February was a month of significant advancements, with a focus on security, accessibility, performance, and open-source contributions. Our clients benefited from the implementation of dark mode, proactive security measures, new Drupal modules and features, and improvements in AI-driven automation.
This report highlights key improvements that enhanced the security, usability, and efficiency of the platforms we support, as well as the next steps to continue delivering value.
Major accomplishments
Dark mode implementation for Syensqo
To enhance usability and accessibility, Syensqo and its network of sites now support dark mode:
- CDM USA: A platform serving US-based space and defense customers.
- Syensqo Fund: Supporting education, sustainability, and innovation initiatives.
- Proban: Providing cutting-edge fire-resistant textile technology.
This update provides a more comfortable viewing experience, improved accessibility, and energy efficiency for users.
Read more about the benefits of dark mode: How dark mode enhances usability, accessibility, and energy efficiency.
New features and Open Source contributions
Several new tools and enhancements were introduced to improve efficiency, performance, and security for our clients' platforms:
- New release of Xray Audit providing better accessibility reporting and compliance insights.
- We have released a new module, URL Purge Aggregator, which allows content updates to be reflected immediately by purging URLs. This is particularly useful in cases where CDNs or proxy caches do not support cache tag invalidation.
- We joined CDNetworks Purge as maintainers and renewed the module with a new release for Drupal 10 and Drupal 11, allowing websites to stay fast and content fresh through optimised CDN caching using CDNetworks.
- New release of Entity Mesh with an improved user interface that makes content management more intuitive. New report export functionality that simplifies data analysis.
- Artisan 2.x: Development is underway for Artisan 2.x, a new version of our Drupal starter theme, experimenting with Tailwind CSS and daisyUI instead of Boostrrap. While Bootstrap is great, we feel we may benefit from the more flexible model of Tailwind CSS to provide a more modern approach to web components.
By continuously improving these tools, our clients benefit from more reliable, secure, and high-performing digital platforms. And all improvements are also available for the Drupal Community, that’s the magic of the Free Software/Open Source!
Security and compliance: strengthening protection for clients
Ensuring the security of the platforms we support is always a priority. In February, a critical Drupal core vulnerability (Drupal SA-CORE-2025-001) was identified, which could have exposed websites to cross-site scripting (XSS) attacks. This type of vulnerability can allow malicious actors to manipulate content, steal data, or compromise user interactions.
To solve this situations, we apply our security process. In a nutshell, the workflow is this:
- Time slots available during Wednesdays and Thursdays to react to security releases published by the Drupal Security Team, prioritising response to potential vulnerabilities.
- Immediate risk analysis and mitigation strategy to prevent exposure while the final fix is deployed.
- Automated security updates delivered through CI/CD processes that include automated patching (thanks to Jenkins), functional testing (using Behat) and visual testing (via BackstopJS), so fixes are quickly ready for deployment.
- Custom security update plans tailored to each platform’s needs, ensuring no service disruptions.
- Clear communication with our clients, keeping them informed about the issue and the steps taken to protect their websites. We believe in transparency and building trust with our clients. This business is complex, and clients do not always have full knowledge, so trust allows for smooth and faster updates without a slow questioning process.
By acting quickly, our clients' platforms remained secure, stable, and fully operational, with no downtime or user impact. Our Drupal update automation project (Drupal Updater) played a key role in streamlining the response, as did our extensive test suites, because we know that everything will work as expected, at least what is tested, which always includes the most important features.
In this way, the window of exposure to the vulnerabilities is certainly reduced.
Accessibility & user experience enhancements
To ensure better usability and compliance with accessibility standards, several improvements were made:
- Keyboard navigation support, enabling easier interaction for users that rely on the keyboard for navigating the web.
- Improved ARIA labels and semantic descriptions, enhancing compatibility with screen readers.
- Refined image handling, optimising visual consistency across devices.
- WCAG 2.1 compliance updates, ensuring content is accessible to all users. It is easy to forget some users, but now it is also easy to comply with accessibility standards.
These updates help create more inclusive digital experiences for our clients and their users.
Technical enhancements and best practices
Performance and infrastructure optimisation
To help customers manage faster, more scalable, and more efficient platforms, several improvements were implemented:
- Optimised Drupal multisite deployments. Drupal multisite functionality is great to reduce maintenance costs, but it can come with some complexity that reduces its benefits. Optimising the deploy process reduces its costs again.
- Enhanced caching and CDN strategies to reduce backend hits, resulting in lower platform costs, faster page loads and up-to-date content.
- API enhancements, improving connectivity with external services like Salesforce.
- SEO improvements, optimising structured data for better visibility in search results.
These improvements ensure that platforms remain fast, efficient, and easy to manage.
Security and compliance enhancements
In addition to resolving the critical Drupal security issue, other security improvements were made:
- Stronger password policies, providing better protection against unauthorized access.
- OAuth authentication updates, ensuring more secure user sessions.
- Security patches applied across multiple platforms, maintaining compliance with industry best practices.
Proactive security measures like these reduce risk and enhance trust for our clients and their users.
Innovation - AI and Automation Integration
We continue exploring ways to help our clients through AI-driven automation:
- Integration of AI Chat bots like Voiceflow, read how we did here: Implementing an AI customer support agent in Drupal using Voiceflow.
- Testing AI models to optimize content workflows.
- Automating repetitive tasks, reducing effort and increasing efficiency.
- Exploring AI-powered accessibility enhancements, making platforms even more user-friendly.
- Testing different AI agents and tools like Aider, Roo, and new LLVM models to improve our development workflow.
These innovations make digital platforms smarter, faster, and more adaptive to users' needs.
Final words
February was a month of meaningful improvements in security, accessibility, and performance. The deployment of dark mode, proactive security measures, and new open-source contributions have all contributed to creating more secure, high-performing, and accessible digital experiences.
If you are a developer, we hope this article inspires you with ideas that you can incorporate into your daily workflow. If you're looking for a partner to help optimise, secure, and enhance your digital platform, let's talk!
