21 May 2026

feedDrupal.org aggregator

PreviousNext: Keywords to Context: Semantic Search and Retrieval-Augmented Generation with OpenSearch

Keyword search struggles with natural language and exploratory questions. Daniel walked the DrupalSouth 2026 audience through how OpenSearch and Skpr enable semantic search that understands intent and meaning, and how Retrieval-Augmented Generation (RAG) transforms results into clear, human-friendly answers grounded in your actual content.

by daniel.veza /

21 May 2026 3:00am GMT

PreviousNext: PreviousNext wins four Splash Awards and a third consecutive Best in Show at DrupalSouth Wellington 2026

Last week, the PreviousNext team headed over to Wellington for DrupalSouth 2026, and what a week it was.

by ana.beltran /

The highlight of the week was the Splash Awards - and this year, we are honoured to have won:

  • Best in Government with Cancer Australia for the GovCMS PaaS project we did in collaboration with Paper Moose
  • Best in Show with Cancer Australia
  • Community People's Choice Award - Adam Bramley (jointly awarded to Nicole Ritchie)
  • Hall of Fame - Lee Rowlands

Congratulations to Lee and Adam! Both deserved the recognition for their active work with the Drupal Community.

The Best in Show win for Cancer Australia makes this a remarkable run. PreviousNext has now won Best in Show three times back to back. Here's the full picture:

Adam Bramley and Daniel Veza receiving the Splash Award for Cancer Australia
Photo credit: Karl Hepworth - https://www.flickr.com/people/200855369@N08/ License: ShareAlike 2.0 https://creativecommons.org/licenses/by-sa/2.0/deed.en

Wellington was also a milestone for Skpr's, which officially launched in the New Zealand market at DrupalSouth. If you haven't seen or heard about Skpr yet, now is a good time!

From there, it was all about the Drupal community. We spent the week reconnecting with familiar faces, meeting new ones, and having the kinds of conversations that don't happen over email.

We had six PreviousNext team members take the stage this year:

We were also thrilled to have Lara Saunders from Bond University join us at DrupalSouth this year. It's always great to see clients engage with the broader Drupal community.

We're incredibly proud of the team - and grateful to the clients and community who make this kind of recognition possible. See you all next year on the Gold Coast!

Group photo at DrupalSouth 2026 Wellington
Photo credit: Karl Hepworth - https://www.flickr.com/people/200855369@N08/ License: ShareAlike 2.0 https://creativecommons.org/licenses/by-sa/2.0/deed.en

21 May 2026 2:43am GMT

20 May 2026

feedDrupal.org aggregator

Security advisories: Drupal core - Highly critical - SQL injection - SA-CORE-2026-004

Project:
Date:
2026-May-20
Vulnerability:
SQL injection
Affected versions:
>= 8.9.0 < 10.4.10 || >= 10.5.0 < 10.5.10 || >= 10.6.0 < 10.6.9 || >= 11.0.0 < 11.1.10 || >= 11.2.0 < 11.2.12 || >= 11.3.0 < 11.3.10
CVE IDs:
CVE-2026-9082
Description:

Drupal core includes a database abstraction API to ensure that queries executed against the database are sanitized to prevent SQL injection attacks.

A vulnerability in this API allows an attacker to send specially crafted requests, resulting in arbitrary SQL injection for sites using PostgreSQL databases. This can lead to information disclosure, and in some cases privilege escalation, remote code execution, or other attacks.

This vulnerability can be exploited by anonymous users.

This vulnerability only affects sites using PostgreSQL. However, the dependency updates in this release apply to all sites.

Upstream security advisories

The Drupal releases for supported branches (11.3, 11.2, 10.6, and 10.5) in this advisory also include security updates for Symfony and Twig. Those projects have released important Security Advisories that were coordinated with this Drupal release, and Drupal is affected by some of the vulnerabilities.

Depending on your site configuration and contrib modules, you may be vulnerable to one or more of these upstream issues, so updating these dependencies is highly recommended whether the SQL Injection vulnerability affects you or not. It is also recommended to review which user roles have the ability to update Twig templates, for example via Views or contributed modules.

Solution:

Install the latest version.

The following releases will be available as soon as automated release packaging is complete. You may receive a 404 in the interim. The updates may also be available on Packagist sooner.

Drupal 11

Drupal 10

Drupal 9 and 8

Drupal 11.1.x, Drupal 11.0.x, Drupal 10.4.x, and below are end-of-life and do not receive security coverage. (Drupal 8 and Drupal 9 have both reached end-of-life.) Due to this issue's severity, the unsupported releases and patches for unsupported versions are provided as a best effort. Those unsupported versions will still have other, previously disclosed security vulnerabilities.

Fixed By:
Coordinated By:

20 May 2026 6:08pm GMT