ITS has posted a patch-level release of the UT Drupal Kit in order to address multiple critical security vulnerabilities in the SimpleSAMLphp library.
This release is only available via Pantheon upstream repository, as SimpleSAMLphp is not bundled with the standalone download version of the UT Drupal Kit.
It is recommended that all users of the UT Drupal Kit on Pantheon update their sites with this latest version as soon as practicable.
ITS has posted a patch-level release of the UT Drupal Kit in order to address the critical security vulnerability in Drupal core announced on February 21, 2018 (View the complete security advisory on Drupal.org).
It is recommended that all users of the UT Drupal Kit update their sites with this latest version as soon as practicable.
ITS is happy to announce the immediate availability of UT Drupal Kit 2.12, the twelth maintenance release for our University distribution since the inclusion of the Forty Acres theme and the Page Builder module.
The 2.12 release includes two minor bug fixes and a change to the default site installtion behavior. There are no updates to Drupal core or contrib modules, or the “Page Builder” custom module.
MIXED FONT CASE BUG FIX
PLEASE NOTE: The following issue does NOT apply to users of the packaged zip file version of the UT Drupal Kit, and is specific to users of the Pantheon upstream repository.
For users of the UT Drupal Kit upstream repository on Pantheon, the 2.11 release introduced an unintentional change within the profiles/utexas/themes/forty_acres/fonts and profiles/utexas/themes/forty_acres/src/fonts directories in which some font directory and filenames were all-lowercase and others were mixed-case. The intended change was for all of these directories and filenames to be all-lowercase.
This issue has been resolved in the 2.12 release, but developers with local clones of their Pantheon site repo should re-clone in order to ensure that their local version of the codebase is fixed. More details, including resolution steps, can be found in the special release notes for the 2.12 release.
ACCESSIBILITY POLICY LINK LINE BREAK FIX
With the change to the Libre Franklin sans-serif font in the 2.11 release, the required footer link for the UT Accessibility Policy started breaking onto a second line. This has been fixed in the latest version of the Forty Acres theme.
CUSTOMIZED DEFAULT ADMIN USERNAME
A recent phishing attempt against Drupal sites around the globe attempted to leverage the fact that the default username for the “superuser” or UID 1 user that is created during site installation is “admin” by sending password reset requests for the username “admin” to many sites.
No UT Drupal Kit sites were compromised as a result of this attempted exploit, but in order to provide an extra measure of protection against similar future attempts, we have updated the UT Drupal Kit installation profile with a custom value for the default username on the UID 1 account.
Site owners may still select a different value during or after installation as desired. Please note that this change does NOT affect existing sites. However, we do recommend changing the username of the UID 1 account to something other than “admin” on existing sites.
Please review the changelog and special release notes thoroughly, and always make backups of your code, files, and database before proceeding with an update!
NEXT RELEASES
The UT Drupal Kit is released on bi-monthly maintenance release schedule, with releases targeted for the second Tuesday of the month. The next planned release for this year is UT Drupal Kit 7.x-2.13, due on April 10, 2018.
As previously discussed in our updated release cycle description, the UT Drupal Kit follows a bi-monthly maintenance release schedule, with releases targeted for the second Tuesday of the month.
The planned maintenance release dates for the first half of the 2018 calendar year will be:
February 13, 2018 – UT Drupal Kit 7.x-2.12
April 10, 2018 – UT Drupal Kit 7.x-2.13
June 12, 2018 – UT Drupal Kit 7.x-2.14
Any further adjustments to this schedule will be announced on this blog and on the UT Drupal users mailing list.
ITS is happy to announce the immediate availability of UT Drupal Kit 2.11, the eleventh maintenance release for our University distribution since the inclusion of the Forty Acres theme and the Page Builder module.
The 2.11 release includes updates to several contrib modules and a new default sans-serif font for the Forty Acres theme. There are no updates to Drupal core or the “Page Builder” custom module.
CONTRIB UPDATES
UT Drupal Kit 2.11 includes updated versions of the following contributed modules:
As a reminder, copies of all patches that have been applied to contrib modules in the UT Drupal Kit distribution are stored in the profiles/utexas/patches directory.
This change will require action for site owners who are using a subtheme of Forty Acres and have made CSS or SASS changes relating to fonts. The special release notes for the 2.11 release include a decision tree for determining whether a given subtheme will require modification, and the actions to take.
Please review the changelog and special release notes thoroughly, and always make backups of your code, files, and database before proceeding with an update!
NEXT RELEASES
The UT Drupal Kit is released on bi-monthly maintenance release schedule, with releases targeted for the second Tuesday of the month. This is the final planned release for 2017. The 2018 release schedule will be published soon.
ITS is happy to announce the immediate availability of UT Drupal Kit 2.10, the tenth maintenance release for our University distribution since the inclusion of the Forty Acres theme and the Page Builder module.
The 2.10 release includes updates to several contrib modules, minor color palette changes, updated favicons, and miscellaneous small improvements and bug fixes.
CONTRIB UPDATES
UT Drupal Kit 2.10 includes updated versions of the following contributed modules:
(Site owners working on Pantheon should note that both of these module updates were released to the Pantheon upstream repository as part of a bugfix update on August 18, 2017)
This release also adds a new contrib module to the distribution codebase — the “Drafty” module is a required dependency for the 7.x-3.x branch of the Workbench Moderation module. Workbench Moderation was updated to the 7.x-3.x branch in the UT Drupal Kit 7.x-2.5 release, but the Drafty was not included until now.
Any site owners who enabled or updated Workbench Moderation since the 7.x-2.5 release and who downloaded a copy of the Drafty module to their site’s sites/all/modules directory should disable that version of Drafty in favor of enabling the version in profiles/utexas/modules/contrib/drafty. Please see our special notes on this change in the UT Drupal Kit wiki.
COLOR PALETTE CHANGES
In August 2017, the Marketing and Creative Services team at the Office of University Communications launched the new University of Texas Brand Book and Toolkit, which includes changes to the recommended secondary color palette in the brand guidelines. The color values used in the Forty Acres theme have been changed accordingly.
The most visible change resulting from the updated color values is in the mobile navigation, as shown below:
For sites created prior to the 7.x-2.10 release and using a subtheme based on the Forty Acres STARTERKIT subtheme, developers who have been re-compiling the SASS for their theme will need to compare the default values provided in the _variables.scss file and copy the new and updated values into their subtheme’s corresponding file before recompiling their SASS to get these new color values into their CSS. Please see our special notes on this change in the UT Drupal Kit wiki.
UPDATED FAVICON PACKAGE
In order to better support the wide array of desktop and mobile browsers and operating systems that specify custom design requirements for favicons, the UT Drupal Kit now includes a complete package of favicons generated using the https://realfavicongenerator.net tool.
This new set of favicons is based on the default “shield” favicon that has always shipped with the Forty Acres theme. The template.php file in the Forty Acres base theme has been updated to attach the new favicons in the page markup as suggested by the folks at https://realfavicongenerator.net.
The following new files are now included in the root directory of the UT Drupal Kit distribution:
android-chrome-192x192.png
android-chrome-512x512.png
apple-touch-icon.png
browserconfig.xml
favicon-16x16.png
favicon-32x32.png
favicon.ico
manifest.json
mstile-144x144.png
mstile-150x150.png
mstile-310x150.png
mstile-310x310.png
mstile-70x70.png
safari-pinned-tab.svg
Site owners using a subtheme based on Forty Acres should not need to make any changes to their theme in order to take advantage of these changes, unless you have overridden certain parts of the STARTERKIT_preprocess_html() function related to favicon elements.
This change does effectively preclude site owners from replacing the default favicon via the theme settings UI. Site owners wishing to use a custom favicon set should place the favicon files in a subdirectory of their theme and use the STARTERKIT_preprocess_html() function in template.php to reference the specific location of these files.
FORM TAG NOW ALLOWED IN “FILTERED HTML FOR BLOCKS” ON NEW INSTALLS
The “Filtered HTML for Blocks” text format was designed to allow site builders to allow for users with a specific role to be able to use a wider range of HTML elements when adding content to a block, as opposed to a page/node. Situations where this comes in handy include creating blocks with embedded <script> or <iframe> tags, which should be used with caution and should not be available to all content editors.
This text format did not previously allow the use of the <form> HTML tag. The 7.x-2.10 release now whitelists the <form> tag in Filtered HTML for Blocks for new installations. Site owners whose sites were created prior to the 7.x-2.10 release can manually add this tag to the text format whitelist, if desired. The general procedure for updating the HTML tag whitelist in a text format is described in the release notes for a previous version of the Drupal Kit.
MISCELLANEOUS IMPROVEMENTS
A change to the Forty Acres theme improves the accessibility of responsive tables by increasing the opacity of the text color on the <caption> element.
BUG FIXES
Fixed an issue in which the Social Share block produced invalid HTML that could result in malformed page content.
Fixed an issue in which the use of the CSS value “padding: initial” caused a layout error in Internet Explorer.
Fixed an issue in which both the background and font color of a call-to-action button were the same when the button is used in a very specific scenario.
Please review the changelog and special release notes thoroughly, and always make backups of your code, files, and database before proceeding with an update!
NEXT RELEASES
The UT Drupal Kit is released on bi-monthly maintenance release schedule, with releases targeted for the second Tuesday of the month. The final planned release for this calendar year is UT Drupal Kit 7.x-2.11, scheduled for December 12, 2017.
ITS is happy to announce the immediate availability of UT Drupal Kit 2.9, the ninth maintenance release for our University distribution since the inclusion of the Forty Acres theme and the Page Builder module.
The 2.9 release includes a new Drupal core release and updates to several contrib modules, the ability to include site-specific settings via an include file, and miscellaneous small improvements and bug fixes.
DRUPAL 7.56 AND CONTRIB UPDATES
UT Drupal Kit 2.9 includes the version 7.56 of Drupal Core, which is a security release that addresses a moderately critical issue related to anonymous file uploads into the private file system. Please review the release notes before updating to check for any issues that may affect your site.
This release also includes updated versions of the following contributed modules:
Caption Filter
IMCE
Media
Memcache
Panels
Rules
Video Filter
Views
Views Bulk Operations
Workbench Access
Of these modules, only Media, Views, and Video Filter are enabled by default in the UT Drupal Kit.
Several of these updates require database updates, so be sure to run available updates via https://example.com/update.php or drush updb after upgrading your site’s codebase.
Two of these contrib module updates merit special attention:
The Media module update addresses a previously identified issue related to apply links on images inserted via the Media button in the WYSIWYG editor. This new Media release does now allow linking Media-inserted images, but enabling this capability requires making a change to your text format settings. Please see the 2.9 Release Notes article on our documentation wiki for details.
The Views module update to version 7.x-3.16 is described by the Views maintainers as a “rather major bug release,” so should be tested thoroughly for regressions, particularly related to CSS class names. Please review the module release notes for details.
ALLOWING FOR SITE-SPECIFIC SETTINGS FILE
Site owners wishing to use Drupal’s settings.php file for their own purposes–such as hard-coding site settings via the $conf array, or for implementing environment detection logic for environment-specific setting overrrides–have been challenged by the fact that we include a settings.php file in the UT Drupal Kit distribution. For Pantheon site owners, this means manual resolution of a git merge conflict for every upstream update. For non-Pantheon site owners, it means that updates to the Drupal Kit’s settings.php file must be manually merged into their own settings.php file.
To improve developers’ experience regarding this issue, there is now a conditional include at the bottom of the default UTDK sites/default/settings.php file that will load a file called site-settings.php if it is found in the same directory. This can be used for implementing site-specific settings changes such as exposing additional block types to the Page Builder layout editor, or overriding which types of social media accounts are available in the Social Media Links field or the sitewide Social Media accounts configuration.
There is an example file located at sites/default/example.site-settings.php which can be copied/renamed to sites/default/site-settings.php, and includes commented-out examples of the previously described configuration customizations.
Please note that the previously-existing include for local-settings.php is still in place, and comes after site-settings.php, meaning that settings from local-settings.php will still continue to override all other settings.
MISCELLANEOUS IMPROVEMENTS
A change to the Forty Acres theme’s CSS improves the color-contrast ratio of the text and background colors of the UT Drupal Kit’s mobile menu display.
Fields with no data will no longer display as available to be placed via the Layout Editor provided by the Page Builder module.
The placement of the Google Tag Manager snippet has been moved in order to comply with Google’s best practice recommendation that the <script> element be located inside the <head> element and that the <noscript> element be located immediately following the opening <body> tag.
Please note that this change means that the Google Tag Manager module can no longer track pageviews in the Seven administrative theme. If tracking of administrative pageviews is required, site owners should use a custom admin theme.
The Page Builder “Resource” field would not allow entry of resource links without a headline field, but the headline field was not marked as required. This has been resolved by allowing the entry of resource links only, without an accompanying headline.
Custom blocks placed in the sidebar region of Page Builder templates are now styled more consistently with other field blocks placed in the same region.
BUG FIXES
Fixed an issue in which the “Featured Events” block would not display a solid background color when placed in a region with a background accent.
Fixed an issue in which custom content types containing a non-alphanumeric character would not display fields correctly in the layout editor.
Please review the changelog and special release notes thoroughly, and always make backups of your code, files, and database before proceeding with an update!
NEXT RELEASES
The UT Drupal Kit is released on bi-monthly maintenance release schedule, with releases targeted for the second Tuesday of the month. The planned schedule for the remainder of the 2017 calendar year is:
With the 7.x-2.9 update of the UT Drupal Kit, astute developers will notice a new file in the document root of their git repo called pantheon.upstream.yml, whose contents look like this:
# IMPORTANT NOTE:
# Do not edit this file unless you are doing so in your custom upstream repository.
# Override the defaults specified here in a site-specific `pantheon.yml` file.
# For more information see: https://pantheon.io/docs/pantheon-upstream-yml
api_version: 1
php_version: 5.6
I’m already using PHP 7 in my UT Drupal Kit site. How does this affect me?
If you have already specified PHP 7 as the default version in a pantheon.yml file in your site repository, nothing will change. Configuration options defined in pantheon.yml override any defined in pantheon.upstream.yml.
My Drupal 7 site is on Pantheon, but doesn’t use the UT Drupal Kit upstream. How does this affect me?
Since Drupal 7 is not 100% compatible with PHP 7, this same pantheon.upstream.yml file is also included in Pantheon’s base Drupal 7 upstream repository. So you should have already seen this file show up as a commit waiting to be merged from the Drupal 7 upstream.
Again, no action should be needed on your part in order to maintain the status quo — if you had already put a pantheon.yml file in place to upgrade your site to PHP 7, it will override the pantheon.upstream.yml file. If you do not have a pantheon.yml file in place, your site would have already been using PHP 5.5 or 5.6, and this new file will simply preserve that as the default going forward.
I’m using the UT Drupal Kit on UT Web or a VM. How does this affect me?
The pantheon.upstream.yml file is not included as part of the standalone UT Drupal Kit download, so this does not affect sites that are not hosted on Pantheon.
Will the UT Drupal Kit ever default to PHP 7 on Pantheon?
Probably not until we have a Drupal 8 version of the Kit.
As discussed in our previous post, “PHP 7, the UT Drupal Kit, and You!” there are sufficient unknowns with regard to total compatibility with Drupal core, all of the contrib modules included with the Drupal Kit, and the wide range of customizations already present in deployed sites, that we are not comfortable making this the default version.
We do have a number of Drupal Kit-based sites maintained by ITS that are running on PHP 7 without problems. If you are interested in trying this for yourself, feel free to experiment with creating a pantheon.yml file of your own and deploying PHP 7 to your DEV (or better yet, a multidev!) environment and putting your site through its paces.
As previously discussed in our updated release cycle description, the UT Drupal Kit follows a bi-monthly maintenance release schedule, with releases targeted for the second Tuesday of the month.
The remaining maintenance release dates for the 2017 calendar year will be:
August 8, 2017 – UT Drupal Kit 7.x-2.9
October 10, 2017 – UT Drupal Kit 7.x-2.10
December 12, 2017 – UT Drupal Kit 7.x-2.11
Any further adjustments to this schedule will be announced on this blog and on the UT Drupal users mailing list.
ITS is happy to announce the immediate availability of UT Drupal Kit 2.8, the eighth maintenance release for our University distribution since the inclusion of the Forty Acres theme and the Page Builder module.
Please note that the official downloadable version of this release is labeled as “2.8.1” — version 2.8 was released to Pantheon dashboards and included a minor bug that was fixed before release of the full download on UT Service Now as version 2.8.1.
The 2.8 release includes a new Drupal core release and updates to several contrib modules, enhancements to the “Twitter Widget” functionality, and a number of changes to enhance accessibility on Drupal Kit-based sites.