15 Jul 2026
Drupal.org aggregator
Centarro: Let Shoppers Change Their Minds Without Leaving the Cart
Checkout is fragile. Every extra step between "I want this" and "order placed" is an opportunity for a shopper to abandon their cart entirely. And one of the most common moments of hesitation happens when a buyer realizes they added the wrong item to their cart. Maybe it was the wrong format or the wrong bundle. Or, maybe the wrong billing cycle for a donation or subscription.
The fix is simple. Navigate back to the product page, add the correct item, and remove the old one from the cart. But this friction, however small, can cost conversions.
The Commerce Product Alternative module for Drupal Commerce solves this by letting shoppers swap a product variation directly in their cart. One click. No detours.
Cart decisions, by design, shouldn't be final
Shoppers change their minds. Someone adds a hardcover book to their cart, then realizes they want the bundle that also includes the digital download. A new member selects a one-time membership fee, then notices the auto-renewal option is more cost-effective. A donor commits to a single gift, then considers whether a recurring contribution would be better.
In each of these cases, the shopper has already committed to buying something. They're in the cart. They're ready.
Why force them to start over?
15 Jul 2026 3:03pm GMT
Talking Drupal: Talking Drupal #561 - The Aaron Winborn Award
Today we are talking about Aaron Winborn, The award named after him, and what winning is like with guests George DeMet & April Sides. We'll also cover Summit as our module of the week.
For show notes visit: https://www.talkingDrupal.com/561
Topics
- Who Was Aaron Winborn
- Award Origin Story
- How Winners Are Chosen
- Why Community Matters
- What Winners Share
- April Learns She Won
- Handcrafted Award Stories
- On Stage Emotions
- After Winning Reflections
- How To Contribute
- Nominations And Makers
- Surprise Award Ideas
- Wrap Up And Contacts
Resources
Guests
April Sides - weekbeforenext George DeMet - palantir.net gdemet
Hosts
Nic Laflin - nLighteneddevelopment.com nicxvan John Picozzi - epam.com johnpicozzi Ashraf Abed - drupito.com ashrafabed
MOTW Correspondent
Martin Anderson-Clutz - mandclu.com mandclu
- Brief description:
- Have you ever wanted to create a website purpose-built for an event like a Drupal camp, that collects, moderates, and schedules user-submitted sessions, and do all of that within the Drupal CMS installer? There's a site template for that.
- Module name/project name:
- Brief history
- How old: created in June 2026 by yours truly
- Versions available: 1.0.0, released yesterday
- Maintainership
- Actively maintained
- Security and test coverage
- Documentation some in the repo we'll talk about later
- Number of open issues: no open issues, though there are a couple of open issues on the Event Platform Starter, from which Summit was created
- Module features and usage
- We've talked before on this podcast about the Event Platform that grew out of an initiative from the Event Organizers Working Group. The goal is to remove friction for anyone organizing a Drupal camp or similar event in creating a website that sets them up for success
- The Event Platform was created before Recipes were a thing in the Drupal-verse, even though it was initially built in ways that were similar to recipes
- A couple of years ago, I started working on the Event Platform Starter recipe to help spin up a fully-built event website in a single step. That ran into some technical complexities, so it ended up being being a time-saver, but still required a number of manual steps
- As the newer concept of site templates took shape, I could see that the Event Platform ecosystem had the necessary elements to become a site template, in particular a theme and a battle-tested a content architecture
- I ended up needing to decouple the configuration and the functional code that had previously been in Event Platform. The configuration would reside solely in the site template, so the functional code was moved to a new project, Event Platform Helper
- Along the way, there have been a number of significant changes: Canvas integration for a fully customizable homepage, also a set of Canvas components to allow building new, custom layouts, a new, custom cache context, improved management of event information, and more
- Now, you set everything up with a single click in the Drupal CMS installer. There's an open issue to get it into the Drupal CMS installer by default, but today it's just a composer require away
- The repo does also include an AGENTS.md and CONTENT-STRUCTURE.md files, to help human or AI agents who want to work a site built using Summit to understand the initial state of the content architecture it provides, as well as the different logical components and how to troubleshoot them, individually or in combination
15 Jul 2026 12:00pm GMT
BloomIdea: Dynamic Multibanco references in Drupal Commerce: Commerce ifthenpay 3.0 has arrived
In 2018 we released Commerce ifthenpay, the module that brought Multibanco references to Drupal Commerce. Seven years later, we are publishing version 3.0.0: the module's biggest evolution since then, with dynamic Multibanco references generated by the ifthenpay API, MB WAY payment retries and full support for Drupal 10 and 11.
The silent problem of locally generated references
A Multibanco reference has 9 digits, and the classic local generation algorithm reserves only 4 of them for the order number. It works perfectly up to order 9999. Beyond that, the number has to be compressed to fit, and this is where mathematics turns against the store.
Version 2.x mitigated the problem by spreading order numbers across 9000 possible combinations. It sounds like a lot, but the birthday paradox is relentless: around 112 simultaneously open references are enough for a 50% chance that two different orders share exactly the same reference. In a busy store, that means payments that can be matched to the wrong order, or never reconciled at all. Worst of all, the problem is invisible: everything seems to work, until the day a customer pays and their order stays "unpaid".
The solution: references generated by ifthenpay
Version 3.0.0 introduces a new mode on the Multibanco gateway: instead of computing the reference locally, the module requests it from the ifthenpay REST API, using the account's MB Key. The differences are structural:
- The order number is sent in full (up to 25 characters): no truncation, no compression, no collisions;
- Each transaction receives a unique identifier, and the payment confirmation is validated against it;
- References can have an expiry date (from 1 day to 2 years), something impossible in local mode;
- There is a sandbox environment to validate the integration without real transactions.
The local mode remains available for backwards compatibility, and open references generated the old way keep reconciling after the switch: stores migrate with no downtime window.
MB WAY: promise delivered, and then some
When we wrote about version 2.x, MB WAY was "future development". Version 3.0.0 closes the loop: besides push payments at checkout, customers can re-send the payment request from their order history without going through checkout again, and the store team can trigger a push directly from the backoffice. Fewer orders abandoned because a push expired on someone's phone.
Ready for Drupal's future
Version 3.0.0 supports Drupal 10 and Drupal 11, and Commerce 2.x and 3.x. The module now runs continuous integration on drupal.org, with more than 50 automated tests validating every change on both Drupal versions, and stable releases are covered by the community's security advisory policy.
If your store runs version 2.x, we recommend upgrading: the 2.x branch is no longer supported and does not include the protections against reference collisions.
composer require 'drupal/commerce_ifthenpay:^3.0'
Need help with payments in Drupal Commerce?
Bloomidea develops and maintains Commerce ifthenpay and has been building Drupal Commerce stores for the Portuguese market for more than a decade: Multibanco, MB WAY, cards, Stripe and PayPal, with ERP and logistics integrations. Talk to us about your project.
15 Jul 2026 10:47am GMT
14 Jul 2026
Drupal.org aggregator
Matt Glaman: phpstan-drupal 2.1.0: stricter defaults
phpstan-drupal 2.1.0 is out. The theme of this release: rules and behaviors that proved themselves as opt-ins are now the defaults. If you run `composer update` and see new errors, that is the release working as intended - everything below includes the configuration to opt back out.
Nine rules are now enabled by default
These rules shipped as opt-ins over the 2.0 cycle. They have had time to bake, and they catch real bugs, so they no longer require configuration:
14 Jul 2026 5:00pm GMT
Nonprofit Drupal posts: July 2026 Drupal for Nonprofits Chat
Join us THURSDAY, July 16 at 1pm ET / 10am PT, for our regularly scheduled call to chat about all things Drupal and nonprofits. (Convert to your local time zone.)
We don't have anything specific on the agenda this month, so we'll have plenty of time to discuss anything that's on our minds at the intersection of Drupal and nonprofits. Got something specific you want to talk about? Feel free to share ahead of time in our collaborative Google document at https://nten.org/drupal/notes!
All nonprofit Drupal devs and users, regardless of experience level, are always welcome on this call.
This free call is sponsored by NTEN.org and open to everyone.
Information on joining the meeting can be found in our collaborative Google document.
14 Jul 2026 3:49pm GMT
The Drop Times: Bert Boerland Makes Drupal Sustainability the Focus of Board Candidacy
Boerland links his board candidacy to a question now facing Drupal: how the project can expand institutional support without narrowing the path for contributors, local communities, and site owners.
14 Jul 2026 2:14pm GMT
Droptica: Content personalization in Drupal, part 2: journeys and smart forms for multiple audiences

Getting each audience to the right section is only half the job. The harder part is making the experience feel personal and routing every visitor to the right form without a maze of options.
Part 2 of this Drupal guide covers user journeys, smart Webform contact routing, and pragmatic content personalization for multiple audiences.
14 Jul 2026 12:36pm GMT
Specbee: How Drupal support & maintenance services can keep your site secure, fast, and future-ready
Got your Drupal website up and running but haven't figured how to maintain it? Read to find out how you can optimize your site and make it future-ready.
14 Jul 2026 11:09am GMT
The Drop Times: Canonical Report Flags Open Source Supply Chain Gaps
Drupal site security rarely stops at core and module updates. Canonical's survey shows why package provenance, Linux maintenance, and patch ownership remain part of delivery risk.
14 Jul 2026 9:33am GMT
Droptica: Multi-audience website, part 1: information architecture and navigation in Drupal

One website, three completely different visitors. The hardest part of a multi-audience site is not building it - it is making sure each group finds its path without tripping over everyone else's.
Part 1 of this Drupal guide covers audience research, hybrid navigation strategy, and how to structure content with taxonomy, menus, and Views.
14 Jul 2026 4:55am GMT
13 Jul 2026
Drupal.org aggregator
Talking Drupal: Talking Drupal #560 - Content Sync
Today we are talking about Content, syndication, and Synchronization between Drupal Sites with guest Thiemo Müller. We'll also cover Drupal core 11.4 as our module of the week.
For show notes visit: https://www.talkingDrupal.com/560
Topics
- Origins and Use Cases
- Hub Model and Flexibility
- Media Sync and Governance
- Composable Pages Challenge
- Governance With Blocks
- Canvas And Recipes
- Real Time Syndication
- Scaling To Thousands
- GEO And AEO Explained
- GEO Audits And Loops
- ContentSync Recommendations
- Permissions And Drupal 11
- AIM Assess Improve Monitor
- Boosting Drupal AI Presence
- Ecosystem Alignment Signals
- Recency And Messaging Tips
Resources
- Content Sync
- Content Sync A-I-M
- Content Sync Drupal Module
- Deprecated extensions meta issue
- GEO
- Generative engine optimization
- Semrush
- Peec ai
- Otterly ai
- Profound
Guests
Thiemo Müller - content-sync.io thiemo
Hosts
Nic Laflin - nLighteneddevelopment.com nicxvan John Picozzi - epam.com johnpicozzi Ashraf Abed - drupito.com ashrafabed
MOTW Correspondent
Martin Anderson-Clutz - mandclu.com mandclu
- Brief description:
- Are you excited for a feature release of Drupal core that delivers even more performance acceleration, a modernized developer experience, and a slew of administrator and editor improvements? Drupal core 11.4 delivers all that and more
- Module name/project name:
- Brief history
- How old: created on July 1 2026 by catch of Tag1
- Changes
- Performance improvements
- When Drupal 11.3 was released, we talked about what a massive performance jump it represented, the biggest improvement in a decade. 11.4 has done it again! Database queries are reduced by half, across a range of requests due to optimizations in how entity fields are loaded. Overall, that represents a nearly ⅔ improvement for database and cache lookups on a cold cache compared to Drupal 11.0 or 10.6
- Entity listing queries have also been refactored to use fewer table joins, reducing slow queries. Additionally, the link field introduces a resolvable_uri property and token, which returns a ready-to-use front-end link (like /#main-content) right out of the API instead of raw internal URIs, which will be a huge benefit for anyone using Drupal for decoupled and JSON:API-based use cases
- Applying recipes in Drupal 11.4 is significantly faster, reportedly twice as fast, and that includes installing Drupal CMS
- Drupal now supports Brotli compression, which should yield 15-25% better compression of CSS and JS assets
- Security
- Drupal 11.4 offers a new password hashing algorithm, argon2id, that will become the default in Drupal 12 later this year
- Also, the drupal/core-recommended package no longer strictly locks minor versions for critical dependencies like Guzzle, Twig, or Symfony Polyfills, making it easier to immediately receive important security updates
- Drupal's default robots.txt now blocks well-behaved search crawlers from indexing search queries, helping to solve a potential source of traffic overload on sites using faceted search
- Developer experience
- There's been a significant shift towards the adoption of PHP Attributes in recent Drupal releases, and 11.4 is no exception
- You can now define application routes directly within your PHP controller and form classes using the Symfony #[Route] attribute. This drastically reduces the need to jump back and forth into *.routing.yml files
- The new #[Bundle] attribute allows developers to define bundle classes directly, eliminating the need to write old-school entity_type_info or entity_type_info_alter hook implementations.
- All core .theme and .theme-settings.php files have been moved entirely to PHP classes. Support for legacy .theme files will be dropped in Drupal 13. Furthermore, dozens of core .module files have been fully converted into clean PHP classes
- Front controllers now leverage the symfony/runtime component to isolate bootstrapping logic from request handling, preparing the Drupal core architecture for advanced environments like FrankenPHP, known for its blazing-fast performance, among other features
- Drupal 11.4 introduces a native, extensible command-line tool (./vendor/bin/dr) built in partnership with Drush maintainers. This kicks off a transitional period where Drush commands will gradually be migrated to the core native binary
- Also, the new HttpKernelUiHelperTrait for kernel tests lets developers make mock HTTP requests and assertions without running the full Drupal site installer. This allows many traditional browser tests to be rewritten as much faster kernel tests
- There's been a significant shift towards the adoption of PHP Attributes in recent Drupal releases, and 11.4 is no exception
- Editor experience
- Drupal 11.4 includes the new Default Admin theme, a version of the popular Gin admin theme, now in core
- The Navigation module is now enabled by default, replacing the legacy toolbar
- CKEditor once again has a fullscreen button available without a contrib add-on, allowing editors to fully immerse themselves in a WYSIWYG element's content, great for working on long-format pieces
- Deprecations
- The initial 11.4.0 release actually removed a number of core recipes. They were since restored in an 11.4.1 release, but they are deprecated and will be removed from Drupal 12
- Also on their way out are a number of modules, including Ban, Contact, Field Layout, History, Migrate Drupal and its UI, Search, Settings Tray, Shortcut, Telephone, Toolbar, and a flag module called layout_builder_expose_all_field_blocks. For themes, Claro, Stable 9, and Olivero are all deprecated, and will be moved from core. We'll include the meta issue about these deprecation in the show notes, and if any of these are important to you, it's worth tracking where they are on the path of moving to contrib
- Performance improvements
13 Jul 2026 6:00pm GMT
Droptica: Drupal Paragraphs tutorial, part 2: variants, responsive design, spacing, and admin UX

This is the second and final part of a two-part guide to building a component-based corporate website with Drupal Paragraphs. Turn the bare components from part 1 into a flexible, production-grade library with color variants, responsive layouts, spacing controls, conditional fields, and admin UX.
Add style variants with CSS custom properties and Paragraphs behavior plugins, build mobile-first responsive layouts, give editors margin and padding controls, and polish the admin experience with Gin, conditional fields, and smart defaults.
13 Jul 2026 4:25pm GMT
The Drop Times: Drupal Governance, Security, and Automation Updates
Recent Drupal news fits inside a wider question Dries Buytaert raised in his blog post, License-only versus Stewarded Open Source: what turns code that is merely available into infrastructure people can depend on? The distinction is useful because this week's updates are not only about individual announcements. They show the work that sits behind dependable open source: governance, maintenance, security response, shared knowledge, and long-term care.
The 2026 Drupal Association at-large board election brings that work into the governance layer. One community-elected seat on the association's board is now moving through its election cycle, giving individual members a direct role in how Drupal's institutional support is represented. In a project where technical decisions and community structures constantly shape each other, governance is not a background process. It is part of how shared infrastructure is kept accountable.
The same distinction between availability and dependability appears in the ten contributed-project security advisories published on 8 July 2026. Four were rated Critical. Three direct site owners to uninstall unsupported projects, while the fourth addresses SQL injection in Location Selector. Unsupported projects may still exist in repositories and production sites, but that does not make them safe to keep using.
For site teams, the response is practical rather than abstract. Affected modules need to be identified, fixed releases need to be applied where available, and unsupported projects without advisory-listed fixes need to be removed. This is the maintenance layer of open source that rarely attracts attention until something breaks.
ECA crossing 20,000 reported Drupal site installations shows the same issue from the maintainer side. The Event-Condition-Action module allows site builders to model workflows through events, conditions, and actions instead of relying on custom glue code. Adoption at that scale is not just a usage milestone; it changes the weight of future commits, API decisions, and compatibility promises.
In a written response to The DropTimes, project co-founder Jürgen Haas said the milestone changes how he thinks about maintenance responsibility. That is the cost of relevance in practical form. Once a module becomes part of thousands of working sites, its maintainers are no longer only improving a tool. They are helping support a piece of shared infrastructure.
The week's event deadlines extend the same theme into community programming. Pacific Northwest Drupal Summit 2026 is accepting proposals ahead of its October event in Vancouver, British Columbia, while DrupalCamp Italy 2026 has extended its Call for Papers to 31 July 2026 for its one-day camp in Bologna. Event programmes are another support structure for the ecosystem because they turn project work, lessons, failures, and experiments into knowledge others can use.
Taken together, these updates make a selected but coherent brief. They are not the whole week in Drupal, and they are not a ranking of every important story. They are a thread through the work that keeps open source dependable after the code is released: electing representatives, closing security gaps, maintaining widely used modules, and making room for contributors to share what they are learning.
Readers can follow The DropTimes on LinkedIn, Twitter, Bluesky, and Facebook, or join the publication's Drupal Slack channel at #thedroptimes.
(Allen Jason, junior sub-editor at The DropTimes, writes and curates this week's Editor's Pick.)
13 Jul 2026 4:11pm GMT
Droptica: Drupal Paragraphs tutorial, part 1: planning architecture and base types

This is part 1 of a two-part guide to building a component-based corporate website with Drupal Paragraphs. By the end of the series you'll have a library of 10-12 universal paragraph types with style variants, responsive layouts, and editor-friendly spacing controls.
Plan a reusable component library, set up the Paragraphs module, and build Hero, Text + Image, and Feature Grid paragraph types with Twig templates and CSS.
13 Jul 2026 7:56am GMT
DrupalCon News & Updates: AI in Drupal: from experimentation to real impact
At DrupalCon Rotterdam 2026, AI takes its place at the heart of how modern Drupal platforms are built, integrated, and scaled. The Development, AI & Agentic Architecture track puts that front and centre-focusing on complex architectures, automation, and intelligent systems in real-world environments.
This is not about hype. It's about what's already changing.
AI is moving from experimentation to everyday use-powering intelligent search, automating workflows, enabling personalization, and supporting content creation. It's reshaping how digital teams operate and how platforms deliver value.
But with that power comes responsibility.
In the Drupal ecosystem, AI is being approached with a clear focus on privacy, transparency, accountability, security, resilience, and human control. This is where the conversation gets real-and where Drupal stands out.
From possibility to practice
At DrupalCon, the key question isn't just what AI can do. It's how to use it effectively in complex, production-ready environments.
Teams are actively exploring:
- How to integrate AI without introducing unnecessary complexity
- How to protect data while maintaining performance and scalability
- How to ensure systems remain transparent, governed, and maintainable over time
These are not theoretical challenges-they're critical decisions shaping the next generation of digital platforms.
Why Drupal leads this conversation
Drupal provides a unique foundation for making AI practical.
Here, AI is not explored in isolation, It's applied within structured content models, complex workflows, deep integrations, and strong governance frameworks-all backed by open-source principles.
For attendees, this makes AI more than a trend. It becomes a tangible, actionable part of modern Drupal delivery.
Be part of what's next
DrupalCon Rotterdam 2026 is where AI moves from idea to implementation.
If you want to understand how intelligent systems are being applied in real Drupal projects-and how to use them responsibly and effectively-this is where the conversation happens.
- Article by Daniela Moreira.
🎟️ Join Us at DrupalCon Rotterdam 2026
Continue the conversation at DrupalCon Rotterdam 2026, where the Development, AI & Agentic Architecture track explores the technologies, strategies, and decisions shaping open digital ecosystems.
👉 Register for DrupalCon Rotterdam 2026
13 Jul 2026 7:52am GMT
DDEV Blog: DDEV Xdebug Quickstart with PhpStorm (Video)

Step debugging is one of the first things every developer should master in any language or environment, and it's my opinion that it's just as fundamental as version control. With DDEV, getting Xdebug working with PhpStorm takes less than five minutes and no php.ini fiddling. This screencast shows the whole thing on a TYPO3 project, start to finish.
Watch the Video
What You'll See
- Installing the DDEV Integration Plugin for PhpStorm
- Setting a breakpoint at the entry point of a TYPO3 project
- Telling PhpStorm to listen for PHP debug connections
- Enabling Xdebug with
ddev xdebug on - Stepping over (F8) and stepping into (F7) code as a page loads
The Steps
- Install the DDEV Integration plugin from the PhpStorm marketplace (not required, but it handles most of the setup for you)
- Set a breakpoint
- Tell PhpStorm to listen for PHP debug connections
ddev xdebug on- Visit the page - PhpStorm stops at your breakpoint automatically
That's it. No manual php.ini changes, no fussing with host.docker.internal, no separate Xdebug install.
Works the Same Everywhere
This screencast uses PhpStorm, but the same setup works identically with VS Code, on Linux, and on Windows with WSL2. If you're setting up a new machine, see:
- DDEV on Linux in 10 Minutes
- Watch: DDEV from scratch with Windows WSL2
- Watch: DDEV From Scratch with macOS
More on Xdebug and DDEV
- The
ddev utility xdebug-diagnose --interactivecommand can help with port conflict and related setup problems. Try it out! - Xdebug in DDEV: Understanding, Debugging, and Troubleshooting Step Debugging - the updated guide
- DDEV and Xdebug: Debugging and sorting out problems
- Xdebug.org and its step debugging documentation
Xdebug is created and maintained by Derick Rethans. He's been maintaining it for 20+ years. Send money to the Xdebug project!. The DDEV Foundation supports it as an upstream project, you can too.
Learn More
- Full details on DDEV's Xdebug integration, including troubleshooting, are in the DDEV documentation.
If you have questions, reach out in any of the support channels.
Follow our blog, Bluesky, LinkedIn, Mastodon, and join us on Discord. Sign up for the monthly newsletter.
This article was edited and refined with assistance from Claude Code.
13 Jul 2026 12:00am GMT