Media Technology News

Drupal Core - Critical - Access Bypass - SA-CORE-2017-002

Drupal - Wed, 04/19/2017 - 10:13
Description

This is a critical access bypass vulnerability. A site is only affected by this if all of the following conditions are met:

  • The site has the RESTful Web Services (rest) module enabled.
  • The site allows PATCH requests.
  • An attacker can get or register a user account on the site.

While we don't normally provide security releases for unsupported minor releases, given the potential severity of this issue, we have also provided an 8.2.x release to ensure that sites that have not had a chance to update to 8.3.0 can update safely.

CVE identifier(s) issued
  • A CVE identifier will be requested, and added upon issuance, in accordance with Drupal Security Team processes.
Versions affected
  • Drupal 8 prior to 8.2.8 and 8.3.1.
  • Drupal 7.x is not affected.
Solution
  • If the site is running Drupal 8.2.7 or earlier, upgrade to 8.2.8.
  • If the site is running Drupal 8.3.0, upgrade to 8.3.1.

Also see the Drupal core project page.

Reported by Fixed by Coordinated by
  • The Drupal Security team
Contact and More Information

The Drupal security team can be reached at security at drupal.org or via the contact form at https://www.drupal.org/contact.

Learn more about the Drupal Security team and their policies, writing secure code for Drupal, and securing your site.

Follow the Drupal Security Team on Twitter at https://twitter.com/drupalsecurity

BlenderNation Exclusive Interview - Nita Ravalji On Moana

Blender 3D News - Wed, 04/19/2017 - 06:15

Nita has been creating the most adorable renders for a while now, and just recently she made Moana after watching the movie. This render has been everywhere! Facebook, Artstation, Instagram, Twitter, you name it. After sharing her work here, I asked if you guys were interested in an interview. You guys were, so here comes [...]

The post BlenderNation Exclusive Interview - Nita Ravalji On Moana appeared first on BlenderNation.

Categories: 2D & 3D Animation

Lightsaber Effect [$]

Blender 3D News - Wed, 04/19/2017 - 02:05

Dulana57 writes: A Lightsaber Node Group for Blender (Works in both Cycles and Internal) It has Accurate Lightsaber Motion Blur, an Accurate Recreation of the Most Recent Star Wars Film, and it is Very Customisable. Overview: Tutorial:

The post Lightsaber Effect [$] appeared first on BlenderNation.

Categories: 2D & 3D Animation

Brent Patterson: Animations & Studies Reel

Blender 3D News - Wed, 04/19/2017 - 00:10

I love the short 'studies' in the reel by Brent Patterson. Hello, I'd like to share this montage of various experimental animations I've made in Blender over the past couple of years. I hope you enjoy!

The post Brent Patterson: Animations & Studies Reel appeared first on BlenderNation.

Categories: 2D & 3D Animation

Weekly Blender Developers meeting notes - April 16, 2017

Blender 3D News - Tue, 04/18/2017 - 13:00

Here are the notes from today's 14 UTC meeting in irc.freenode.net #blendercoders. Ton Roosendaal writes: (We kept it short, Easter Sunday). 1) Blender 2.79 targets See the targets list. Still need to get reviews done... everyone's very busy with other tasks too. So, next week another attempt to freeze the targets for 2.79! 2) Blender [...]

The post Weekly Blender Developers meeting notes - April 16, 2017 appeared first on BlenderNation.

Categories: 2D & 3D Animation

What's new on Drupal.org? - March 2017

Drupal - Tue, 04/18/2017 - 11:02

Read our Roadmap to understand how this work falls into priorities set by the Drupal Association with direction and collaboration from the Board and community.

The Drupal Association team is gearing up for DrupalCon Baltimore. We're excited to see you there and we'll presenting a panel giving an update on our work since Dublin, and our plans for the coming months.

Drupal.org updates Project application revamp

As we announced in mid-March, new contributors on Drupal.org can now create full projects and releases! Contributors no longer have to wait in the project application queue for a manual review before they are able to contribute projects.

This is a very significant change in the Drupal contribution landscape, and it's something we approached carefully and will continue to monitor over the coming months. Drupal has always had a reputation for a high quality code, and we want to make sure that reputation is preserved with good security signals, project quality signals, and continued incentives for peer code review.

That said, we're very excited to see how this change opens up Drupal to a wider audience of contributors.

Please note that the removal of project applications to create full projects and releases means a change in the security advisory policy (see below for details).

Security Advisory Opt-in and new Security Signals for Projects Are you responsible for the security of your clients' Drupal sites?

Please note that Drupal's security advisory coverage policy has changed. Security advisory coverage for contributed projects is now only available for projects that have both opted in to receive coverage and made a stable release. You can see which projects have opted in by checking their project pages. If you have questions, please contact security@drupal.org.

Because users may now create full projects and releases without opting in to security advisory coverage, it's critically important that we provide good security signals to users evaluating projects on Drupal.org. This is why we've added a security coverage warning to projects that aren't opted in to coverage.

We've also:

2017 Community Elections Update

The 2017 elections for the community-at-large seat on the board were held successfully in March. Drupal Association community board elections are conducted with the Instant Runoff Voting system. This voting methodology requires that voters rank their preferred candidates on their ballot, and we've heard that this system has been somewhat unwieldy in the past.

Each year we try to improve the voter experience and so this year we deployed a new drag-and-drop ballot.

Finally, we want to congratulate our newest board member Ryan Szrama!

Better international datetime support throughout Drupal.org

Drupal.org has grown organically over the course of more than a decade, and as features have been built out they were not always consistent in their display of datetime information. While it sometimes makes sense to have a few different formats for displaying date and time, many of the formats in use were simply arbitrary historical decisions.

As a quality of life improvement, especially for users outside of the USA, we've standardized the datetime format used on Drupal.org. That format is: DD MMM YYYY - hh:mm (UTC±h). For example: 11 Aug 2016 - 16:42 (UTC+8)

DrupalCI CSS Lint check style results

When we implemented coding standards testing in DrupalCI in February we were not able to add CSS Lint testing until the CSSLint configuration file in core was fixed. That issue was fixed in late February and so we added CSSLint to support coding standards testing for CSS at the beginning of March.

Cleaning up coding standards results

The addition of coding standards results to DrupalCI means that Drupal.org is now storing even more test data about the code we test on Drupal.org. Our initial implementation of coding standards testing did not include clean up of older results, and so to preserve database space and testing resources, we implemented some clean-up routines in March. In particular we are now:

  • Cleaning up all results for closed issues
  • For custom one-off tests, keeping results for 30 days to match what is shown on project’s automated testing tab
  • For tests triggered on a schedule or commit, keeping the most recent per-environment per-branch, and keeping anything less than 24h old
Infrastructure Protecting Git services

We experienced some minor Git outages in March, due to malicious authentication attempts. To mitigate these issues in the future, we've implemented fail2ban rules to protect Git authentication. This should improve the stability and uptime of Git services for all developers on Drupal.org.

We want to thank Drupal.org infrastructure volunteer mlhess for his assistance with this.

Community Initiatives Contrib Documentation Migration

New tools for Documentation have been available on Drupal.org for more than half a year. While most of the core documentation has been migrated to the new system, we are still encouraging Contrib maintainers to migrate their docs.

To make it easier for contrib project maintainers to migrate their documentation to the new documentation tools, we've made two improvements:

———

As always, we’d like to say thanks to all the volunteers who work with us, and to the Drupal Association Supporters, who made it possible for us to work on these projects. In particular we want to thank:

If you would like to support our work as an individual or an organization, consider becoming a member of the Drupal Association.

Follow us on Twitter for regular updates: @drupal_org, @drupal_infra

Music - Animation Video

Blender 3D News - Tue, 04/18/2017 - 10:25

Second place winner Lukas Fischer made this awesome animation for the Weekly CG Challenge #97. What do you guys think of it?

The post Music - Animation Video appeared first on BlenderNation.

Categories: 2D & 3D Animation

ESA's Space Debris Movie 2017 (made with Blender/Cycles)

Blender 3D News - Tue, 04/18/2017 - 08:49

ONiRiXEL just completed a project for the European Space Agency in Blender! The European Space Agency (ESA) entrusted to the french 3D animation studio ONiRiXEL the creation of the new Space Debris Movie 2017, in collaboration with the french consulting startup ID&SENSE and the Information Systems Department of the C-S Group. This short film premiered [...]

The post ESA's Space Debris Movie 2017 (made with Blender/Cycles) appeared first on BlenderNation.

Categories: 2D & 3D Animation

Blender Optical Flare Add-on for Blender VSE

Blender 3D News - Tue, 04/18/2017 - 05:40

cgvirus writes: Hey Folks! I am developing a optical flare engine addon for Blender VSE for my studio. Our team feels Optical Flare should be a post process so here it is. It's now in beta stage. I will experiment with it in real time productions and refine it further more. You are welcome to [...]

The post Blender Optical Flare Add-on for Blender VSE appeared first on BlenderNation.

Categories: 2D & 3D Animation

Matthieu Brucher releases Audio ToolKit 2.0.0

Audio Freeware - Tue, 04/18/2017 - 04:01
Matthieu Brucher has updated ATK to 2.0.0 with a major refactoring to ensure signed/unsigned consistency, a new Adaptive module and EQ design. Complex-valued filters are also now available to [Read More]

Flickering Light Box Animation Tutorial

Blender 3D News - Tue, 04/18/2017 - 03:35

Denzyl writes: Blender and cycles is extremely powerful and the use of nodes can be extremely flexible when creating animated material FX, This is a fun and easy effect to get in cycles, This effect is not just good or light boxes but also things like flickering street lights and Twinkling Christmas Lights. Got any [...]

The post Flickering Light Box Animation Tutorial appeared first on BlenderNation.

Categories: 2D & 3D Animation

Rhino Snail

Blender 3D News - Tue, 04/18/2017 - 00:57

Dani Canovas creates this beautiful vibrant render. The colors, the amazing character design, this is top notch artwork! By the way, am I the only one finding this rhino snail looking cool as hell "inserts sunglasses dude emoticon"!? Artstation Link

The post Rhino Snail appeared first on BlenderNation.

Categories: 2D & 3D Animation

How to use the New Blender Shadow Catcher

Blender 3D News - Mon, 04/17/2017 - 10:25

Jayanam gives a quick walkthrough of how to use the new Shadow Catcher option for image composition. This is a tutorial about the Blender shadow catcher, a feature for compositing that is currently available in the latest build of Blender 2.78c.

The post How to use the New Blender Shadow Catcher appeared first on BlenderNation.

Categories: 2D & 3D Animation

Drupal 8 core upcoming critical release PSA-2017-001

Drupal - Mon, 04/17/2017 - 08:47
  • Advisory ID: DRUPAL-PSA-2017-001
  • Project: Drupal core
  • Version: 8.x
  • Date: 2017-Apr-17
Description

There will be a security release of Drupal 8.3.x and 8.2.x on April 19th 2017 between
17:00 - 18:00 UTC
that will fix a critical vulnerability. While we don't normally provide security releases for unsupported minor releases, given the potential severity, the 8.2.x release includes the fix for sites which have not had a chance to update to 8.3.0. The Drupal Security Team urges you to reserve time for core updates at that time because exploits are expected to be developed within hours or days. Security release announcements will appear at the standard announcement locations.

This vulnerability does not affect all Drupal 8 sites; it only affects sites with certain configurations. It requires authenticated user access to exploit. The security release announcement made on April 19th 2017, will make it clear which configurations are affected. If this vulnerability affects your site, you will need to update. Please set aside time on Wednesday to look into this update.

Neither the Security Team, nor Security Team members, nor any Drupal-related company are able to release any more information about this vulnerability until the announcement is made in accordance with our security policies and responsible disclosure best practices.

We provide pre-release warnings when we believe the security risk is high and the steps to exploit are scriptable

Drupal 7 core is not affected by this issue. Contact and More Information

The Drupal security team can be reached at security at Drupal.org or via the contact form at https://www.drupal.org/contact.

Learn more about the Drupal Security team and their policies, writing secure code for Drupal, and securing your site.

Follow the Drupal Security Team on Twitter at https://twitter.com/drupalsecurity.

BlenderNation Exclusive Interview - Sergio Raposo Fernández

Blender 3D News - Mon, 04/17/2017 - 08:25

Sergio has created many amazing stylized and cartoony renders using mostly Blender. His unique style and fun artworks were crying out for an interview here in BlenderNation, so here goes! Give us an introduction, who are you, how old are you, what do you do, where do you do it? I am Sergio Raposo Fernández. [...]

The post BlenderNation Exclusive Interview - Sergio Raposo Fernández appeared first on BlenderNation.

Categories: 2D & 3D Animation

Yan's Daily Tips #105 - Sculpt Mode Hotkey - Blender Tutorial

Blender 3D News - Mon, 04/17/2017 - 06:15

Yanal Sosak writes: This is one of these short but really helpful tips. In this YDT I will show you how to speed up your sculpting workflow by creating a hotkey for the sculpt mode :).

The post Yan's Daily Tips #105 - Sculpt Mode Hotkey - Blender Tutorial appeared first on BlenderNation.

Categories: 2D & 3D Animation

My favourite Blender Art on Sketchfab: 2017, week 16

Blender 3D News - Mon, 04/17/2017 - 05:04

Here's my latest overview of the best Blender work on Sketchfab this week. And remember: add the #Blender tag if you want me to find your work! Yooka-Laylee - Enjoying the View by essimoon on Sketchfab ''Chrono Trigger'' - Robo by JunSkywa1ker on Sketchfab low poly island by Victor Estivador on Sketchfab Clock Mob by [...]

The post My favourite Blender Art on Sketchfab: 2017, week 16 appeared first on BlenderNation.

Categories: 2D & 3D Animation

Speed modeling: The Hobbit - Sting

Blender 3D News - Mon, 04/17/2017 - 03:45

Fernan shares a speed modeling session of Bilbo's sword.

The post Speed modeling: The Hobbit - Sting appeared first on BlenderNation.

Categories: 2D & 3D Animation

Happy Easter

Blender 3D News - Mon, 04/17/2017 - 01:32

Easter is upon us, and the renders are coming! Here is a really cool one I stumbled upon by MACHIN3, creative! What do you guys think are inside the eggs? Image Link On BlenderArtists

The post Happy Easter appeared first on BlenderNation.

Categories: 2D & 3D Animation

Blender 3D Sci Fi Vehicle Showcase

Blender 3D News - Sun, 04/16/2017 - 00:00

Zacharias Reinhardt shares a cool view of his Sci Fi Vehicle. Hi everyone! Here you can see an animation of a sci fi vehicle I created for my Blender artwork "The Journey". The renderings I created nearly a year ago. Now I finally found the time to put them online. Enjoy! ~Zacharias

The post Blender 3D Sci Fi Vehicle Showcase appeared first on BlenderNation.

Categories: 2D & 3D Animation

Pages