in Government with Cancer Australia for the GovCMS PaaS project we did in collaboration with Paper Moose
• Best in Show with Cancer Australia
• Community People's Choice Award - Adam Bramley (jointly awarded to Nicole Ritchie)
• Hall of Fame - Lee Rowlands

Congratulations to Lee and Adam! Both deserved the recognition for their active work with the Drupal Community.

The Best in Show win for Cancer Australia makes this a remarkable run. PreviousNext has now won Best in Show three times back to back. Here's the full picture:

Read more

Project: Drupal coreDate: 2026-May-20Security risk: Highly critical 20 ∕ 25 AC:None/A:None/CI:All/II:All/E:Theoretical/TD:UncommonVulnerability: SQL injectionAffected versions: >= 8.9.0 < 10.4.10 || >= 10.5.0 < 10.5.10 || >= 10.6.0 < 10.6.9 || >= 11.0.0 < 11.1.10 || >= 11.2.0 < 11.2.12 || >= 11.3.0 < 11.3.10CVE IDs: CVE-2026-9082Description: 

Drupal core includes a database abstraction API to ensure that queries executed against the database are sanitized to prevent SQL injection attacks.

A vulnerability in this API allows an attacker to send specially crafted requests, resulting in arbitrary SQL injection for sites using PostgreSQL databases. This can lead to information disclosure, and in some cases privilege escalation, remote code execution, or other attacks.

This vulnerability can be exploited by anonymous users.

This vulnerability only affects sites using PostgreSQL. However, the dependency updates in this release apply to all sites.

Upstream security advisories

The Drupal releases for supported branches (11.3, 11.2, 10.6, and 10.5) in this advisory also include security updates for Symfony and Twig. Those projects have released important Security Advisories that were coordinated with this Drupal release, and Drupal is affected by some of the vulnerabilities.

Read more

Recently, I contributed an AI-powered Schema.org JSON-LD module to Drupal that uses AI automators to generate Schema.org JSON-LD, building a knowledge graph that improves SEO/AEO by making it easier for machines to understand your website. The module was built with AI in 4 days, whereas the Schema.org Blueprints module with a similar goal took 4 years. I have been so shocked by how efficiently AI can code and build software that I realized, "AI ate my work, and I need to be okay with that." I wrote about how I am adjusting to this new "AI" normal.

A slightly different reckoning is unfolding for our websites because AI is consuming our content, thereby reducing traffic. Providing Schema.org JSON-LD is one way to feed the machines. AIs are becoming the front page of most websites. To adapt to this new "AI" normal, where an AI is the gatekeeper to your website, we need to evolve our approach to building and managing our websites.

Adaptation

Personally, "adaptation" feels like the right word to describe the challenge and change we, developers, site builders, managers, and owners, are facing right now. Adaptation is forced upon us by external constraints or opportunities, depending on your point of view, to evolve our approach to building and sharing information. There is a much larger discussion about the impact of AI on who we are, what we are building, and how we build. For now, I want to focus on what Drupal-built websites need to consider to adapt and keep up with the rapidly evolving digital landscape, which is largely out of our control.

Out of our control

Read more

The Drupal Security Team has released SA-CORE-2026-004, confirming that the highly critical issue previewed in yesterday’s advance advisory is an anonymous SQL injection vulnerability affecting Drupal sites running PostgreSQL databases. The flaw, tracked as CVE-2026-9082, exists in Drupal core’s database abstraction API and can lead to information disclosure, privilege escalation, and potentially remote code execution. The coordinated release also includes upstream Symfony and Twig security fixes, prompting update recommendations for all supported Drupal installations regardless of database configuration.

Last week at Drupal South, Pamela Barone delivered a keynote on Drupal CMS. Her talk is one of the clearest articulations I've seen of what Drupal CMS is, why it exists, and where it's headed. That shouldn't come as a surprise because Pam is the Product Lead for Drupal CMS.

Pam quoted a familiar Drupal saying: Drupal makes hard things possible, but it also makes easy things hard.. The room laughed because it's true.

Her keynote makes the case that Drupal CMS is making Drupal easier across the board: visual page editing, a gentler on ramp for new developers, and project economics that finally work for smaller budgets. Larger organizations such as universities, governments, and Fortune 2000 companies want those same advantages, which is why Drupal CMS matters at every scale.

Pam also explains how Drupal CMS sits on top of Drupal Core, why it is not a Drupal distribution, how it gives digital agencies leverage, what site templates unlock, and how Drupal Canvas reshapes the page building experience.

If you watch one Drupal video this week, make it Pam's!