MantisBT 2.0.0-beta.1 Released

MantisBT 2.0.0 release focuses on improvements to the UI compared to 1.3.x release. As of this release, the db schema is the same between 1.3.x and 2.0.0-beta.1, enabling users to easily try 2.0.0-beta.1 and provide feedback.

Modern UI

  • Bootstrap 3.3.6 is used as the basis for the new modern UI (#17919)
  • FontAwesome 4.6.3 is now used for icons instead of images (#17919)
  • New UI Is based on a theme contributed by Mohsen (#17919).
  • Mobile friendly responsive UI (#17919)
  • Drag and Drop files to attach them to issues (#19590)
  • Modern Graphs using Chartjs for better looking, more interactive, and easier to setup graphs. (#12825)
  • Most of the plugins were updated to be compatible with the Modern UI. Look for a branch named modern-ui (or check readme.md) on the plugin repositories.

Modern My View Page

Modern View Issues Page Modern View Issue Page

Deprecated Features

  • Custom Functions in favor of Plugins
  • News feature – already deprecated
  • Time tracking – already deprecated
  • Project Docs – already deprecated
  • Sponsorships – already deprecated

Removed Features

  • DB2 Support

Checkout the new release on mantisbt website and report any issues you may find via our official bugtracker.

Dev Blog | The Arc – Economy

Mod Stu finished off the Arc dev blog series by talking about the unique economy of the Eastern Lands.

Dev Blog | The Arc – Economy

Mod Stu finished off the Arc dev blog series by talking about the unique economy of the Eastern Lands.

Drupal 8.1.7 released

Drupal 8.1.7, a maintenance release which contains fixes for security vulnerabilities, is now available for download.

See the Drupal 8.1.7 release notes for further information.

Upgrading your existing Drupal 8 sites is strongly recommended. There are no new features nor non-security-related bug fixes in this release. For more information about the Drupal 8.1.x release series, consult the Drupal 8 overview.

Security information

We have a security announcement mailing list and a history of all security advisories, as well as an RSS feed with the most recent security advisories. We strongly advise Drupal administrators to sign up for the list.

Drupal 8 includes the built-in Update Manager module, which informs you about important updates to your modules and themes.

Bug reports

Drupal 8.1.x is actively maintained, so more maintenance releases will be made available, according to our monthly release cycle.

Change log

Drupal 8.1.7 is a security release only. For more details, see the 8.1.7 release notes. A complete list of all changes in the stable 8.1.x branch can be found in the git commit log.

Security vulnerabilities

Drupal 8.1.7 was released in response to the discovery of security vulnerabilities. Details can be found in the official security advisories:

To fix the security problem, please upgrade to Drupal 8.1.7.

Update notes

See the 8.1.7 release notes for details on important changes in this release.

Known issues

See the 8.1.7 release notes for known issues.

Drupal Core – Highly Critical – Injection – SA-CORE-2016-003


Description

Drupal 8 uses the third-party PHP library Guzzle for making server-side HTTP requests. An attacker can provide a proxy server that Guzzle will use. The details of this are explained at https://httpoxy.org/.

CVE identifier(s) issued

  • CVE-2016-5385

Versions affected

  • Drupal core 8.x versions prior to 8.1.7

Solution

Install the latest version:

  • If you use Drupal 8.x, upgrade to Drupal core 8.1.7
  • If you use Drupal 7.x, Drupal core is not affected. However you should consider using the mitigation steps at https://httpoxy.org/ since you might have modules or other software on your server affected by this issue. For example, sites using Apache can add the following code to .htaccess:
    <IfModule mod_headers.c>
      RequestHeader unset Proxy
    </IfModule>
    

We also suggest mitigating it as described here: https://httpoxy.org/

Also see the Drupal core project page.

What if I am running Drupal core 8.0.x?

Drupal core 8.0.x is no longer supported. Update to 8.1.7 to get the latest security and bug fixes.

Why is this being released Monday rather than Wednesday?

The Drupal Security Team usually releases Security Advisories on Wednesdays. However, this vulnerability affects more than Drupal, and the authors of Guzzle and reporters of the issue coordinated to make it public Monday. Therefore, we are issuing a core release to update to the secure version of Guzzle today.

Contact and More Information

The Drupal security team can be reached at security at drupal.org or via the contact form at https://www.drupal.org/contact.

Learn more about the Drupal Security team and their policies, writing secure code for Drupal, and securing your site.

Follow the Drupal Security Team on Twitter at https://twitter.com/drupalsecurity

Front page news: 
Drupal version: 

Development Release: Tanglu 4.0 Beta 1

Matthias Klumpp has announced the availability of the first beta release of Tanglu 4.0, an upcoming new version of the project’s Debian-based distribution with a choice of GNOME or KDE Plasma desktops: “We are pleased to announce the release of the second development version of Tanglu 4, which….

And the winner is….

We have completed the artwork contest and would like to extend our thanks to everyone that took part, there were some excellent pieces submitted and choosing the winners was a tough task.

We would like to congratulate Jacques Daugeron on winning the background contest, the runners up will be available in the extra theme package as well.

Here is the signature background for Mageia 6, it will be included in the next updates to the theme packages.

Mageia-Default-3840x2160

Here are some of the images that will be included in the extra backgrounds package.

extra1
extra2

Also, congratulations go to the winners of the screensaver contest: Fabien Deschodt, Володимир, fkuller, Teimuraz Khazaradze, Donald Stewart, Jose, Philippe Verschelde and Mészáros Csaba, it was great to see so many contributors coming from such far reaching parts of the World.

We have images of Black Sea sunsets, snowy mountains in Scotland, big European cities all the way to South American waterways, its nice to see the global appeal that Mageia brings.

screensavers

Thanks again to all the contributors, we look forward to hearing your feedback on the new look!

ChaletOS: A Linux that Provides Uncanny Resemblance to Windows 7

The Linux platform has seen a surge of new users, who are usually migrating from Windows or at least they are trying Linux for the first time. But often, but they are afraid the interface will be too alien. Some developers think that it’s a good idea to give users something familiar, so that their first experience on the open source platform won’t be all that strange.
For many, the computer interface has always followed the same formula:
Start Menu – Panel – System tray – Desktop icons
With those simple elements, people have happily interfaced with their hardware and done their jobs for a very long time. For those working within the world of Windows, the best take on that formula was (in many an opinion) Windows 7. So, it should come as no surprise that some Linux distributions have adopted that formula to create a desktop with which users would feel a sense of immediate connection.
Linux users do have a large selection of distros to choose from and there are plenty of friendly options out there, but some of the developers want to offer more than a simple implementation of a desktop environment.
“This system is not too different from Xubuntu system on what is based on, but ChaletOS has a style that everyone knows, appealing simplicity and speed that impresses. All this will make them to fall in love with this system quickly. Because of its small hardware requirements it will revive some old machines and refresh others, not so old.”

Source: http://www.techworm.net/2016/07/chaletos-linux-provides-uncanny-resemblance-windows-7.html
Submitted by: Arnfried Walbrecht

DistroWatch Weekly, Issue 670

This week in DistroWatch Weekly: Review: Linux Lite 3.0 News: Bodhi team plans for 4.0.0, pfSense changes license, interview with FreeDOS’s founder, Linux Mint offers upgrade path, Ubuntu’s forums breached Questions and answers: Getting software to work across distributions Torrent corner: IPFire, NAS4Free Released last week: IPfire 2.19….

Patch Week | Shadow Dragoon Outfit – HD

Fixes, combat mode tweaks and the return of an epic cosmetic outfit as we swab the decks for The Arc.

Patch Week | Shadow Dragoon Outfit

Fixes, combat mode tweaks and the return of an epic cosmetic outfit as we swab the decks for The Arc.

Drupal 8.x core release on Monday — PSA-2016-002

  • Advisory ID: DRUPAL-PSA-2016-002
  • Project: Drupal
  • Version: 8.x
  • Date: 2016-July-17
  • Security risk: TBD
  • Vulnerability: TBD


Description

We will be doing a Drupal 8 core patch release on Monday, July 18th. This will occur between 14:15 UTC and 19:00 UTC.

There will not be a Drupal 7 release during this window.

Why is this release being issued?

The Drupal security team has learned that a third-party Drupal 8 dependency will be making a security release on Monday, July 18th and in accordance we will be making a Drupal 8 release soon after. We will not disclose details of the third-party update in advance of that release and cannot respond to requests for further information. This security release is for the dependency only and does not affect Drupal 7 sites. Other mitigating factors will be included with our published SA.

What about the regularly scheduled release window on Wednesday, July 20?

We are moving the regularly scheduled window two days earlier to provide the third-party dependency update, so this replaces that window.

There will not be another core release on Wednesday, July 20th.

Contact and More Information

The Drupal security team can be reached at security at drupal.org or via the contact form at https://www.drupal.org/contact.

Learn more about the Drupal Security team and their policies, writing secure code for Drupal, and securing your site.

Follow the Drupal Security Team on Twitter at https://twitter.com/drupalsecurity

Drupal version: 

Ubuntu Linux forum hacked, data of 2 million users leaked





Canonical has said its forums were hacked Thursday. It said in a statement on Friday that two million usernames, email addresses, and IP addresses associated with the Ubuntu Forums were taken by an unnamed attacker.
Ubuntu forum was used by Linux devs, Ubuntu users and aficionados to discuss the bugs, flaws, upcoming builds and other general Linux talk.
“There has been a security breach on the Ubuntu Forums site. We take information security and user privacy very seriously, follow a strict set of security practices and this incident has triggered a thorough investigation. Corrective action has been taken, and full service of the Forums has been restored. In the interest of transparency, we’d like to share the details of the breach and what steps have been taken. We apologize for the breach and ensuing inconvenience”, says Jane Silber, Chief Executive Officer, Canonical Ltd.
Silber further explained, “after some initial investigation, we were able to confirm there had been an exposure of data and shut down the Forums as a precautionary measure. Deeper investigation revealed that there was a known SQL injection vulnerability in the Forumrunner add-on in the Forums which had not yet been patched”.

Source: http://www.techworm.net/2016/07/ubuntu-linux-forum-hacked-data-2-million-users-leaked.html
Submitted by: Arnfried Walbrecht

Development Release: elementary OS 0.4 Beta 2

Development Release: elementary OS 0.4 Beta 2^Daniel Foré has announced the availability of the second beta build of elementary OS 0.4, the project’s upcoming new release of the Ubuntu-based distribution featuring a custom desktop called “Pantheon”: “Loki beta 2 is here. Even though it has only been a….

Ubuntu Touch OTA-12 and OTA-13 Brings Libertine Improvements





Some of the latest changes coming in the next major update of the Ubuntu Touch, the OTA-13 as the Ubuntu Touch saga continues, some good news for the soon-to-be-released OTA-12 have also been heard.
Things look great at the testing of the upcoming Ubuntu Touch OTA-12 software update almost close to completion.Everything works perfectly as expected for almost all devices and there are no blockers, with a small exception for Meizu PRO 5 and BQ Aquaris M10, which need custom tarball re-spins, according to Canonical’s Łukasz Zemczak.
Nevertheless, it is needlessly mentioned because the OTA-12 update is on its way to Ubuntu Phone, while multiple improvements and a few new features could be seen in Ubuntu Tablet as owners claimed. Currently, time is not specified and it looks like the phased out update should start landing next week, on July 20 this year.
More details about the Ubuntu Touch OTA-12 update will be seen in a couple of weeks, it is also expected to unveil some new features emerged just before the Wednesday launch. The OTA-12 will expectedly be seeded as a phased update during a 24-hour period, yet, everyone will not receive it on the launch day.

Source: http://hqgrandeprairie.com/technology/ubuntu-touch-ota-12-ota-13-brings-libertine-improvements/373834
Submitted by: Arnfried Walbrecht

Clear Linux Gets Mesa 3D 12.0.0 and Linux Kernel 4.6.4, Performance Improvements

Softpedia was informed by the Clear Linux developer on the availability of the first newsletter of the Linux kernel-based operating system that informs users about the latest GNU/Linux technologies implemented during the week that passed.

Entitled “This Week in Clear Linux,” the first installation informs the Clear Linux community about the fact that the Linux kernel-based operating system designed specifically for Intel architecture received the latest Linux 4.6.4 and 4.4.15 LTS kernels, the Mesa 3D Graphics Library 12.0.0, and Rust language 1.10.0.

“The kernels in Clear Linux were updated to the latest stable versions, kernel 4.6.4 for the normal kernels, and 4.4.15 for the LTS kernels. As usual, the stable kernels contain “important updates”,” said Eva P. Hutanu. All of the Clear Linux package sources are now available as git trees.”

Caffe machine learning framework performan… (read more)

Nvidia 367.35 Linux Graphics Driver Released with VDPAU Feature Set H Support

Today, July 15, 2016, Nvidia published a new long-lived graphics driver for UNIX-like operating systems, including GNU/Linux, FreeBSD, and Solaris, Nvidia 367.35.

The Nvidia 367.35 video driver comes as an upgrade to the previous update, Nvidia 367.27, announced exactly one month ago, which introduced support for Nvidia’s recently released GeForce GTX 1080 and GTK 1070 graphics cards on Linux kernel-based operating systems.

However, this appears to be a small maintenance update bringing fixes for some annoyances reported by users since the previous release, but also to implement support for VDPAU (Video Decode and Presentation API for Unix) Feature Set H to the Nvidia VDPAU driver on all supported platforms.

Thanks to the support for VDPAU Feature Set H, your Nvidia graphics card will be capable of hardware-accelerated decoding of 8K (8192×8192) H.265/HEVC encoded video streams. Also new,… (read more)

You Can Now Use Netflix on Vivaldi and Other Chromium-Based Web Browsers

Vivaldi’s Ruarí Ødegaard managed to create a handy script that would allow you to watch Netflix movies on Vivaldi, as well as any other Chromium-based web browser.

As you’re probably aware of by now, Netflix only supports the Google Chrome and Opera web browsers when we talk about watching movies streamed via their online platform on Linux kernel-based operating systems. On Windows and Mac the there are more browsers supports, including Mozilla Firefox and Safari.

That is not the case for Linux users, whose open source and free personal computing platform is not even mentioned on the Netflix website. Therefore, if you’re using a GNU/Linux distro and you want to watch Netflix movies, you are kind of forced to use the Google Chrome or Opera web browsers, though only the first is fully supported.

Here’s how to watch Netflix movies on Vivaldi and Chromium-based browsers

If your web browser of choic… (read more)

Linux Kernel 4.6.4 Lands in the Stable Arch Linux Repositories, Update Now

Just a few moments ago, July 15, 2016, the Arch Linux kernel maintainers have managed to upgrade the operating system’s stable kernel to the recently released Linux 4.6.4 version.

Announced four days ago, on July 11, Linux kernel 4.6.4 has been introduced by Greg Kroah-Hartman as being a pretty small maintenance update changing a total of 36 files, with 216 insertions and 98 deletions. However, the developer urged GNU/Linux distribution maintainers to upgrade to this version as soon as possible.

To get an overview of the changes implemented in Linux kernel 4.6.4, we can tell you that it updates a few USB drivers, and the networking stack, with improvements for the AX.25 data link layer protocol, the IPv6 and IPv4 protocols, kernel connection multiplexer (KCM), bridge, and the… (read more)

What’s new on Drupal.org? – June 2016

Read our Roadmap to understand how this work falls into priorities set by the Drupal Association with direction and collaboration from the Board and community.

In June the Drupal Association had our annual staff retreat, where the remote team members joined the Portland, OR team for a three day retreat. This year’s retreat was particularly important as we found our feet as a smaller, leaner team, and focused on our organizational roadmap for the next twelve months.

For the engineering team in particular, our focus will be on maintaining the critical systems that make project successful: issue queues, updates, testing, packaging, etc, while at the same time finding new ways to support and enable Drupal’s evolution.

These were some heady days, but even as we worked through the best ways to continue serving the Drupal community on a strategic level in June, we also found the time to keep making Drupal.org a better home.

Drupal.org updates

Documentation Migration

A long running initiative this year has been the creation of a new Documentation system for Drupal.org, a topic we’ve touched on in many prior updates as it has begun to come online. We are very happy to say that we are moving to the next stage of the documentation project: moving from development to migration.

In June tvn recruited several volunteers to join our documentation migration team, and to become some of the first maintainers for the new Documentation Guides. General documentation, such as Understanding Drupal, Structure Guide, etc. will be migrated first. Documentation for contributed projects will follow in the coming weeks.

Documentation Preview

Maintainers of contributed projects, who currently have their documentation on Drupal.org, will be added as maintainers to respective documentation guides and are encouraged to clean/tidy up their documentation post-migration.

if you are interested in helping, or sign up as a maintainer for some of the new documentation guides.

Composer Repositories are now in Beta

Drupal.org Composer Logo

Drupal.org’s Composer repositories allow developers building sites with Drupal to use the Composer command line tool for dependency management. In June we collected feedback from a variety of users, as well as the community volunteers who assisted us with the Composer Community Initiative.

We spent the month iterating quickly on the alpha implementation: fixing bugs and rebuilding the meta data to ensure that users get consistent and expected results. Because of those fixes, and after gathering yet more feedback from the community, we were able to move the Drupal.org Composer repositories to beta.

We encourage you to begin transitioning your composer based workflows to use Drupal.org’s composer facade. Package names are stable, and downtimes will be planned and announced. For more information on how to use Drupal.org’s Composer repositories, read our documentation.

Better issue credit tools for maintainers

The Drupal.org issue credit system is a unique innovation of our community. By allowing users to attribute their contributions as volunteers, to their employers, or to client customers, we have an insight into the contribution ecosystem for Drupal that is unparalleled among open source projects. We’ve also already seen the impact of incentivizing organizations to give back to Drupal, by using the credit system as the basis for organization rankings in the marketplace.

Credit Others

Credit comment generated

In June we added two new tools for maintainers to improve how they grant credit to users. Firstly, maintainers can now deselect the automatic credit attribution for users who have submitted patches. This change was important to prevent gaming the credit system. Secondly, we’ve given the maintainers the ability to credit users who have not commented in the issue. Whether that help was provided in IRC, Slack, on a video call, or in a sprint room, maintainers can now ensure that those users who helped resolve an issue receive credit for their contributions. Any user who is credited this way can edit their credit attribution if they want to extend that attribution to a supporting organization or customer.

Friendly path aliases for release nodes

We also made a relatively small change that will have a big impact. Path auto is now enabled for project releases, so you for any project a specific release can now be found at:
drupal.org/project/[project_name]/[version]
And you can also find a list of all the releases for a project at:
drupal.org/project/[project_name]/[version]

Take, for example, the Token module:
https://drupal.org/project/token/

You can find the complete index of releases for this project at: https://www.drupal.org/project/token/releases and individual releases now have friendly urls, like this one: https://www.drupal.org/project/token/releases/8.x-1.0-alpha2

Spam Fighting Improvements

Fighting spam on Drupal.org is a never ending battle, but in June we deployed a refinement to our spam fighting tools that helps us to find patterns in registration behavior and prevent spam registrations before they’ve even started. After flipping on our latest iteration of this spam fighting tool we saw an immediate and dramatic drop-off in suspicious account registrations. With the additional data we’ve been able to collect we already see ways to improve this even further, so we hope to continue make Drupal.org a cleaner home for the community.

Highlighting Supporting Technologies

Drupal is many things to many different people, but one central function of Drupal is to be the hub of interconnected and complementary technologies. Several of the companies that build these technologies have chosen to support the Drupal project by becoming supporters. To better highlight some of these supporting technologies that work well with Drupal, we’ve added a supporting technologies listing to the marketplace.

Sustaining support and maintenance

DrupalCon

DrupalCon Dublin Logo

DrupalCon Dublin is coming up soon, from September 26 – 30th. This year we smashed all our previous records for session submissions, and the caliber of speakers and topics is higher than ever before.

In June we opened registration for the event. We encourage you to buy your tickets now! Early bird registration will end soon.

Infrastructure

Infrastructure is the bedrock of Drupal.org – and we’re continuing to tune the infrastructure for efficiency, economy, and performance. Alongside the launch of registration for DrupalCon Dublin, we implemented APDQC to improve the performance of the Events website under heavy load.

We’ve also been upgrading our configuration management from Puppet 3 to Puppet 4, and continuing to standardize our configuration across all of our environments to make our infrastructure durable, consistent, and portable.

———

As always, we’d like to say thanks to all the volunteers who work with us, and to the Drupal Association Supporters, who made it possible for us to work on these projects.

If you would like to support our work as an individual or an organization, consider becoming a member of the Drupal Association.

Follow us on Twitter for regular updates: @drupal_org, @drupal_infra