Drupal.org aggregatorKeyword search struggles with natural language and exploratory questions. Daniel walked the DrupalSouth 2026 audience through how OpenSearch and Skpr enable semantic search that understands intent and meaning, and how Retrieval-Augmented Generation (RAG) transforms results into clear, human-friendly answers grounded in your actual content.
21 May 2026 3:00am GMT
Drupal.org aggregatorDrupal core includes a database abstraction API to ensure that queries executed against the database are sanitized to prevent SQL injection attacks.
A vulnerability in this API allows an attacker to send specially crafted requests, resulting in arbitrary SQL injection for sites using PostgreSQL databases. This can lead to information disclosure, and in some cases privilege escalation, remote code execution, or other attacks.
This vulnerability can be exploited by anonymous users.
This vulnerability only affects sites using PostgreSQL. However, the dependency updates in this release apply to all sites.
The Drupal releases for supported branches (11.3, 11.2, 10.6, and 10.5) in this advisory also include security updates for Symfony and Twig. Those projects have released important Security Advisories that were coordinated with this Drupal release, and Drupal is affected by some of the vulnerabilities.
Depending on your site configuration and contrib modules, you may be vulnerable to one or more of these upstream issues, so updating these dependencies is highly recommended whether the SQL Injection vulnerability affects you or not. It is also recommended to review which user roles have the ability to update Twig templates, for example via Views or contributed modules.
Install the latest version.
The following releases will be available as soon as automated release packaging is complete. You may receive a 404 in the interim. The updates may also be available on Packagist sooner.
Drupal 11.1.x, Drupal 11.0.x, Drupal 10.4.x, and below are end-of-life and do not receive security coverage. (Drupal 8 and Drupal 9 have both reached end-of-life.) Due to this issue's severity, the unsupported releases and patches for unsupported versions are provided as a best effort. Those unsupported versions will still have other, previously disclosed security vulnerabilities.
20 May 2026 6:08pm GMT
Recently, I contributed an AI-powered Schema.org JSON-LD module to Drupal that uses AI automators to generate Schema.org JSON-LD, building a knowledge graph that improves SEO/AEO by making it easier for machines to understand your website. The module was built with AI in 4 days, whereas the Schema.org Blueprints module with a similar goal took 4 years. I have been so shocked by how efficiently AI can code and build software that I realized, "AI ate my work, and I need to be okay with that." I wrote about how I am adjusting to this new "AI" normal.
A slightly different reckoning is unfolding for our websites because AI is consuming our content, thereby reducing traffic. Providing Schema.org JSON-LD is one way to feed the machines. AIs are becoming the front page of most websites. To adapt to this new "AI" normal, where an AI is the gatekeeper to your website, we need to evolve our approach to building and managing our websites.
Adaptation
Personally, "adaptation" feels like the right word to describe the challenge and change we, developers, site builders, managers, and owners, are facing right now. Adaptation is forced upon us by external constraints or opportunities, depending on your point of view, to evolve our approach to building and sharing information. There is a much larger discussion about the impact of AI on who we are, what we are building, and how we build. For now, I want to focus on what Drupal-built websites need to consider to adapt and keep up with the rapidly evolving digital landscape, which is largely out of our control.
Out of our control
How AIs are consuming our websites is out of our control. If you look back at how websites continually bent and tweaked to get a bump in page ranking, implementing now-defunct things like AMP (Accelerated Mobile Pages) because Google told us to,...Read More
20 May 2026 2:47pm GMT