Feed aggregator

Bulgaria PHP Conference 2016

PHP Announcements - 4 hours 53 min ago
Bulgaria PHP Conference is the premier PHP conference, gathering PHP and frontend developers and engineers from all around Europe. Co-organized by the Bulgaria PHP User Group and SiteGround web hosting, the conference is bringing internationally renowned experts from the PHP industry to talk about APIs, Frameworks, Security, Testing, Continuous Integration, and much more! Highlights: 500+ passionate attendees 27 world renowned speakers 4 practical workshops 3 actioned-packed days 1 legendary after party Games, JeoPHPardy, Hackaton Amazing food, swag and gifts inlcuded Get your discounted ticket today. Price increases to the regular one (129 EUR) on September 1, 2016. Still not convinced? Here are several reasons to head to Sofia for Bulgaria PHP Conference.
Categories: Development News, PHP, PHP News

Forum PHP 2017

PHP Announcements - Fri, 06/23/2017 - 10:33
Forum PHP 2017 will take place on Oct. 26 & 27th This year, Forum PHP welcomes you in Marriott Rive Gauche, Conference Center, 17 Boulevard Saint-Jacques, 75014 Paris, France. The annual conference organized by AFUP, the French PHP-users group, gathering all PHP and Open Source communities, pros and PHP lovers. http://event.afup.org
Categories: Development News, PHP, PHP News

PHP 7.2.0 Alpha 2 Released

PHP Announcements - Thu, 06/22/2017 - 07:00
The PHP development team announces the immediate availability of PHP 7.2.0 Alpha 2. This release contains fixes and improvements relative to Alpha 1. All users of PHP are encouraged to test this version carefully, and report any bugs and incompatibilities in the bug tracking system. THIS IS A DEVELOPMENT PREVIEW - DO NOT USE IT IN PRODUCTION! For information on new features and other changes, you can read the NEWS file, or the UPGRADING file for a complete list of upgrading notes. These files can also be found in the release archive. For source downloads of PHP 7.2.0 Alpha 2 please visit the download page, Windows sources and binaries can be found on windows.php.net/qa/. The third and final alpha will be released on the 6th of July. You can also read the full list of planned releases on our wiki. Thank you for helping us make PHP better.
Categories: Development News, PHP, PHP News

Drupal Core - Multiple Vulnerabilities - SA-CORE-2017-003

Drupal News - Wed, 06/21/2017 - 13:44

Drupal 8.3.4 and Drupal 7.56 are maintenance releases which contain fixes for security vulnerabilities.

Updating your existing Drupal 8 and 7 sites is strongly recommended (see instructions for Drupal 8 and for Drupal 7). This release fixes security issues only; there are no new features nor non-security-related bug fixes in this release. See the 8.3.4 release notes and the 7.56 release notes for details on important changes and known issues affecting this release. Read on for details of the security vulnerabilities that were fixed in this release.

  • Advisory ID: DRUPAL-SA-CORE-2017-003
  • Project: Drupal core
  • Version: 7.x, 8.x
  • Date: 2017-June-21
  • Multiple vulnerabilities
Description PECL YAML parser unsafe object handling - Critical - Drupal 8 - CVE-2017-6920

PECL YAML parser does not handle PHP objects safely during certain operations within Drupal core. This could lead to remote code execution.

File REST resource does not properly validate - Less Critical - Drupal 8 - CVE-2017-6921

The file REST resource does not properly validate some fields when manipulating files. A site is only affected by this if the site has the RESTful Web Services (rest) module enabled, the file REST resource is enabled and allows PATCH requests, and an attacker can get or register a user account on the site with permissions to upload files and to modify the file resource.

Files uploaded by anonymous users into a private file system can be accessed by other anonymous users - Moderately Critical - Drupal 7 and Drupal 8 - CVE-2017-6922

Private files that have been uploaded by an anonymous user but not permanently attached to content on the site should only be visible to the anonymous user that uploaded them, rather than all anonymous users. Drupal core did not previously provide this protection, allowing an access bypass vulnerability to occur. This issue is mitigated by the fact that in order to be affected, the site must allow anonymous users to upload files into a private file system.

The security team has also received reports that this vulnerability is being exploited for spam purposes, similar to the scenario discussed in PSA-2016-003 for the public file system.

Versions affected
  • Drupal core 7.x versions prior to 7.56
  • Drupal core 8.x versions prior to 8.3.4
Solution

Install the latest version:

Also see the Drupal core project page.

Reported by PECL YAML parser unsafe object handling File REST resource does not properly validate Files uploaded by anonymous users into a private file system can be accessed by other anonymous users Fixed by PECL YAML parser unsafe object handling File REST resource does not properly validate Files uploaded by anonymous users into a private file system can be accessed by other anonymous users Contact and More Information

The Drupal security team can be reached at security at drupal.org or via the contact form at https://www.drupal.org/contact.

Learn more about the Drupal Security team and their policies, writing secure code for Drupal, and securing your site.

Follow the Drupal Security Team on Twitter at https://twitter.com/drupalsecurity

Drupal version: 
Categories: Development News, Drupal

Drupal Core - Multiple Vulnerabilities - SA-CORE-2017-003

Drupal Core Security - Wed, 06/21/2017 - 13:44

Drupal 8.3.4 and Drupal 7.56 are maintenance releases which contain fixes for security vulnerabilities.

Updating your existing Drupal 8 and 7 sites is strongly recommended (see instructions for Drupal 8 and for Drupal 7). This release fixes security issues only; there are no new features nor non-security-related bug fixes in this release. See the 8.3.4 release notes and the 7.56 release notes for details on important changes and known issues affecting this release. Read on for details of the security vulnerabilities that were fixed in this release.

  • Advisory ID: DRUPAL-SA-CORE-2017-003
  • Project: Drupal core
  • Version: 7.x, 8.x
  • Date: 2017-June-21
  • Multiple vulnerabilities
Description PECL YAML parser unsafe object handling - Critical - Drupal 8 - CVE-2017-6920

PECL YAML parser does not handle PHP objects safely during certain operations within Drupal core. This could lead to remote code execution.

File REST resource does not properly validate - Less Critical - Drupal 8 - CVE-2017-6921

The file REST resource does not properly validate some fields when manipulating files. A site is only affected by this if the site has the RESTful Web Services (rest) module enabled, the file REST resource is enabled and allows PATCH requests, and an attacker can get or register a user account on the site with permissions to upload files and to modify the file resource.

Files uploaded by anonymous users into a private file system can be accessed by other anonymous users - Moderately Critical - Drupal 7 and Drupal 8 - CVE-2017-6922

Private files that have been uploaded by an anonymous user but not permanently attached to content on the site should only be visible to the anonymous user that uploaded them, rather than all anonymous users. Drupal core did not previously provide this protection, allowing an access bypass vulnerability to occur. This issue is mitigated by the fact that in order to be affected, the site must allow anonymous users to upload files into a private file system.

The security team has also received reports that this vulnerability is being exploited for spam purposes, similar to the scenario discussed in PSA-2016-003 for the public file system.

Versions affected
  • Drupal core 7.x versions prior to 7.56
  • Drupal core 8.x versions prior to 8.3.4
Solution

Install the latest version:

Also see the Drupal core project page.

Reported by PECL YAML parser unsafe object handling File REST resource does not properly validate Files uploaded by anonymous users into a private file system can be accessed by other anonymous users Fixed by PECL YAML parser unsafe object handling File REST resource does not properly validate Files uploaded by anonymous users into a private file system can be accessed by other anonymous users Contact and More Information

The Drupal security team can be reached at security at drupal.org or via the contact form at https://www.drupal.org/contact.

Learn more about the Drupal Security team and their policies, writing secure code for Drupal, and securing your site.

Follow the Drupal Security Team on Twitter at https://twitter.com/drupalsecurity

Drupal version: 

Search 404 - Moderately Critical - Cross Site Scripting - SA-CONTRIB-2017-053

Drupal Contributed Security - Wed, 06/21/2017 - 09:09
Description

The Search 404 module enables you to redirect 404 pages to a search page on the site for the keywords in the url that was not found.

The module did not filter administrator-provided text before displaying it to the user on the 404 page creating a Cross Site Scripting (XSS) vulnerability.

This vulnerability is mitigated by the fact that an attacker must have a role with the permission "administer search".

CVE identifier(s) issued
  • A CVE identifier will be requested, and added upon issuance, in accordance with Drupal Security Team processes.
Versions affected
  • Search 404 7.x-2.x versions prior to 7.x-1.5.

Drupal core is not affected. If you do not use the contributed Search 404 module, there is nothing you need to do.

Solution

Install the latest version:

Also see the Search 404 project page.

Reported by Fixed by Coordinated by Contact and More Information

The Drupal security team can be reached at security at drupal.org or via the contact form at https://www.drupal.org/contact.

Learn more about the Drupal Security team and their policies, writing secure code for Drupal, and securing your site.

Follow the Drupal Security Team on Twitter at https://twitter.com/drupalsecurity

Drupal version: 

What’s new on Drupal.org? - May 2017

Drupal News - Tue, 06/20/2017 - 15:37

Read our Roadmap to understand how this work falls into priorities set by the Drupal Association with direction and collaboration from the Board and community.

After returning from DrupalCon Baltimore at the end of April, we spent May regrouping and focusing on spring cleaning tasks. It's important for any technical team to spend time on stability and maintenance, and we used May to find improvements in these areas and look for some other efficiencies.

Drupal.org updates
Categories: Development News, Drupal

Growing community in Moldova

Drupal News - Tue, 06/20/2017 - 11:03

This guest blog post is from Drupal Moldova's Association (not affiliated with Drupal Association). Get a glimpse of what is happening in Moldova's community and how you can get involved.

Drupal Moldova Association’s mission is to promote Drupal CMS and Open Source technologies in Moldova, and to grow and sustain the local community by organising Events, Camps, Schools, Drupal meetups and various Drupal and Open Source related trainings, and by establishing partnerships with Companies, the Government, and NGO’s.

Come and share your expertise in Moldova at our events! We're looking for international speakers to speak about Drupal and open source.

Among DMA’s (short for Drupal Moldova Association) numerous commitments, the following are of special importance:

  • to gather the community around Drupal and Open Source technologies;

  • to train students and professionals who want to learn and work with Drupal;

  • to organise events to keep the community engaged and motivated to improve, learn, and share experience;

  • to make sure Drupal is accessible to everyone by offering scholarships to those who can't afford our programs;

  • to elaborate a well defined program that helps students learn Drupal, acquire enough knowledge to get accepted for internships by IT companies, and be able to build Drupal powered websites;  

  • to assist new IT companies in establishing a local office, promote themselves, collaborate with other companies, and connect with the local Drupal community by giving them the opportunity to support our projects.

Over the last 5 years, we have been dedicated to achieving our goals! DMA have organized over 20 projects and events, including Drupal Global Training Days, Drupal Schools, and the regional DrupalCamp -- Moldcamp. Our projects have gathered over 700 local and international participants and speakers, and more than 15 International Companies that have supported us during these years (FFW, Adyax, IP Group, Intellix, Endava and many others).

Moldova is rich in great developers and people driven to take initiative and to grow and place the country on the world map. We are aiming to go beyond our limits and have a bigger impact in the year (‘17-’18), therefore we have created a yearly plan that contains projects similar to those we have done in the past years, as well as new and exciting ones:

  • Drupal School (3 step program), starting with Drupal School 8 plus PHP (step 1):  Drupal School is an educational program - split into 2 months, 25 courses of different levels (Beginner, Intermediate, Advanced).Drupal School aims to introduce people to Drupal 8 and PHP, and help them become Drupal professionals;

School of Drupal 8 group photo from Facebook

  • Moldcamp 2017: Sep - Oct 2017. A regional DrupalCamp that gathers around 150 Drupal professionals, enthusiasts, beginners and any-Drupal-related-folk in one place for knowledge-sharing, presentations, networking, etc. We will announce the event soon and allow speaker registration. Please follow us and don’t miss out on the opportunity;

Mold Camp speaker at blackboard

Mold Camp attendees at table

  • Drupal Global Training Day: Dec 1-2. A one-day workshop that has the purpose of introducing people to Drupal, both code and community.

Global Training Day presenter

  • Drupal Meetups: These are organized each month and they allow our community to be active and share knowledge.

  • Tech Pizza: - Jun, Aug, Oct, Dec. A bi-monthly event, where the ICT community can gather in a casual and an informal environment around a pizza and  soda and discuss the latest IT trends and news. The core of this event is a speaker / invitee from abroad with a domain of expertise;

  • Moldova Open Source Conference: March 2018. It is a regional conference for over 200 participants that aims to gather all the Open Source Communities (Wordpress, Laravel, Ruby on Rails, JavaScript, etc.) under one roof, where they will attend sessions that enhance the expertise of existing experts in various Open Source technologies and allow them to mix their technologies into new ideas.

The proposed program “Drupal and Open Source in Moldova 2017 - 2018” is made possible through the support of USAID and the Swedish Government. Thanks to these organizations we can focus on the quality of our projects make sure they happen as planned. Also, we have a very important partnership with Tekwill / Tekwill Academy, which helps us even more in our quests.

School of Drupal 8 + PHP promotional page

We start with School of Drupal 8 plus PHP program, which will be held on 19th of June 2017. So far we have 3 sponsors--IPGroup, Adyax and Intellix--and two trainers.

We, The DMA, believe in pushing the limits! Our long term goal is to build and maintain big an active Open Source community by attracting more local and International participants to our Projects and Events, and continuously improve our sessions. This will make our presence felt in the global Drupal and Open Source communities and markets. Find us on Twitter @drupalmoldova, or on our Facebook page. If you are interested in speaking in Moldova, contact us at info@drupalmoldova.org.

Categories: Development News, Drupal

LaravelConf Taiwan 2017

PHP Announcements - Sat, 06/17/2017 - 14:48
The first Laravel conference in Taiwan awaits you at LaravelConf Taiwan 2017 at Taipei, Taiwan. LaravelConf Taiwan 2017 is for anyone who is passionate about building web-application, or anyone who is trying to make better experience on teamwork. LaravelConf Taiwan 2017 brings Laravel developers and enthusiasts together and hosts one workshop, one case study and 12 sessions in multi-track conference on 29th, June to 1st, July 2017. The workshop on the 29th, June 2017 is for hand-on training of beginners in Laravel. The main sessions and case study takes place on the 1st, July 2017. Our focus this year are: Laravel core concepts More fluent teamwork by using Laravel Come to enjoy the knowledge and socialize with other Laravel artisan. For more infromation: https://laravelconf.tw Our facebook page: https://www.facebook.com/laravelconftw
Categories: Development News, PHP, PHP News

ZendCon 2017

PHP Announcements - Tue, 06/13/2017 - 20:00
With over 250 million PHP applications driven by a global community of more than 5 million active developers and all enterprises adopting open source software, ZendCon 2017 brings you a curated selection of the best experts, training, and networking opportunities to embrace this vast ecosystem. Take advantage of unique opportunities to attend a wide variety of in-depth technical sessions, participate in exhibit hall activities, and connect with experts. Learn about the best in enterprise PHP and open source development, focusing on the latest for PHP 7, the evolution of frameworks and tools, API excellence, and innovation on many open source technologies related to the web. Experience web development with the very best to accelerate great PHP. Come and enjoy ZendCon 2017 at the Hard Rock Hotel & Casino in Las Vegas. Register Now at http://www.zendcon.com/register-now
Categories: Development News, PHP, PHP News

International PHP Conference 2017 - fall edition

PHP Announcements - Fri, 06/09/2017 - 04:54
The International PHP Conference is the world's first PHP conference and stands since more than a decade for top-notch pragmatic expertise in PHP and web technologies. At the IPC, internationally renowned experts from the PHP industry meet up with PHP users and developers from large and small companies. Here is the place where concepts emerge and ideas are born - the IPC signifies knowledge transfer at highest level. All delegates of the International PHP Conference have, in addition to PHP program, free access to the entire range of the International JavaScript Conference taking place at the same time. Basic facts: Date: October 23 - 27, 2017 Location: Holiday Inn Munich City Centre, Munich Highlights: 90+ best practice sessions 60+ international top speakers PHPower: Hands-on Power Workshops Expo with exciting exhibitors on October 24th & 25th Conference Combo: Visit the International JavaScript Conference for free All inclusive: Changing buffets, snacks & refreshing drinks Official certificate for attendees Free Swag: Developer bag, T-Shirt, magazines etc. Exclusive networking events Topics: PHP Development Testing & Quality Web Architecture DevOps Server & Deployment Web Development For further information on the International PHP Conference visit: www.phpconference.com
Categories: Development News, PHP, PHP News

PHP 7.1.6 Released

PHP Announcements - Thu, 06/08/2017 - 15:40
The PHP development team announces the immediate availability of PHP 7.1.6. Several bugs have been fixed. All PHP 7.1 users are encouraged to upgrade to this version. For source downloads of PHP 7.1.6 please visit our downloads page, Windows source and binaries can be found on windows.php.net/download/. The list of changes is recorded in the ChangeLog.
Categories: Development News, PHP, PHP News

Top 6 tips for improving MySQL performance (28 Jun 2017)

MySQL Web Seminars - Thu, 06/08/2017 - 15:11

Benefit from this webinar by learning broad experience and deep expertise as we take you through a in-depth introduction to MySQL Performance Tuning. We will review best practices, the most important configuration options, discuss the initial MySQL configuration file, monitoring, and more!

Learn how to find the queries most in need of optimization using performance reports in MySQL Workbench, MySQL Enterprise Monitor, or through the sys schema.



Date and Time: Wednesday, 28 Jun 2017, 13:00 Asia/Singapore
Categories: Development News, MySQL

PHP 7.2.0 Alpha 1 Released

PHP Announcements - Thu, 06/08/2017 - 13:03
The PHP development team announces the immediate availability of PHP 7.2.0 Alpha 1. This release marks the beginning of the first minor release in the PHP 7.x series. All users of PHP are encouraged to test this version carefully, and report any bugs and incompatibilities in the bug tracking system. THIS IS A DEVELOPMENT PREVIEW - DO NOT USE IT IN PRODUCTION! For information on new features and other changes, you can read the NEWS file, or the UPGRADING file for a complete list of upgrading notes. These files can also be found in the release archive. For source downloads of PHP 7.2.0 Alpha 1 please visit the download page, Windows sources and binaries can be found on windows.php.net/qa/. The second alpha will be released on the 22nd of June. You can also read the full list of planned releases on our wiki. Thank you for helping us make PHP better.
Categories: Development News, PHP, PHP News

PHP 7.0.20 Released

PHP Announcements - Thu, 06/08/2017 - 08:00
The PHP development team announces the immediate availability of PHP 7.0.20. Several bugs have been fixed. All PHP 7.0 users are encouraged to upgrade to this version. For source downloads of PHP 7.0.20 please visit our downloads page, Windows source and binaries can be found on windows.php.net/download/. The list of changes is recorded in the ChangeLog.
Categories: Development News, PHP, PHP News

China PHP Developer Conference

PHP Announcements - Tue, 06/06/2017 - 15:36
China PHP Developer Conference which organized by the DevLink will hold in Beijing on June 10th and 11th. After “The High Performance PHP”, It’s the another global developer interchange activity that DevLink hosts. During this conference, we will discuss and share the topic of "The High Availability PHP" More information about the China PHP Conference at: php2017.devlink.cn
Categories: Development News, PHP, PHP News

Getting Prepared: The Coming EU GDPR and MySQL (22 Jun 2017)

MySQL Web Seminars - Fri, 06/02/2017 - 16:54

The European Union General Data Protection Regulation or EU GDPR is now Europe’s most exacting Data Security regulation. It will come into full force on 25 May 2018.

"at which time those organizations in non-compliance will face heavy fines. The GDPR applies to all companies processing and holding the personal data of data subjects residing in the European Union, regardless of the company’s location" (eugdpr.org).

GDPR focuses on:

  • Protection of personal data of EU-based individuals
  • Restrictions to movement of that data

In this webinar, we’ll focus MySQL capabilities and features for the following core security areas: Assessment, Prevention, Detection and Recovery.



Date and Time: Thursday, 22 Jun 2017, 09:00 US/Pacific
Categories: Development News, MySQL

DrupalCon Vienna t-shirts are back! - but there’s a catch.

Drupal News - Fri, 06/02/2017 - 10:42

DrupalCon Vienna T-shirts

Remember how we are making changes to DrupalCon Europe? These were hard decisions and some things we love we found just weren’t financially viable. Like free t-shirts. But one thing we heard a lot was “please don’t take away the t-shirts!”  

We heard you. And while it doesn’t make financial sense to give free t-shirts to all attendees, we still want to be able to continue to offer them. So we’ve come up with a plan.   

At DrupalCon Vienna, t-shirts will be offered to the following groups:

  • Individual Drupal Association members who register for DrupalCon Vienna between 5 - 16 June 2017. You must register in this two week window AND be an individual member of the Drupal Association.

  • Volunteers who work at least four (4) hours onsite in Vienna 26 - 29 September. You must check the volunteer box during registration and must show up on site to volunteer for four (4) hours or until released by event staff.

  • Volunteers as part of the DrupalCon Program Team

  • Sprint Mentors

The fine print FAQ

I’m already a member, how do I make sure that I'll get a shirt?

If you are already an individual member, you get a t-shirt! BUT you MUST register in the first two weeks of ticket sales. Registrations after 16 June will not receive a t-shirt, member or not.

I’m not a member, can I do that during registration and still get a shirt?

Yes. If you are not a member you can become an individual member during your conference registration. You will be presented with a page during check-out that gives you the option to become a member.

I already registered but JUST saw this post! What do I do?

If you are a true early bird and register in the two weeks, but somehow missed this news post until after registering - that’s ok. As long as you become a member before the end of 16 June and you’ll still get a t-shirt.

The registration didn’t say anything about t-shirts or ask for my t-shirt size? What’s up?

After the 16 June cut-off date, eligible registrants will receive an email confirming their t-shirt along with a link to select their t-shirt size.

You got a session selected? Great!

We’ll refund your registration amount (but not your membership) and you get to keep the t-shirt. Our regular no-refund policy applies to all other sales.

You’re part of an organization that is buying a bulk amount of tickets for employees? Lucky you.

Your organization should provide you with an individual redemption code. You’ll need to redeem your individual registration before 16 June AND also be an individual member of the Drupal Association in order to get a t-shirt.

Categories: Development News, Drupal

LDAP - Critical - Data Injection - SA-CONTRIB-2017-052

Drupal Contributed Security - Wed, 05/31/2017 - 12:27
Description

The LDAP module does not sanitize user input correctly in several cases, allowing a user to modify parameters without restriction and inject data.

If the site administrator chooses to hide the email or password from the user form (instead of showing or disabling it under "Authorization"), these values can be overwritten.

CVE identifier(s) issued
  • A CVE identifier will be requested, and added upon issuance, in accordance with Drupal Security Team processes.
Versions affected
  • LDAP 7.x-2.x versions prior to 7.x-2.2.

Drupal core is not affected. If you do not use the contributed Lightweight Directory Access Protocol (LDAP) module, there is nothing you need to do.

Solution

Install the latest version:

  • If you use the LDAP module for Drupal 7.x-2.x, upgrade to LDAP-7.x-2.2

Also see the Lightweight Directory Access Protocol (LDAP) project page.

Reported by Fixed by Coordinated by Contact and More Information

The Drupal security team can be reached at security at drupal.org or via the contact form at https://www.drupal.org/contact.

Learn more about the Drupal Security team and their policies, writing secure code for Drupal, and securing your site.

Follow the Drupal Security Team on Twitter at https://twitter.com/drupalsecurity

Site Verify - Moderately Critical - Cross Site Scripting - SA-CONTRIB-2017-051

Drupal Contributed Security - Wed, 05/24/2017 - 12:37
Description

The Site Verify module enables privilege users to verify a site with services like Google Webmaster Tools using meta tags or file uploads.

The module doesn't sufficiently sanitize input or restrict uploads.

This vulnerability is mitigated by the fact that an attacker must have a role with the permission "administer site verify".

CVE identifier(s) issued
  • A CVE identifier will be requested, and added upon issuance, in accordance with Drupal Security Team processes.
Versions affected
  • Site Verify 7.x-1.x versions prior to 7.x-1.2.

Drupal core is not affected. If you do not use the contributed Site verification module, there is nothing you need to do.

Solution

Install the latest version:

Also see the Site verification project page.

Reported by Fixed by Coordinated by Contact and More Information

The Drupal security team can be reached at security at drupal.org or via the contact form at https://www.drupal.org/contact.

Learn more about the Drupal Security team and their policies, writing secure code for Drupal, and securing your site.

Follow the Drupal Security Team on Twitter at https://twitter.com/drupalsecurity

Syndicate content