Drupal.org aggregatorKeyword search struggles with natural language and exploratory questions. Daniel walked the DrupalSouth 2026 audience through how OpenSearch and Skpr enable semantic search that understands intent and meaning, and how Retrieval-Augmented Generation (RAG) transforms results into clear, human-friendly answers grounded in your actual content.
21 May 2026 3:00am GMT
Last week, the PreviousNext team headed over to Wellington for DrupalSouth 2026, and what a week it was.
The highlight of the week was the Splash Awards - and this year, we are honoured to have won:
Congratulations to Lee and Adam! Both deserved the recognition for their active work with the Drupal Community.
The Best in Show win for Cancer Australia makes this a remarkable run. PreviousNext has now won Best in Show three times back to back. Here's the full picture:
Wellington was also a milestone for Skpr's, which officially launched in the New Zealand market at DrupalSouth. If you haven't seen or heard about Skpr yet, now is a good time!
From there, it was all about the Drupal community. We spent the week reconnecting with familiar faces, meeting new ones, and having the kinds of conversations that don't happen over email.
We had six PreviousNext team members take the stage this year:
We were also thrilled to have Lara Saunders from Bond University join us at DrupalSouth this year. It's always great to see clients engage with the broader Drupal community.
We're incredibly proud of the team - and grateful to the clients and community who make this kind of recognition possible. See you all next year on the Gold Coast!
21 May 2026 2:43am GMT
Drupal.org aggregatorDrupal core includes a database abstraction API to ensure that queries executed against the database are sanitized to prevent SQL injection attacks.
A vulnerability in this API allows an attacker to send specially crafted requests, resulting in arbitrary SQL injection for sites using PostgreSQL databases. This can lead to information disclosure, and in some cases privilege escalation, remote code execution, or other attacks.
This vulnerability can be exploited by anonymous users.
This vulnerability only affects sites using PostgreSQL. However, the dependency updates in this release apply to all sites.
The Drupal releases for supported branches (11.3, 11.2, 10.6, and 10.5) in this advisory also include security updates for Symfony and Twig. Those projects have released important Security Advisories that were coordinated with this Drupal release, and Drupal is affected by some of the vulnerabilities.
Depending on your site configuration and contrib modules, you may be vulnerable to one or more of these upstream issues, so updating these dependencies is highly recommended whether the SQL Injection vulnerability affects you or not. It is also recommended to review which user roles have the ability to update Twig templates, for example via Views or contributed modules.
Install the latest version.
The following releases will be available as soon as automated release packaging is complete. You may receive a 404 in the interim. The updates may also be available on Packagist sooner.
Drupal 11.1.x, Drupal 11.0.x, Drupal 10.4.x, and below are end-of-life and do not receive security coverage. (Drupal 8 and Drupal 9 have both reached end-of-life.) Due to this issue's severity, the unsupported releases and patches for unsupported versions are provided as a best effort. Those unsupported versions will still have other, previously disclosed security vulnerabilities.
20 May 2026 6:08pm GMT