You are here

Drupal.org

drupal 8.8.12

2020, November 26 - 04:08

Maintenance and security release of the Drupal 8 series.

This release fixes security vulnerabilities. Sites are urged to upgrade immediately after reading the notes below and the security announcement:

No other fixes are included.

Which release do I choose? Security coverage information
  • Drupal 8.8.x will receive security coverage until December 2, 2020 when Drupal 9.1.0 is released. You should plan to update to 8.9.x or higher as soon as possible.
  • Versions of Drupal 8 prior to 8.8.x are end-of-life and do not receive security coverage.
Important update information
  • No changes have been made to the .htaccess, web.config, robots.txt, or default settings.php files in this release, so upgrading custom versions of those files is not necessary if your site is already on the previous release.

Release type: Security update
Categories: Informatika

drupal 8.9.10

2020, November 26 - 04:00

Maintenance and security release of the Drupal 8 series.

This release fixes security vulnerabilities. Sites are urged to upgrade immediately after reading the notes below and the security announcement:

Which release do I choose? Security coverage information

No other fixes are included.

  • Drupal 8.9.x is a long-term support release that will receive security coverage until November 2021.
  • Sites on 8.8.x or earlier should update immediately to Drupal 8.8.12 instead, and plan to update to the latest 8.9.x or 9.0.x release before December 2, 2020 (when Drupal 9.1.0 is scheduled for release and 8.8.x security coverage ends).
  • Versions of Drupal 8 prior to 8.8.x are end-of-life and do not receive security coverage.
Important update information
  • No changes have been made to the .htaccess, web.config, robots.txt, or default settings.php files in this release, so upgrading custom versions of those files is not necessary if your site is already on the previous release.

Release type: Security update
Categories: Informatika

drupal 9.0.9

2020, November 26 - 03:57

Maintenance and security release of the Drupal 9 series.

This release fixes security vulnerabilities. Sites are urged to upgrade immediately after reading the notes below and the security announcement:

No other fixes are included.

Which release do I choose? Security coverage information
  • Drupal 9.0.x will receive security coverage until June 2, 2021 when Drupal 9.2.0 is released.
  • Sites on 8.9.x should update immediately to Drupal 8.9.10 instead.
  • Sites on 8.8.x or earlier should update immediately to Drupal 8.8.12 instead, and plan to update to the latest 8.9.x or 9.0.x release before December 2, 2020 (when Drupal 9.1.0 is scheduled for release and 8.8.x security coverage ends).
  • Versions of Drupal 8 prior to 8.8.x are end-of-life and do not receive security coverage.
Important update information
  • No changes have been made to the .htaccess, web.config, robots.txt, or default settings.php files in this release, so upgrading custom versions of those files is not necessary if your site is already on the previous release.

Release type: Security update
Categories: Informatika

drupal 7.75

2020, November 26 - 03:25

Maintenance and security release of the Drupal 7 series.

This release fixes security vulnerabilities. Sites are urged to upgrade immediately after reading the notes below and the security announcement:

Important update information
  • No changes have been made to the .htaccess, web.config, robots.txt, or default settings.php files in this release, so upgrading custom versions of those files is not necessary if your site is already on the previous release.
Release type: Security update
Categories: Informatika

drupal 9.1.0-rc3

2020, November 26 - 03:17

This is a release candidate for the next minor version (feature release) of Drupal 9. Release candidates are not supported for production sites, but they are intended for widespread testing in preparation for the upcoming stable release. More information on release candidates.

This minor release provides new improvements and functionality without breaking backward compatibility (BC) for public APIs. Note that there may be changes in internal APIs and experimental modules that require updates to contributed and custom modules and themes per Drupal core's backwards compatibility and experimental module policies.

Drupal 9.1.x contains new features, and should be the target for new site development. Drupal 9.0.x will continue to have security support until June 2021. Drupal 8.9.x will continue to have security support until November 2021.

Regardless of which version you choose now, features will only be added to Drupal 9 minor releases, so plan to adopt Drupal 9 this year so that you can easily update to Drupal 9.2 and later.

Important update information

If you are updating from 9.0.x or earlier, also read:

Security update required!

This release fixes security vulnerabilities. Sites that installed 9.1.0-alpha1 or 9.1.0-beta1 are urged to upgrade immediately after reading the notes below and the security announcement:

Updating from Drupal 8

For information on updating from Drupal 8 to Drupal 9, see Upgrading a Drupal 8 site to Drupal 9.

Sites on 8.7 or earlier must update to either 8.8 or 8.9 before updating to Drupal 9 as all Drupal 8 update functions from before Drupal 8.8.0-rc1 were removed from Drupal 9. We recommend updating to 8.9.x, as well as updating all contributed modules, before updating to any Drupal 9 release.

Note: The migration paths from Drupal 6 and Drupal 7 to Drupal 9 will remain supported throughout Drupal 9's release cycle.

Note for users of the Experimental Workspaces module

Existing Drupal 8 sites using the experimental Workspaces module must update to at least Drupal 8.8.2 before updating to Drupal 9. (This is due to a required data integrity fix.) Remember that Workspaces is currently in beta status and is not intended for production.

Upgrading from Drupal 7

Drupal 7 users can continue to migrate to Drupal 8.9, or migrate to 9.0 or 9.1 directly. The upgrade path for multilingual sites is stable in Drupal 8.9, 9.0 and 9.1!

Release type: Security update
Categories: Informatika

drupal 9.1.0-rc2

2020, November 25 - 20:24

This is a release candidate for the next minor version (feature release) of Drupal 9. Release candidates are not supported for production sites, but they are intended for widespread testing in preparation for the upcoming stable release. More information on release candidates.

This minor release provides new improvements and functionality without breaking backward compatibility (BC) for public APIs. Note that there may be changes in internal APIs and experimental modules that require updates to contributed and custom modules and themes per Drupal core's backwards compatibility and experimental module policies.

Drupal 9.1.x contains new features, and should be the target for new site development. Drupal 9.0.x will continue to have security support until June 2021. Drupal 8.9.x will continue to have security support until November 2021.

Regardless of which version you choose now, features will only be added to Drupal 9 minor releases, so plan to adopt Drupal 9 this year so that you can easily update to Drupal 9.2 and later.

Important update information

If you are updating from 9.0.x or earlier, also read:

Updating from Drupal 8

For information on updating from Drupal 8 to Drupal 9, see Upgrading a Drupal 8 site to Drupal 9.

Sites on 8.7 or earlier must update to either 8.8 or 8.9 before updating to Drupal 9 as all Drupal 8 update functions from before Drupal 8.8.0-rc1 were removed from Drupal 9. We recommend updating to 8.9.x, as well as updating all contributed modules, before updating to any Drupal 9 release.

Note: The migration paths from Drupal 6 and Drupal 7 to Drupal 9 will remain supported throughout Drupal 9's release cycle.

Note for users of the Experimental Workspaces module

Existing Drupal 8 sites using the experimental Workspaces module must update to at least Drupal 8.8.2 before updating to Drupal 9. (This is due to a required data integrity fix.) Remember that Workspaces is currently in beta status and is not intended for production.

Upgrading from Drupal 7

Drupal 7 users can continue to migrate to Drupal 8.9, or migrate to 9.0 or 9.1 directly. The upgrade path for multilingual sites is stable in Drupal 8.9, 9.0 and 9.1!

PHP 8 compatibility changes and dependency updates since 9.1.0-rc1

Drupal 9.1.0 is fully compatible with PHP 8.0! Report any issues related to PHP 8 in the Drupal core issue queue.

The following laminas components are updated for PHP 8 compatibility:

  • laminas-diactoros to 2.5.0
  • laminas-escaper to 2.7.0
  • laminas-feed to 2.13.0

While these are minor updates from Laminas, they are not known to contain any disruptive changes. \Laminas\Diactoros\Stream will now throw a \Laminas\Diactoros\Exception\RuntimeException instead of an \Laminas\Diactoros\Exception\InvalidArgumentException when used with a non-resource stream, but this is not likely to affect Drupal sites or custom code.

Known issues
  • The PECL uploadprogress library is not yet compatible with PHP 8. If you are relying on this in PHP 7.4, you may want to wait for uploadprogress to release a PHP 8 compatible version first. Support for PHP's built-in upload progress is being worked on in #1561866: Add support for built-in PHP session upload progress.

Search the issue queue for known issues.

All changes since 9.1.0-rc1
  • #3180207 by andypost, alexpott, Gábor Hojtsy, Mixologic, xjm, catch: Update laminas-diactoros, laminas-escaper and laminas-feed for PHP 8 compatibility
  • #3177231 by mherchel, ayushmishra206, kostyashupenko, nitesh624, markdorison, lauriii: Olivero homepage has an empty title block div with an empty H1
  • #3176913 by sarvjeetsingh, mherchel: [Olivero Code Review] Missing @file documentation in block--system-powered-by-block.html.twig
  • #3179150 by komalk, hansa11, Santosh_Verma, Abhijith S, mherchel: H1 tags within Olivero's .text-content CSS class should use sans-serif font
  • #3128815 by mondrake, jungle, sja112, Spokje, shobhit_juyal, jameszhang023, nikitagupta, mrinalini9, xjm, longwave, dww: Replace assert*() involving greater/less comparison operators with assert(Greater|Less)Than(OrEqual)
  • #3184324 by mondrake, longwave: Convert calls to drupalPostForm() that assign return value to a variable
  • #3176200 by msuthars, adityasingh, Pooja Ganjage, ravi.shankar, mondrake, longwave: Remove more uses of t() in assertNoText()
  • #3136406 by Spokje, codersukanta, IJsbrandy, atul4drupal, MahtabAlam, BalajiDS: Argument 1 passed to Drupal\Core\Form\SubformState::createForSubform() must be of the type array, null given
  • #3183712 by idebr, B2F: hook_entity_access $operation description is listed under $account
  • #3168375 by mondrake, manishsaharan29497, longwave: Convert calls to drupalPostForm(NULL, ...) to submitForm
  • #3098281 by greg.1.anderson, alexpott, heddn, Mile23, xjm, jungle, longwave: Ensure that 'composer update' evaluates dependencies using the correct PHP version
  • #3183825 by effulgentsia, alexpott: Use absolute instead of relative paths within the packages.json created in ComposerProjectTemplatesTest
  • #3183420 by alexpott, catch: Override \Behat\Mink\Driver\Selenium2Driver::uploadFile() in DrupalSelenium2Driver
Release type: Bug fixesInsecure
Categories: Informatika

drupal 7.74

2020, November 18 - 17:47

Maintenance and security release of the Drupal 7 series.

This release fixes security vulnerabilities. Sites are urged to upgrade immediately after reading the notes below and the security announcement:

Important update information
  • No changes have been made to the .htaccess, web.config, robots.txt, or default settings.php files in this release, so upgrading custom versions of those files is not necessary if your site is already on the previous release.

Release type: Security update
Categories: Informatika

drupal 8.8.11

2020, November 18 - 17:46

Maintenance and security release of the Drupal 8 series.

This release fixes security vulnerabilities. Sites are urged to upgrade immediately after reading the notes below and the security announcement:

No other fixes are included.

Which release do I choose? Security coverage information
  • Drupal 8.8.x will receive security coverage until December 2, 2020 when Drupal 9.1.0 is released. You should plan to update to 8.9.x or higher as soon as possible.
  • Versions of Drupal 8 prior to 8.8.x are end-of-life and do not receive security coverage.
Important update information
  • No changes have been made to the .htaccess, web.config, robots.txt, or default settings.php files in this release, so upgrading custom versions of those files is not necessary if your site is already on the previous release.

Release type: Security update
Categories: Informatika

drupal 8.9.9

2020, November 18 - 17:46

Maintenance and security release of the Drupal 8 series.

This release fixes security vulnerabilities. Sites are urged to upgrade immediately after reading the notes below and the security announcement:

Which release do I choose? Security coverage information

No other fixes are included.

  • Drupal 8.9.x is a long-term support release that will receive security coverage until November 2021.
  • Sites on 8.8.x or earlier should update immediately to Drupal 8.8.11 instead, and plan to update to the latest 8.9.x or 9.0.x release before December 2, 2020 (when Drupal 9.1.0 is scheduled for release and 8.8.x security coverage ends).
  • Versions of Drupal 8 prior to 8.8.x are end-of-life and do not receive security coverage.
Important update information
  • No changes have been made to the .htaccess, web.config, robots.txt, or default settings.php files in this release, so upgrading custom versions of those files is not necessary if your site is already on the previous release.

Release type: Security update
Categories: Informatika

drupal 9.0.8

2020, November 18 - 17:45

Maintenance and security release of the Drupal 9 series.

This release fixes security vulnerabilities. Sites are urged to upgrade immediately after reading the notes below and the security announcement:

No other fixes are included.

Which release do I choose? Security coverage information
  • Drupal 9.0.x will receive security coverage until June 2, 2021 when Drupal 9.2.0 is released.
  • Sites on 8.9.x should update immediately to Drupal 8.9.9 instead.
  • Sites on 8.8.x or earlier should update immediately to Drupal 8.8.11 instead, and plan to update to the latest 8.9.x or 9.0.x release before December 2, 2020 (when Drupal 9.1.0 is scheduled for release and 8.8.x security coverage ends).
  • Versions of Drupal 8 prior to 8.8.x are end-of-life and do not receive security coverage.
Important update information
  • No changes have been made to the .htaccess, web.config, robots.txt, or default settings.php files in this release, so upgrading custom versions of those files is not necessary if your site is already on the previous release.

Release type: Security update
Categories: Informatika

drupal 9.1.0-rc1

2020, November 18 - 17:45

This is a release candidate for the next minor version (feature release) of Drupal 9. Release candidates are not supported for production sites, but they are intended for widespread testing in preparation for the upcoming stable release. More information on release candidates.

This minor release provides new improvements and functionality without breaking backward compatibility (BC) for public APIs. Note that there may be changes in internal APIs and experimental modules that require updates to contributed and custom modules and themes per Drupal core's backwards compatibility and experimental module policies.

Drupal 9.1.x contains new features, and should be the target for new site development. Drupal 9.0.x will continue to have security support until June 2021. Drupal 8.9.x will continue to have security support until November 2021.

Regardless of which version you choose now, features will only be added to Drupal 9 minor releases, so plan to adopt Drupal 9 this year so that you can easily update to Drupal 9.2 and later.

Important update information

If you are updating from 9.0.x or earlier, also read:

Security update required!

This release fixes security vulnerabilities. Sites that installed 9.1.0-alpha1 or 9.1.0-beta1 are urged to upgrade immediately after reading the notes below and the security announcement:

Updating from Drupal 8

For information on updating from Drupal 8 to Drupal 9, see Upgrading a Drupal 8 site to Drupal 9.

Sites on 8.7 or earlier must update to either 8.8 or 8.9 before updating to Drupal 9 as all Drupal 8 update functions from before Drupal 8.8.0-rc1 were removed from Drupal 9. We recommend updating to 8.9.x, as well as updating all contributed modules, before updating to any Drupal 9 release.

Note: The migration paths from Drupal 6 and Drupal 7 to Drupal 9 will remain supported throughout Drupal 9's release cycle.

Note for users of the Experimental Workspaces module

Existing Drupal 8 sites using the experimental Workspaces module must update to at least Drupal 8.8.2 before updating to Drupal 9. (This is due to a required data integrity fix.) Remember that Workspaces is currently in beta status and is not intended for production.

Upgrading from Drupal 7

Drupal 7 users can continue to migrate to Drupal 8.9, or migrate to 9.0 or 9.1 directly. The upgrade path for multilingual sites is stable in Drupal 8.9, 9.0 and 9.1!

PHP 8 compatibility

Drupal 9.1 core has made numerous internal changes in order to be compatible with PHP 8.0, which is due to be released before the end of November. However, full compatibility with PHP 8 is currently blocked by one set of upstream dependencies that do not have PHP 8 versions available yet: #3180207: Update laminas-diactoros, laminas-escaper and laminas-feed for PHP 8 compatibility

Official Drupal PHP 8.0 compatibility will therefore not be available until Drupal 9.2.0. However, sites wishing to use PHP 8 should be able to do so safely with either of the following site setups:

  • For Composer sites, Drupal core should run on PHP 8.0 with
    composer install --ignore-platform-requirements.
  • Drupal core sites using a supported 9.1 release tarball (for example, 9.1.0-rc1 or 9.1.0) downloaded from the release page should also run on PHP 8 without any problems.
Composer template changes

The core recommended project templates now explicitly depend on the current minor branch (for example, ^9.1 instead of ^9), in order to make Composer behavior with pre-release milestones more predictable (so that, for example, a site running 9.1.0-beta1 will not be accidentally downgraded to 9.0.x.)

Dependency updates since 9.1.0-beta1
  • typo3/phar-stream-wrapper updated from 3.1.5 to 3.1.6 for PHP 8 compatibility.
  • Popper.js has been updated from 2.0.6 to 2.5.4.
  • Underscore.js has been updated from 1.9.1 to 1.11.0.
Known issues

Search the issue queue for known issues.

All changes since 9.1.0-beta1 Release type: Security updateBug fixesNew features
Categories: Informatika

drupal 9.1.0-beta1

2020, November 6 - 15:14

This is a beta release for the next minor version (feature release) of Drupal 9. Betas are good testing targets for developers and site builders who are comfortable reporting (and where possible, fixing) their own bugs. Beta releases are not recommended for non-technical users, nor for production websites. More information on beta releases.

This minor release provides new improvements and functionality without breaking backward compatibility (BC) for public APIs. Note that there may be changes in internal APIs and experimental modules that require updates to contributed and custom modules and themes per Drupal core's backwards compatibility and experimental module policies.

Drupal 9.1.x contains new features, and should be the target for new site development. Drupal 8.9.x will continue to have security support until November 2021. Drupal 9.0.x will continue to have security support until June 2021.

Regardless of which version you choose now, features will only be added to Drupal 9 minor releases, so plan to adopt Drupal 9 this year so that you can easily update to Drupal 9.2 and later.

Important update information and changes since 9.1.0-alpha1

If you are updating from 9.0.x or earlier, also read the 9.1.0-alpha1 update information.

Updating from Drupal 8

For information on updating from Drupal 8 to Drupal 9, see Upgrading a Drupal 8 site to Drupal 9.

Sites on 8.7 or earlier must update to either 8.8 or 8.9 before updating to Drupal 9 as all Drupal 8 update functions from before Drupal 8.8.0-rc1 were removed from Drupal 9. We recommend updating to 8.9.x, as well as updating all contributed modules, before updating to any Drupal 9 release.

Note: The migration paths from Drupal 6 and Drupal 7 to Drupal 9 will remain supported throughout Drupal 9's release cycle.

Note for users of the Experimental Workspaces module

Existing Drupal 8 sites using the experimental Workspaces module must update to at least Drupal 8.8.2 before updating to Drupal 9. (This is due to a required data integrity fix.) Remember that Workspaces is currently in beta status and is not intended for production.

Upgrading from Drupal 7

Drupal 7 users can continue to migrate to Drupal 8.8 or 8.9, or migrate to 9.0 or 9.1 directly. The upgrade path for multilingual sites is stable in Drupal 8.8, 8.9, 9.0 and 9.1!

PHP 8 compatibility

Drupal 9.1 core has made numerous internal changes in order to be compatible with PHP 8.0, which is due to be released in November. However, full compatibility with PHP 8 is currently blocked by upstream dependencies that do not have PHP 8 versions available yet.

There are two remaining dependency updates required to support PHP 8. These dependencies may still be updated prior to 9.1.0-rc1 and could include disruptive changes:

Dependency updates since 9.1.0-alpha1
  • In order to support PHP 8, Drupal core is now using composer/semver version 3, and the tests are now using composer/composer version 2 internally. For more information, see the change record on Drupal 9.1's internal composer requirements. Note: These are only internal dependencies. Site owners may use either Composer 1 or Composer 2 on the command line to manage their Drupal 8.8, 8.9, 9.0, and 9.1 sites. Drush users must update to the latest dev version for compatibility with this change in Drupal 9.1.

  • The locked version of the fabpot/goutte development dependency has been updated to 3.3.1 for PHP 8 compatibility.

  • doctrine/annotations has been updated from 1.10.4 to 1.11.1, and doctrine/reflection has been updated from 1.2.1 to 1.2.2 .

  • Symfony packages have been updated from 4.4.15 to 4.4.16, and several Symfony polyfill libraries have been updated from 1.18.1 to 1.20.0.

  • symfony/mime, symfony/var-dumper, and symfony/phpunit-bridge have been updated from 5.1.7 to 5.1.8. Note that these packages may be further updated to 5.2.0 prior to 9.1.0-rc1.

  • Twig has been updated from 2.13.1 to 2.14.1.

  • squizlabs/php_codesniffer has been updated from 3.5.6 to 3.5.8.

Critical issues resolved since 9.1.0-alpha1 Known issues

Search the issue queue for known issues.

Changes since 9.1.0-alpha1:
  • #1538118 by dww, swentel, dawehner, pwolanin, sanduhrs, alexpott, ayushmishra206, Wim Leers, yogeshmpawar, mgifford, cilefen, David_Rothstein, drumm, larowlan, Heine, colan, tedbow, benjifisher, klausi, borisson_, quietone: Update status does not verify the identity or authenticity of the release history URL
  • #3164686 by mondrake, longwave, ridhimaabrol24, alexpott, larowlan: WebAssert::addressEquals() and AssertLegacyTrait::assertUrl() fail to check the querystring
  • #3151118 by alexpott, Beakerboy, kapilkumar0324, anmolgoyal74, jungle, heddn, Mile23, andypost, daffie: Include bootstrap.inc using composer
  • #3175666 by paulocs, shetpooja04, Lendude, anmolgoyal74, jijojoseph_zyxware, sanjayk, catch, kapilkumar0324: Remove unused $admin_user variable in FieldEntityOperationsTest.php, views module
  • #3014969 by TR, longwave, Abhijith S, joachim, shimpy: Unescaped "@" in ContextProviderInterface doc comment
  • #2736777 by alexpott, mondrake, Charlie ChX Negyesi, catch, Mile23, andypost: MySQL on PHP 8 now errors when committing or rolling back when there is no active transaction
  • #3179768 by bnjmnm, DyanneNova: Fix Claro details caret
  • #3062751 by katherined, bnjmnm, boulaffasae, HOG, joseph.olstad, kapilkumar0324, Vidushi Mehta, shimpy, phenaproxima, antonellasevero, lauriii, KondratievaS, SharmaAnmol, ckrina: Media and media library
  • #3061042 by DyanneNova, komalkolekar, anmolgoyal74, bnjmnm, katherined, ranjith_kumar_k_u, lauriii, L2G2, ckrina, antonellasev: Status Report Page Update
  • #3180092 by Gábor Hojtsy: Update fabpot/goutte to 3.3.1 for PHP 8 compatibility
  • #3176910 by kishor_kolekar, anmolgoyal74, hansa11, kostyashupenko, mherchel: Move Olivero's preload.twig documentation to @file and include variables passed for the template
  • #3156260 by anmolgoyal74, Abhijith S, bandanasharma, ranjith_kumar_k_u, andrewmacpherson: Undocumented title variable in feed-icon.html.twig
  • #3174928 by alexpott, andypost: Improve the stability of core JS testing and prepare for update of MinkSelenium2Driver
  • #3177318 by mherchel, proeung, kostyashupenko, jwitkowski79: Identify and add maintainers for Olivero theme to MAINTAINERS.txt and other respective places
  • #3173018 by kostyashupenko, Pooja Ganjage, proeung, mherchel: [Code Review] Remove .form-type as this prefix block element doesn't exist
  • #3178806 by kishor_kolekar, mherchel, larowlan, kostyashupenko, ayushmishra206: Node teaser should not hard-code the text-content CSS class in template
  • #3179157 by komalkolekar, mherchel: Small variant of select form element doesn't look correct in RTL
  • #3156887 by andypost, mondrake, ayushmishra206, alexpott, Ayesh, longwave: \Drupal\system\Plugin\ImageToolkit\GDToolkit needs to support \GdImage objects for PHP 8 compatibility
  • #3132426 by alexpott, dww, GuyPaddock, catch, VladimirAus: Notice: Undefined index: title in Drupal\update\ProjectSecurityRequirement
  • #3179318 by dww: Always use HTTPS for fetching translations
  • #3177541 by alexpott, andypost: stream_open() needs to cope with a failure in \Drupal\Core\StreamWrapper\LocalStream::getLocalPath() better
  • #3179284 by alexpott, longwave, andypost: Update dependencies for Drupal 9.1 and 9.2
  • #3178998 by alexpott, andypost: Update error types and messages for PHP 8
  • #3128631 by andypost, longwave, hussainweb, ayushmishra206, greg.1.anderson, xjm, catch, Mixologic, jungle, Gábor Hojtsy: Update dependencies composer/composer ^2 and composer/semver to ^3
  • #3179013 by alexpott, andypost: EntityRouteEnhancerTest has a meaningless assertion that breaks in PHP 8
  • #3177377 by ranjith_kumar_k_u, kapilkumar0324, paulocs, longwave: Remove unused variable $charcodes and $node2
  • #3173004 by beram: Incorrect typehint documentation for FieldItemInterface::view() and FieldItemListInterface::view(): $display_options could also be a string
  • #3173891 by shetpooja04, meena.bisht: Remove unused variable $assert_session in UpdateScriptTest.php, system module
  • #3177557 by alexpott, andypost, dawehner: \Drupal\error_test\Controller\ErrorTestController::generateWarnings() notice is not a notice in PHP 8
  • #3176908 by kostyashupenko, mherchel: Add variables to Olivero's fieldset.html.twig documentation
  • #3157308 by hansa11, kishor_kolekar, riccardoR, steinmb, mherchel: Classy stylesheet attached from Olivero twig template for node
  • #3177545 by alexpott, andypost: \Drupal\field\Entity\FieldStorageConfig::getCardinality() needs to be more type safe
  • #3173905 by nod_, ravi.shankar, kostyashupenko, mherchel: Olivero: node.classList.remove() only supports one argument
  • #2918149 by harpreet16, tim.plunkett, raman.b, anil.gangwal, dalin, grndlvl, nikunjkotecha, kalyansamanta, paulocs, ranjith_kumar_k_u, froboy: "This block is broken or missing..." should only be shown to users that have access to do something about it
  • #3177590 by alexpott, longwave, hussainweb: ViewsFormBase::getForm() re-uses $key and relies on odd PHP 7 behaviour
  • #3177546 by alexpott: \Drupal\views\Plugin\views\PluginBase::listLanguages() incorrectly uses in_array() resulting in listing additional languages
  • #3173595 by shetpooja04, meena.bisht, Pooja Ganjage, quietone, longwave: Remove only Unused variable $email in SearchBlockTest.php, search module
  • #3156542 by alexpott, voleger, andypost, Charlie ChX Negyesi, Gábor Hojtsy, longwave: \ReflectionParameter::getClass() is deprecated in PHP 8.0
  • #3178039 by anmolgoyal74, Matroskeen, xjm, Kristen Pol, alvar0hurtad0: Correct typo "is has" in a few code comments and tests in core
  • #3178338 by jonathan1055: Fix coding standard fail committed to core 9.1 and 9.2
  • #3095113 by gapple, longwave, ravi.shankar, Deepak Goyal, anmolgoyal74, Sahana _N, geek-merlin, catch, lauriii, Meenakshi.g: Deprecate IE conditional comments support
  • #3178273 by longwave: BasicAuthTestTrait::basicAuthPostForm() does not work
  • #2607116 by rajeshwari10, rakesh.gectcr, andypost, mayurjadhav, ZeiP, alexpott, xjm: Unused variable in token.api.php
  • #3069026 by anmolgoyal74, Pooja Ganjage, mikelutz, longwave, alexpott, xjm: Fix Call to deprecated method addAutowiringType() of class Symfony\Component\DependencyInjection\Definition in YamlFileLoader
  • #3178037 by xjm, Kristen Pol: Fix typo "is has" in SimpleTest deprecation warning
  • #3037436 by alexpott, jonathan1055, Wim Leers, catch, tedbow, longwave: [random test failure] Make QuickEditIntegrationTest more robust and fail proof
Release type: Bug fixesNew features
Categories: Informatika

drupal 8.9.8

2020, November 5 - 17:45

This is a patch (bugfix) release of Drupal 8 and is ready for use on production sites. Learn more about Drupal 8.

Drupal 8.9 is the final minor release of the 8.x series. It is a long-term support (LTS) version, and will receive security coverage until November 2021. It provides the same public API as Drupal 9.0 aside from deprecated code and dependency changes. (Learn more about Drupal 9.)

If you are upgrading to this release from 8.8.x, read the Drupal 8.9.0 release notes before you upgrade.

Known issues

Search the issue queue for known issues.

Changes since 8.9.7:
  • #3014969 by TR, longwave, Abhijith S, joachim, shimpy: Unescaped "@" in ContextProviderInterface doc comment
  • #3179318 by dww: Always use HTTPS for fetching translations
  • #3132426 by alexpott, dww, GuyPaddock, catch, VladimirAus: Notice: Undefined index: title in Drupal\update\ProjectSecurityRequirement
  • #3173004 by beram: Incorrect typehint documentation for FieldItemInterface::view() and FieldItemListInterface::view(): $display_options could also be a string
  • #2716115 by LittleCoding, gapple, gnuget, jungle, alexpott, mrinalini9, tatarbj, erlendoos, sandeep_jangra, ksemihin, markcarver, NickDickinsonWilde, catch, cayriawill, geek-merlin: [backport] Allow attributes passed with CSS in libraries (SRI)
  • #3178039 by anmolgoyal74, Matroskeen, xjm, Kristen Pol, alvar0hurtad0: Correct typo "is has" in a few code comments and tests in core
  • #2937844 by andypost, ravi.shankar, Spokje, mrinalini9, Deepak Goyal, RoSk0, daffie, borisson_, xjm, tstoeckler: [8.9/9.0 backport] Fix 'Squiz.PHP.NonExecutableCode' coding standard
  • #3040274 by sarvjeetsingh, ayushmishra206, rishabhthakur, alexpott, theotherlondon, kkalaskar, longwave, kiamlaluno, amarphule, ravi.shankar, gringoinc, quietone, larowlan, davidhernandez, tim.plunkett: [backport] Fix grammar, spelling, and style of the code comments in FormBuilder::prepareForm()
  • #3178273 by longwave: BasicAuthTestTrait::basicAuthPostForm() does not work
  • #3177765 by klausi: ListInterface::first() return value is documented wrong
  • #3157963 by shailja179, ravi.shankar, kiamlaluno, davidhernandez, joachim: The link given in FormState::setRedirect() for the page explaining what values are available for $options param takes to a class documentation page
  • #3177477 by Gábor Hojtsy, pameeela, Dries: Promote pameeela to non-provisional committer facilitator
  • #3176036 by paulocs, raman.b, longwave: Replace "does" to "do" in ProfileFieldCheckRequirementsTest.php
  • #3174190 by anmolgoyal74: Repetive 'using' word in DbImportCommand.php
  • #3040181 by paulocs, quietone, snehalgaikwad, ravi.shankar, acbramley, alexpott, mindbet, ultrabob, bthompson1, Lendude, lapaev, pameeela, catch: Unpublished books appear in the list of books at /book
  • #3175395 by NitinLama: Remove unused #html property from DateTimeFormatterBase::buildDateWithIsoAttribute
  • #3175112 follow-up by andypost, TR: hold_test module creates files in incorrect place leading to possible random errors
  • #3175112 by alexpott, longwave: hold_test module creates files in incorrect place leading to possible random errors
Release type: Bug fixes
Categories: Informatika

drupal 9.1.0-alpha1

2020, October 23 - 17:21

This is an alpha release for the next minor (feature) release of Drupal 9. Alphas are good testing targets for developers and site builders who are comfortable reporting (and where possible, fixing) their own bugs. Alpha releases are not recommended for non-technical users, nor for production websites. More information on alpha releases.

This minor release provides new improvements and functionality without breaking backward compatibility (BC) for public APIs. Note that there may be changes in internal APIs and experimental modules that require updates to contributed and custom modules and themes per Drupal core's backwards compatibility and experimental module policies.

Drupal 9.1.x contains new features, and should be the target for new site development going forward. Drupal 8.9.x will continue to have security support until November 2021, and Drupal 9.0.x will continue to have security support until June 2021.

Regardless of which version you choose now, features will only be added to Drupal 9 minor releases, so plan to adopt Drupal 9 this year so that you can easily update to Drupal 9.2 and later.

Important update information Updating from Drupal 8

For information on updating from Drupal 8 to Drupal 9, see Upgrading a Drupal 8 site to Drupal 9.

Sites on 8.7 or earlier must update to either 8.8 or 8.9 before updating to Drupal 9 as all Drupal 8 update functions from before Drupal 8.8.0-rc1 were removed from Drupal 9. We recommend updating to 8.9.x, as well as updating all contributed modules, before updating to any Drupal 9 release.

Note: The migration paths from Drupal 6 and Drupal 7 to Drupal 9 will remain supported throughout Drupal 9's release cycle.

Note for users of the experimental Workspaces module: Existing Drupal 8 sites using the experimental Workspaces module must update to at least Drupal 8.8.2 before updating to Drupal 9. (This is due to a required data integrity fix.) Remember that Workspaces is currently in beta status and is not intended for production.

Upgrading from Drupal 7

Drupal 7 users can continue to migrate to Drupal 8.8 or 8.9, or migrate to 9.0 or 9.1 directly. The upgrade path for multilingual sites is stable in Drupal 9.0.0, 8.9.0, and 8.8.7!

Changes to robots.txt and .htaccess

This release includes changes to the default versions of both robots.txt and .htaccess files shipped with Drupal core. Site owners should back up any customized versions of these files before updating, and add their customizations back in after updating.

  • Drupal's default robots.txt file (used for informing web crawlers what paths to not index) has been updated to disallow indexing of the user registration, password reset, login, and logout routes. These rules were already in place for years, but were ineffective because they had an incorrect trailing slash. This change has removed that trailing slash.

  • Drupal's generated .htaccess files now consistently escape dots (the . character) in rewrite conditions and rules. (For example, statistics.php has been corrected to statistics\.php. See the Drupal core issue for this .htaccess change for full examples.) These changes make the rules slightly more strict (and therefore safer). Site owners should make a backup of customized .htaccess files before updating, and may wish to also escape dots in their own custom rules where appropriate.

Drupal project templates no longer use minimum-stability "dev"

In Drupal 8.8 though 9.0, Drupal's Composer project templates declared a minimum stability of dev with an additional prefer-stable setting, which allowed any development versions of other packages such as modules to be installed with the template.

However, this occasionally produced unexpected results, such as upgrading to newer unstable releases rather than remaining on a current stable release (which could be dangerous for a production website). Therefore, starting with 9.1.0-alpha1, the minimum stability will match the stability of core itself. For example, the 9.1.0-alpha1 templates will have alpha as the minimum stability, and 9.1.0 will have stable.

The core change will not affect existing projects using the previous templates, so we strongly recommend that existing Composer sites also change their own templates to raise the minimum stability. In most cases stable is recommended for production websites. For more information on updating your templates, as well as instructions for allowing individual pre-release modules to be used with your stable templates, review the change record: Drupal project templates no longer use minimum-stability "dev".

PHP 8 compatibility

Drupal 9.1 core has made numerous internal changes in order to be compatible with PHP 8.0, which is due to be released in November. However, full compatibility with PHP 8 is currently blocked by several upstream dependencies that do not have PHP 8 versions available yet.

Some dependency updates required to support PHP 8 might require major version upgrades or other breaking changes:

  • We have already updated Drupal 9.1 to use PHPUnit 9 (details below).
  • We may need to update other dependencies including Composer packages and Laminas packages.
  • Finally, Drupal core's Goutte and Doctrine Reflection dependencies may need to be removed and replaced or supplemented with alternatives that will support PHP 8.

Follow Drupal 9.1's progress for PHP 8 support in the PHP 8 compatibility tracking issue.

Database driver changes for PHP 8 compatibility

A new StatementWrapper class added to wrap PHP's built-in \PDOStatement. Contributed and custom database drivers that use PDO need to use this class for PHP 8 compatibility. See \Drupal\Core\Database\Connection::$statementClass is deprecated; use the new DB API StatementWrapper class instead for more information.

Symfony 5 and 6 forward-compatibility

Work is underway to make Drupal 9 forward-compatible with Symfony 5 (already available) and 6 (not yet released), by ensuring Drupal 9 does not use APIs deprecated in newer releases of Symfony. A few of these fixes may require changes to contributed and custom modules:

  • Sites installed prior to Drupal 9.1.0 that are using a customized version of default.services.yml may need to update the YAML syntax in that file. See YAML format in default.services.yml may need updating for more information.

  • Drupal has been updated for upstream changes in the Symfony 5 Events system, including changes to event classes, the order of arguments for the EventDispatcher::dispatch() method. Review the change record on Symfony 5 Events changes for more information, including suggestions for modules extending ContainerAwareEventDispatcher.

Views exposed filter form changes

Views exposed filters that involve multiple form elements are now wrapped in a fieldset. For example, this applies to numeric filters with a 'Between' operator, or any filter with an exposed operator. The filter label is now always visible, as the fieldset legend, and any included elements are nested inside.

This significantly improves the user interface for both sighted users and people using assistive technology. However, this means that the form structure of the exposed filter form is changed. Sites that implement hook_form_alter() to modify the exposed filter form may have to update that implementation to handle the changed form structure. See the change record on the Views exposed filter form for details.

SimpleTest stub module can no longer be installed

Prior to the release of Drupal 9.0.0, most SimpleTest functionality was replaced by a PHPUnit test suite, and the old SimpleTest module was moved into contrib for projects that had not yet upgraded their tests to PHPUnit. A stub module was left in Drupal 9 core to prevent fatal errors for sites upgrading from Drupal 8 that had for whatever reason left the module enabled. In Drupal 9.1, we've made it so that the core stub module can no longer be installed. If your site still has the SimpleTest module installed, you should uninstall it.

Dependency updates Production dependencies
  • CKEditor has been updated from 4.14.1 to 4.15.0, which includes numerous bugfixes and improvements.

  • Most Symfony components have been updated from 4.4.9 to 4.4.15.

  • Two Symfony components have added new internal dependencies on symfony/http-client-contracts and symfony/polyfill-intl-normalizer, so both dependencies are now included in Drupal 9.1 installations.

  • A couple of unneeded polyfills for versions of PHP prior to 7.3 were unnecessarily included in the core-recommended template and the lockfile. These have now been removed.

  • composer/semver has been updated from 1.5.1 to 1.7.1. It may be updated to a newer major version prior to 9.1.0.

  • Many other top-level dependencies PHP have all been updated to the latest minor and patch versions for the major version in use.

PHPUnit 9

Drupal 9 now uses PHPUnit 9 to run tests on PHP versions higher than PHP 7.3. This prepares Drupal core to support PHP 8 when it is released, but may require some small changes to tests in contributed or custom modules. See the change record about the PHPUnit 9 update for more details.

Other development dependencies
  • symfony/mime and symfony/phpunit-bridge have all received patch-level updates to version 5.1.7. These updated versions resolve several issues with the Drupal test runner.

  • symfony/var-dumper is now a top-level development dependency and has been upgraded from 4.4 to 5.1.7. (Note that an older version of the dependency was previously installed indirectly as a requirement for symfony/error-handler.)

  • The EasyRDF development dependency has been updated from 0.9.0 to 1.0.0 for compatibility with PHP 7.4. See the change record on EasyRDF for more details.

  • The drupal/coder development dependency has been updated from 8.3.9 to 8.3.10, and it has added a new development dependency on sirbrillig/phpcs-variable-analysis.

  • The development composer/composer requirement has been updated from 1.10.8 to 1.10.15.

  • The postcss-preset-env development dependency has been added to replace usage of postcss-custom-properties for CSS post-processing in Claro.

  • All yarn development dependencies have been updated, including major version updates for chalk, chromedriver, cross-env, eslint, eslint-plugin-react-hooks, mkdirp, postcss, postcss-header, prettier, stylelint-config-standard, and terser.

  • Numerous other development dependencies have received patch- and minor-level version updates.

Changes to coding standards

The following additional coding standards have been enabled in the core ruleset:

  • Drupal.Commenting.DocComment.TagsNotGrouped
  • Drupal.Semantics.FunctionT.ConcatString
  • Drupal.NamingConventions.ValidClassName
  • PSR2.Namespaces.UseDeclaration.UseAfterNamespace
  • Squiz.PHP.NonExecutableCode
  • Some parts of the Squiz.ControlStructures.SwitchDeclaration standard.
Known issues

Search the issue queue for known issues.

All changes since 9.0.0

View fixed issues in 9.1.x.

Release type: Bug fixesNew features
Categories: Informatika

drupal 9.2.x-dev

2020, October 16 - 21:22

Unsupported development snapshot for the 9.2.x release series.

The 9.2.x branch is now open for new development. 9.2.0 is scheduled for release in June 2020.

Those interested in testing the upcoming 9.1.0 releases of Drupal core should continue to work with the 9.1.x branch until 9.1.0 is released on December 2, 2020.

Release type: Bug fixesNew features
Categories: Informatika

drupal 8.9.7

2020, October 7 - 21:45

This is a patch (bugfix) release of Drupal 8 and is ready for use on production sites. Learn more about Drupal 8.

Drupal 8.9 is the final minor release of the 8.x series. It is a long-term support (LTS) version, and will receive security coverage until November 2021. It provides the same public API as Drupal 9.0 aside from deprecated code and dependency changes. (Learn more about Drupal 9.)

If you are upgrading to this release from 8.8.x, read the Drupal 8.9.0 release notes before you upgrade.

Important update information

This release has been tagged with Composer 2.0.0-RC1. Please report any issues in the Drupal core issue queue.

Known issues

Search the issue queue for known issues.

All changes since Drupal 8.9.6 Release type: Bug fixes
Categories: Informatika

drupal 9.0.7

2020, October 7 - 21:44

This is a patch (bugfix) release of Drupal 9 and is ready for use on production sites. Learn more about Drupal 9.

Drupal 9.0.x will receive security coverage until June 2, 2021 when Drupal 9.2.0 is released.

If you are upgrading from Drupal 8, read upgrading a Drupal 8 site to Drupal 9 and the 9.0.0 release notes before upgrading to this release.

If your site is on 8.8.x or earlier, you may wish to upgrade to Drupal 8.9.3 instead, and upgrade to Drupal 9 at a later date after preparing your site.

Important update information

This release has been tagged with Composer 2.0.0-RC1. Please report any issues in the Drupal core issue queue.

Known issues

Search the issue queue for known issues.

All changes since Drupal 9.0.6 Release type: Bug fixes
Categories: Informatika

drupal 7.73

2020, September 16 - 18:05

Maintenance and security release of the Drupal 7 series.

This release fixes security vulnerabilities. Sites are urged to upgrade immediately after reading the notes below and the security announcement:

No other fixes are included.

Important update information
  • Any site that relies on Drupal's AJAX API to perform trusted JSONP requests will need to either override the AJAX options to set "jsonp: true" or use the jQuery AJAX API directly.

    If you are using jQuery's AJAX API for user-provided URLs in a contrib or custom module, you should review your code and set "jsonp: false" where this is appropriate.

    Drupal 7 sites should also pass such URLs through the new Drupal.sanitizeAjaxUrl() function.

  • No changes have been made to the .htaccess, web.config, robots.txt, or default settings.php files in this release, so upgrading custom versions of those files is not necessary if your site is already on the previous release.

Release type: Security update
Categories: Informatika

drupal 8.8.10

2020, September 16 - 18:05

Maintenance and security release of the Drupal 8 series.

This release fixes security vulnerabilities. Sites are urged to upgrade immediately after reading the notes below and the security announcement:

No other fixes are included.

Which release do I choose? Security coverage information
  • Drupal 8.8.x will receive security coverage until December 2, 2020 when Drupal 9.1.0 is released.
  • Versions of Drupal 8 prior to 8.8.x are end-of-life and do not receive security coverage.
Important update information
  • Once a site running Workspaces is upgraded for SA-CORE-2020-008, authenticated users may continue to see unauthorized workspace content that they accessed previously until they are logged out.

    If it is important for the unintended access to stop immediately, you may wish to end all active user sessions on your site (for example, by truncating the sessions table). Be aware that this will immediately log all users out and can cause side effects like lost user input.

  • Sites that override \Drupal\Core\Form\FormBuilder's renderPlaceholderFormAction() and/or buildFormAction() methods in contrib and/or custom code should ensure that appropriate sanitization is applied for URLs for SA-CORE-2020-009.

  • Any site that relies on Drupal's AJAX API to perform trusted JSONP requests will need to either override the AJAX options to set "jsonp: true" or use the jQuery AJAX API directly.

    If you are using jQuery's AJAX API for user-provided URLs in a contrib or custom module, you should review your code and set "jsonp: false" where this is appropriate.

  • No changes have been made to the .htaccess, web.config, robots.txt, or default settings.php files in this release, so upgrading custom versions of those files is not necessary if your site is already on the previous release.

Release type: Security update
Categories: Informatika

drupal 8.9.6

2020, September 16 - 18:05

Maintenance and security release of the Drupal 8 series.

This release fixes security vulnerabilities. Sites are urged to upgrade immediately after reading the notes below and the security announcement:

No other fixes are included.

Which release do I choose? Security coverage information
  • Drupal 8.9.x is a long-term support release that will receive security coverage until November 2021.
  • Sites on 8.8.x or earlier should update immediately to Drupal 8.8.10 instead, and plan to update to the latest 8.9.x or 9.0.x release before December 2, 2020 (when Drupal 9.1.0 is scheduled for release and 8.8.x security coverage ends).
  • Versions of Drupal 8 prior to 8.8.x are end-of-life and do not receive security coverage.
Important update information
  • Once a site running Workspaces is upgraded for SA-CORE-2020-008, authenticated users may continue to see unauthorized workspace content that they accessed previously until they are logged out.

    If it is important for the unintended access to stop immediately, you may wish to end all active user sessions on your site (for example, by truncating the sessions table). Be aware that this will immediately log all users out and can cause side effects like lost user input.

  • Sites that override \Drupal\Core\Form\FormBuilder's renderPlaceholderFormAction() and/or buildFormAction() methods in contrib and/or custom code should ensure that appropriate sanitization is applied for URLs for SA-CORE-2020-009.

  • Any site that relies on Drupal's AJAX API to perform trusted JSONP requests will need to either override the AJAX options to set "jsonp: true" or use the jQuery AJAX API directly.

    If you are using jQuery's AJAX API for user-provided URLs in a contrib or custom module, you should review your code and set "jsonp: false" where this is appropriate.

  • No changes have been made to the .htaccess, web.config, robots.txt, or default settings.php files in this release, so upgrading custom versions of those files is not necessary if your site is already on the previous release.

Release type: Security update
Categories: Informatika

Pages

Theme by me