128 posts tagged with "Drupal"

Cloudflare viNext is the fastest path today to run modern Next.js apps on Workers with less adapter glue. But the safe adoption pattern is not "AI rewrites everything." The practical pattern is AI for scoped transforms, deterministic checks for every change set, and a canary rollback plan.

That combination gives speed without losing production stability.

Drupal does not need more hot takes; it needs a cleaner signal path so you can see what changed, what might break, and what to do next before release day punches you in the face.

SearXNG in Drupal AI assistants matters because it gives you controllable, inspectable retrieval without funneling your org's prompts and context into yet another black-box "trust us" API.

As of February 24, 2026, WordPress 7.0 is in Beta 1 (released February 20, 2026), and the post editor is planned to run inside an iframe regardless of block apiVersion. If your plugin still depends on top-window DOM selectors, legacy block registration, or unflagged classic meta boxes, this is the migration window to fix compatibility before the planned 7.0 release on April 9, 2026.

The Drupal CMS survey callout published on February 23, 2026 is timely and worth acting on. But teams should submit feedback with release context in mind: Drupal core 11.3.0 is current, Drupal 10.5.x is the transitional supported line, and Drupal CMS 2.x is the active stream.

The best use of this survey is to report friction that blocks real launches, not generic wishlist items.

Agentic AI moves fast. A few lines of code, a powerful LLM, and suddenly an agent is doing something that looks impressive. The rapid iteration is addictive, but it leads to a development style I call "vibe coding" -- tweak a prompt, rerun, and if the output feels right, ship it.

This works for a demo. It is a recipe for disaster in production.

DDEV v1.25.0 fundamentally improves how we share work in progress. The new modular share provider system with Cloudflare Tunnel as the default is the best developer experience improvement in DDEV in years. Zero config, zero accounts, zero friction.

I have been using it daily since the release, and the old ngrok workflow feels ancient.

Dries Buytaert has introduced "Drupal Digests," a new initiative that uses AI to summarize development activity across Drupal Core, Drupal CMS, Canvas, and the AI Initiative. This is one of the most practical uses of AI in open-source project management I have seen.

Instead of building AI into Drupal, this is using AI to make the Drupal project more navigable. Smart move.

WordPress offers two distinct preview systems: the Customizer's device preview and the Block Editor's "Preview in new tab" dropdown. Both are extensible, but they require completely different approaches. I dug into both.

Drupal 11 ships with jQuery 4. jQuery 4 removes $.type(). Slick Carousel uses $.type(). The result is a fatal JavaScript error that kills every carousel on the page. I tracked down the exact failure chain and the fix.

PHP 8.4 introduces stricter type and error handling, converting many E_WARNING messages into hard-throwing TypeError and ArgumentCountError exceptions. I built this playbook for identifying potential issues and mitigating them before upgrading.

I built a WordPress 7.0 compatibility scanner CLI that detects deprecated editor integrations and iframe-unsafe code patterns in plugins/themes. It gives rule IDs, migration replacements, and CI exit codes so teams can block risky code before release windows.

I built a WordPress plugin that adds wp wordfence-audit plugins and flags installed plugins that match vulnerability signals from the current Wordfence blog RSS feed. The goal is quick triage from existing RSS workflows, not replacing full vulnerability databases.

I shipped an OpenAI o3-mini planner for my Drupal CMS 2 AI agent and kept a local rule-based fallback, because Drupal's 2026 AI direction is clear: intelligent automation is coming fast, but production teams still need predictable behavior when external AI calls fail.

If you want your WordPress content to appear in AI-generated answers, prioritize this sequence: answer-first writing, schema accuracy, clean crawl controls, maintained plugins, and weekly validation in Search Console/Bing Webmaster Tools. As of February 17, 2026, this is practical on WordPress 6.9.1 and should be treated as an operational SEO workflow, not a one-time checklist.

Drupal 11.1 does not break public APIs, but custom entity code can still break during upgrades because entity type definitions moved to attributes, some entity-related routes are deprecated for Drupal 12, and entity reference formatter output changed in access-sensitive contexts. If you maintain custom entities, treat Drupal 11.1 as a migration checkpoint, not just a patch-level bump.

If your team is still on Drupal 10.4.x, treat Drupal 11 migration as active incident prevention, not roadmap hygiene: Drupal.org now flags 10.4.x security support as ended, and current supported lines are newer. The fastest safe path is to clear the high-impact change records first, then move to supported 10.5/10.6 and 11.x targets in one controlled sequence.

WowRevenue versions up to 2.1.3 can expose a high-risk path when authenticated low-privilege users can reach plugin installation or activation logic through AJAX handlers without strict capability checks. The practical fix is to enforce current_user_can('install_plugins') or current_user_can('activate_plugins') at handler entry and keep nonce checks as anti-CSRF only.

Pantheon reporting "All Systems Operational" is a good signal, but it is not a deploy approval by itself. I treat platform status as one input in a release gate that also checks app health, migration safety, and rollback readiness.

I shipped a release-audit tool for security_advisories_nl because release news, vulnerability records, and platform status pages are noisy unless you convert them into a clear adopt-or-wait decision.