Thursday, March 4, 2021

This past month we upgraded all SiteNow v2/v3 websites to Drupal 9. This upgrade was mainly focused on staying up-to-date with Drupal's dependencies and removing deprecated code from the system, but this is still quite a milestone for us.

New Features

  • All SiteNow v2 and v3 websites were upgraded to Drupal 9.1, which is the most current stable version.
  • SiteNow v2 websites have been updated to match SiteNow v3's use of Drupal core's media library plugin for WYSIWYG areas.
  • SiteNow v2/v3 websites now support the <pre> tag in WYSIWYG areas.
  • SiteNow v3 have grid block options on Articles, People, Events and RSS Feed blocks. You can see documentation by selecting the relevant block type on the Layout Builder documentation page and looking under the "Display Options" section.
  • Improved cron functionality to allow certain tasks to trigger at different intervals which will improve server performance and allow more tasks in the future.
  • We continue to establish reusable scripts for migrating content from Drupal 7 to the latest version of Drupal.

Upcoming changes

On Wednesday, March 10th, we will be deploying a style change to person content teasers. These teaser displays are used in the SiteNow People listing page, the People block (v2/v3) and the Featured Content block (v2). We will be switching from the large square image to a smaller circle style. This will be visually different but is another step towards adopting the University's brand guidelines. The circle style is already in use as a larger image on the person's profile page. We recommend reviewing your website's person profile images and correcting any issues by either selecting a new focal point to crop the image on or by uploading a replacement image.

Notable Fixes

  • Removed unused custom code and dependencies.
  • Fixed article feed links from showing on year/month displays.
  • Added Webform date element usability improvement for Safari and Internet Explorer.
  • Padding adjustments were made to Slider and Banner blocks.
  • Fixed toggle navigation alignment at certain viewport widths as well as a fix for overflowing menu items in certain browsers.

Notable Launches

Known Issues

A couple issues were discovered this month, both related to webform. They, along with workarounds, have been documented on our known issues page. We will monitor issues for potential solutions and implement as soon as possible.

There was a security fix for Webform that changes how the default "Contact" form handles email confirmations. Other forms that send a confirmation email to the email address element's value have not be updated.

These confirmation emails can be used as an open mail relay to send an email to any email address. This vulnerability is mitigated if the site owner's email address is also receiving a notification email, which should alert the site owner to the exploitation. If the site owner's mailbox is not monitored, the open mail relay can be more easily exploited.

We suggest adding the site's email to also receive these emails or to move away from sending confirmation emails trigged by anonymous form submitters.