Author Archives: Jonah Sheridan Fenn

OSU Drupal Distribution Update

Posted on by | Leave a reply

Drupalicon graphic

An update was released to our development environment on Tuesday, November 22nd, 2016 and will be released to production sites on Thursday, December 1st, barring any security/emergency updates. The following updates have been applied:

Major Version Upgrade

  • 7.51 Issues – more than 10 updates/bugfixes. Please see 7.51 release notes for details.

Drupal Core Bug Fix/Security Updates

  • 7.52 Issues
    • Less Critical
      • Inconsistent Naming for Term Access Query
      • Incorrect Cache Context on Password Reset Page
    • Moderately Critical
      • Confirmation Forms Allow External URLs to be Injected
      • Denial of Service Via Transliterate Mechnism

New Modules Added

  • UUID – Universally Unique IDentifier. This module will not be turned on by default. CWS will enable it on an as-needed basis.

Contributed Module Updates

  • None

OSU Module Updates

  • None

OSU Theme Updates

  • None

If you have questions or concerns please contact us though our contact form.

OSU Drupal Distribution Update

Posted on by | Leave a reply

An update was released to our development environment on Tuesday, August 30th, 2016 and will be released to production sites on Tuesday, September 6th, barring any security/emergency updates. The following updates have been applied:

Major Version Upgrade

  • None

Drupal Core Bug Fix/Security Updates

  • None

New Modules Added

  • None

Contributed Module Updates

  • Webform 7.x-4.14:
    • This release contains two updates that have been rolled into one
    • 7.x-4.13 The update of most concern for us is the one that involves conditionals. Users can now actually nest conditional statements inside of other conditional statements. This is pretty exciting, but it also opens the door for some potential confusion. We ask of anyone who is using conditionals to give their form(s) a test in their dev environment to make sure everything is working correctly.
      • Additionally, there are more than ten other updates that have been introduced. For more information, see the referenced release notes.
    • 7.x-4.14 was not a security release, but there were two big security improvements that were added to let users better understand the security ramifications of two existing features
      • Changing disabled components. The description of the disabled option now clarifies that it is still possible for a user to use developer or JavaScript tools to modify the value of a disabled component. This is by design and is considered desirable. To store a submission value that cannot be changed by the user, use a hidden component with the “secure value” option.EntityInterface added to allow programming interfaces
      • Submission results downloaded as delimited text files (e.g. CSV). Some spreadsheets interpret cell data within a delimited text file as a formula, leading to a formula injection vulnerability in the spreadsheet. Data submitted by untrusted users that may be opened by a spreadsheet should be downloaded in Microsoft Excel format rather than delimited text format. The Webform submission download page makes this clear.
      • Additionally there are more than ten other updates that have been introduced. For more information, see the referenced release notes

OSU Module Updates

  • None

OSU Theme Updates

  • None

If you have questions or concerns please contact us though our contact form.

OSU Drupal Distribution Update

Posted on by | Leave a reply

An update was released to our development environment on Tuesday, August 23rd, 2016 and will be released to production sites on Tuesday, August 30th, barring any security/emergency updates. The following updates have been applied:

Major Version Upgrade

  • None

Drupal Core Bug Fix/Security Updates

  • None

New Modules Added

  • Metatag 7.x-1.17:
    • The information found at this Code Karate tutorial is a little dated, but it will get you started in the right direction. Please note that module configuration is an architect level activity.

Contributed Module Updates

  • CTools 7.x-1.10:
    • This update has more than ten changes. Please refer to the version link above for more details.
    • Please note that this module is a suite of APIs that are not testable via the User Interface. Many of the modules within our OSU Drupal 7 distribution are dependent upon it for base functionality.
    • Many of the fixes in this update relate to CTools modal forms, which appear in the Views User Interface.
  • Entity 7.x-1.7:
    • Views Row Plugin “Rendered Entity” adds reference to the view
    • EntityInterface added to allow programming interfaces
    • theme_entity_property() now respects “content” variable
    • Fixed error “Call to a member function label() on a non-object” in generated admin UI
    • Added a way to prevent exportable rebuild on cron run

OSU Module Updates

  • None

OSU Theme Updates

  • None

If you have questions or concerns please contact us though our contact form.

OSU Drupal Distribution Update

Posted on by | Leave a reply

An update was released to our development environment on Tuesday, August 16th, 2016 and will be released to production sites on Tuesday, August 23rd, barring any security/emergency updates.  The following updates have been applied:

Major Version Upgrade

  • None

Drupal Core Bug Fix/Security Updates

  • None

New Modules Added

  • None

Contributed Module Updates

  • Acquia Connector 7.x-2.17:
    • Please note that this module is used for server connectivity at Acquia and is not something that our customers have access to.
    • Fixed bug that was breaking the status page
    • Updated the migrate form to expect non-2xx response codes from Acquia Cloud as the server side code changed
    • Fixed up the unit tests so they all pass now and make further development/maintenance easier
  • Colorbox 7.x-2.12:
    • Add missing gallery navigation buttons
    • Increased minimum required version of Colorbox plugin to 1.6.1 to encourage people to upgrade
      • CWS pulls from the Colorbox repo, so we already have 1.6.1 in use
  • Context 7.x-3.7:
    • More than 10 fixes/improvements (all minor), please see version notes by clicking on the version number above
  • Display Suite 7.x-2.14:
    • Previous update introduced a regression. This release fixes the resulting problems.
  • Features 7.x-2.10:
    • Fixed undefined index error
    • Fixed features_get_component_states() so that it passes its $reset param
    • Fixed Drush fl output issue
  • Field Collection 7.x-1.0-beta11:
    • Fixed array_filter() issue that was produced after upgrading to 7.x-1.0-beta10
  • Libraries API 7.x-2.3:
    • More than 10 fixes/improvements (all minor), please see version notes by clicking on the version number above

OSU Module Updates

  • None

OSU Theme Updates

  • None

If you have questions or concerns please contact us though our contact form.

Drupal Release 7.50-cws-1.0.0

Posted on by | Leave a reply

The Drupal 7.50-cws-1.0.0 update was released to our development environment on Tuesday, July 26th, 2016 and will be released to production sites on Tuesday, August 2nd.  The following updates have been applied:

Major Version Upgrade

  • Drupal Core 7.50
    • This update has 64 bug-fixes/improvements, most of which should be transparent to our users. There are fixes, however, that involve field configuration access and text formats.
    • While we don’t expect any issues, we request that users double-check their development sites and report any errors via our contact form.

Drupal Core Bug Fix/Security Updates

None

New Modules Added

  • Module Missing Message Fixer: a utility module used to clean up database elements that linger after a module is uninstalled. This module is used by Central Web Services to help keep a site’s database clean.

Contributed Module Updates

None

OSU Module Updates

None

OSU Theme Updates

None

If you have questions or concerns please contact us though our contact form.

Drupal Release 7.41-cws-1.4.0

Posted on by | Leave a reply

The Drupal 7.41-cws-1.4.0 update was released to our development environment on Wednesday, January 20th, and will be released to production sites on Tuesday, January 26th.  The following updates have been applied:

Major Version Upgrade

  • None

Drupal Core Bug Fix/Security Updates

  • Field Group: 7.x-1.4 – > 7.x-1.5

    • Moderate Security Issue: When adding an HTML element as a field group, the user had the option of adding custom HTML attributes on the group. Via this option, a malicious user could embed scripts within the page, resulting in a cross-site scripting (XSS) vulnerability. This was mitigated by the fact that the attacker would have to be able to configure field display settings, which usually needs a higher level permission.
    • 18 additional fixes/updates. View the Field Group Release Notes for detailed information

New Modules Added

  • None

Contributed Module Updates

OSU Module Updates

  • Highlights: Updated view to use caching.
  • Live Feeds: Fix underline for calendar months in Firefox 40 and above.

OSU Theme Updates

  • Doug Fir: Added small changes to prepare theme for larger, full-screen changes in the future.

If you have questions or concerns please contact us though our contact form.

Drupal Release 7.41-cws-1.2.0

Posted on by | Leave a reply

The Drupal 7.41-cws-1.2.0 update was released to our development environment on Tuesday, November 24th, and will be released to production sites on Tuesday, Dec. 1st.  The following updates have been applied:

Major Version Upgrade

  • None

Drupal Core Bug Fix/Security Updates

  • None

New Modules Added

  • None

Contributed Module Updates

  • FileField Paths: 7.x-1.0-rc2 -> 7.x-1.0
    • Official Release Status
    • Added variable module integration.

OSU Module Updates

  • OSU Drupal: Updated parent unit pathauto settings
  • OSU Profiles: Added missing module dependencies
  • OSU Groups: Architects can now remove the top level book page of an organic group. Style updates added to the dashboard.
  • Feature Page: Page title now appears at the same place, no matter the browser size. Page title now appears if a feature page is the home page of a site.

OSU Theme Updates

  • Doug Fir: Science variant font and size updates

If you have questions or concerns please contact us though our contact form.

Drupal Release 7.41-cws-1.1.0

Posted on by | Leave a reply

The Drupal 7.41-cws-1.1.0 update was released to our development environment on Tuesday, November 10th, and will be released to production sites on Tuesday, Nov. 17th.  The following updates have been applied:

Major Version Upgrade

  • None

Drupal Core Bug Fix/Security Updates

  • None

New Modules Added

  • None

Contributed Module Updates

  • FileField Paths: 7.x-1.0-rc1 -> 7.x-1.0-rc2
    • Fixed issue with temporary upload location and field collections.
    • Fixed issue with Media Youtube files being processed.
    • Added stricter checks for filefield_paths_form_alter().
    • Fixed issue with unicode characters in pathauto processing.
  • jQuery Update: 7.x-2.6 -> 7.x-2.7 (Security release!)
    • The jQuery Update module enables you to update jQuery on your site. The module ships with a modified version of the core Overlay JavaScript file, which is vulnerable to an open redirect attack (see SA-CORE-2015-004). Only sites with the Overlay module enabled are vulnerable. An incomplete fix for this issue was released in SA-CONTRIB-2015-123.
  • Views: 7.x-3.11 -> 7.x-3.13
    • Revert “Issue #2204257 by ezra-g, andyg5000: Update Views Content access filter per core performance improvements.”

OSU Module Updates

  • None

OSU Theme Updates

  • None

 

If you have questions or concerns please contact us though our contact form.

Drupal Release 7.41-cws-1.0.0

Posted on by | Leave a reply

The Drupal 7.41-cws-1.0.0 update was released to our development environment on Tuesday, October 27th, and will be released to production sites on Tuesday, Nov. 3rd.  Our previous development release was not pushed to production therefore this release includes our previous package, plus some additional updates, as noted with a bold typeface:

Major Version Upgrade

  • Drupal Core 7.39 > 7.41

Drupal Core Bug Fix/Security Updates

  • Drupal Core 7.41 addresses a less critical security vulnerability in the core Overlay module. This vulnerability is mitigated by the fact that it can only be used against site users who have the “Access the administrative overlay” permission, and that the Overlay module must be enabled.
    • OSU Drupal 7 does not have the Overlay module enabled in its default distribution.

New Modules Added

  • Access Control Bridge: 7.x-1.2
    • Added to improve the interplay between the different access control modules we use (Domain Access and Organic Groups).
  • Feature Page: 7.x-1.1.2
    • An OSU module that provides a full-width, liquid display. Please see our Feature Page instructions if you’re interested in previewing this in your development environment.

Contributed Module Updates

  • Adminimal theme: 7.x-1.22 -> 7.x-1.23
  • Colorbox: 7.x-2.9 -> 7.x-2.10
    • Less Critical Security fix to prevent users from adding unexpected content to a colorbox, including content from external sites, which could allow an unprivileged user to deface a site. Issue was mitigated by the fact that comments must be enabled (they are not used on our sites).
  • Features: 7.x-2.6 -> 7.x-2.7
  • Filefield Paths: 7.x-1.0-beta4 -> 7.x-1.0-rc1
  • Pathauto: 7.x-1.2 -> 7.x-1.3
  • Views Field View: 7.x-1.1 -> 7.x-1.2
    • Fixed query aggregation for field api fields
    • Sorted list of views
    • Fixed strict warning only variables – should be passed by reference in options_form()
    • Added simple, static caching
  • Webform: 7.x-4.10 -> 7.x-4.12
    • Over 15 issues/feature improvements added in the 7.x-4.11 release. Please see the Webform project release notes list for details.
    • There was an additional update between our two update sessions that has been included in this release.  Over 20 issues/feature improvements have been added in the 7.x-4.12 release. Please see the Webform project release notes list for details.

OSU Module Updates

  • Live Feeds: Added Google Calendar Feed into module
  • OSU Search: Removed unnecessary argument from query string for Google Site Search

OSU Theme Updates

  • Doug Fir: Added improved styling for Views Accordian menu

Request for Feedback

  • Feature Page: As mentioned in our Drupal Community Meeting on Tuesday, Oct. 13th, we are still soliciting feedback for this feature. If you need help setting this up and would like to provide feedback on it, please send us a ticket via our contact form link below.

If you have questions or concerns please contact us though our contact form.

Drupal Release 7.39-cws-1.2.0

Posted on by | Leave a reply

The Drupal 7.39-cws-1.2.0 update was released to our development environment on Tuesday, October 13th, and will be released to production sites on Tuesday, October 20th.  This release includes:

Major Version Upgrade

  • None

Drupal Core Bug Fix/Security Updates

  • None

New Modules Added

  • Access Control Bridge: 7.x-1.2
    • Added to improve the interplay between the different access control modules we use (Domain Access and Organic Groups).

Contributed Module Updates

  • Colorbox: 7.x-2.9 -> 7.x-2.10
    • Less Critical Security fix to prevent users from adding unexpected content to a colorbox, including content from external sites, which could allow an unprivileged user to deface a site. Issue was mitigated by the fact that comments must be enabled (they are not used on our sites).
  • Filefield Paths: 7.x-1.0-beta4 -> 7.x-1.0-rc1
    • Over 22 issues addressed in this move to a Release Candidate. Please see the release notes list for details.
  • Pathauto: 7.x-1.2 -> 7.x-1.3
  • Views Field View: 7.x-1.1 -> 7.x-1.2
    • Fixed query aggregation for field api fields
    • Sorted list of views
    • Fixed strict warning only variables – should be passed by reference in options_form()
    • Added simple, static caching
  • Webform: 7.x-4.10 -> 7.x-4.11
    • 15 issues/feature improvements added. Please see the release notes list for details.

OSU Module Updates

  • Live Feeds: Added Google Calendar Feed into module
  • OSU Search: Removed unnecessary argument from query string for Google Site Search

OSU Theme Updates

  • Doug Fir: Added improved styling for Views Accordian menu

Request for Feedback

  • Feature Page: As mentioned in our Drupal Community Meeting on Tuesday, Oct. 13th, any users who are interested in testing out the Feature Page in a dev environment, please put in a request via the contact form below.

 

If you have questions or concerns please contact us though our contact form.