Feed aggregator

For Everyone: In-Context Customization Without the Learning Curve Jürgen Haas Wed 27 May 2026 - 15:00

ECA's in-context customization removes the learning curve barrier. A lightning bolt icon appears next to form fields with applicable templates. Click it, select a template, configure parameters - done. No need to understand events, conditions, or tokens. Templates are ECA models with special template tokens that define where they apply and what users can customize. Technical users can transition directly to the full modeler from context. The result: automation and site customization become accessible to everyone, not just developers. Build templates once, apply them dozens of times across contexts.

Take Away Tag1's Creative Director/Creative Strategist, Pilar Belhumeur, attended the Drupal AI Summit NYC 2026, which was a full day of talks, demos, and conversations about where Drupal is headed in the age of AI. Here she shares the key themes that emerged, from Drupal's role as an AI orchestration layer to the community's commitment to building a responsible, human-centered AI future.

The Drupal AI Summit in New York City brought together developers, strategists, designers, and agencies for a full day of talks, demos, and conversations about where Drupal will go next in the age of AI. What struck me most wasn't any single talk or demo, it was the common belief that the Drupal community needs to come together to shape this future responsibly.

Here are the core themes, and the talks that stood out.

The Big Picture: Drupal as an "AI Harness"

Matthew Saunders kicked off the day with a framing that anchored everything that followed: "Drupal is becoming an AI harness." As organizations move AI from experimentation into practical operations, the focus should shift from which AI model is used to the system that orchestrates and governs those models.

An AI harness, as Saunders defined it, connects models to essential organizational requirements: structured data, governance, human oversight, and workflow automation. With 25 years of experience managing structured content, APIs, and permissions, Drupal is positioned to act as that operational layer.

Read more

We are pleased to announce that Peter Hinssen will be the keynote speaker at the Enterprise Drupal Summit Europe 2026 in Rotterdam on 28 September 2026.

Setting the stage

Peter Hinssen will open the summit with a session on how organizations deal with continuous disruption and long-term digital change — a topic he has spent decades researching, writing about, and bringing to stages around the world.

With over 1,500 keynote presentations delivered to Fortune 1000 companies and leading organisations globally, Peter brings a rare combination of strategic depth, clarity, and a dry sense of humour that turns strategy into clarity.

He is also the bestselling author of six business books, most recently The Uncertainty Principle (2025), a guide for leaders navigating what he calls the "Never Normal" — a world where disruption is not an exception but the baseline. 

Why this matters for your enterprise

The summit focuses on AI in enterprise environments, where change is structural rather than incremental. Peter's keynote sets the strategic context for the day's discussions across three key themes:

• AI in enterprise content systems
• Composable digital platforms
• Digital transformation in complex organizations

Because in enterprise environments, the question is no longer whether to adopt AI, but how to do it strategically.

Join us in Rotterdam

Enterprise Drupal Summit Europe 2026 brings together practitioners and decision-makers working on AI (and Drupal) at scale.

The program focuses on real implementations, architecture decisions, and operational lessons from enterprise and public sector environments.

A room full of decision-makers, and there's a seat with your name on it.

Read more

In Open Source software, competition works differently than in proprietary software.

Companies compete through their own products and services, but they all depend on the same commons: the software, the community, the project's reputation, and the shared work that helps people trust and adopt it.

That shared foundation creates a different kind of responsibility: sharing a commons means sharing the work of keeping it strong.

The Open Source companies I admire most show up in two ways. They compete on the merits of their own products: features, support, and price. And they help sustain the commons: through code, documentation, security, marketing, events, education, sponsorships, and more.

Judge companies by what they do

Over the past year, Pantheon, one of Acquia's competitors in the Drupal market, has focused much of its messaging on attacking Acquia, including making our private equity ownership part of its story.

I have no quarrel with Pantheon's products or the people who build them. Competition is healthy. My concern is with marketing that attacks another Drupal company, often with misleading or unwarranted messaging.

I've spent nearly twenty years building Acquia through different stages and ownership models. Acquia has grown from a startup into a company backed first by venture capital and later by private equity. Every ownership model creates different pressures, but ownership determines far from everything.

Customers don't choose a platform because of an ownership model. They choose it because it works, because they can get help, and because they trust it will keep getting better.

Read more

Cybersecurity remained a central concern across enterprise and open-source ecosystems this month as multiple high-profile incidents and critical vulnerability disclosures affected widely deployed platforms. Security teams continued to face pressure to patch faster, monitor exposed systems more closely, and respond to a growing volume of actively exploited vulnerabilities.

Verizon’s 2026 Data Breach Investigations Report found that the exploitation of vulnerabilities overtook stolen credentials as the leading initial access method in analysed breaches for the first time. Microsoft’s May Patch Tuesday also addressed roughly 120 vulnerabilities affecting Office, SharePoint Server, and Windows enterprise infrastructure.

The open-source sector saw renewed urgency around patch management after the Drupal Security Team released SA-CORE-2026-004, a highly critical SQL injection vulnerability affecting supported Drupal core versions using PostgreSQL databases. The advisory prompted emergency patching efforts across enterprise Drupal deployments.

Security agencies continued to warn about the growing number of actively exploited vulnerabilities tracked in CISA’s Known Exploited Vulnerabilities catalogue.

Elsewhere in the open-source ecosystem, discussion turned toward the widening gap between technological capability and public perception. In a recent post, Dries Buytaert argued that Drupal’s reputation has not kept pace with its technical evolution despite continued investment in structured content architecture, APIs, and AI-oriented tooling.

Read more

Managing a patchwork of digital systems? Discover why 2026 is the year for membership bodies and charities to trade platform fragmentation for integration.

Does your content team know how much Drupal accessibility depends on them? From headings to tables, the choices editors make every day shape whether assistive tech users can navigate your site.

Managing a patchwork of digital systems? Discover why 2026 is the year for membership bodies and charities to trade platform fragmentation for integration.

Johanna Bates reflects on Drupal’s nonprofit ecosystem, the value of structured content, and the stewardship needed to support contributors, clients, and mission-driven organisations.

Today we are talking about Web Education, Level up Tutorials, and life after Drupal with guest Scott Tolinski. We'll also cover Views Row SDC as our module of the week.

For show notes visit: https://www.talkingDrupal.com/554

Read more

AI is unbundling both agencies and software. The rebundling is coming — will it be open or closed? Open platforms offer freedom, sovereignty, and portability.

A problem I've been struggling with for a while now is managing my bookmarks. Every time I come across an interesting article I want to read, a good resource I want to keep, or a neat tool I want to try I create a bookmark.

Over time I have collected a large collection of bookmarks so when I add a new one to the list it gets lots in the pile. I've tried to create directories to keep "new" bookmarks or organise them into sections, but I always end up scrabbling to find them.

The problem is that web browsers don't allow you to categorise or search bookmarks so I can never find them again. Also when I swap browsers (which I have done twice this year) I end up having to migrate them over and set up synchronising between computers. This always removes the favicons of the sites so I have even more trouble finding the right link.

After losing yet another bookmark again recently I decided to do something about it. I realised that #! code was the best place for it as I'm always logged into the site, so I set about creating a link directory on the site. I didn't just want a big list of links though. In my mind a good link directory takes a screenshot of the site when the link is created so that it is easy to see what links are there from the screenshot of the original site.

In this article I will go through how I set up the link directory, how links are added, and how the site is able to take screenshots of the links as they are added to the directory. 

Creating The Link Content Type

To store the links I created a content type called "Link" and added a few fields to it.

Read more

The Night the Internet Tried to Kill Your Website John Locke Fri, 05/22/2026 - 11:30 May 2026

The rain had been falling on the city for weeks.

Not real rain. The kind that falls on the internet — a constant drumbeat of probes, scans, and automated fists rattling every doorknob on every block, every hour of the day. Most people don't hear it. That's fine. That's what we're here for.

My name doesn't matter. Call me the op. I run a small shop — we keep websites alive, patch the holes before the wrong people find them, and make sure that when something goes sideways, there's always a way back. It's not glamorous work. But this spring? This spring was something else.

• Read more about The Night the Internet Tried to Kill Your Website
• Add new comment

Drupal Core Accessibility Maintainer Mike Gifford says organisations risk accelerating inaccessible digital experiences when accessibility remains dependent on isolated advocates instead of embedded governance systems. Speaking as part of The DropTimes’ continuing Global Accessibility Awareness Day coverage, Gifford argued that sustainable accessibility depends on integrating accountability, workflows, testing, and organisational culture directly into development infrastructure before automated systems amplify poor practices at scale.

Visualization of Drupal Core Change records over the years

How many Drupal Core change records (CR) has there been over the years? Is it a manageable amount for contrib maintainers?  How many are about something new or deprecated? This is what it looks like since 2018. For visual effect I grouped CRs in 4 buckets: 

theodore May 22, 2026

AI is accelerating content creation, making estate-scale governance critical. Learn the 5 dimensions of content governance and why it must live natively in your CMS.

Ahead of Global Accessibility Awareness Day, contributors associated with A11yTalks and the Drupal community discussed how accessibility initiatives deteriorate when governance, training, and operational responsibility are not sustained over time. The discussions also examined the role of AI-assisted development workflows and why open-source communities often became early spaces for accessibility collaboration and inclusion.

Keyword search struggles with natural language and exploratory questions. Daniel walked the DrupalSouth 2026 audience through how OpenSearch and Skpr enable semantic search that understands intent and meaning, and how Retrieval-Augmented Generation (RAG) transforms results into clear, human-friendly answers grounded in your actual content.

by daniel.veza / 21 May 2026

 

Last week, the PreviousNext team headed over to Wellington for DrupalSouth 2026, and what a week it was.

by ana.beltran / 21 May 2026

The highlight of the week was the Splash Awards - and this year, we are honoured to have won:

• Best in Government with Cancer Australia for the GovCMS PaaS project we did in collaboration with Paper Moose
• Best in Show with Cancer Australia
• Community People's Choice Award - Adam Bramley (jointly awarded to Nicole Ritchie)
• Hall of Fame - Lee Rowlands

Congratulations to Lee and Adam! Both deserved the recognition for their active work with the Drupal Community.

The Best in Show win for Cancer Australia makes this a remarkable run. PreviousNext has now won Best in Show three times back to back. Here's the full picture:

Read more

Project: Drupal coreDate: 2026-May-20Security risk: Highly critical 20 ∕ 25 AC:None/A:None/CI:All/II:All/E:Theoretical/TD:UncommonVulnerability: SQL injectionAffected versions: >= 8.9.0 < 10.4.10 || >= 10.5.0 < 10.5.10 || >= 10.6.0 < 10.6.9 || >= 11.0.0 < 11.1.10 || >= 11.2.0 < 11.2.12 || >= 11.3.0 < 11.3.10CVE IDs: CVE-2026-9082Description: 

Drupal core includes a database abstraction API to ensure that queries executed against the database are sanitized to prevent SQL injection attacks.

A vulnerability in this API allows an attacker to send specially crafted requests, resulting in arbitrary SQL injection for sites using PostgreSQL databases. This can lead to information disclosure, and in some cases privilege escalation, remote code execution, or other attacks.

This vulnerability can be exploited by anonymous users.

This vulnerability only affects sites using PostgreSQL. However, the dependency updates in this release apply to all sites.

Upstream security advisories

The Drupal releases for supported branches (11.3, 11.2, 10.6, and 10.5) in this advisory also include security updates for Symfony and Twig. Those projects have released important Security Advisories that were coordinated with this Drupal release, and Drupal is affected by some of the vulnerabilities.

Read more