14 Jul 2026
Drupal.org aggregator
Matt Glaman: phpstan-drupal 2.1.0: stricter defaults
phpstan-drupal 2.1.0 is out. The theme of this release: rules and behaviors that proved themselves as opt-ins are now the defaults. If you run `composer update` and see new errors, that is the release working as intended - everything below includes the configuration to opt back out.
Nine rules are now enabled by default
These rules shipped as opt-ins over the 2.0 cycle. They have had time to bake, and they catch real bugs, so they no longer require configuration:
14 Jul 2026 5:00pm GMT
Nonprofit Drupal posts: July 2026 Drupal for Nonprofits Chat
Join us THURSDAY, July 16 at 1pm ET / 10am PT, for our regularly scheduled call to chat about all things Drupal and nonprofits. (Convert to your local time zone.)
We don't have anything specific on the agenda this month, so we'll have plenty of time to discuss anything that's on our minds at the intersection of Drupal and nonprofits. Got something specific you want to talk about? Feel free to share ahead of time in our collaborative Google document at https://nten.org/drupal/notes!
All nonprofit Drupal devs and users, regardless of experience level, are always welcome on this call.
This free call is sponsored by NTEN.org and open to everyone.
Information on joining the meeting can be found in our collaborative Google document.
14 Jul 2026 3:49pm GMT
The Drop Times: Bert Boerland Makes Drupal Sustainability the Focus of Board Candidacy
Boerland links his board candidacy to a question now facing Drupal: how the project can expand institutional support without narrowing the path for contributors, local communities, and site owners.
14 Jul 2026 2:14pm GMT
Droptica: Content personalization in Drupal, part 2: journeys and smart forms for multiple audiences

Getting each audience to the right section is only half the job. The harder part is making the experience feel personal and routing every visitor to the right form without a maze of options.
Part 2 of this Drupal guide covers user journeys, smart Webform contact routing, and pragmatic content personalization for multiple audiences.
14 Jul 2026 12:36pm GMT
Specbee: How Drupal support & maintenance services can keep your site secure, fast, and future-ready
Got your Drupal website up and running but haven't figured how to maintain it? Read to find out how you can optimize your site and make it future-ready.
14 Jul 2026 11:09am GMT
The Drop Times: Canonical Report Flags Open Source Supply Chain Gaps
Drupal site security rarely stops at core and module updates. Canonical's survey shows why package provenance, Linux maintenance, and patch ownership remain part of delivery risk.
14 Jul 2026 9:33am GMT
Droptica: Multi-audience website, part 1: information architecture and navigation in Drupal

One website, three completely different visitors. The hardest part of a multi-audience site is not building it - it is making sure each group finds its path without tripping over everyone else's.
Part 1 of this Drupal guide covers audience research, hybrid navigation strategy, and how to structure content with taxonomy, menus, and Views.
14 Jul 2026 4:55am GMT
13 Jul 2026
Drupal.org aggregator
Talking Drupal: Talking Drupal #560 - Content Sync
Today we are talking about Content, syndication, and Synchronization between Drupal Sites with guest Thiemo Müller. We'll also cover Drupal core 11.4 as our module of the week.
For show notes visit: https://www.talkingDrupal.com/560
Topics
- Origins and Use Cases
- Hub Model and Flexibility
- Media Sync and Governance
- Composable Pages Challenge
- Governance With Blocks
- Canvas And Recipes
- Real Time Syndication
- Scaling To Thousands
- GEO And AEO Explained
- GEO Audits And Loops
- ContentSync Recommendations
- Permissions And Drupal 11
- AIM Assess Improve Monitor
- Boosting Drupal AI Presence
- Ecosystem Alignment Signals
- Recency And Messaging Tips
Resources
- Content Sync
- Content Sync A-I-M
- Content Sync Drupal Module
- Deprecated extensions meta issue
- GEO
- Generative engine optimization
- Semrush
- Peec ai
- Otterly ai
- Profound
Guests
Thiemo Müller - content-sync.io thiemo
Hosts
Nic Laflin - nLighteneddevelopment.com nicxvan John Picozzi - epam.com johnpicozzi Ashraf Abed - drupito.com ashrafabed
MOTW Correspondent
Martin Anderson-Clutz - mandclu.com mandclu
- Brief description:
- Are you excited for a feature release of Drupal core that delivers even more performance acceleration, a modernized developer experience, and a slew of administrator and editor improvements? Drupal core 11.4 delivers all that and more
- Module name/project name:
- Brief history
- How old: created on July 1 2026 by catch of Tag1
- Changes
- Performance improvements
- When Drupal 11.3 was released, we talked about what a massive performance jump it represented, the biggest improvement in a decade. 11.4 has done it again! Database queries are reduced by half, across a range of requests due to optimizations in how entity fields are loaded. Overall, that represents a nearly ⅔ improvement for database and cache lookups on a cold cache compared to Drupal 11.0 or 10.6
- Entity listing queries have also been refactored to use fewer table joins, reducing slow queries. Additionally, the link field introduces a resolvable_uri property and token, which returns a ready-to-use front-end link (like /#main-content) right out of the API instead of raw internal URIs, which will be a huge benefit for anyone using Drupal for decoupled and JSON:API-based use cases
- Applying recipes in Drupal 11.4 is significantly faster, reportedly twice as fast, and that includes installing Drupal CMS
- Drupal now supports Brotli compression, which should yield 15-25% better compression of CSS and JS assets
- Security
- Drupal 11.4 offers a new password hashing algorithm, argon2id, that will become the default in Drupal 12 later this year
- Also, the drupal/core-recommended package no longer strictly locks minor versions for critical dependencies like Guzzle, Twig, or Symfony Polyfills, making it easier to immediately receive important security updates
- Drupal's default robots.txt now blocks well-behaved search crawlers from indexing search queries, helping to solve a potential source of traffic overload on sites using faceted search
- Developer experience
- There's been a significant shift towards the adoption of PHP Attributes in recent Drupal releases, and 11.4 is no exception
- You can now define application routes directly within your PHP controller and form classes using the Symfony #[Route] attribute. This drastically reduces the need to jump back and forth into *.routing.yml files
- The new #[Bundle] attribute allows developers to define bundle classes directly, eliminating the need to write old-school entity_type_info or entity_type_info_alter hook implementations.
- All core .theme and .theme-settings.php files have been moved entirely to PHP classes. Support for legacy .theme files will be dropped in Drupal 13. Furthermore, dozens of core .module files have been fully converted into clean PHP classes
- Front controllers now leverage the symfony/runtime component to isolate bootstrapping logic from request handling, preparing the Drupal core architecture for advanced environments like FrankenPHP, known for its blazing-fast performance, among other features
- Drupal 11.4 introduces a native, extensible command-line tool (./vendor/bin/dr) built in partnership with Drush maintainers. This kicks off a transitional period where Drush commands will gradually be migrated to the core native binary
- Also, the new HttpKernelUiHelperTrait for kernel tests lets developers make mock HTTP requests and assertions without running the full Drupal site installer. This allows many traditional browser tests to be rewritten as much faster kernel tests
- There's been a significant shift towards the adoption of PHP Attributes in recent Drupal releases, and 11.4 is no exception
- Editor experience
- Drupal 11.4 includes the new Default Admin theme, a version of the popular Gin admin theme, now in core
- The Navigation module is now enabled by default, replacing the legacy toolbar
- CKEditor once again has a fullscreen button available without a contrib add-on, allowing editors to fully immerse themselves in a WYSIWYG element's content, great for working on long-format pieces
- Deprecations
- The initial 11.4.0 release actually removed a number of core recipes. They were since restored in an 11.4.1 release, but they are deprecated and will be removed from Drupal 12
- Also on their way out are a number of modules, including Ban, Contact, Field Layout, History, Migrate Drupal and its UI, Search, Settings Tray, Shortcut, Telephone, Toolbar, and a flag module called layout_builder_expose_all_field_blocks. For themes, Claro, Stable 9, and Olivero are all deprecated, and will be moved from core. We'll include the meta issue about these deprecation in the show notes, and if any of these are important to you, it's worth tracking where they are on the path of moving to contrib
- Performance improvements
13 Jul 2026 6:00pm GMT
Droptica: Drupal Paragraphs tutorial, part 2: variants, responsive design, spacing, and admin UX

This is the second and final part of a two-part guide to building a component-based corporate website with Drupal Paragraphs. Turn the bare components from part 1 into a flexible, production-grade library with color variants, responsive layouts, spacing controls, conditional fields, and admin UX.
Add style variants with CSS custom properties and Paragraphs behavior plugins, build mobile-first responsive layouts, give editors margin and padding controls, and polish the admin experience with Gin, conditional fields, and smart defaults.
13 Jul 2026 4:25pm GMT
The Drop Times: Drupal Governance, Security, and Automation Updates
Recent Drupal news fits inside a wider question Dries Buytaert raised in his blog post, License-only versus Stewarded Open Source: what turns code that is merely available into infrastructure people can depend on? The distinction is useful because this week's updates are not only about individual announcements. They show the work that sits behind dependable open source: governance, maintenance, security response, shared knowledge, and long-term care.
The 2026 Drupal Association at-large board election brings that work into the governance layer. One community-elected seat on the association's board is now moving through its election cycle, giving individual members a direct role in how Drupal's institutional support is represented. In a project where technical decisions and community structures constantly shape each other, governance is not a background process. It is part of how shared infrastructure is kept accountable.
The same distinction between availability and dependability appears in the ten contributed-project security advisories published on 8 July 2026. Four were rated Critical. Three direct site owners to uninstall unsupported projects, while the fourth addresses SQL injection in Location Selector. Unsupported projects may still exist in repositories and production sites, but that does not make them safe to keep using.
For site teams, the response is practical rather than abstract. Affected modules need to be identified, fixed releases need to be applied where available, and unsupported projects without advisory-listed fixes need to be removed. This is the maintenance layer of open source that rarely attracts attention until something breaks.
ECA crossing 20,000 reported Drupal site installations shows the same issue from the maintainer side. The Event-Condition-Action module allows site builders to model workflows through events, conditions, and actions instead of relying on custom glue code. Adoption at that scale is not just a usage milestone; it changes the weight of future commits, API decisions, and compatibility promises.
In a written response to The DropTimes, project co-founder Jürgen Haas said the milestone changes how he thinks about maintenance responsibility. That is the cost of relevance in practical form. Once a module becomes part of thousands of working sites, its maintainers are no longer only improving a tool. They are helping support a piece of shared infrastructure.
The week's event deadlines extend the same theme into community programming. Pacific Northwest Drupal Summit 2026 is accepting proposals ahead of its October event in Vancouver, British Columbia, while DrupalCamp Italy 2026 has extended its Call for Papers to 31 July 2026 for its one-day camp in Bologna. Event programmes are another support structure for the ecosystem because they turn project work, lessons, failures, and experiments into knowledge others can use.
Taken together, these updates make a selected but coherent brief. They are not the whole week in Drupal, and they are not a ranking of every important story. They are a thread through the work that keeps open source dependable after the code is released: electing representatives, closing security gaps, maintaining widely used modules, and making room for contributors to share what they are learning.
Readers can follow The DropTimes on LinkedIn, Twitter, Bluesky, and Facebook, or join the publication's Drupal Slack channel at #thedroptimes.
(Allen Jason, junior sub-editor at The DropTimes, writes and curates this week's Editor's Pick.)
13 Jul 2026 4:11pm GMT
Droptica: Drupal Paragraphs tutorial, part 1: planning architecture and base types

This is part 1 of a two-part guide to building a component-based corporate website with Drupal Paragraphs. By the end of the series you'll have a library of 10-12 universal paragraph types with style variants, responsive layouts, and editor-friendly spacing controls.
Plan a reusable component library, set up the Paragraphs module, and build Hero, Text + Image, and Feature Grid paragraph types with Twig templates and CSS.
13 Jul 2026 7:56am GMT
DrupalCon News & Updates: AI in Drupal: from experimentation to real impact
At DrupalCon Rotterdam 2026, AI takes its place at the heart of how modern Drupal platforms are built, integrated, and scaled. The Development, AI & Agentic Architecture track puts that front and centre-focusing on complex architectures, automation, and intelligent systems in real-world environments.
This is not about hype. It's about what's already changing.
AI is moving from experimentation to everyday use-powering intelligent search, automating workflows, enabling personalization, and supporting content creation. It's reshaping how digital teams operate and how platforms deliver value.
But with that power comes responsibility.
In the Drupal ecosystem, AI is being approached with a clear focus on privacy, transparency, accountability, security, resilience, and human control. This is where the conversation gets real-and where Drupal stands out.
From possibility to practice
At DrupalCon, the key question isn't just what AI can do. It's how to use it effectively in complex, production-ready environments.
Teams are actively exploring:
- How to integrate AI without introducing unnecessary complexity
- How to protect data while maintaining performance and scalability
- How to ensure systems remain transparent, governed, and maintainable over time
These are not theoretical challenges-they're critical decisions shaping the next generation of digital platforms.
Why Drupal leads this conversation
Drupal provides a unique foundation for making AI practical.
Here, AI is not explored in isolation, It's applied within structured content models, complex workflows, deep integrations, and strong governance frameworks-all backed by open-source principles.
For attendees, this makes AI more than a trend. It becomes a tangible, actionable part of modern Drupal delivery.
Be part of what's next
DrupalCon Rotterdam 2026 is where AI moves from idea to implementation.
If you want to understand how intelligent systems are being applied in real Drupal projects-and how to use them responsibly and effectively-this is where the conversation happens.
- Article by Daniela Moreira.
🎟️ Join Us at DrupalCon Rotterdam 2026
Continue the conversation at DrupalCon Rotterdam 2026, where the Development, AI & Agentic Architecture track explores the technologies, strategies, and decisions shaping open digital ecosystems.
👉 Register for DrupalCon Rotterdam 2026
13 Jul 2026 7:52am GMT
DDEV Blog: DDEV Xdebug Quickstart with PhpStorm (Video)

Step debugging is one of the first things every developer should master in any language or environment, and it's my opinion that it's just as fundamental as version control. With DDEV, getting Xdebug working with PhpStorm takes less than five minutes and no php.ini fiddling. This screencast shows the whole thing on a TYPO3 project, start to finish.
Watch the Video
What You'll See
- Installing the DDEV Integration Plugin for PhpStorm
- Setting a breakpoint at the entry point of a TYPO3 project
- Telling PhpStorm to listen for PHP debug connections
- Enabling Xdebug with
ddev xdebug on - Stepping over (F8) and stepping into (F7) code as a page loads
The Steps
- Install the DDEV Integration plugin from the PhpStorm marketplace (not required, but it handles most of the setup for you)
- Set a breakpoint
- Tell PhpStorm to listen for PHP debug connections
ddev xdebug on- Visit the page - PhpStorm stops at your breakpoint automatically
That's it. No manual php.ini changes, no fussing with host.docker.internal, no separate Xdebug install.
Works the Same Everywhere
This screencast uses PhpStorm, but the same setup works identically with VS Code, on Linux, and on Windows with WSL2. If you're setting up a new machine, see:
- DDEV on Linux in 10 Minutes
- Watch: DDEV from scratch with Windows WSL2
- Watch: DDEV From Scratch with macOS
More on Xdebug and DDEV
- The
ddev utility xdebug-diagnose --interactivecommand can help with port conflict and related setup problems. Try it out! - Xdebug in DDEV: Understanding, Debugging, and Troubleshooting Step Debugging - the updated guide
- DDEV and Xdebug: Debugging and sorting out problems
- Xdebug.org and its step debugging documentation
Xdebug is created and maintained by Derick Rethans. He's been maintaining it for 20+ years. Send money to the Xdebug project!. The DDEV Foundation supports it as an upstream project, you can too.
Learn More
- Full details on DDEV's Xdebug integration, including troubleshooting, are in the DDEV documentation.
If you have questions, reach out in any of the support channels.
Follow our blog, Bluesky, LinkedIn, Mastodon, and join us on Discord. Sign up for the monthly newsletter.
This article was edited and refined with assistance from Claude Code.
13 Jul 2026 12:00am GMT
10 Jul 2026
Drupal.org aggregator
The Drop Times: Mike Gifford: Accessibility Must Move Upstream in Public-Sector Open Source
Accessibility failures often surface after budgets, architecture, and delivery plans are already fixed. Mike Gifford argues that public agencies can reduce that pattern by contributing fixes upstream.
10 Jul 2026 2:22pm GMT
Acquia.com - Drupal Blog: Vibe Coding Drupal: AI as a Reasoning Partner
Discover how to leverage AI as a reasoning partner in Drupal development, moving beyond coding to high-level architecture and system design.
10 Jul 2026 1:49pm GMT
The Drop Times: Giving Content Editors the Display Controls They Deserve with ERVMS for Drupal
Editors often rely on developers for simple display variations. ERVMS moves those decisions into the editorial workflow without changing Drupal's existing display architecture.
10 Jul 2026 11:31am GMT