UT Drupal Kit 2.19.4 Security Release

ITS has posted a patch-level release of the UT Drupal Kit in order to address a critical security vulnerability in the SimpleSAMLphp library.

This release is only available via Pantheon upstream repository, as SimpleSAMLphp is not bundled with the standalone download version of the UT Drupal Kit.

It is recommended that all users of the UT Drupal Kit on Pantheon update their sites with this latest version as soon as practicable.

How to Update the UT Drupal Kit

Complete instructions for updating a UT Drupal Kit site are available on the documentation wiki.

Please review the release notes thoroughly, and always make backups of your code, files, and database before proceeding with an update!

UT Drupal Kit 2.15 Release

ITS is happy to announce the immediate availability of UT Drupal Kit 2.15, the latest maintenance release for our University distribution of the Drupal web content management system and the final scheduled release for 2018.

The 2.15 release includes an important change to default PHP behavior for Pantheon sites, multiple updates to Drupal core, contrib module updates, several minor bugfixes, and an update to the front-end package list for themes built on the Forty Acres-based STARTERKIT theme.

PHP 7 BY DEFAULT ON PANTHEON CUSTOM UPSTREAM

In August of 2018, Pantheon started specifying PHP 7.1 as the default PHP version in the pantheon.upstream.yml file for their Drupal 7 upstream repository. However, this change occurred after the last release of the UT Drupal Kit custom upstream on Pantheon, so all UT Drupal Kit sites have remained on PHP 5.6 by default until now.

As of version 7.61, Drupal core now passes all tests for compatibility with PHP 7.2, and Pantheon has followed suit by again updating the default PHP version in pantheon.upstream.yml. However, in testing the UT Drupal Kit codebase with PHP 7.2, we have encountered some deprecation notices associated with the Field Collection module, and are therefore staying with PHP 7.1 as the new default for the UTDK custom upstream on Pantheon until this issue is resolved.

We have extensively tested the UTDK codebase with PHP 7.0 and 7.1, and have been running many sites under these older versions of PHP 7 on Pantheon for over a year with no issues (please see “PHP 7, the UT Drupal Kit, and You” from April 2017 for additional discussion). However, any sites with custom code, additional contrib modules, or even certain configurations could still potentially uncover untested cases and encounter PHP 7 incompatibilities. Therefore, we strongly recommend that site owners thoroughly test this release in the DEV/TEST environments before deploying it to the LIVE environment.

If you wish to apply the upstream updates without testing PHP 7 compatibility for your site at this time, then you can first add a pantheon.yml file to the site repository to pin the site’s PHP version to 5.6 until such time as you can test and deploy PHP 7 to your site using Pantheon’s recommended approach. But keep in mind that PHP 5.6’s security support phase ends at the end of 2018. Pantheon will continue to offer PHP 5 support for the time being, but they will eventually remove unsupported versions of PHP from the platform.

DRUPAL CORE UPDATES

The 2.15 release incorporates two versions of Drupal core that have been released since the last UTDK release in August 2018.

Version 7.60 was a security-only release, and the only major change in version 7.61 was compatibility with PHP 7.2 (though as noted, this compatibility does not currently extend to the full UT Drupal Kit codebase).

For complete details about these core updates, please review the release notes:

CONTRIB UPDATES

The 2.15 release includes updates to the following contrib modules:

Please note that because of the interval since the last Drupal Kit release, and depending on the current version of the Drupal Kit distribution on your installed site, some of these contrib updates may represent jumps of multiple versions.

Please check your currently installed module versions and review the release notes on Drupal.org for any additional releases that will be incorporated in this update.

BUG FIXES

  • Fixed an issue that could result in blocks not being visible on Page Builder-enabled content types due to naming conflicts
  • Updated CSS to eliminate orphaned text on floated images placed inside the WYSIWYG A or WYSIWYG B fields
  • Fixed an issue in which use of the <nolink> attribute on a Hero Photo field’s link attribute could cause improper rendering

FRONT-END PACKAGE UPDATES

The list of packages defined in the STARTERKIT subtheme’s package.json and package-lock.json files have updated in this release in order to maintain compatibility with the current stable releases of node and npm.

For full details and instructions for updating your subtheme, please review our special release notes.

HOW TO UPDATE THE UT DRUPAL KIT

Complete instructions and download links for updating a UT Drupal Kit site are available on the documentation wiki. Pantheon site dashboards that use the UT Drupal Kit distribution should see the upstream updates available now; see the Pantheon documentation for more information on applying upstream updates.

Please review the changelog and special release notes thoroughly, and always make backups of your code, files, and database before proceeding with an update!

NEXT RELEASES

The UT Drupal Kit is released on a bi-monthly maintenance release schedule, with releases targeted for the second Tuesday of the month. The first planned release for next year is UT Drupal Kit 7.x-2.16, due on February 12, 2019.

If you have questions or concerns about the UT Drupal Kit, please feel free to email us at drupal-kit-support@utlists.utexas.edu.

PHP 7, the UT Drupal Kit, and You!

For some time now, the buzz in the PHP community has been about the amazing performance increases that can be seen from simply updating an application from PHP 5.x to PHP 7 (for those just joining in, there is no PHP 6). Check out this infographic from Zend to see visualizations of the differences between PHP 5.6 and PHP 7 on common PHP frameworks, including Drupal and WordPress. For Drupal sites, measured performance gains with PHP 7 can be over 60%.

While PHP 7 is not yet available on UT Web, it is available on Pantheon for those using the CMS Hosting Platform service. And enabling PHP 7 on a Pantheon site is as simple as adding a `pantheon.yml` file to your site’s docroot and specifying the PHP version for the site as “7.0.”

Continue reading