15 Jul 2026
Drupal.org aggregator
Dries Buytaert: Tiffany Farriss to lead the Drupal Association
The Drupal Association is entering a new chapter. Tim Doyle is stepping down as CEO, and the Board has appointed Tiffany Farriss as interim CEO.
I am grateful to Tim for his leadership and his impact on the Association. He built a strong leadership team that helped guide Drupal through an ambitious period of innovation. That team is well positioned to continue supporting Drupal and its community.
Tiffany brings continuity and deep expertise to the Drupal Association. She has contributed to Drupal for many years and served on the Drupal Association Board for more than a decade, including on its Finance Committee. She helped organize DrupalCon and built and ran a successful agency in the Drupal ecosystem. She understands our project, the Association's finances, and the realities our partners, contributors, and users face.
I have worked with Tiffany for many years. She is thoughtful, deeply committed to Drupal, and unafraid of hard questions. Although her title is interim CEO, she has the full authority and confidence of the Board, as well as my full support.
We expect Tiffany to serve for six to twelve months. During that time, she will focus on strengthening the Association's financial and operational foundation and preparing it for long-term leadership. Later in that period, the Board plans to launch a search for the next permanent CEO.
Turning innovation into momentum
Tiffany is stepping into the role at an important moment for Drupal.
Over the past few years, our community has done some of its most ambitious work. Contributors have continued to modernize Drupal Core. We launched Drupal CMS to make Drupal easier to adopt, introduced Drupal Canvas to rethink how people build, and rapidly advanced Drupal AI to change how people create and manage content.
We have also taken important steps toward marketing Drupal with the seriousness it deserves, so more organizations understand why it remains one of the most powerful and trusted platforms for building serious websites and applications.
This progress was made possible by our contributors and the organizations that invest in Drupal every day. The Drupal Association's role is to support that work and help turn it into wider adoption, a stronger ecosystem, and more opportunity for Drupal businesses.
Sustaining Drupal's essential work
The Drupal Association operates much of the infrastructure the project depends on, from Drupal.org and our collaboration tools to the services that help keep Drupal secure.
Drupal's infrastructure alone costs roughly $3 million each year. Today, it is funded through DrupalCon revenue, partnerships, sponsorships, donations, donated services, and volunteer contributions. That model has supported Drupal for many years, but it is not durable enough for the scale of the work ahead.
This is a challenge shared by open-source stewards everywhere. The software may be free to download, but the infrastructure and stewardship that make it dependable are not free to provide.
Building a stronger Drupal Association
Our commitment to Drupal's infrastructure and community will not change. Supporting them well requires a stronger Drupal Association, and that may mean exploring new approaches. We will weigh the options carefully, guided by what is best for Drupal and the people who depend on it.
This work will not be easy, but our ambition is clear: make the Association more sustainable, help Drupal innovate faster, strengthen how we bring it to market, and better support Certified Partners.
As this work takes shape, we will be transparent about what we are learning, the choices we are considering, and what they could mean for the Association and the community.
Tiffany understands what makes Drupal special and what the community values most. She also has the experience and mandate to shape what comes next.
Every new chapter depends on people willing to step forward. I am thankful to Tim for all he has done, to the Association's staff for their dedication, and to Tiffany for taking this on. With their commitment, I am confident in Drupal's direction and excited about the work ahead.
15 Jul 2026 9:54pm GMT
Drupal Association blog: Leadership changes at the Drupal Association
Our CEO, Tim Doyle, has stepped down from his role. We are grateful to Tim for his leadership and impact on our organization. Tim has built a strong leadership team that is positioned to continue the mission and vision that he and the Board share for Drupal.
As part of this process, the Board has been working to identify Tim's successor. We anticipate that the important work and mission of our organization will continue under new leadership, building on the strategy and plans we led during Tim's time with Drupal.
Likewise, the Board has been working with the senior team to ensure that interim leadership will be in place to facilitate a smooth transition.
We are grateful to Tim for all of his contributions as the leader of Drupal, and we look forward to his continued success in his future endeavors.
The Drupal Association board has appointed Tiffany Farriss as the Interim CEO, who brings more than a decade of experience as a Drupal Association board member, to guide the organization and community through this transition period.
15 Jul 2026 8:01pm GMT
Security advisories: Drupal core - Moderately critical - Cross-site scripting - SA-CORE-2026-012
The Layout Builder module doesn't sufficiently sanitize block labels in certain scenarios, which can lead to a cross-site scripting (XSS) vulnerability.
This is mitigated by the fact that both the attacker and the targeted user need to be using the Layout Builder editing interface.
Install the latest version:
Drupal 11
- If you use Drupal 11.4.x, update to Drupal 11.4.4.
- If you use Drupal 11.3.x, update to Drupal 11.3.14.
- Drupal 11.2.x and below are end-of-life and do not receive security coverage.
Drupal 10
- If you use Drupal 10.6.x, update to Drupal 10.6.13.
- Drupal 10.5.x and below are end-of-life and do not receive security coverage.
- danielveza
- Lee Rowlands (larowlan) of the Drupal Security Team
- Mingsong (mingsong) provisional member of the Drupal Security Team
- James Gilliland (neclimdul) of the Drupal Security Team
- Greg Knaddison (greggles) of the Drupal Security Team
- Lee Rowlands (larowlan) of the Drupal Security Team
- Dave Long (longwave) of the Drupal Security Team
- Jess (xjm) of the Drupal Security Team
15 Jul 2026 7:52pm GMT