25 Jun 2026
Drupal.org aggregator
LakeDrops Drupal Consulting, Development and Hosting: Three Players, One Direction: ECA, FlowDrop, and Maestro
Three Players, One Direction: ECA, FlowDrop, and Maestro
ECA, FlowDrop, and Maestro all draw boxes and connect them with arrows, so people keep asking whether three Drupal workflow modules means a split community. Not quite. Dries Buytaert, Randy Kolenko, Shibin Das, and I are writing a shared orchestration design spec, disagreeing productively in writing. One axis explains all three: how much state a run carries. ECA reacts statelessly to any Drupal event across the whole request surface. Maestro holds a durable process that can wait days for human approval. FlowDrop spans the axis with a typed, inspectable dataflow graph that runs sync, async, or stateful from one definition, and Shibin is refining it toward strictly serializable data, ideal for building complex AI agents. Nothing is frozen. The word "orchestration" itself is contested in the spec glossary. Composition already ships: maestro_eca_task lets a Maestro process hand off to ECA. The bigger vision, ECA reacting to content, calling a FlowDrop AI flow, then routing through Maestro for human approval, is a picture we are building toward, not a release. But bridges are the start, not the finish. The real work is building a shared foundation, common primitives and APIs so the three tools stop reinventing the same concepts under different names. The spec's vocabulary synthesis shows the embarrassing similarity: Trigger, Step, Condition, Workflow, Run. The keystone is a defined contract for handing data between steps and between tools, one that works beyond Drupal's border for AI agents and external systems. Three tools is the right number because the stateless-reactive and instance-stateful ends pull architectures in opposite directions. Specialization beats a mediocre merger.
25 Jun 2026 11:00am GMT
24 Jun 2026
Drupal.org aggregator
The Drop Times: Andy Marquis Outlines Custom Field’s Role Alongside Paragraphs in Drupal
When Paragraphs-based content models grow deep, Drupal teams can inherit slower rendering, heavier databases, and harder migrations. Custom Field maintainer Andy Marquis explains where field-based structured data offers a leaner alternative, and where Paragraphs still belongs.
24 Jun 2026 4:31pm GMT
Centarro: How Centarro Handles Critical Drupal Security Releases
Critical security vulnerabilities don't wait for a convenient time. They arrive on their own schedule, and how quickly your team responds can mean the difference between a routine update and a serious exposure.
A highly critical advisory with a 48-hour window
On May 18, the Drupal Security Team issued PSA-2026-05-18, a pre-announcement for a highly critical security release affecting every supported branch of Drupal core. The advisory scored a 20 out of 25 on the security risk scale. No authentication required, no special access needed. The release window was two days later, on May 20, between 17:00 and 21:00 UTC.
The Drupal Security Team urged site owners to reserve time for immediate updates because exploits could be developed within hours or days. They took the unusual step of providing best-effort patch files even for end-of-life versions of Drupal 8 and 9 because the potential impact was that significant.
If you're running a site that processes orders and manages customer data, you can't put something like this off until the next sprint.
Coordinating across every client
When the pre-announcement landed, we reached out to all of our support clients and worked directly with their teams to determine priority, assess whether the vulnerability applied to each site's specific configuration, and plan accordingly.
24 Jun 2026 3:03pm GMT