Skip to content

FAQs

How does Drupal7 Extended Support work?

Tag1 Consulting is the only approved D7ES provider who was also an approved Drupal Association provider for Drupal 6 Extended Support. As an approved provider for the D7ES program, Tag1 again commits to upholding the policies, procedures, and requirements laid out by the Drupal Association and the Drupal Security Team.

This includes maintaining active representation on the Drupal Security Team, participating in issue triage, following Coordinated Vulnerability Disclosure policies, maintaining SOC2 compliance (or equivalent), and following Drupal's existing release schedule. Any new Drupal7 vulnerability must first be reported to the Drupal security team.

Customers of Tag1 D7ES install the tag1_d7es module on target D7 site(s) to receive site-specific security and compatability updates. Customers can also monitor for updates via Drush.

What is covered under the Tag1 D7ES plans?

Tag1 D7ES covers Drupal core, contributed modules, and themes for your Drupal site. For contributed modules, we follow the Drupal Security Team's coverage policy on stable releases. We also provide upgrade support for critical Drupal 7 dependencies such as jQuery and CKEditor.

We're happy to evaluate other contributed projects required by customers, on a case-by-case basis. Contact us if you have concerns about a specific module on your site.

Will Drupal 7's Update Status module work with Tag1 D7ES?

Drupal 7's Update Status module shows all projects as green/up-to-date if they are the latest release. When Drupal 7 goes end-of-life, Drupal 7 Update status will mark all modules as unsupported. No distinction is made in Update Status regarding security coverage for projects.

When you subscribe and install the tag1_d7es module it will update your Update Status page to indicate which of your modules are covered by Tag1 D7ES, and if there are outstanding updates to apply.

How do I test the service during the trial period?

To test out the Tag1 D7ES service:

  1. Install and configure the module
  2. Follow the test instructions

Contact us if you have any questions. You will not be charged until you've added a payment method to your plan.

How do you test your D7ES updates?

Our team includes Drupal branch and core module maintainers, Drupal infrastructure maintainers, and Drupal security team members. Our D7ES testing infrastructure is managed and configured to run the same tests as Drupal 7, with representation from the same infrastructure team that runs Drupal. Our team of expert Drupal developers write and test every update that we distribute, leveraging decades of experience building, extending, and maintaining Drupal 7.

Tag1 D7ES is running on the community-based tests that exist for Drupal 7 core and contributed modules. This includes Selenium browser-based automated tests.

How do I update the email list for update notifications?

On your Drupal site, go to the tag1_d7es module configuration page at /admin/config/system/tag1-d7es and update the list of email addresses that should be notified of available security updates. If using the WebUI, submit a new request with an updated list of email addresses. Please note that unsubscribing directly from a notification email will disable all Tag1 D7ES notifications to that email address.

How does Tag1 D7ES define a "site"?

Tag1 D7ES defines a single site as any individual Drupal installation that has the tag1_d7es module installed. Generally, each Drupal installation with a unique domain, codebase, and database is considered a separate site and is subject to individual billing charges.

A single site subscription may include:

  • Multiple environments for the same website (e.g., dev.example.com, qa.example.com, uat.example.com).

  • A shared, single codebase across multiple sites. If all sites in a Drupal 7 multi-site have the same codebase, simply install the module on only one site and apply patches globally. Please note that if you choose to install the tag1_d7es module in more than one of the sites, each of those sites will be billed separately.

Note: you may configure the module for multiple environments of the same site. As long as they using the same UUID, they will represent a single site from a subscription perspective. However, please note that calls to the API are rate-limited, so we do recommend picking a single instance.

What are the PHP requirements for Tag1 D7ES?

Tag1 D7ES is designed to support PHP 8.2, which has security coverage until 31 Dec 2026. While we don't require our customers to install this version of PHP -- our core tests support PHP 7.2 and up -- we target core and contrib module functionality to this PHP version, so customers can run a version of PHP with active security coverage. PHP 8.3 support for D7 core was only recently added in December 2024; we recommend 8.2 until 8.3 support for Drupal 7 has matured.

See Plans for more details on each plan's recommended system configuration.

How does Tag1 D7ES secure my data?

The Tag1 D7Es module securely reports the following information about your site to Tag1's D7ES security team:

  • the version of Drupal core
  • name and version of contributed modules and themes
  • database type and version
  • PHP version
  • the URL of your website
  • the billing account email address
  • list of email addresses who should be notified when a security update is available

For additional security, you can configure email addresses outside of the site's database. This report is submitted via a cron job a maximum of once per 24 hours. The full JSON payload sent by your site may be previewed from the module's configuration page under the "Debugging" fieldset.

Lastly, if your business requirements prevent you from installing the tag1_d7es module, we provide a WebUI to securely submit your site's update data.

To protect our customers' data, our system is secured via:

  • HTTPS to ensure data in transit is encrypted
  • API Gateway configuration to ensure secure connections using HTTPS
  • Logging implemented to avoid exposure of sensitive information
  • Strict IAM roles and policies to manage permissions
  • SQL queries using parameterized inputs to mitigate the risk of SQL injection
  • SSL/TLS for all database connections to secure data in transit
  • Automated early detection of vulnerabilities in both application code and infrastructure configurations
  • Static analysis of code to identify security vulnerabilities
  • Automated infrastructure security scans

For more details about our SOC2 compliance, visit our Trust Center.

Will I need to switch to a Tag1 D7ES fork of Drupal Core?

No, customers will not need to switch to a Tag1 D7ES fork. Self-serve customers can simply download and deploy Tag1 D7ES packaged releases, or apply the patches.

Does Tag1 offer technical support for Drupal?

Yes, we do. Tag1 Consulting specializes in technical architecture, migrations, performance + scalability, and emergency support for large-scale, mission-critical technology systems. We're known in the Drupal community for our leadership as the 2nd all-time leading contributor to Drupal. If you need expert technical assistance with your open-source web technologies, please reach out!