Today is Thanksgiving in the US. I know it's not a global holiday, but it has me thinking about gratitude, and specifically about a team that rarely gets the recognition it deserves: the Drupal Security Team.

As Drupal's project lead, I'm barely involved in our security work. And you know what? That is a sign that things are working really well.

Our Security Team reviews reports, analyzes vulnerabilities, coordinates patches across supported Drupal versions, and publishes advisories. They work with Drupal module maintainers and reporters to protect millions of websites. They also educate our community proactively, ensuring problems are prevented, not just fixed. It can be a lot of work, and delicate work.

To get an idea of the quality of their work, check out recent advisories at drupal.org/security. I know it's maybe strange to point out security advisories, but their work meets the highest standards of maturity. For example, Drupal is authorized as a CVE Numbering Authority, which means our security processes meet international standards for vulnerability coordination.

Whether you're running a small blog or critical government infrastructure, the Security Team protects you with the same consistency and professionalism.

While I'm on our private security team mailing list, they do all this without needing me to oversee or interfere. In fact, the team handles everything so smoothly that my involvement would only slow them down. In the world of open source leadership, there is no higher compliment I can pay them.

Security work is largely invisible when done well. Nobody celebrates the absence of breaches. The researchers who report issues often get more recognition than the team members who spend hours verifying, patching, and coordinating fixes.

All software has security bugs, and fortunately for Drupal, critical security bugs are rare. What really matters is how you deal with security releases.

To our Security Team: thank you for your excellence. Thank you for protecting Drupal's reputation through consistent, professional, often invisible work, week after week.

AI has sped up proposal writing—but made them all sound the same. In this DrupalCon Vienna session, Monisha Navlani explores how Drupal agencies can rise above the noise with real-world context, trust, and a human voice.

Several years ago, I built a photo stream on my Drupal-powered website. You can see it at https://dri.es/photos. This week, I gave it a small upgrade: infinite scroll.

My first implementation used vanilla JavaScript using the Intersection Observer API, and it worked fine. It took about 30 lines of custom JavaScript and 20 lines of PHP code.

But Drupal now ships with htmx support, and that had been on my mind. So a couple of hours later, I rewrote the feature with htmx to see if it could do the same job more simply.

It's something I love about Drupal: how we keep adding small, well-chosen features like htmx support. Not flashy, but they quietly make everyday work nicer. Years ago, Drupal was one of the first CMSes to adopt jQuery, and our early adoption helped contribute to its widespread use. Today, we're replacing parts of jQuery with htmx, and Drupal may well be among the first CMSes to ship htmx in core.

If, like me, you haven't used htmx before, it lets you add dynamic behavior to pages using HTML attributes instead of writing JavaScript. Want to load content when something is clicked or scrolled into view? You add an attribute like hx-get="/load-more" and htmx handles the request, then swaps the response into your page. It gives you AJAX-style interactions without having to write JavaScript.

To make the photo stream load more images as you scroll, I added an "htmx trigger". When it scrolls into view, htmx fetches more photos and appends them to the right container. The resulting HTML looks like this:

<div hx-get="/photos/load-more?offset=25" hx-trigger="revealed" hx-target="#album" hx-swap="beforeend"> <figure> ... </figure> </div>

The hx-get points to a controller that returns the next batch of photos. The hx-trigger="revealed" attribute means "fire when scrolled into view". The hx-target="#album" tells htmx where to put the new content, and hx-swap="beforeend" appends it at the end of that #album container.

I didn't want users to hit the last photo and have to wait for more to load. To keep the scrolling smooth, I added the trigger a few photos before the end. This pre-fetches the next batch before the user even realizes they are running out of photos. This is what the code in Drupal looks likes:

// Trigger 3 images before the end to prefetch the next batch. $trigger = array_keys($images)[max(0, count($images) - 4)]; foreach ($images as $key => $image) { … if ($key === $trigger) { // Add htmx attributes to the <div> surrounding the image. $build['#attributes']['hx-get'] = '/photos/load-more?offset=' . ($offset + $limit); $build['#attributes']['hx-trigger'] = 'revealed'; $build['#attributes']['hx-target'] = '#album'; $build['#attributes']['hx-swap'] = 'beforeend'; } }

And the controller that returns the HTML:

public function loadMorePhotos(Request $request) { $offset = $request->query->getInt('offset', 0); $limit = 25; $photos = PhotoCollection::loadRecent($offset, $limit); if (!$photos) { return new Response(''); } $build = $this->buildImages($photos, $offset, $limit); $html = \Drupal::service('renderer')->renderRoot($build); return new Response($html); }

Each response includes 25 photos. It continues fetching new photos as you scroll down until there are no more photos, at which point the controller returns an empty response and the scrolling stops.

As you can tell, there is no custom JavaScript in my code. It's all abstracted away by htmx. The htmx version took less than 10 lines of PHP code (shown above) instead of 30+ lines of custom JavaScript. The loadMorePhotos controller I needed either way.

The savings are negligible. Replacing a couple dozen lines of JavaScript won't change the world. And at 16KB gzipped, htmx is much larger than the custom JavaScript I wrote by hand. But it still feels reasonable. My photo stream is image-heavy, and htmx adds less than 0.5% to the initial page weight.

Overall, I'd say that htmx grew on me. There is something satisfying about declarative code. You describe what should happen, and the implementation disappears. I may try it in a few more places to improve the user experience of my site.

Florida DrupalCamp voted best DrupalCamp on the planet (and sessions are now open)! mherchel Wed, 11/26/2025 - 16:24

“Where did I put the key?” — you might ask yourself this when searching for your house or car keys, and the same can happen on a Drupal site. Almost all modern websites rely on keys for integrations with other services, secure authentication, and sensitive data protection. They can be used by anyone — a developer wiring up a complex integration or a marketer adding credentials from a user-friendly service like Mailchimp.

 

The following is a guest post from DrupalCon Vienna Marketing Committee.

When the Drupal community gathers, something extraordinary happens.

From 14 to 17 October 2025, nearly a thousand people came together at the Austria Center Vienna, Austria to celebrate open source, exchange ideas, and contribute to the future of Drupal.

DrupalCon Vienna 2025 was not only a conference, it was a living example of collaboration, diversity, and innovation in action.

A Community in Numbers

This year’s event welcomed 935 registered participants, with an impressive 96.04% check-in rate.

Interest in DrupalCon Vienna built steadily through the year, with the highest number of registrations coming in June (307) and September (236).

A Truly Global Audience

DrupalCon Vienna brought together a remarkable mix of voices and perspectives.
Participants represented over 40 countries, with 85% coming from across Europe, 8% from the United States, and 7% from other regions.

The top ten countries represented were:

• United Kingdom (112)
• Germany (107)
• United States (75)
• Belgium (74)
• Austria (71)
• France (67)
• Spain (34)
• Netherlands (31)
• Sweden (26)
• Italy (24)

From Costa Rica to Kenya, from Armenia to New Zealand, attendees crossed borders, time zones, and languages to connect through one shared passion - Drupal.

New Faces and Familiar Friends

One of the most inspiring aspects of the Drupal community is its balance between newcomers and long-time contributors.

In Vienna, 28% of participants attended their first DrupalCon, while 38% had taken part in four or more DrupalCons. This mix of fresh enthusiasm and deep experience keeps the community dynamic and forward-looking.

For the first time, this year’s DrupalCon introduced Drupal in a Day, organized by Hilmar Kári Hallbjörnsson. The training session welcomed 113 learners, aged 18 to 52, highlighting the wide range of people discovering Drupal for the first time.

Attendee Background

An impressive 38% of attendees were delegated by their company to attend DrupalCon Vienna.

Attendees were mainly represented by:

• Technical users: 37%
• Technical decision-makers: 27%
• Owners or business decision-makers: 21%

In terms of expertise:

• 36% described themselves as Drupal experts
• 28% reported strong Drupal expertise

The majority of participants (53%) came from digital agencies, design, or development shops.

They represented a variety of industries, with the strongest presence from:

• Services: 31%
• Government: 16%
• Education: 11%

Powered by People

Behind the scenes, the heart of DrupalCon beats thanks to its volunteers.

A huge thank-you goes to the committees, track teams, and on-site volunteers who made the event possible.

This year, 56 on-site volunteers contributed their time and expertise, supporting session reviews, contribution mentoring, information desks, and photography. Their dedication ensured that every attendee could learn, contribute, and feel part of something bigger.

Made Possible by Our Sponsors

None of this would have been possible without the generous support of our sponsors.

• Diamond: 3
• Platinum: 4
• Gold: 8
• Silver: 6
• Module: 10
• Media: 5

Their continued investment in Drupal helps us deliver high-quality, inclusive, and impactful events that keep the open-source spirit alive.

Looking Ahead

DrupalCon Vienna 2025 reminded us that open source is more than code. It is community, creativity, and collaboration in action.

Thank you to everyone who joined and contributed to making DrupalCon Vienna 2025 a success.

Since 2019, DevBranch hasn’t attended DrupalCon in person due to war and pandemic disruptions. Yet from their Lutsk office, the Ukrainian team continues to gather for every Driesnote—sharing insights, staying connected, and embodying the Drupal community spirit through challenging times.

Email testing isn’t broken — the method often is. Katherine Pay outlines the five most common mistakes marketers make with A/B testing and introduces the Holistic Testing Methodology to fix them. From missing hypotheses to shallow metrics and isolated tests, this guide explains how to run smarter experiments that drive real insight and long-term results.

How the Irish Government's “Build to Share” Vision Comes to Life: A New Public Consultations Module for All

Local spark, national impact: an open-source public consultations module built to share, built to scale.

markconroy 25th Nov 2025

SEO today is all about intent and clarity, not keyword counts. Read this blog to find out how relevance optimization can strengthen your Drupal site’s discoverability.

The 2025 Annual Maintainer Check-In is now complete, a huge thank you to everyone who responded and to all the maintainers who continue to keep Drupal core moving forward.

As part of this process, we’ve confirmed that a number of Drupal Core subsystems and topic areas are currently without an active maintainer.

If you’ve ever thought about stepping into a maintainer role, or co-maintaining alongside others, now is the perfect time to get involved.

Why maintainers matter

Maintainers play a key role in ensuring the quality, stability, and momentum of Drupal core.

Maintainers help shape the direction of their subsystem or topic area, guide contributors as well as triage issues and review merge requests.

You don’t need to be a long-time contributor, if you’ve been active in a related area or are keen to grow your involvement, we’d love to hear from you.

Learn more about the maintainer role:

• Drupal core maintainer roles and responsibilities  
• Core governance and subsystem overview

Areas currently without an active maintainer Subsystems

• Authentication and Authorization  
• Automated Cron  
• Ban  
• Bootstrap  
• Content Moderation  
• Content Translation  
• Cron  
• Database Update API  
• Filter  
• Image  
• Inline Form Errors  
• Installer  
• Language  
• Lock  
• Mail  
• Markup  
• Menu UI  
• MySQL DB driver  
• Options  
• Path  
• PostgreSQL DB driver  
• Request Processing  
• Settings Tray  
• Sqlite DB driver  
• System (module)  
• Token  
• Workflows

 Topics

• Documentation

How to express interest

If you’d like to maintain or co-maintain one or more of these areas:

• Comment on the Seeking subsystem and topic maintainers for open positions issue.  
• Include your name, Drupal.org username, and a short note about your experience or interest area.  
• Or, reach out directly via Drupal Slack to @griffynh.

What happens next

Once interest is expressed:

• A public issue is opened in the Drupal core issue queue for each applicant so the community can provide feedback.  
• The Leadership Team reviews each application, discusses any concerns with the applicant directly, and offers support where needed. 
• Following this, a member of the Core Leadership Team updates the issue with the outcome and adjusts the issue metadata.

Thank you to everyone who contributes as a Drupal maintainer, your work is what keeps Drupal core secure, stable, and evolving.

Search engine optimization (SEO) is a rich and multi-dimensional craft, with numerous best practices and techniques to apply on your Drupal site. Optimizing your content, configuring an XML sitemap, and creating well-structured URLs are just a few examples of what should be done for SEO success. 

Today we are talking about the community working group, What they do, and how you can help with guests AmyJune Hineline, Mark Casias, and Matthew Saunders. We'll also cover Drupal CMS Geo Images as our module of the week.

For show notes visit: https://www.talkingDrupal.com/530

Topics

• Exploring the Community Working Group (CWG)
• Roles and Responsibilities within the CWG
• Conflict Resolution and Community Health
• Matthew's Journey and Joining the CWG
• Qualities and Experiences for CWG Members
• Identifying the Need for Cultural Sensitivity
• The Importance of Patience and Grace in Conflict Resolution
• Onboarding and the Role of the Community Health Team
• Time Commitment and Responsibilities of CWG Members
• Supporting the CWG Without Formal Membership
• Maintaining Confidentiality and Promoting Transparency
• Addressing Credit Abuse and Community Health
• Parting Words of Wisdom for Aspiring Community Members

Resources

• Recipe application

Guests

AmyJune Hineline - volkswagenchick Matthew Saunders - jamesmatthewsaunders.ai MatthewS Mark Casias - omibee.com markie

Hosts

Nic Laflin - nLighteneddevelopment.com nicxvan John Picozzi - epam.com johnpicozzi

MOTW Correspondent

Mike Anello - drupaleasy.com ultimike

• Brief description:
  • Drupal CMS Geo Images - a Drupal CMS recipe that automatically displays uploaded geotagged images on a map.
• Module name/project name:
  • Drupal CMS Geo Images
• Brief history
  • How old: created in February 2025 by Italo Mairo (https://www.drupal.org/u/itamair). He is also one of the maintainers of the GeoField module as well as many of the other geo-spatial related contrib modules.
• Versions available: 1.1.4, released Nov 9 2025.
• Maintainership
  • Actively maintained
  • Security coverage
  • Documentation - yes, on the project page (README is the same)
  • Number of open issues: 1 open issues, 0 of which are bugs against the current branch (2 total issues)
• Module features and usage
  • Creates new "Geo image" media type
  • Displays image and map
  • Bulk import via Media Library Importer module
  • Includes preconfigured map view (filterable by date)
  • Each mapped photo displayed with image thumbnail on map

DrupalCon Asia 2025 in Nara, Japan, closed with a strong sense of momentum. Dries Buytaert’s Q&A format replaced a traditional keynote, and it paid off with direct insight into where Drupal is heading. The discussion tracked real trends across the ecosystem. Drupal CMS adoption continues to rise, the upcoming Drupal Canvas release is shaping expectations for easier site building, and the planned site template marketplace signals a shift toward faster delivery for agencies and teams.

Government interest in open source also stood out. Dries noted that digital sovereignty is becoming a priority across regions, positioning Drupal well for long-term public-sector growth. On the ground in Nara, the commitment felt real. The city’s mayor, Gen Nakagawa, opened the event by stating his goal to make Nara the most Drupal-friendly city in the world. It is rare for municipal leadership to tie open source directly to civic strategy, and it captured the tone of the week.

Beyond the sessions and the packed YouTube playlist, the Drupal CMS leadership team used the conference as a working sprint to align on priorities for the next six months. Agencies and end users shared where they need support, shaping the product roadmap. The result is a community that feels focused, confident, and ready for another cycle of growth.

INTERVIEW

• When AI Becomes Part of the Team: An Interview with Ronald te Brake

OPINION

• Sustainability and the Drupal AI Summit: Bursting the Bubble

TUTORIALS

• Top Composer Pitfalls in Drupal Projects: Real-World Fixes from Support Frontlines
• Drupal Migration Taxonomy Audit – Part 1: Why Planning Matters More Than QA
• Drupal Service Container Deep Dive (Part 1): Tags, Compiler Passes, Service Providers and Autoconfiguration

DISCOVER DRUPAL

• 7 Smart Developer Utilities in Drupal Using AI to Automate Technical Workflows
• Stephen Mulvihill Releases Drupal Purview Module to Bridge Microsoft Purview with Drupal
• Pravesh Poonia Introduces Canvas SDC Starterkit to Accelerate Component-Development in Drupal
• Mustapha G. Releases A11y Widget Drupal Module for Enhanced Web Accessibility

DRUPAL COMMUNITY

• Drupal Forge Seeks Community Backers to Sustain Free Site Launch Platform

EVENT

• DrupalCon Nara 2025 Reframed the Driesnote: A Recap
• Community, AI, and Asia in Focus as amazee.io Connects at DrupalCon Nara 2025
• Montréal Drupal Meetup Returns November 25, Hosted by Evolving Web
• Salsa Digital Webinar to Focus on Drupal Patching for Australian Government Sites

ORGANIZATION NEWS

• Proctor + Stevenson Unveil Headless Drupal Starter Site with Next.js Frontend
• Open November 2025: CivicActions Rallies Digital Services Community to Expand the Digital Commons

We acknowledge that there are more stories to share. However, due to selection constraints, we must pause further exploration for now. To get timely updates, follow us on LinkedIn, Twitter, Bluesky, and Facebook. You can also join us on Drupal Slack at #thedroptimes.

Thank you.

Kazima Abbas,
Sub-editor,
The DropTimes.

The DropTimes has launched the Discover page to spotlight Drupal’s real-world adoption and ongoing relevance. Featuring over 3,000 top ranked websites and detailed case studies, it reveals how Drupal continues to power critical digital platforms in government, media, education and enterprise. This page is not just a list; it is a living record of trust, resilience and the impact of open source.

Overall SummaryOur November monthly meeting showcased significant progress across the UI Suite ecosystem as we edge closer to major milestones. The star of the show was Display Builder, with beta 1 finally ready for release after strategic delays to align with Drupal 11.3 alpha 1. We demonstrated exciting real-time collaboration features that allow multiple users to build displays simultaneously. The meeting also covered our ongoing migration from UI Patterns 1 to 2, with a new automated conversion tool now available.

Drupal Advent Calender 2025 - Call out to Initiative Leads lostcarpark_admin Mon, 11/24/2025 - 01:37 Image Body

For the past three years, the Drupal Advent Calendar has spotlighted shiny new modules, clever projects, and all sorts of open-source goodness.

This year we’re hanging up our “new module smell” stockings and doing something different.

It’s time to celebrate the people, the elves, reindeer, and magical snow-folks who keep the Drupal project running behind the scenes.

This year’s theme is The People of Drupal, and we’re on a quest to find the unsung heroes who quietly make the magic happen.

We’re asking initiative leads to nominate someone from their project who’s made a meaningful impact but hasn’t…

This year, DrupalCamp Scotland was held on the 7th November, at the University of Edinburgh.

On the morning of the conference I made the quick walk from by bed and breakfast and arrived at 50 George Square to join in with around 60 attendees to a day of talks and chatting.

The morning coffee and a selection of pastries was set out in the corridor outside the main room of the conference. I'm sure a few of the tasty pastries were lost to passing students.

After getting settled in we had a quick introduction session by Stratos Filalthis before we started the day.

The first talk of the day was with Paul McCrodden and Laura Waldoch, with their talk Less Is More: Streamlining 500+ Diverse University Sites into One Central Platform. Paul and Laura both work at the University of Cambridge and the talk was a look at how the university is taking the 500+ websites that are dotted around and consolodating them into a single resource. That single resource is powered by Drupal 11 and the talk looked at how they were building a Drupal install profile that could handle the requirements that these different sites had.

Read more

Managing content workflows in Drupal requires tools that track content from draft to publication. Drupal provides options for implementing workflows at different levels, from basic content moderation to field-level state management and webform submission tracking.

In the video above, you'll learn how to set up and configure Content Moderation, use field-level state management with the Field States Transitions module, and track webform submissions with the Webform Workflows Element.

Generally any application framework provides users to have a flow to reset the passwords by default, It is more like, use clicking on the Reset Password link and redirects to a page where he will asked for email and reset link sent to users email, so that user can reset the password on their own. This is a default or general flow that any application framework provides, but developers or architec