18 Jun 2026

feedDrupal.org aggregator

DrupalCon News & Updates: Why DrupalCon Rotterdam Is Worth Attending

DrupalCon Rotterdam is one of those events that naturally attracts attention across the Drupal ecosystem. Not only because it brings the community together, but because it creates a space where technology, strategy, contribution and real-world digital projects meet.

For anyone working with Drupal, open source or digital experience platforms, the question is not just "what happens at DrupalCon?", but it might be: "If you have never been before, why should this be the year to go?"

Image
Photo by PdJohnson

Photo by Joris Vercammen


Why Rotterdam?

Rotterdam feels like a strong fit for an event like DrupalCon. It is a city known for innovation, architecture, international connections and a forward-looking mindset - qualities that align naturally with the spirit of the Drupal community.

Bringing DrupalCon to Rotterdam creates an opportunity to connect the European Drupal community in a dynamic and accessible setting. It also gives professionals from different markets the chance to meet, exchange perspectives and discuss how Drupal continues to evolve in a fast-changing digital landscape.


Learning from real experience

One of the strongest reasons to attend DrupalCon is the quality of the knowledge shared by the community.

This is not only about product updates or technical presentations, It is about learning from people who are building, maintaining and improving digital platforms in real contexts, often with complex requirements, long-term governance needs and ambitious user experience goals.

From technical sessions to strategic case studies, DrupalCon gives attendees access to practical insight that is difficult to get from documentation alone.


Meeting the community behind Drupal

Drupal has always been more than a content management system; It is an open-source project supported by a global network of contributors, companies and professionals.

For someone who has never attended before, this is one of the most compelling reasons to go: Online discussions, issue queues and documentation are valuable, but meeting people face to face adds a different layer to the experience.

Conversations during sessions, between talks or at community events can lead to new ideas, partnerships and a better understanding of how others approach similar challenges.

Image
Photo by Matthew Saunders

Photo by Matthew Saunders


Inspiration beyond the technical track

DrupalCon is also a place to see what organisations are doing with Drupal today.

Real-world examples often show the platform's value more clearly than feature lists. They reveal how Drupal is being used to support public sector platforms, media websites, higher education, enterprise ecosystems, multilingual content, accessibility requirements and complex editorial workflows.

That is why DrupalCon is relevant beyond development, project managers, designers, UX professionals, marketers, content teams and business leaders can all find useful perspectives on delivery, governance, accessibility, platform strategy and the role of open source in long-term digital transformation.


Why attend for the first time?

Attending DrupalCon for the first time is a way to move from observing the community to being part of it.

It is an opportunity to learn from experienced professionals, understand the direction of the platform, discover practical use cases and build connections that can continue long after the event ends.

DrupalCon Rotterdam represents more than another event in the digital calendar, It is a chance to understand Drupal through the people and projects that keep it moving forward.

For a first-time attendee, that may be the strongest reason to go.

Because sometimes the best way to understand the value of a community is not to read about it from the outside. It is to be in the room where that community comes together.


See you there?
Register now!


- Article by Daniela Moreira

18 Jun 2026 5:32am GMT

17 Jun 2026

feedDrupal.org aggregator

Security advisories: Drupal core - Moderately critical - Improper validation - SA-CORE-2026-009

Project:
Date:
2026-June-17
Vulnerability:
Improper validation
Affected versions:
<10.5.12 || >=10.6.0 <10.6.11 || >=11.2.0 <11.2.14 || >=11.3.0 <11.3.12 || 11.0.* || 11.1.*
CVE IDs:
CVE-2026-55808
Description:

The JSON:API and REST modules allow you to upload image files to image fields.

The validation rules check the file extension of the uploaded file but not the file MIME type. This may allow a malicious user to upload a file that is not an image.

Certain web-server configurations may serve the uploaded file with its actual MIME type rather than an image type. This may lead to cross-site scripting (XSS) or other unexpected behavior.

Solution:

Install the latest version:

Drupal 11

Drupal 10

Drupal 11.1.x, Drupal 11.0.x, Drupal 10.4.x, and below are end-of-life and do not receive security coverage. (Drupal 8 and Drupal 9 have both reached end-of-life.)

Reported By:
Coordinated By:

17 Jun 2026 6:58pm GMT

Security advisories: Drupal core - Moderately critical - Server-side request forgery - SA-CORE-2026-008

Project:
Date:
2026-June-17
Vulnerability:
Server-side request forgery
Affected versions:
<10.5.12 || >=10.6.0 <10.6.11 || >=11.2.0 <11.2.14 || >=11.3.0 <11.3.12 || 11.0.* || 11.1.*
CVE IDs:
CVE-2026-55807
Description:

The Media module comes with support for oEmbed. The oEmbed specification contains two discovery mechanisms, via providers.json and via URL discovery.

The URL discovery code could be leveraged to trick Drupal into making server-side requests to any URL.

Solution:

Install the latest version:

Drupal 11

Drupal 10

Drupal 11.1.x, Drupal 11.0.x, Drupal 10.4.x, and below are end-of-life and do not receive security coverage. (Drupal 8 and Drupal 9 have both reached end-of-life.)

Required site changes for URL discovery

Most users of the oEmbed functionality in Drupal likely use providers.json to define known providers (such as YouTube and Vimeo) for embedding content.

If you are using URL discovery, you now need to set a list of trusted oEmbed discovery hosts in settings.php.

This is an array containing a series of regular expressions for matching host names for discovery. It follows the same pattern as the existing trusted hosts settings.

Example:

// Only allow URL discovery from example.com.
$settings['media_oembed_discovery_trusted_host_patterns'] = [
  '^example\.com$',
];
Fixed By:
Coordinated By:

17 Jun 2026 6:57pm GMT