Introduction
Crafting a strong defense.
A couple issues ago security was an unofficial theme. Thanks to the multiple vulnerabilities discovered in ImageMagick recently that theme is making a return. Happily, the P&T team responded to the news quickly with a post about it plus with a security update to Craft.
If security isn't your thing, there are plenty of other Craft articles and plugins to check out. If you like bad puns as much as I do, there's a great one in the Plugged In section.
Let's hit the links.
-John
Top Stories
New Security Features in Craft
In response to the recent ImageMagick vulnerabilities, Craft 2.6.2784 now does MIME type verification on images before any processing.
Additionally, Craft now requires an elevated user session, meaning that the user must have entered their password in the past 5 minutes for a number of juicy-to-hackers actions, like, changing your password.
If you're writing a plugin that can benefit from this added level of security, call $this->requireElevatedSession()
in your controller.
News

Huge number of sites imperiled by critical image-processing vulnerability
ArsTechnica reports on the ImageMagick mess. (Thankfully, Craft 2.6.2784 is a one-click install away.)
Tools, tips, and fundamentals
Troubleshooting and debugging errors in PHP
Everybody does it. Debugging. Watch the Straight Up Hangout for more.
Perfecting your technique
Modularity With Craft
Josip Anić discusses how "writing CSS using a scalable, modular method" changed his general coding style and Craft development process.
Heroku Buildpack for CraftCMS
This is a helper buildpack for installing and keeping an updated version of Craft CMS without committing it to your repo.
Generator Craft Install
Andrew Welch, author of the impressive Pluginfactory.io, which is a Yeoman generator behind the scenes, flexes his Yeoman skills again with his new generator for Craft CMS installs.
Code Review: Retour Plugin
StraightUp Hangouts has kicked off a new series called Code Review where they will dissect someone's code publicly and hopefully we can all get better by it. The Retour Plugin gets the treatment in this episode.
Keep environment variables (and DB info) out of the repo
From the Craft Cookbook: You have multiple environments, and you want to keep environment-specific data out of your Git repo. What do you do?
Store your private data inside a git repository
This link actually belongs in the It’s not Craft, but it’s interesting section at the end of the newsletter, but it's a good followup to the previous link. This solution to sensitive data in git repos takes the encryption route for privacy.
Sponsor

Pic Puller for Craft
Add authorized Instagram image & video feeds to your site. Plus use the Instagram Image Browser field type to add Instagram media into individual entries.
Plugged In

Inventory
"Am I using this field? Where am I using this field?" You no longer have to wonder because Inventory will show you exactly where your fields are being used.
Craft .json snippets for Atom
Snippets for Atom helps you quickly generate .json models for Craft. It works well with the Generator for Craft CMS mentioned in Issue 15.

Recipe
A comprehensive recipe FieldType for Craft CMS that includes metric/imperial conversion, portion calculation, and JSON-LD microdata support.
Craft Doxter
Doxter is a markdown plugin designed to improve the way you write documentation. Fast and consistent Github Flavored Markdown Parsing.
FieldNotes
FieldNotes provides a field type where the field input is replaced with a custom note. Use it wherever you need to add some extra content to your publish layouts.
The Craft Advantage
Overheard

Total entries: 1026
You'll need to click "I am not a robot" to see the results, but then look at that list and shudder.
It’s not Craft, but it’s interesting.
Why Static Website Generators Are The Next Big Thing
"The biggest missing piece of the puzzle... is content editing... Because of this, many websites built with static website generators currently end up being migrated to a dynamic CMS."
Yeah, that updating-your-site thing is kind of important.