Drupal

11.1.7

8 Maj - 170MBBug Fixes and Changes

• Node add/edit gives a Call to a member function getAccountName() on null when author is NULL
  
• There are leftover references in comments to long ago renamed ListDefinitionInterface
  
• Add BC stubs for Hook ordering
  
• Media Library currentSelection not reset properly
  
• Fix grammar in FormattableMarkup::placeholderFormat() comments
  
• docs for return values from various EntityDisplayRepositoryInterface() are unclear
  
• Fix errors in update-countries.sh"
  
• Fix errors in update-countries.sh
  
• Bump php-tuf/composer-stager to 2.0.1
  
• LanguageNegotiationUrl unnecessarily adds domain to outbound URL's
  
• Remove srcdoc attributes in Xss::filter()
  
• incorrect @return docs for ElementInfoManagerInterface::getInfo()
  
• Update documentation for project versions in \Drupal\Core\Extension\InfoParserInterface::parse
  
• Improve documentation for Graph component
  
• The example code given for FormattableMarkup::placeholderFormat() contains typos and syntax errors
  
• Add lostcarpark as Mentoring Coordinator to MAINTAINERS.txt
  
• Removing field from LB content type edits associated roles
  
• Settings is not a valid render array in navigation module
  
• Media library form can only be submitted in the default workspace
  
• NodeController::revisionOverview is uncacheable
  
• Possible Non GPLv2 compatible code in ExpectDeprecationTrait
  
• CI: Using stale drupalci chromedriver image (`chromedriver` is stale, `webdriver-chromedriver` gets updates)
  
• Sourceless migration plugins are broken
  
• Undefined array key warning in UrlHelper::parse()
  
• Refactor FormTestClickedButtonForm::buildForm"
  
• Add pdureau as provisional Frontend Framework Manager
  
• Media Library item styles assume contextual module is present
  
• Refactor FormTestClickedButtonForm::buildForm
  
• Decimal separator and decimals settings ignored when aggregating decimal fields (revert)
  
• Confirm and update mentoring coordinators section in MAINTAINERS.txt
  
• Add acbramley as co-maintainer for node module
  
• Add mogtofu33 as a SDC and new theme system's Icon API maintainer
  
• ComponentValidator ignores the set validator and creates a new one
  
• Fix contextual links disappear intermittently leading to console errors
  
• SDC slots not being validated against json config schema
  
• CI: Switch drupalci image registry from dockerhub to gitlab.com (mitigate rate limit errors)

Läs mer: https://www.drupal.org/project/drupal/releases/11.1.7

11.1.6

2 April - 170MBBug Fixes and Changes

• Nightwatch command drupalInstall doesn't set the user_agent environment variable with the simpletest site instance
  
• Use Drupal Core Leadership terminology in MAINTAINERS.txt
  
• ImageItem::defaultStorageSettings() should override display_default
  
• Decimal separator and decimals settings ignored when aggregating decimal fields
  
• Pager not working correctly in AJAX view with exposed filters
  
• [random test failure] ImageUrlProviderTest::testResize
  
• [random test failure] FilterEntityReferenceTest
  
• Renderer::getCurrentRenderContext() triggers a TypeError when there is no current request
  
• UserPermissionsForm should not use overridden permissions
  
• Renaming a table containing "drupal_" in the name with multiple indexes fails on PostreSQL

Läs mer: https://www.drupal.org/project/drupal/releases/11.1.6

11.1.5

(säkerhetsutgåvan)
20 Mars - 170MBSecurity

• Drupal core - Moderately critical - Cross Site Scripting - SA-CORE-2025-004 - Drupal core Link field attributes are not sufficiently sanitized, which can lead to a Cross Site Scripting vulnerability (XSS). This vulnerability is mitigated by that fact that an attacker would need to have the ability to add specific attributes to a Link field, which typically requires edit access via core web services, or a contrib or custom module. Sites with the Link module disabled or that do not use any link fields are not affected.

Läs mer: https://www.drupal.org/project/drupal/releases/11.1.5

11.1.4

5 Mars - 170MBThis is a patch (bugfix) release of Drupal 11 and is ready for use on production sites.

Bug Fixes and Changes

• Add griffynh as provisional core team facilitator
  
• Focus outline has a too low color contrast and uses a different green than Claro
  
• Fix documentation for optional params in MessengerInterface
  
• Extend ViewsBlockBase to merge cache metadata from display handler
  
• example recipe.yml has incorrect comment above "actions" section
  
• Change hardcoded entity key 'uid' to getKey in ResourceTestBase
  
• Offer to become maintainer of Stable9
  
• Remove --quiet from updatedb in Validatable config job
  
• Improve HookCollectorPass test
  
• Sqlite Connection::createConnectionOptionsFromUrl should not convert relative paths to full
  
• Regression: RssResponseCdata filtering out common HTML tags from RSS feeds
  
• Logout confirmation form shows inappropriate confirmation description
  
• Yarn watch task broken
  
• Redirect correct language page after node save
  
• Ensure config entity langcode property does not change when installing, adding or editing a language
  
• Allow recipes to contain an "extra" property with arbitrary information for specific modules to use

Läs mer: https://www.drupal.org/project/drupal/releases/11.1.4

11.1.3

(säkerhetsutgåvan)
19 Februari - 170MBThis is a security release of the Drupal 11 series. Sites are urged to update immediately.

Security

• Drupal core - Critical - Cross-Site Scripting - SA-CORE-2025-001
  
• Drupal core - Moderately critical - Access Bypass - SA-CORE-2025-002
  
• Drupal core - Moderately critical - Gadget chain - SA-CORE-2025-003

Läs mer: https://www.drupal.org/project/drupal/releases/11.1.3

11.1.2

5 Februari - 170MBThis is a patch (bugfix) release of Drupal 11 and is ready for use on production sites.

Bug Fixes and Changes

• Firefox retains form_build_id on form reloads, causing old form cache entry to be used and creating weird behavior for the Media Library widget
  
• Wrong Regular Expression for string comparison in Nightwatch.js assertion
  
• Twig needs updating for CVE-2025-24374
  
• Updating path alias language in workspace does not work
  
• Fix reference to core_field_views_data()
  
• Consider a more substantial shortcuts placeholder
  
• Make the menu link form less verbose
  
• Menu APIs provide invalid CSRF tokens
  
• Fix references to Drupal\Tests\KernelTestBase
  
• Remove claudiu.cristea from MAINTAINERS.txt
  
• Remove chr.fritsch from MAINTAINERS.txt
  
• Remove dawehner from MAINTAINERS.txt
  
• Referring the same entity multiple times breaks _referringItem
  
• Update ComponentValidator to always include the component ID
  
• Help link always appears in navigation
  
• SDC components CSS & JS generated wrong url in windows / XAMPP
  
• EntityAccessControlHandler::createAccess() returns false positive cache hits because it ignores context
  
• Fix errors in SourcePluginBase doc block
  
• PHPCS error in contributed module caused by core recipe.README.txt
  
• Add headroom to the navigation performance test
  
• Tabledrag library depends on non-existent libraries
  
• run-tests.sh cannot handle unicode in PHPUnit output
  
• ContentEntityBase::createDuplicate() should reset default revision flag
  
• Allow modules to hook into top of content section of new core navigation
  
• Fix handling of unknown file extensions in FileMediaFormatterBase
  
• Add render caching for the navigation render array
  
• UserRolesCacheContext can lead to poisoned cache returns for user 1
  
• [random test failure] CommentPreviewTest::testCommentPreview
  
• Allow recipe input values in array keys
  
• RuntimeException: Adding non-existent permissions to a role is not allowed
  
• Error when navigation JS is loaded for anonymous users
  
• Better warning message when variation cache detects an incompatible CacheRedirect
  
• Nested paragraphs with same field name are ordered wrong

Läs mer: https://www.drupal.org/project/drupal/releases/11.1.2

11.1.1

7 Januari - 170MBThis is a patch (bugfix) release of Drupal 11 and is ready for use on production sites.

Bug Fixes and Changes

• Add bradjones1 as Serialization subsystem maintainer
  
• [random test failure] LayoutSectionTest::testLayoutSectionFormatterAccess
  
• Add test coverage to ensure navigation isn't rendered for users that don't have access
  
• MediaSourceBase::getSourceFieldName() doesn't check character max
  
• ManagedFile #accept overwrites existing attributes
  
• [random test failure] LanguageNegotiationInfoTest::testInfoAlterations
  
• Improve documentation of MenuLinkTreeInterface
  
• When Batch ID doesn't exist, Drupal should emit a 404
  
• Revert "Add assertions to OpenTelemetryNodePagePerformanceTest::testNodePageCoolCache()"
  
• Move all system_update_N() methods next to each other
  
• Add assertions to OpenTelemetryNodePagePerformanceTest::testNodePageCoolCache()
  
• [random test failure] EditorSecurityTest::testEditorXssFilterOverride
  
• [random test failure] LayoutBuilderBlocksTest::testBlockPlaceholder failing
  
• [random test failure] ImageStylesPathAndUrlTest
  
• Fatal error: Uncaught TypeError: Drupal\Core\Extension\ThemeHandler::addTheme()
  
• BreadcrumbManager ignores cacheability when no builders apply
  
• Ensure invalid items are not written to FastBackend in ChainedFast
  
• When applying a recipe, we need to trigger an event pre importing content
  
• Recipes that depend on other recipes break RecipeInputFormTrait
  
• Add void return type to all procedural alter hook implementations
  
• Align return type phpdoc for EntityChangedInterface::getChangedTime() with EntityChangedTrait
  
• Navigation Top Bar hides entity local tasks even if the user has no access to the bar
  
• Olivero: Avoid localStorage for anonymous user to prevent violation of data protection regulations
  
• Reinstate drupal_common_theme() and deprecate it
  
• Refactor Claro's dialog stylesheet
  
• Clarify documentation for EntityContentBase 'translations' configuration option
  
• Status report confuses null email with duplicate email
  
• BlockLibraryController typehints LazyContextRepository, not the interface
  
• symfony/http-foundation Follow up issue for isAdminPath validator
  
• Remove references to hook_process_HOOK
  
• Update EntityTypeInterface::getKeys() docs for string IDs
  
• Correct docs for CachePluginBase::cacheSetMaxAge()
  
• Document that invalid IDs are not present in the return array or EntityStorageInterface::loadMultiple
  
• Method getMockForAbstractClass() is deprecated - replace in views plugins
  
• Add return types to hook_update_N implementations
  
• Add NodeElement return typehints to protected test helper methods

Läs mer: https://www.drupal.org/project/drupal/releases/11.1.1

11.1.0

(större version)
20 December 2024 - 170MBImportant

• The "Access the Content blocks overview page" permission is no longer required to create blocks. This means that roles that have "Create new content block" permission for a given block type will be able to create these blocks when they could not in previous releases. Site owners should audit their Block Content permissions to ensure that block creation access is granted intentionally in all cases, and can also now consider revoking access to the content block overview listing for roles that do not need it.
  

Core Files

• .htaccess is edited to attach the correct image/webp header for webp images (when the MIME Apache module is enabled).
  
• services.yml is edited to remove sid_length and sid_bits_per_character, which are no longer supported by PHP 8.4 or Symfony 7.2.
  

APIs

• Most procedural hooks are now implemented in classes. We recommend that sites that are altering core hook implementations review those implementations and update as needed.
  
• Assets are now ordered by dependencies instead of relying on the order that libraries were attached to the page.
  
• The "Add new module" page at /admin/modules/install. The "Add new theme" page at /admin/theme/install. The "Add new module or theme" page at /admin/reports/updates/install.
  
• The Page Cache and Dynamic Page Cache response headers have been improved to include more details about the cacheability.
  
• A new Workspaces UI module has been added which provides the Workspace module's routes and toolbar integration.
  

Dependencies

• Symfony has been updated to 7.2.0.
  
• Twig has been updated to 3.14.2.
  
• Numerous other dependencies have received minor- and patch-level updates to the latest versions.
  
• Composer has been updated to 2.8.1.
  
• OpenTelemetry has been updated to 1.1.0. This adds additional development dependencies including the tbachert/spi Composer plugin.
  
• CKEditor has been updated to 44.0.0.
  
• jQuery UI has been updated to 1.14.0.
  

Bug Fixes and Changes

• Block visibility settings have summary duplicated in the title
  
• Update all JavaScript dependencies which cause no changes
  
• Remove oEmbed security warning
  
• The default content importer should handle Layout Builder section data
  
• [regression] DateHelper::dayOfWeekName() returns untranslated name
  
• Bump cspell to 8.16.1
  
• Remove drupalci.yml
  
• Revisit large numbers of @see in text element docs
  
• ExtensionMimeTypeGuesser::guessMimeType must support file names with "0" (zero) in the extension parts like foo.0.zip
  
• Use the new equivalent updates API to prevent updates from 10.4.0 to 11.0.0
  
• Improve the exception message for unsupported entity types in a workspace
  
• Memory leak in DrupalKernel when installing modules
  
• Update Composer dependencies for 11.1.0
  
• Remove use of deprecated "spaceless" filter in core templates
  
• Using hooks_converted container parameter changes $dir during hook collection breaking collection of oop hooks.
  
• Update CKEditor 5 to 44.0.0
  
• Update stylelint* to latest releases
  
• Add procedural hook short circuit per module or file
  
• package_manager kernel tests are slow
  
• Clean up how ModuleInstaller invokes hooks around installing other modules
  
• Mark hook_install_tasks and hook_install_tasks_alter as procedural only
  
• Profiles can be missed in OOP hooks

Läs mer: https://www.drupal.org/project/drupal/releases/11.1.0

11.0.12

19 Februari - 170MBThis is a security release of the Drupal 11 series. Sites are urged to update immediately.

Security

• Drupal core - Critical - Cross-Site Scripting - SA-CORE-2025-001
  
• Drupal core - Moderately critical - Access Bypass - SA-CORE-2025-002
  
• Drupal core - Moderately critical - Gadget chain - SA-CORE-2025-003

Läs mer: https://www.drupal.org/project/drupal/releases/11.0.12

11.0.11

5 Februari - 170MBThis is a patch (bugfix) release of Drupal 11 and is ready for use on production sites.

Bug Fixes and Changes

• Twig needs updating for CVE-2025-24374
  
• [random test failure] LanguageNegotiationInfoTest::testInfoAlterations

Läs mer: https://www.drupal.org/project/drupal/releases/11.0.11

11.0.10

7 Januari - 170MBThis is a patch (bugfix) release of Drupal 11 and is ready for use on production sites.

Bug Fixes and Changes

• [random test failure] EditorSecurityTest::testEditorXssFilterOverride
  
• Revert "Issue #3490710 by mfb: Catch potential exception when calling Request::create() in PathBasedBreadcrumbBuilder"
  
• [random test failure] LayoutBuilderBlocksTest::testBlockPlaceholder failing
  
• [random test failure] ImageStylesPathAndUrlTest
  
• Fatal error: Uncaught TypeError: Drupal\Core\Extension\ThemeHandler::addTheme()
  
• Document that invalid IDs are not present in the return array or EntityStorageInterface::loadMultiple
  
• [regression] DateHelper::dayOfWeekName() returns untranslated name
  
• Remove drupalci.yml
  
• Revisit large numbers of @see in text element docs
  
• ExtensionMimeTypeGuesser::guessMimeType must support file names with "0" (zero) in the extension parts like foo.0.zip
  
• Improve the exception message for unsupported entity types in a workspace
  
• Backport Hook and LegacyHook Attribute
  
• Catch potential exception when calling Request::create() in PathBasedBreadcrumbBuilder
  
• Fix bogus mocking in \Drupal\Tests\Core\Update\UpdateRegistryTest
  
• docs for EntityTypeInterface::getBundleOf() should say entity type *id*
  
• EntityAccessCheck documentation contains errors
  
• DefaultExceptionHtmlSubscriber should not clone the request for 400/BadRequestException

Läs mer: https://www.drupal.org/project/drupal/releases/11.0.10

11.0.9

22 November 2024 - 170MBThis is a patch (bugfix) release of Drupal 11 and is ready for use on production sites.

Important

• This release fixes a performance regression in Twig 3.14.2 and above
  
• If you are updating from Drupal 10, refer to Preparing your site to upgrade to a newer major version for tools you can use to check the Drupal 11 compatibility of modules, themes and sites. Then, upgrade from Drupal 10 to 11. You should also check the Drupal 11.0.0 release notes.
  
• If you are updating from 10.2.x or earlier and have the CKEditor font module installed, you should consider switching to CKEditor5 Plugin pack for a more up-to-date version of the plugin which is compatible with the CKEditor5 version shipped with Drupal 10.3.
  

Bug Fixes and Changes

• Performance Degraded after update to twig 3.14.2
  
• Merged 11.0.8.
  
• Fix usage of str_getcsv() and fgetcsv() for PHP 8.4
  
• getIncludedRecipe() should statically cache recipe objects to avoid performance problems
  
• Creating a published moderated entity in a workspace shouldn't make it published in Live
  
• __construct() documentation references incorrect ToConfig enum name
  
• Use testdox and colors in tests spawned by run-tests.sh

Läs mer: https://www.drupal.org/project/drupal/releases/11.0.9

11.0.8

(säkerhetsutgåvan)
20 November 2024 - 170MBThis is a security release of the Drupal 11 series. Sites are urged to update immediately after reading the notes below and the security announcements:

Security

• Moderately critical - Cross-Site Scripting - SA-CORE-2024-003
  
• Moderately critical - Access Bypass - SA-CORE-2024-004
  
• Less critical - Gadget chain - SA-CORE-2024-006
  
• Moderately critical - Gadget chain - SA-CORE-2024-007

Läs mer: https://www.drupal.org/project/drupal/releases/11.0.8

11.0.7

12 November 2024 - 170MBBug Fixes and Changes

• An update to symfony/http-foundation plus a trailing space took down the views UI
  
• Recursion limit exceeded with Twig v3.14.1 when editing a node or a block

Läs mer: https://www.drupal.org/project/drupal/releases/11.0.7

11.0.6

7 November 2024 - 170MBBug Fixes and Changes

• Remove phenaproxima as a Migrate subsystem maintainer
  
• D7 node_revision table is referred to as node_revisions
  
• Typo in error message when MySQL socket connection fails
  
• guessMimeType returns less accurate MIME type when file extensions have multiple parts
  
• Spacing issue between Checkbox label and button
  
• Inconsistencies in system-status-counter RTL styles
  
• contact_menu_local_tasks_alter() should check whether ['tabs'][0] is set
  
• Add doc block for $modules in tests
  
• Use install/uninstall in layout builder expose all field
  
• Nightwatch tests from submodules do not run in Gitlab CI because of missing option to follow symlinks
  
• Ajax-enabled image effect forms do not update to the latest ajax processed configuration
  
• Media image thumbnail incorrectly ends up as NULL when it should be an empty string
  
• User login and password reset forms should be workspace-safe
  
• password_confirm children do not pick up #states or #attributes
  
• Add MissingParamType for form, form_state and form_id
  
• Migrate Toolbar button to SDC
  
• Sub workspace does not clear
  
• Theme aside layout builder section on navigation block page
  
• Add views.view.taxonomy_term.yml to tag_taxonomy recipe
  
• The content_editor_role recipe assigns a permission that might not exist
  
• Workspaces with thousands of items can't be published
  
• Unable to generate canonical, edit, and update URLs for entity test multilanguage with bundle
  
• CKEditor 5 has its own border color and is not using Claro's colors
  
• Standardize "plugin ID" in doc comments instead of "plugin_id"
  
• Recipe validation should always treat required modules as installed
  
• getNormalization can result in max-age drift when different sets of fields are requested
  
• rollback() should document that its $destination_identifier parameter is an associative array
  
• Ensure uniqueBundleId is unique in LoadJS
  
• 11.0.x yarn dependencies have mushroomed
  
• User routes alter in custom module throwing error on "_format"
  
• Add js message theme override to match Umami message markup
  
• Reorganize navigation settings to be more consistent
  
• Update CKEditor 5 to 43.1.1
  
• Tweak @group #slow for kernel tests again
  
• submit button is too wide in the off canvas dialog box
  
• To long Breadcrumbs are creating scrollbar
  
• Improve description for parameters in hook_menu_links_discovered_alter
  
• Error handler crashes with Undefined constant "DRUPAL_TEST_IN_CHILD_SITE"

Läs mer: https://www.drupal.org/project/drupal/releases/11.0.6

11.0.5

3 Oktober 2024 - 170MBImportant

• Webpack is updated to version 5.95.0 to incorporate a security release which does not affect Drupal core. This update introduces a change to the supported browser list, which allows more modern CSS to be produced, notably the :dir pseudo class. Drupal core has required all browser versions to support :dir since December 2023, so this is applying what was already an existing policy.
  

Bug Fixes and Changes

• Maintenance pages leak sensitive environment information
  
• The dotfiles are ignored when copied over in Starterkit
  
• Update Webpack to 5.95.0
  
• Fix "Not passing an instance of "TwigFunction" when creating a function of type "FunctionExpression" is deprecated."
  
• Fix "The "tag" constructor argument of the "Drupal\Core\Template\TwigNodeTrans" class is deprecated and ignored"
  
• Fix "Twig\Nodexpression\FilterExpression" deprecation introduced in twig/twig 3.12.0
  
• Since twig/twig 3.9: error with "twig_escape_filter" function usage in /core/lib/Drupal/Core/Template/TwigExtension.php
  
• gitlab artifact caching doesn't work due to differences with project ID and build directories
  
• TablesInterface::addField() doesn't document that $field can contain relationships
  
• Improve PluginNotFound exception to include possible shorthand action IDs
  
• Stop passing ints to DateTimePlus::createFromFormat and DrupalDateTime::createFromFormat
  
• Allow passing MarkupInterface to AssertContentTrait::setRawContent
  
• YAML discovery does not take theme inheritance into account
  
• Claro removes default styling from abbreviations ( tag)
  
• Hide reply link for unpublished comments
  
• Change string 'Modules to enable' that are not in comments
  
• Header is always shown in Claro even when regions in it are empty
  
• Content Moderation prevents workspace deployment
  
• Update run-tests.sh help output to match current test organization
  
• Replace eslint-plugin-jquery with eslint-plugin-no-jquery
  
• Cron reports it's done long before it really is done
  
• Sub workspace does not clear
  
• External application is redirected to frontpage in maintenance mode
  
• Special Menu items are rendered as empty links in navigation

Läs mer: https://www.drupal.org/project/drupal/releases/11.0.5

11.0.4

12 September 2024 - 170MBIMPORTANT: In general, sites should update core and contributed modules to the most recent releases available for their current major core version (10.x), before updating to the next major release (11.x).

11.0.4

Bug Fixes and Changes

• This release reverts #3471741: Fix null $cid in CacheCollector classes, released in 11.0.3, which conflicted with Menu Trail by Path, Entity Manager and Gin Toolbar modules.
  

11.0.3

Bug Fixes and Changes

• State has no dedicated test coverage
  
• twig/twig has a possible sandbox bypass
  
• Remove references to ApcClassLoader (removed in Symfony 4)
  
• Fix null $cid in CacheCollector classes
  
• Use one-time login link instead of user login form in BrowserTestBase tests
  
• Aggregated asset generation causes uncacheable assets
  
• Adjust custom navigation logo dimensions on upload
  
• Drupal.dialog openDialog should use event settings

Läs mer: https://www.drupal.org/project/drupal/releases/11.0.4

11.0.2

(större version)
5 September 2024 - 170MBIMPORTANT: In general, sites should update core and contributed modules to the most recent releases available for their current major core version (10.x), before updating to the next major release (11.x).

11.0.2

Bug Fixes and Changes

• array lines in hook_theme() sample code are too long
  
• Fix Content Translation tests that rely on UID1's super user behavior
  
• Improve performance of the user.permissions.js script running in /admin/people/permissions
  
• getProcessPlugins() should explain why it has a process parameter and why it's optional
  
• MigrateNoMigrateDrupalTest fails with missing classes in certain situations
  
• Speed up JSON:API ResourceTestBase
  
• Drupal\Core\Template\Attribute doesn't support adding attributes with array syntax if attribute name not already initialised
  
• Missing @var annotation for properties that provide default values
  
• Improve Drupal\Core\Ajax\MessageCommand API documentation
  
• Views content language field default configuration should use field_language plugin
  
• Change string 'Modules to enable' to {@inheritdoc} in comments
  
• Speed up UpdateSemverTestSecurityCoverageTest
  
• PathLanguageTest should use API to set up language
  
• CommentTestBase/CommentTestTrait methods should be protected
  
• Speed up UpdateContribTest
  
• TaxonomyTestTrait methods should be protected
  
• Split up jsonapi CommentTest
  
• Speed up ContentModerationStateTest
  
• Speed up RevisionRevertFormTest
  
• Rename ConstraintsTest to UuidValidatorTest
  
• Improve documentation of AttachmentsInterface methods
  
• Improve docblocks for views FieldHandlerInterface.php
  
• HtmlTag doc should be clear about escaping of #value
  
• Convert EntityTypeDataTest to use EntityTestWithBundle
  
• AssetResolverTest should use ::willReturnMap() for mocking
  
• Update NPM packages flagged by yarn audit
  
• Optimize dblog tests
  
• Speed up ExposedFormTest
  
• Speed up UpdateSemverTestSecurityAvailabilityTrait
  
• Fix param docs identified by phpstan
  
• Update docs to stop recommending FormattableMarkup
  
• Add additional test coverage for DialogRenderer::getTitleAsStringable()
  
• Broken auto creation of machine name field
  
• Speed up ElementTest
  
• Speed up PageCacheTest
  
• Reduce CPU request for Nightwatch job
  
• Allow child jobs to run as soon as phpcs and spellcheck are completed"
  
• Speed up BigPipeRegressionTest
  
• Split up EntityDefinitionUpdateTest
  
• Speed up DemoUmamiProfileTest
  
• Speed up WorkspacesContentModerationStateTest
  
• Allow child jobs to run as soon as phpcs and spellcheck are completed
  
• Standard Responsive Images recipe should have the Responsive image recipe type
  
• Reduce concurrency for build tests
  
• JavaScript files added by AJAX responses are only optimized in maintenance mode
  
• APCu requirement for 32M is checking wrong value
  
• Fix typehint of ContextDefinition's $label constructor param
  
• Add tests for updates should not recommend a new branch if there are no stable releases
  
• RouteCachingLanguageTest should use API to set up language
  
• Convert IpAddressBlockingTest to a Unit and Kernel test and improve
  
• Split CKEditor5Test into two
  
• Some tests fail with 'Cannot use positional argument after named argument during unpacking'
  
• Add form class to summary for hooks and form submission handler in contact.module
  
• Remove a couple of data providers from ckeditor5 ImageTestBase"
  
• Fix Toolbar tests that rely on UID1's super user behavior
  
• Use API methods to create filter/editor in CKEditor5Test when not explicitly testing the UI
  
• Remove a couple of data providers from ckeditor5 ImageTestBase
  
• Show test run time by class in run-tests.sh output
  
• CoreRecipesTest is slow
  
• Reduce CPU requirement and concurrency for unit tests
  
• Ignore phpstan-tmp in phpcs.xml.dist
  
• Fix ‘risky’ tests
  
• CoreRecipesTest is slow"
  
• Use API methods instead of form submissions in FilterFormatAccessTest::setUp()
  
• Split OptionsFieldUiTest into two
  
• Split up FormTest
  
• FileFieldCreationTrait methods should be protected
  
• De-duplicate logic in ManageFieldsFunctionalTest
  
• FileOnTranslatedEntityTest should use API to set up language
  
• Use Ubuntu images in all CI environments for core
  
• DatabaseStorage, readMultiple throws error when receive empty array
  
• BigPipe cannot handle (GET) form redirects (EnforcedResponseException)
  
• The PECL UUID implementation can return invalid UUIDs
  
• WebAssertTest fails on 10.x
  
• Test-only job cannot be run due to wrong dependency
  
• Method getMockForAbstractClass() of class PHPUnit\Framework\TestCase is deprecated in PHPUnit 10 - replace in Plugin component tests
  
• Fix strict type errors in test modules
  

11.0.1

Bug Fixes and Changes

• Example recipe isn't functional
  
• ModuleConfigureRouteTest is slow
  
• Method getMockForAbstractClass() of class PHPUnit\Framework\TestCase is deprecated in PHPUnit 10 - replace in class ControllerBaseTest
  
• Use artifacts to share the eslint and styleint caches from core to MRs
  
• Update to jQuery UI 1.14.0
  
• Convert WebAssertTest to a Unit test
  
• Fix Node tests that rely on UID1's super user behavior - Blocks
  
• Ensure trailing whitespace at the end of a cache ID results in a unique cache item
  
• ComponentGenerator hardcodes PHP 7.3.0
  
• Changing plugins from annotations to attributes in contrib leads to error if plugin extends from a missing dependency
  
• Consolidate Umami performance tests
  

11.0.0

Bug Fixes and Changes

• drush updb errors on System and Layout Builder modules when going 10.3.1 to 11.0.0.-rc1
  
• Update composer dependencies prior to 11.0.0
  
• Changing plugins from annotations to attributes in contrib leads to error if plugin extends from a missing dependency
  
• Update JavaScript dependencies for Drupal 11.0.0
  
• Use artifacts to share the phpstan result and cspell caches from core to MRs (follow-up, job token is unnecessary.
  
• Make PHPStan rule testing use PHPUnit 10
  
• Use artifacts to share the phpstan result and cspell caches from core to MRs (follow-up: also run on daily scheduled tests)
  
• Drupal Displace outputs invalid value for --drupal-displace-offset-right when opening top dialog
  
• Consolidate ckeditor5's FunctionalJavascript tests
  
• Update deprecation notices in ajax.js
  
• Module and theme names are not filtered on output
  
• Stop using a data provider in UserPasswordResetTest
  
• Fix File tests that rely on UID1's super user behavior
  
• Documentation in ConfigDependencyManager conflates plugin dependencies and config dependencies
  
• Add input string to exception message thrown in createConnectionOptionsFromUrl()
  
• Merge test methods in FieldUIRouteTest for better performance
  
• Render API overview should include a link to the list of elements
  
• Replace t() calls inside of Controllers that do not use StringTranslationTrait
  
• Single directory component CSS asset library not picked up in admin theme immediately after module install without cache clear
  
• Fix Field UI tests that rely on UID1's super user behavior
  
• GenerateThemeTest::testContribStarterkitDevSnapshotWithGitNotInstalled fails on sqlite
  
• ImageAdminStylesTest::testAjaxEnabledEffectForm() fails because statusMessageExists() does not wait
  
• Status report wrongly warns of APCu memory limit when admin language is not English
  
• Merge the build and lint stages in core MR pipelines
  
• Consolidate methods on FormElementsLabelsTest
  
• Update to ckeditor 42.0.2
  
• hook_local_tasks_alter() and hook_menu_local_tasks_alter() need mutual @see links
  
• Optimize TelephoneFieldTest
  
• Parameters doc for views "row" should be at the top level of the array
  
• ToolbarStoredStateTest needs wait after resizing window
  
• Have a dedicated category for blocks provided by the Navigation module
  
• Three more slow functional tests
  
• Consolidate test methods in StandardPerformanceTest
  
• \Drupal\Core\Extension\ExtensionDiscovery::PHP_FUNCTION_PATTERN is out-of-date
  
• [random test failure] Random test fail in EntityReferenceWidgetTest
  
• convert TermTest::testParentHandlerSettings() into a kernel test
  
• Fix the format=flowed; delsp=yes encoding of email messages
  
• Try to rebalance kernel tests between gitlab runners (@group #slow again)
  
• Remove adding an extension via a URL
  
• CoreRecipesTest is slow
  
• Filter placeholders without arguments are not replaced when HTML corrector filter applied afterwards
  
• Add missing category to Drupal\layout_builder\Plugin\Layout\BlankLayout and let modules and themes alter the list of layouts
  
• Fix access checks for bundle permissions to avoid triggering a config validation error
  
• Ensure post transaction callbacks are only at the end of the root Drupal transaction
  
• Autocomplete input text can visibly overflow under magnifier icon
  
• Spacing issue in Home > Search page on Advanced search section
  
• Long string breaks the layout of Claro (reapply fix)
  
• Consolidate two test methods in NumberFieldTest
  
• Mark more tests with @group #slow and remove it from some others
  
• Stable 9 is trying to override non-existing css files
  
• getProcessPlugins() normalises the process array twice
  
• Fix hook_update_N docs for display of code block, remove unnecessary @see
  
• Fix 'Drupal.Commenting.InlineComment.NotCapital' coding standard
  
• Avoid TypeError if config entity dependencies are NULL
  
• Remove check for 10200 update from help module
  
• Update to jQuery 4.0.0-beta2
  
• Skip unsupported methods in rest/jsonapi tests in an efficient way
  
• Prevent simultaneous open/close on simultaneous click/hover
  
• Many core recipes are not idempotent
  
• Fix instances of floats passed to functions expecting ints
  
• Remove documentation for readmore, logged_in and is_admin from node.html.twig
  
• Method getMockForAbstractClass() of class PHPUnit\Framework\TestCase is deprecated in PHPUnit 10 - replace in class NormalizerBaseTest
  
• Installing Content Translation module breaks Rest resources
  
• Deprecation message for user_validate_name points to an invalid replacement
  
• Remove references to node_edit in FormBuilderInterface
  
• Correct the punctuation on the description for \Drupal\Tests\UnitTestCase
  
• incorrect docs in DateFormatter::format()
  
• Replace usage of generateString with generate in Media module
  
• QueueWorkerInterface is missing docs for DelayedRequeueException
  
• Fix 12 words in tests

Läs mer: https://www.drupal.org/project/drupal/releases/11.0.2

10.4.7

8 Maj - 170MBBug Fixes and Changes

• There are leftover references in comments to long ago renamed ListDefinitionInterface
  
• Media Library currentSelection not reset properly
  
• Fix errors in update-countries.sh
  
• Add lostcarpark as Mentoring Coordinator to MAINTAINERS.txt
  
• CI: Using stale drupalci chromedriver image (`chromedriver` is stale, `webdriver-chromedriver` gets updates)
  
• Sourceless migration plugins are broken
  
• Undefined array key warning in UrlHelper::parse()
  
• Media Library item styles assume contextual module is present
  
• Decimal separator and decimals settings ignored when aggregating decimal fields (revert)
  
• Confirm and update mentoring coordinators section in MAINTAINERS.txt
  
• Add acbramley as co-maintainer for node module
  
• Add mogtofu33 as a SDC and new theme system's Icon API maintainer
  
• ComponentValidator ignores the set validator and creates a new one
  
• Fix contextual links disappear intermittently leading to console errors
  
• SDC slots not being validated against json config schema
  
• CI: Switch drupalci image registry from dockerhub to gitlab.com (mitigate rate limit errors)

Läs mer: https://www.drupal.org/project/drupal/releases/10.4.7

10.4.6

2 April - 170MBBug Fixes and Changes

• Use Drupal Core Leadership terminology in MAINTAINERS.txt
  
• ImageItem::defaultStorageSettings() should override display_default
  
• Decimal separator and decimals settings ignored when aggregating decimal fields
  
• Pager not working correctly in AJAX view with exposed filters
  
• [random test failure] FilterEntityReferenceTest
  
• Renderer::getCurrentRenderContext() triggers a TypeError when there is no current request
  
• UserPermissionsForm should not use overridden permissions
  
• Renaming a table containing "drupal_" in the name with multiple indexes fails on PostreSQL

Läs mer: https://www.drupal.org/project/drupal/releases/10.4.6

10.4.5

(säkerhetsutgåvan)
20 Mars - 170MBSecurity

• Drupal core - Moderately critical - Cross Site Scripting - SA-CORE-2025-004 - Drupal core Link field attributes are not sufficiently sanitized, which can lead to a Cross Site Scripting vulnerability (XSS). This vulnerability is mitigated by that fact that an attacker would need to have the ability to add specific attributes to a Link field, which typically requires edit access via core web services, or a contrib or custom module. Sites with the Link module disabled or that do not use any link fields are not affected.

Läs mer: https://www.drupal.org/project/drupal/releases/10.4.5

10.4.4

(större version)
5 Mars - 170MBSecurity

• Drupal core - Critical - Cross site scripting - SA-CORE-2025-001
  
• Drupal core - Moderately critical - Access bypass - SA-CORE-2025-002
  
• Drupal core - Moderately critical - Gadget Chain - SA-CORE-2025-003
  
• SA-CORE-2024-008
  
• SA-CORE-2024-007
  
• SA-CORE-2024-006
  
• SA-CORE-2024-004
  
• SA-CORE-2024-003
  

10.4.4

• Add griffynh as provisional core team facilitator
  
• Fix documentation for optional params in MessengerInterface
  
• Extend ViewsBlockBase to merge cache metadata from display handler
  
• Regression: RssResponseCdata filtering out common HTML tags from RSS feeds
  

10.4.2

• Firefox retains form_build_id on form reloads, causing old form cache entry to be used and creating weird behavior for the Media Library widget
  
• Wrong Regular Expression for string comparison in Nightwatch.js assertion
  
• Twig needs updating for CVE-2025-24374
  
• Menu APIs provide invalid CSRF tokens
  
• Remove claudiu.cristea from MAINTAINERS.txt
  
• Remove chr.fritsch from MAINTAINERS.txt
  
• Remove dawehner from MAINTAINERS.txt
  
• run-tests.sh cannot handle unicode in PHPUnit output
  
• ContentEntityBase::createDuplicate() should reset default revision flag
  
• Fix handling of unknown file extensions in FileMediaFormatterBase
  
• Add daily testing with PHP 8.4
  
• [random test failure] LanguageNegotiationInfoTest::testInfoAlterations
  
• UserRolesCacheContext can lead to poisoned cache returns for user 1
  
• RuntimeException: Adding non-existent permissions to a role is not allowed
  
• Better warning message when variation cache detects an incompatible CacheRedirect
  

10.4.1

• Add bradjones1 as Serialization subsystem maintainer
  
• [random test failure] LayoutSectionTest::testLayoutSectionFormatterAccess
  
• When Batch ID doesn't exist, Drupal should emit a 404
  
• [random test failure] EditorSecurityTest::testEditorXssFilterOverride
  
• [random test failure] LayoutBuilderBlocksTest::testBlockPlaceholder failing
  
• [random test failure] ImageStylesPathAndUrlTest
  
• Fatal error: Uncaught TypeError: Drupal\Core\Extension\ThemeHandler::addTheme()
  
• BreadcrumbManager ignores cacheability when no builders apply"
  
• BreadcrumbManager ignores cacheability when no builders apply
  
• Ensure invalid items are not written to FastBackend in ChainedFast
  
• Navigation Top Bar hides entity local tasks even if the user has no access to the bar
  
• Refactor Claro's dialog stylesheet
  
• Status report confuses null email with duplicate email
  
• BlockLibraryController typehints LazyContextRepository, not the interface
  
• symfony/http-foundation Follow up issue for isAdminPath validator
  
• Document that invalid IDs are not present in the return array or EntityStorageInterface::loadMultiple
  

10.4.0

• Update all JavaScript dependencies which cause no changes
  
• Block visibility settings have summary duplicated in the title
  
• Bump cspell to 8.16.1
  
• Remove oEmbed security warning
  
• The default content importer should handle Layout Builder section data
  
• [regression] DateHelper::dayOfWeekName() returns untranslated name
  
• Remove drupalci.yml
  
• Revisit large numbers of @see in text element docs
  
• Update lifecycle link for sdc
  
• Catch potential exception when calling Request::create() in PathBasedBreadcrumbBuilder
  
• ExtensionMimeTypeGuesser::guessMimeType must support file names with "0" (zero) in the extension parts like foo.0.zip
  
• Update stylelint* to latest releases
  
• Update Composer dependencies for 10.4.0
  
• Use the new equivalent updates API to prevent updates from 10.4.0 to 11.0.0
  
• Improve the exception message for unsupported entity types in a workspace
  
• Update CKEditor 5 to 44.0.0
  
• Replace eslint-plugin-jquery with eslint-plugin-no-jquery
  
• Access cacheability is not correct when "view own unpublished content" is in use"
  
• Catch potential exception when calling Request::create() in PathBasedBreadcrumbBuilder"
  
• Upgrade twig/twig to 3.15.0
  
• Replace abandoned, not working with latest stylelint, leon0399/stylelint-formatter-gitlab with gitlab-formatters/stylelint-formatter-gitlab
  
• Backport Hook and LegacyHook Attribute
  

10.4.0-beta1

• Catch potential exception when calling Request::create() in PathBasedBreadcrumbBuilder
  
• Access cacheability is not correct when "view own unpublished content" is in use
  
• Fix bogus mocking in \Drupal\Tests\Core\Update\UpdateRegistryTest
  
• docs for EntityTypeInterface::getBundleOf() should say entity type *id*
  
• EntityAccessCheck documentation contains errors
  
• DefaultExceptionHtmlSubscriber should not clone the request for 400/BadRequestException
  
• Stop passing E_USER_ERROR to trigger_error() on PHP 8.4
  
• Improve Dynamic Page Cache header assertions in JSON:API tests
  
• Fix lifecycle_links for deprecated or obsolete modules
  
• Use focus-within in hidden.module.css
  
• Upgrade twig/twig to 3.15.0"
  
• Upgrade twig/twig to 3.15.0
  
• symfony/http-foundation commit 32310ff breaks PathValidator
  
• field:not(:last-child) does not work with layout builder in olivero
  
• Ensure tests don't run twice
  
• Update cspell to latest
  
• Remove the createCopy action from EntityDisplayBase, and make cloneAs compatible with wildcards
  
• Bump ckeditor 43.1.1 => 43.3.1
  
• incorrect docs for MenuLinkFieldDefinitions
  
• hook_requirements() doesn't say that severity is optional, or what the default is
  
• Fix incorrect message after resetting password
  
• The PlaceBlock config action breaks when placing a block in an empty region
  
• Hardcode security coverage EOL dates for Drupal 10.last-1 and 10.last
  
• Add a trait for forms that want to collect input on behalf of a recipe"
  
• Add a trait for forms that want to collect input on behalf of a recipe
  
• upgrade prophecy to 1.20
  
• Update Composer dependencies for 10.4.0-beta1
  
• Performance Degraded after update to twig 3.14.2
  
• TypeError: Cannot assign string to property $_serviceIds of type array in ContentEntityCloneTest::testEntityPropertiesModifications
  
• RecipeConfigurator::getIncludedRecipe() should statically cache recipe objects to avoid performance problems
  
• CSS linting (stylelint): npx update-browserslist-db@latest
  
• Fix usage of str_getcsv() and fgetcsv() for PHP 8.4
  
• Password and confirm password should be mandatory fields while setting up password using one time link following by email
  
• RecipeConfigurator::getIncludedRecipe() should statically cache recipe objects to avoid performance problems
  
• DefaultExceptionHtmlSubscriber should not clone the request for 400/BadRequestException"
  
• DefaultExceptionHtmlSubscriber should not clone the request for 400/BadRequestException
  
• Regression: Deprecation of `yaml_parser_class` setting in 10.3 breaks sites < 11.0

Läs mer: https://www.drupal.org/project/drupal/releases/10.4.4

10.3.14

(säkerhetsutgåvan)
20 Mars - 170MBSecurity

• Drupal core - Moderately critical - Cross Site Scripting - SA-CORE-2025-004 - Drupal core Link field attributes are not sufficiently sanitized, which can lead to a Cross Site Scripting vulnerability (XSS). This vulnerability is mitigated by that fact that an attacker would need to have the ability to add specific attributes to a Link field, which typically requires edit access via core web services, or a contrib or custom module. Sites with the Link module disabled or that do not use any link fields are not affected.

Läs mer: https://www.drupal.org/project/drupal/releases/10.3.14

10.3.13

(säkerhetsutgåvan)
5 Mars - 170MB10.3.12

Security

• Drupal core - Critical - Cross-Site Scripting - SA-CORE-2025-001
  
• Drupal core - Moderately critical - Access Bypass - SA-CORE-2025-002
  
• Drupal core - Moderately critical - Gadget chain - SA-CORE-2025-003
  

10.3.11

• Twig needs updating for CVE-2025-24374
  
• Catch potential exception when calling Request::create() in PathBasedBreadcrumbBuilder
  
• [random test failure] LanguageNegotiationInfoTest::testInfoAlterations

Läs mer: https://www.drupal.org/project/drupal/releases/10.3.13

10.3.11

7 Januari - 170MBThis is a patch (bugfix) release of Drupal 10 and is ready for use on production sites. Learn more about Drupal 10.

Bug Fixes and Changes

• [random test failure] EditorSecurityTest::testEditorXssFilterOverride
  
• [random test failure] LayoutBuilderBlocksTest::testBlockPlaceholder failing
  
• [random test failure] ImageStylesPathAndUrlTest
  
• Fatal error: Uncaught TypeError: Drupal\Core\Extension\ThemeHandler::addTheme()
  
• Document that invalid IDs are not present in the return array or EntityStorageInterface::loadMultiple
  
• [regression] DateHelper::dayOfWeekName() returns untranslated name
  
• Remove drupalci.yml
  
• Revisit large numbers of @see in text element docs
  
• Update lifecycle link for sdc
  
• ExtensionMimeTypeGuesser::guessMimeType must support file names with "0" (zero) in the extension parts like foo.0.zip
  
• Improve the exception message for unsupported entity types in a workspace
  
• Backport Hook and LegacyHook Attribute
  
• Catch potential exception when calling Request::create() in PathBasedBreadcrumbBuilder
  
• docs for EntityTypeInterface::getBundleOf() should say entity type *id*
  
• EntityAccessCheck documentation contains errors
  
• DefaultExceptionHtmlSubscriber should not clone the request for 400/BadRequestException

Läs mer: https://www.drupal.org/project/drupal/releases/10.3.11

10.3.10

22 November 2024 - 170MBThis is a patch (bugfix) release of Drupal 10 and is ready for use on production sites. Learn more about Drupal 10.

Important

• This release fixes a performance regression in Twig 3.14.2 and above.
  
• If you are updating from 10.2.x or earlier and have the CKEditor font module installed, you should consider switching to CKEditor5 Plugin pack for a more up-to-date version of the plugin which is compatible with the CKEditor5 version shipped with Drupal 10.3. If you are updating from Drupal 9, refer to Preparing your site to upgrade to a newer major version for tools you can use to check the Drupal 10 compatibility of modules, themes and sites. Then, upgrade from Drupal 9 to 10. You should also check the Drupal 10.0.0 release notes.
  

Bug Fixes and Changes

• Performance Degraded after update to twig 3.14.2
  
• testEntityPropertiesModifications
  
• Merged 10.3.9.
  
• Fix usage of str_getcsv() and fgetcsv() for PHP 8.4
  
• Deprecation of `yaml_parser_class` setting in 10.3 breaks sites < 11.0
  
• Creating a published moderated entity in a workspace shouldn't make it published in Live
  
• __construct() documentation references incorrect ToConfig enum name

Läs mer: https://www.drupal.org/project/drupal/releases/10.3.10

10.3.9

(säkerhetsutgåvan)
20 November 2024 - 170MBThis is a security release of the Drupal 10 series. Sites are urged to update immediately after reading the notes below and the security announcements:

Security

• Moderately critical - Cross-Site Scripting - SA-CORE-2024-003
  
• Moderately critical - Access Bypass - SA-CORE-2024-004
  
• Less critical - Gadget chain - SA-CORE-2024-006
  
• Moderately critical - Gadget chain - SA-CORE-2024-007
  
• Moderately critical - Gadget chain - SA-CORE-2024-008

Läs mer: https://www.drupal.org/project/drupal/releases/10.3.9

10.3.8

12 November 2024 - 170MBBug Fixes and Changes

• Deprecation of `yaml_parser_class` setting in 10.3 breaks sites < 11.0
  
• An update to symfony/http-foundation plus a trailing space took down the views UI
  
• Recursion limit exceeded with Twig v3.14.1 when editing a node or a block

Läs mer: https://www.drupal.org/project/drupal/releases/10.3.8

10.3.7

7 November 2024 - 170MBBug Fixes and Changes

• Remove phenaproxima as a Migrate subsystem maintainer
  
• D7 node_revision table is referred to as node_revisions
  
• Typo in error message when MySQL socket connection fails
  
• guessMimeType returns less accurate MIME type when file extensions have multiple parts
  
• Spacing issue between Checkbox label and button
  
• Inconsistencies in system-status-counter RTL styles
  
• contact_menu_local_tasks_alter() should check whether ['tabs'][0] is set
  
• Add doc block for $modules in tests
  
• Use install/uninstall in layout builder expose all field
  
• Nightwatch tests from submodules do not run in Gitlab CI because of missing option to follow symlinks
  
• Ajax-enabled image effect forms do not update to the latest ajax processed configuration
  
• Media image thumbnail incorrectly ends up as NULL when it should be an empty string
  
• User login and password reset forms should be workspace-safe
  
• password_confirm children do not pick up #states or #attributes
  
• Add MissingParamType for form, form_state and form_id
  
• Migrate Toolbar button to SDC
  
• Sub workspace does not clear
  
• Theme aside layout builder section on navigation block page
  
• Add views.view.taxonomy_term.yml to tag_taxonomy recipe
  
• The content_editor_role recipe assigns a permission that might not exist
  
• Workspaces with thousands of items can't be published
  
• Unable to generate canonical, edit, and update URLs for entity test multilanguage with bundle
  
• CKEditor 5 has its own border color and is not using Claro's colors
  
• Standardize "plugin ID" in doc comments instead of "plugin_id"
  
• Recipe validation should always treat required modules as installed
  
• getNormalization can result in max-age drift when different sets of fields are requested
  
• rollback() should document that its $destination_identifier parameter is an associative array
  
• Ensure uniqueBundleId is unique in LoadJS
  
• 11.0.x yarn dependencies have mushroomed
  
• User routes alter in custom module throwing error on "_format"
  
• Follow-up for Add js message theme override to match Umami message markup
  
• Add js message theme override to match Umami message markup
  
• Revert "Issue #3477799 by spokje, longwave, smustgrave: Update CKEditor 5 to 43.1.1"
  
• Update CKEditor 5 to 43.1.1
  
• Tweak @group #slow for kernel tests again
  
• submit button is too wide in the off canvas dialog box
  
• To long Breadcrumbs are creating scrollbar
  
• Improve description for parameters in hook_menu_links_discovered_alter
  
• Error handler crashes with Undefined constant "DRUPAL_TEST_IN_CHILD_SITE"

Läs mer: https://www.drupal.org/project/drupal/releases/10.3.7

10.3.6

3 Oktober 2024 - 170MBImportant

• Webpack is updated to version 5.95.0 to incorporate a security release which does not affect Drupal core. This update introduces a change to the supported browser list, which allows more modern CSS to be produced, notably the :dir pseudo class. Drupal core has required all browser versions to support :dir since December 2023, so this is applying what was already an existing policy.
  
• CKEditor 5 is updated to 43.1.1. This is a security release. The CKEditor team has determined that Drupal core is not affected by this vulnerability but we upgraded anyway to avoid security scanners complaining.
  

Bug Fixes and Changes

• Maintenance pages leak sensitive environment information
  
• The dotfiles are ignored when copied over in Starterkit
  
• Update Webpack to 5.95.0
  
• Fix "Not passing an instance of "TwigFunction" when creating a function of type "FunctionExpression" is deprecated."
  
• Fix "The "tag" constructor argument of the "Drupal\Core\Template\TwigNodeTrans" class is deprecated and ignored"
  
• Fix "Twig\Nodexpression\FilterExpression" deprecation introduced in twig/twig 3.12.0
  
• Since twig/twig 3.9: error with "twig_escape_filter" function usage in /core/lib/Drupal/Core/Template/TwigExtension.php
  
• TablesInterface::addField() doesn't document that $field can contain relationships
  
• Improve PluginNotFound exception to include possible shorthand action IDs
  
• Stop passing ints to DateTimePlus::createFromFormat and DrupalDateTime::createFromFormat
  
• Allow passing MarkupInterface to AssertContentTrait::setRawContent
  
• YAML discovery does not take theme inheritance into account
  
• Claro removes default styling from abbreviations ( tag)
  
• Hide reply link for unpublished comments
  
• Header is always shown in Claro even when regions in it are empty
  
• Content Moderation prevents workspace deployment
  
• Update run-tests.sh help output to match current test organization
  
• Cron reports it's done long before it really is done
  
• Sub workspace does not clear
  
• External application is redirected to frontpage in maintenance mode
  
• Special Menu items are rendered as empty links in navigation

Läs mer: https://www.drupal.org/project/drupal/releases/10.3.6

10.3.5

12 September 2024 - 170MB10.3.5

Bug Fixes

• This release reverts #3471741: Fix null $cid in CacheCollector classes, released in 10.3.4, which conflicted with Menu Trail by Path, Entity Manager and Gin Toolbar modules.
  

10.3.4

Notes

• If you are updating from 10.2.x or earlier and have the CKEditor font module installed, you should consider switching to CKEditor5 Plugin pack for a more up-to-date version of the plugin which is compatible with the CKEditor5 version shipped with Drupal 10.3.
  

Bug Fixes and Changes

• twig/twig has a possible sandbox bypass
  
• Remove references to ApcClassLoader (removed in Symfony 4)
  
• Fix null $cid in CacheCollector classes
  
• Use one-time login link instead of user login form in BrowserTestBase tests
  
• Aggregated asset generation causes uncacheable assets
  
• Fix Book breadcrumb cacheability
  
• Drupal.dialog openDialog should use event settings

Läs mer: https://www.drupal.org/project/drupal/releases/10.3.5

10.3.3

5 September 2024 - 170MBNotes

• If you are updating from 10.2.x or earlier and have the CKEditor font module installed, you should consider switching to CKEditor5 Plugin pack for a more up-to-date version of the plugin which is compatible with the CKEditor5 version shipped with Drupal 10.3.
  

Bug Fixes and Changes

• array lines in hook_theme() sample code are too long
  
• Fix Content Translation tests that rely on UID1's super user behavior
  
• Improve performance of the user.permissions.js script running in /admin/people/permissions
  
• getProcessPlugins() should explain why it has a process parameter and why it's optional
  
• MigrateNoMigrateDrupalTest fails with missing classes in certain situations
  
• Speed up JSON:API ResourceTestBase
  
• [patch to be ported] Split CKEditor5Test into two
  
• Improve Drupal\Core\Ajax\MessageCommand API documentation
  
• Views content language field default configuration should use field_language plugin
  
• Change string 'Modules to enable' to {@inheritdoc} in comments
  
• Speed up UpdateSemverTestSecurityCoverageTest
  
• PathLanguageTest should use API to set up language
  
• CommentTestBase/CommentTestTrait methods should be protected
  
• Speed up UpdateContribTest
  
• TaxonomyTestTrait methods should be protected
  
• Split up jsonapi CommentTest
  
• Update NPM packages flagged by yarn audit for 10.4.x and 10.3.x
  
• Speed up ContentModerationStateTest
  
• Speed up RevisionRevertFormTest
  
• Rename ConstraintsTest to UuidValidatorTest
  
• Improve documentation of AttachmentsInterface methods
  
• Improve docblocks for views FieldHandlerInterface.php
  
• HtmlTag doc should be clear about escaping of #value
  
• Convert EntityTypeDataTest to use EntityTestWithBundle
  
• AssetResolverTest should use ::willReturnMap() for mocking
  
• Optimize dblog tests
  
• Speed up ExposedFormTest
  
• Speed up UpdateSemverTestSecurityAvailabilityTrait
  
• Fix param docs identified by phpstan
  
• Update docs to stop recommending FormattableMarkup
  
• Add additional test coverage for DialogRenderer::getTitleAsStringable()
  
• Broken auto creation of machine name field
  
• Speed up ElementTest
  
• Follow-up Speed up WorkspacesContentModerationStateTest
  
• Speed up WorkspacesContentModerationStateTest"
  
• Speed up PageCacheTest
  
• Reduce CPU request for Nightwatch job
  
• Allow child jobs to run as soon as phpcs and spellcheck are completed"
  
• Speed up BigPipeRegressionTest
  
• Split up EntityDefinitionUpdateTest
  
• Speed up DemoUmamiProfileTest
  
• Speed up WorkspacesContentModerationStateTest
  
• Allow child jobs to run as soon as phpcs and spellcheck are completed
  
• Standard Responsive Images recipe should have the Responsive image recipe type
  
• Reduce concurrency for build tests
  
• JavaScript files added by AJAX responses are only optimized in maintenance mode
  
• APCu requirement for 32M is checking wrong value
  
• Fix typehint of ContextDefinition's $label constructor param
  
• Add tests for updates should not recommend a new branch if there are no stable releases
  
• RouteCachingLanguageTest should use API to set up language
  
• Convert IpAddressBlockingTest to a Unit and Kernel test and improve
  
• Remove a couple of data providers from ckeditor5 ImageTestBase"
  
• Followup for Use API methods to create filter/editor in CKEditor5Test when not explicitly testing the UI
  
• Fix Toolbar tests that rely on UID1's super user behavior
  
• Use API methods to create filter/editor in CKEditor5Test when not explicitly testing the UI
  
• Remove a couple of data providers from ckeditor5 ImageTestBase
  
• Reduce CPU requirement and concurrency for unit tests
  
• Fix ‘risky’ tests
  
• Use API methods instead of form submissions in FilterFormatAccessTest::setUp()
  
• Split OptionsFieldUiTest into two
  
• Split up FormTest
  
• FileFieldCreationTrait methods should be protected
  
• De-duplicate logic in ManageFieldsFunctionalTest
  
• FileOnTranslatedEntityTest should use API to set up language
  
• DatabaseStorage, readMultiple throws error when receive empty array
  
• The PECL UUID implementation can return invalid UUIDs
  
• WebAssertTest fails on 10.x
  
• Test-only job cannot be run due to wrong dependency
  
• Fix strict type errors in test modules

Läs mer: https://www.drupal.org/project/drupal/releases/10.3.3

10.3.2

8 Augusti 2024 - 170MBBug Fixes and Changes

• Example recipe isn't functional
  
• ModuleConfigureRouteTest is slow
  
• Convert WebAssertTest to a Unit test
  
• Ensure trailing whitespace at the end of a cache ID results in a unique cache item
  
• ComponentGenerator hardcodes PHP 7.3.0
  
• Changing plugins from annotations to attributes in contrib leads to error if plugin extends from a missing dependency
  
• Consolidate Umami performance tests
  
• Changing plugins from annotations to attributes in contrib leads to error if plugin extends from a missing dependency
  
• Drupal Displace outputs invalid value for --drupal-displace-offset-right when opening top dialog
  
• Consolidate ckeditor5's FunctionalJavascript tests
  
• Update deprecation notices in ajax.js
  
• Module and theme names are not filtered on output
  
• Stop using a data provider in UserPasswordResetTest
  
• Fix File tests that rely on UID1's super user behavior
  
• Merge the build and lint stages in core MR pipelines
  
• Documentation in ConfigDependencyManager conflates plugin dependencies and config dependencies
  
• Add input string to exception message thrown in createConnectionOptionsFromUrl()
  
• Merge test methods in FieldUIRouteTest for better performance
  
• Resync .gitlab-ci.yml and .gitignore following Yarn 4 in 11.x
  
• Render API overview should include a link to the list of elements
  
• Replace t() calls inside of Controllers that do not use StringTranslationTrait
  
• Single directory component CSS asset library not picked up in admin theme immediately after module install without cache clear
  
• Fix Field UI tests that rely on UID1's super user behavior
  
• GenerateThemeTest::testContribStarterkitDevSnapshotWithGitNotInstalled fails on sqlite
  
• ImageAdminStylesTest::testAjaxEnabledEffectForm() fails because statusMessageExists() does not wait
  
• Status report wrongly warns of APCu memory limit when admin language is not English
  
• Consolidate methods on FormElementsLabelsTest
  
• hook_local_tasks_alter() and hook_menu_local_tasks_alter() need mutual @see links
  
• Optimize TelephoneFieldTest
  
• Parameters doc for views "row" should be at the top level of the array
  
• ToolbarStoredStateTest needs wait after resizing window
  
• Have a dedicated category for blocks provided by the Navigation module
  
• Three more slow functional tests
  
• Consolidate test methods in StandardPerformanceTest
  
• \Drupal\CorextensionxtensionDiscovery::PHP_FUNCTION_PATTERN is out-of-date
  
• [random test failure] Random test fail in EntityReferenceWidgetTest
  
• convert TermTest::testParentHandlerSettings() into a kernel test
  
• Fix the format=flowed; delsp=yes encoding of email messages
  
• Try to rebalance kernel tests between gitlab runners (@group #slow again)
  
• Filter placeholders without arguments are not replaced when HTML corrector filter applied afterwards
  
• Add missing category to Drupal\layout_builder\Plugin\Layout\BlankLayout and let modules and themes alter the list of layouts
  
• Fix access checks for bundle permissions to avoid triggering a config validation error
  
• Ensure post transaction callbacks are only at the end of the root Drupal transaction
  
• Autocomplete input text can visibly overflow under magnifier icon
  
• Spacing issue in Home > Search page on Advanced search section
  
• Long string breaks the layout of Claro (reapply fix)
  
• Consolidate two test methods in NumberFieldTest
  
• Mark more tests with @group #slow and remove it from some others
  
• Stable 9 is trying to override non-existing css files
  
• getProcessPlugins() normalises the process array twice
  
• Fix hook_update_N docs for display of code block, remove unnecessary @see
  
• Fix 'Drupal.Commenting.InlineComment.NotCapital' coding standard
  
• Avoid TypeError if config entity dependencies are NULL
  
• Skip unsupported methods in rest/jsonapi tests in an efficient way
  
• Prevent simultaneous open/close on simultaneous click/hover
  
• Many core recipes are not idempotent
  
• Fix instances of floats passed to functions expecting ints
  
• Remove documentation for readmore, logged_in and is_admin from node.html.twig
  
• Installing Content Translation module breaks Rest resources
  
• Deprecation message for user_validate_name points to an invalid replacement
  
• Correct the punctuation on the description for \Drupal\Tests\UnitTestCase
  
• incorrect docs in DateFormatter::format()
  
• Replace usage of generateString with generate in Media module
  
• QueueWorkerInterface is missing docs for DelayedRequeueException
  
• Improve developer experience for 10.3.x upgrade by informing where typed config fails
  
• ExtensionMimeTypeGuesser breaks other mime_type_guesser services
  
• Do not override class in preprocess_field hook
  
• NodeListBuilder is using mark theme wrongly
  
• JsonApiRequestValidator does not set cacheable metadata when the filter allows the request
  
• a11y: Input type file fields lack aria-describedby to the description
  
• BC break in login auth changes from #3444978
  
• Handling update path divergence between 11.x and 10.x
  
• Replace LogicException with trigger_error in LangcodeRequiredIfTranslatableValues constraint
  
• Conditionally disable access to update manager routes
  
• FormStateInterface::setError*() PHPDoc are incorrect
  
• Remove decoupled menus and media initiatives from MAINTAINERS

Läs mer: https://www.drupal.org/project/drupal/releases/10.3.2

10.3.1

4 Juli 2024 - 170MBBug Fixes and Changes

• Drupal 10.3.x regression running JS tests using ddev - update lullabot/php-webdriver
  
• Fix index test in LocalesLocationAddIndexUpdateTest::testExistingIndex
  
• Finish deprecating status code and header assertions in JS tests
  
• Add an index on locales_location on type and name
  
• Add subsystem maintainers for Navigation
  
• Correct spelling of autocomplete type words
  
• Secondary tabs design is distorted on block view page
  
• When using drupalGet(), provide an associative array for $headers
  
• Rename ensure_exists to createIfNotExists, and camel-case simpleConfigUpdate for consistency
  
• Reorder checkboxes on "Development settings" page
  
• TypeError: Illegal offset type in isset or empty in FormValidator->performRequiredValidation()
  
• Fix spelling for 10 words used in tests
  
• Ignore another nonsense word used in hashes
  
• skip_on_empty documentation is confusing when skipping a process
  
• The [0] hatch in misc/vertical-tabs.js causes issues if there are multiple forms with vertical tabs
  
• Container compile crash when a service decorates a destructable service
  
• HandlerStackConfigurator has @see to class that no longer exists
  
• The core/drupal.message library requires a status_messages render element
  
• convert ProviderRepositoryTest to a kernel test
  
• add a comment to install.core.inc about the updated container
  
• Sort::fields property is incorrectly defined as a string
  
• Test-only job does not detect failures correctly
  
• Olivero: Incorrect positioning of close button on mobile device when navigation module is enabled
  
• Visually-hidden refresh button in Field UI fails WCAG Focus Visible
  
• #states not working correctly when built from a logical combination of multliple fields
  
• "Single-Directory Components" needs to be hyphenated because of English grammar and content style rules
  
• Refactor Claro's table--file-multiple-widget stylesheet

Läs mer: https://www.drupal.org/project/drupal/releases/10.3.1

10.3.0

(större version)
24 Juni 2024 - 170MBThis is the final feature release of Drupal 10 and is ready for use on production sites.

Breaking Changes

• For security hardening, a backwards-compatibility break has been introduced in ImageStyleDownloadController. This change may affect modules that provide custom stream wrappers or extend ImageStyleDownloadController.
  

Highlights

• Changes to site-owner-managed files.
  
• Drupal 10.3 is fully compatible with PHP 8.3.
  
• In order to protect users from being unexpectedly logged out, the user logout route is now CSRF-protected.
  
• Drupal now returns render cache items (except for forms) on POST requests.
  
• The Navigation module provides new administration navigation. It is at beta stability.
  
• Sticky table headers are now implemented with pure CSS instead of JavaScript.
  
• update.php will now use the Claro theme instead of the configured maintenance theme, to ensure that updates are run in a consistent environment.
  

Known Issues

• PHP 8.4 compatibility for Drupal 10 and 11 remains under development.
  
• #3446026: Adding media library openers use autoconfigure and tags in 10.3.x has BC consequences
  

Bug Fixes and Changes

• Allow recipe command to write to the container - ensuring that cache does not be cleared after a recipe installs a module
  
• Remove commented-out code in ArgumentDefaultTest referring to php module
  
• Add void return typehints to all test methods
  
• Roles should be in their own recipes for composability
  
• Fix Drupal.Commenting.DocCommentLongArraySyntax coding standard
  
• Update mentions of #2225961 in comments
  
• Global Token Replacements is not working correctly in href
  
• Move Recipe\RollbackTest is to the FunctionalTests namespace
  
• [10.3 regression] CKEditor 5 renamed CSS variable causing CKEditor dialogs to fail to appear above jQuery UI dialogs
  
• Require Composer 2.7.7
  
• Updates to an entity's URL alias do not reflect on the corresponding local tasks
  
• Fix return type of FormatterInterface::settingsSummary
  
• GenerateTheme::__construct() does not document its parameters
  
• Add comments about alphabetical sorting in UpdateRegistry and test
  
• Insufficient cacheability information bubbled up by UserAccessControlHandler
  
• Optimize test order when --directory is used
  
• core.libraries.yml mis-implements moved_files syntax
  
• Update 'lauriii' last name
  
• twig_render_template micro optimization
  
• Add static caching to LayoutTempstoreRepository
  
• Move to new test path in NodeTest as per todo

Läs mer: https://www.drupal.org/project/drupal/releases/10.3.0

10.2.7

10 Juni 2024 - 170MBThis is a patch (bugfix) release of Drupal 10 and is ready for use on production sites.

Bug Fixes and Changes

• [regression] FTPExtension class can no longer connect as of 9.5.x
  
• The update module should not crash with releases that contain invalid values for core_version_requirement
  
• Try to optimize test ordering when run-tests.sh is used with a mixture of test types
  
• Add DanielVeza as a co-maintainer of Layout Builder
  
• Remove abstract method Drupal\Tests\migrate\Kernel\MigrateSourceTestBase::providerSource()
  
• Changing a display's machine name while an attachment exist breaks Views
  
• Improve "The libraries to include are encoded incorrectly" check and message

Läs mer: https://www.drupal.org/project/drupal/releases/10.2.7

10.2.6

1 Maj 2024 - 170MBThis is a patch (bugfix) release of Drupal 10 and is ready for use on production sites.

Bug Fixes and Changes

• Revert: Media Library widget display doesn't return to first page on applying filters
  
• Setting empty URL when making embedded media a link in CKEditor5 causes JS errors
  
• Update PHP EOL dates based on updated PHP team decisions
  
• Replace catch of PHPUnit\Framework\Error\Warning in MarkupInterfaceComparatorTest
  
• [regression] Uncaught TypeError: Cannot read properties of null (reading 'style') (toolbar.js)
  
• Update COPYRIGHT.txt for 2024
  
• Uploading a file to media library flushes theme registry
  
• Handle invalid compressed ajax_page_state more gracefully
  
• Change @dataprovider to static in YamlTestBase
  
• [PHPUnit 10] Provide a static alternative to @dataproviders using PHPUnit mocks in MailHandlerTest
  
• Document update fixture drupal.broken.xml
  
• Forked DocParser incorrectly parses ::class notations
  
• Improve documentation for OptionsRequestSubscriber
  
• Incorrect filter group OR behavior, LEFT JOIN changed to INNER JOIN
  
• Improve documentation for $old_destination_id_values in MigrateDestinationInterface
  
• [GitLab d.o infra] Allow superuser to call composer on jobs
  
• Change remaining File module test dataproviders to static
  
• Media Library widget display doesn't return to first page on applying filters
  
• Skip query string compression if zlib extension isn't available
  
• Change remaining Forum module test dataproviders to static
  
• Image derivative generation does not work if effect "Convert" in use and file stored in private filesystem
  
• Fix strict type errors: miscellaneous fixes in core Kernel tests
  
• Fix Composer Scaffold plugin event listeners
  
• Fix strict type errors: Convert FormattableMarkup to strings (complex replacement) in core Kernel tests
  
• claro_form_views_ui_config_item_form_alter() assumes a suffix when there is a prefix leading to: Undefined index #suffix in $form['options']['value']
  
• Taxonomy vocabulary translation local task tab not shown in UI
  
• Fix Composer Scaffold plugin event listeners
  
• tablePositionSticky should not be called on a non-array variable
  
• Change QueryFactoryTest:providerTestGetKeys to static
  
• Change RecursiveContextualValidatorTest::providerTestValidatePropertyWithInvalidObjects to static
  
• Revert: filter_autop should ignore twig.config debug html comments
  
• filter_autop should ignore twig.config debug html comments
  
• Fix documentation redirects to Drupal 7 docs
  
• Change DrupalLogErrorTest::provideFatalExitCodeData to static
  
• Cancel button on the discard changes in the layout builder confirmation step should take you back to the layout builder
  
• Drupal.theme.progressBar() does not escape output correctly
  
• Fix FileUploadResource::$fileSystem documented type to match the constructor typehint
  
• Contact form opt-out line should be excluded from admin-sent and sender-copy e-mails
  
• Show content preview checkbox is not center aligned with the layout builder buttons

Läs mer: https://www.drupal.org/project/drupal/releases/10.2.6

10.2.5

3 April 2024 - 170MBThis is a patch (bugfix) release of Drupal 10 and is ready for use on production sites.

Bug Fixes and Changes

• providerTestEquals to static
  
• Deprecate hook_file_validate() API docs
  
• Call to a member function label() on null in Drupal\menu_link_content\Form\MenuLinkContentForm->form() (line 99 of /var/www/html/docroot/core/modules/menu_link_content/src/Form/MenuLinkContentForm.php)
  
• Default Images not rendered in layout builder
  
• Prevent empty block_content info fields from causing php deprecation notices when placing blocks with no label.
  
• obsolete docs about drupal_pre_render_links()
  
• value in Drupaliews\Pluginiewsilter\NumericFilter->acceptExposedInput()
  
• Remove default event from collpased nav-tabs button
  
• Non-array values for #ajax
  
• (revert) Add tests for logic on project_status from update XML"
  
• (revert) Workspace switcher block does not check access"
  
• Method getMockForAbstractClass() of class PHPUnit\Framework\TestCase is deprecated in PHPUnit 10 - Step 1 interfaces
  
• Workspace switcher block does not check access
  
• Method addMethods() of class PHPUnit\Framework\MockObject\MockBuilder is deprecated in PHPUnit 10
  
• States API doesn't work with multiple select fields
  
• Add tests for logic on project_status from update XML
  
• dump() no longer produces output in PHPUnit tests running under PHP 8.3
  
• Setting width for sticky-header is broken
  
• Method getObjectForTrait() of class PHPUnit\Framework\TestCase is deprecated in PHPUnit 10
  
• Javascript error when plugin settings has NULL value
  
• "More" link not taking default arguments into account
  
• #states disable property has stopped working for submit button and other elements
  
• Method getMockForTrait() of class PHPUnit\Framework\MockObject\MockBuilder is deprecated in PHPUnit 10
  
• OEmbed generates URLs with URL-decoded query string
  
• load should have a non-service alternative for class loading
  
• Standard's article teaser entity view display marks fields as hidden even though they're visible
  
• Unhandled exception when trying to register a duplicate username with different case
  
• Sticky table header is not sticky if --drupal-displace-offset-top is not defined
  
• have invalid screen reader text
  
• Fix daily updated deps job
  
• Tighten ParameterBag classes in PHPUnit tests
  
• Queue factory services do not conform to an interface
  
• Fix invalid CSS for #toolbar-item-user
  
• Display the page title, even if "0" in olivero
  
• Add packageManager key to core/package.json now we recommend corepack enable
  
• ManageGitIgnoreTest failing in HEAD
  
• Collapsed Details Element causes JS Error for required fields
  
• CKEditor 5 doesn't save updated value if form submitted right after the change
  
• hasClassAttribute() to allow attribute subclasses
  
• Content language and translation AJAX expansion is backwards
  
• Javascript warning from content language and translation page
  
• Convert the PHPStan baseline from NEON to PHP
  
• Convert the PHPStan baseline from NEON to PHP
  
• Call to a member function getDisplayname() on null in WorkspaceListBuilder.php
  
• Make MultiWidthLayoutBase non-internal
  
• Add outline to buttons with active state
  
• ExistsConstraintValidator should ignore NULL values and treat `core` as a valid module
  
• Add @finnsky as core maintainer for Umami
  
• Block attribute class expecting wrong ContextDefinition

Läs mer: https://www.drupal.org/project/drupal/releases/10.2.5

10.2.4

7 Mars 2024 - 170MBThis is a patch (bugfix) release of Drupal 10 and is ready for use on production sites.

Bug Fixes and Changes

• Channel description of RSS feeds is double-escaped
  
• Olivero: 'wide-content' utility class breaks layout when placed in 'Hero' region
  
• Editing a block_content entity no longer redirects to the overview
  
• Replace multiple test methods in InfoParserUnitTest with 1 testInfoException and a dataprovider
  
• Resync dictionary.txt
  
• Update typing for plugin definition to include object
  
• Extra Close icon in Messages
  
• field_field_config_create should check if the config installer is syncing
  
• Add test coverage for layout_builder_entity_view_alter()
  
• In workspace-form the text of the modal content is not visible completely below 768px screen
  
• Only fallback to an existing singular or nth plural form of a translation
  
• Make disabled status more obvious in a View
  
• Fixing source IDs with spaces in Sql.php
  
• Classloader needs to be registered in Database::convertDbUrlToConnectionInfo()
  
• Remove extra parameters passed to functions
  
• [regression] file_save_upload does not properly handle extensions
  
• incorrect docs for LocaleConfigSubscriberTest::assertTranslation()
  
• Recreate the "updated deps" job from DrupalCI
  
• Change the scaffolding documentation link in README.txt
  
• [regression] datetime_timestamp widget does not use default field value
  
• Content Moderation should only validate its own workflow type
  
• BlockContentForm::actions is incorrectly overridden as public
  
• [drupalImage] Rename "Text alternative" field label to "Alternative text"
  
• Field block for empty image field with no default image rendering empty div in Layout Builder
  
• Map menu ids like main-menu when migrating node types
  
• FieldConfigEditForm::save should report exceptions using warning or error messages
  
• Combine fields filter REGEXP causes PostgreSQL syntax error
  
• Deprecated function: array_slice(): Passing null to parameter #2 ($offset) of type int is deprecated in Drupal\Core\Configntity\Query\Query->execute()
  
• Change DrupalLogErrorTest::provideFatalExitCodeData to static
  
• Change ErrorTest data providers to static
  
• Change DefaultConfigTest::moduleListDataProvider and helpers to static
  
• Change UrlHelperTest data providers and helpers to static
  
• Change PrimitiveTypeConstraintValidatorTest::provideTestValidate to static
  
• Change DateTest::providerTestFormatDiff and family to static
  
• Wrong return type in Renderer::ensureMarkupIsSafe()
  
• Bring external template files into core
  
• Term migrations should set revision IDs
  
• Fix strict type errors in WebAssert calls
  
• Image styles - thumbnails are broken in config page when private file system is used
  
• Cache tags from Computed fields do not bubble up to Entity render array
  
• Call refreshVariables() where needed in various tests
  
• Update the file size in file_validate_image_resolution after resizing
  
• Content Moderation moderation_state_filter cannot join the entity revision table when the filter uses relationship to the entity revision table
  
• Language module shouldn't alter config in sync mode
  
• Form Builder does not fully allow Ajax GET requests
  
• Transaction autocommit during shutdown relies on unreliable object destruction order (xdebug 3.3+ enabled)
  
• Remove @todo and workaround in Cookie ResourceTestTrait
  
• Transaction autocommit during shutdown relies on unreliable object destruction order (xdebug 3.3+ enabled)
  
• Add ConfigImporter to \Drupal\Core\Config\Importer\MissingContentEvent"
  
• Improve vertical tabs in forced colors mode
  
• Allow sending headers to the OpenTelemetry collector
  
• PrivateFileOnTranslatedEntityTest should use API to set up language
  
• Keep the word dependee and move it to drupal-dictionary.txt
  
• Test-only job fails with "couldn't find remote ref refs/heads/11.x" when 11.x branch does not exist in fork
  
• DrupalDateTime serialization issue
  
• Improve the exception message when an entity form class does not exist
  
• Add warning message to import translations after enabling Interface Translation
  
• Add ConfigImporter to \Drupal\Core\Config\Importer\MissingContentEvent
  
• Remove cruft from NodeRevisions[All]Test::setUp
  
• Ensure database connection information is cleaned up properly after performing ConnectionTest
  
• Unpublished forum accessible to public
  
• Details do not benefit from aria-pressed
  
• RegisterStreamWrappersPass and other have broken compiler pass for multiple tags
  
• big_pipe.js' checkMutation() does not check if node exists before using it
  
• big_pipe.js' checkMutation() does not check if node exists before using it"
  
• big_pipe.js' checkMutation() does not check if node exists before using it
  
• [Drupal 10.2 regression] Media Library "widget" View media type tabs have lost styling
  
• [regression] Entity::toUrl() without argument is broken for entity types with a URI callback
  
• Refactor the breadcrumb generation "catch" code
  
• Security update composer/composer (CVE-2023-43655)
  
• Add testing wtih Maria DB 10.6"
  
• Add testing wtih Maria DB 10.6
  
• Fix strict type errors in Functional tests: Add casts and fix types where needed
  
• Fix strict type errors: Convert remaining usages of FormattableMarkup to strings in core Functional tests
  
• [regression] toUrl can incorrectly return edit-form url when another link template shares the canonical url
  
• Only run CSS and JS lint jobs if files have changed
  
• Use 'queueing' spelling instead of 'queuing'
  
• Comment form gives deprecated warnings on PHP 8.1 when comment is empty
  
• Replace deprecated String.prototype.substr() with String.prototype.substring()
  
• Replace uncommon HTMLDocument with Document in JSDoc
  
• Correct 'milli' in core/form.js
  
• ConfigExistsConstraintValidator should ignore NULL values
  
• Mark some more tests with @group #slow

Läs mer: https://www.drupal.org/project/drupal/releases/10.2.4

10.2.3

8 Februari 2024 - 170MB

• Improve the exception message when an entity handler class does not exist
  
• Improve the performance of \Drupal\Core\Update\UpdateRegistry::getRemovedPostUpdates()
  
• Fix Warning: Undefined array key "id" in Drupal\jsonapi\ControllerntityResource->patchIndividual()
  
• hook_node_grants implementations lead to a 'URL Alias' validation error when saving translated nodes
  
• Only run the performance tests once each in performance test runs
  
• Spell-checking job fails with "couldn't find remote ref refs/heads/11.x" when 11.x branch does not exist in fork
  
• Olivero views front page template missing dom_id
  
• Prevent the use of placeholders that cannot be converted into strings when creating logs
  
• pgsql module's NonPublicSchemaTest can fail in non-CI environments
  
• Commit check script: nproc does not exist on Darwin
  
• MigrateSkipRowException should document that it is for use within migration process plugins
  
• The 'Name' field in the Add form mode is required, even though it lacks any indication of being mandatory
  
• Properly set current_user service in tests
  
• UpdatePathTestBaseFilledTest is mostly pointless
  
• Use a dedicated runner for performance tests
  
• Fix 12 'un' words
  
• Add declare(strict_types=1) to all miscellaneous test classes
  
• Fix strict type errors: Convert FormattableMarkup to strings (complex replacement) in core Functional tests
  
• Correct \Drupal\Core\DependencyInjection\Container doc
  
• Field type plugin description is assumed to be an array
  
• ckeditor5 module has an invalid config schema which causes POTX to fail
  
• Existing field items should not be validated when adding another item in widget for unlimited cardinality field
  
• Spell-checking job fails with "couldn't find remote ref refs/heads/11.x" when 11.x branch does not exist in fork
  
• Entity autocomplete form element ignores entities with label "0"
  
• Reevaluate the break-up of the various testsuites on GitLab
  
• Query string duplications
  
• Node RSS Views plugin causes wrong entity_view output to be cached
  
• Remove calls to clearstatcache in \Drupal\Testsile\Functional\FileFieldRevisionTest::testRevisions
  
• Fix notice in _install_prepare_import() due to alternate approach to translations
  
• Remove withConsecutive() in SqlContentEntityStorageSchemaTest
  
• Autowiring does not support nullable types
  
• Convert HandlerAllTest into a kernel test
  
• Remove withConsecutive() in CronSuspendQueueDelayTest
  
• Use String.prototype.includes() instead of String.prototype.indexOf() where necessary
  
• Remove withConsecutive() in CacheCollectorTest
  
• Remove withConsecutive() in EntityNormalizerTest
  
• Remove withConsecutive() in KeyValueEntityStorageTest
  
• Remove withConsecutive() in MigrateSqlIdMapEnsureTablesTest
  
• Spell-checking job fails with "Argument list too long" when too many files are changed
  
• SitesDirectoryHardeningTest does not need to use StringTranslationTrait
  

Revert "* Form API #states property/states should use .once() to apply its rules (Can cause failures with BigPipe and possibly other situations)"

• Fix spelling of some words with 'un' prefix
  
• Revisions log on translated nodes should not show original language revisions, should show revisions of translated content
  
• Disable DNS prefetch in Chromedriver on gitlabci
  
• Layout Builder overrides section storage sets local tasks block cache max-age to 0 on content entity pages without overrides enabled
  
• Fix spelling of array keys in tests
  
• Refactor \Drupal\Tests\Core\Test\PhpUnitCliTest::testFunctionalTestDebugHtmlOutput
  
• Consolidate one more jsonapi invalid file upload test method
  
• Access check in AnnounceBlock does not take into account $return_as_object parameter
  
• Split up MediaUiFunctionalTest
  
• Split filter tests out of JsonApiRegressionTest
  
• Add @group #slow to more kernel tests
  
• Convert RowPluginTest into a Kernel test
  
• Convert ConfigOtherModuleTest into a Kernel test
  
• Dialog drupalAutoButtons option should be respected on initial load
  
• Nightwatch output on GitLab not easily readable
  

Issue #3394680 followup by longwave: Deprecate ContextProvidersPass in favor of using service_id_collector

• Convert TwigLoaderTest into a Kernel test
  
• Convert FileMoveTest into a Kernel test
  
• Convert OptionsDynamicValuesApiTest into a Kernel test
  
• Fix \Drupal\FunctionalTests\Core\Config\SchemaConfigListenerTest comment
  
• \Drupal\Tests\mysql\Functional\RequirementsTest is always skipped
  

Revert "* Deprecated function: array_slice(): Passing null to parameter #2 ($offset) of type int is deprecated in Drupal\Core\Configntity\Query\Query->execute()"

• Convert SearchSetLocaleTest into a Kernel test
  
• Convert OptionsDynamicValuesValidationTest into a Kernel test
  
• Convert PathPluginTest into a Kernel test
  

Revert "* Enable modules through Nightwatch API when not testing module enabling"

• Convert AlterTest into a Kernel test
  
• Invalid twig token variables are added on certain URLs and will crash the site if assertions are enabled
  
• Convert HtmlToTextTest into a Unit test
  
• Convert RelationshipNodeTermDataTest into a Kernel test
  

Back to dev.
Merged 10.2.2.

• Move EntityReferenceSelectionAccessTest to Kernel namespace and directory
  
• Convert RelationshipRepresentativeNodeTest into a Kernel test
  
• Delete TaxonomyTermFilterDepthTest Functional test
  
• Remove unused require-s from Nightwatch commands
  
• Remove Nightwatch exampleTest
  
• Convert FieldTimeIntervalTest into a Kernel test
  
• Make CI template compatible with private repositories
  
• EntityViewsData fails to set 'entity revision' in the table data for an entity's revision table
  
• Convert NodeTemplateSuggestionsTest into a Kernel test
  
• "Add another" buttons could use vertical margin
  
• Change help headings for WCAG 2.0
  
• External fonts cannot be loaded via add_css ajax command
  
• Enable modules through Nightwatch API when not testing module enabling
  
• Deprecated function: array_slice(): Passing null to parameter #2 ($offset) of type int is deprecated in Drupal\Core\Configntity\Query\Query->execute()
  
• Fix PostgeSQL column name escaping in field constraints
  
• Replace deprecated functions in Nightwatch tests
  
• Fix strict type errors: Convert FormattableMarkup to strings (simple replacement) in core/tests/Drupal/KernelTests/*
  
• Fix strict type errors in CommentFieldAccessTest
  
• Make CKEditor5ToolbarTest and TableTest extend WebDriverTestBase
  
• Convert FieldTypeTest into a Kernel test
  
• Add authenticated user umami performance tests
  
• Document that hook_mail_alter passes a langcode instead of a language object
  
• Re-enable inline form errors in assessActiveTextEditorAfterBuild function
  
• Simple fixes for words with prefix of 'de' or 're'
  
• Views FieldPluginBaseTest has methods with unused arguments
  
• Remove use of book in non profile and update tests
  
• Speed up UpdatePathTestBaseTest
  
• Add @group #slow to ForumUninstallTest
  
• Links do not align properly in Views UI field/sort rearrange dialog
  
• Correct spelling of words in module core/tests
  
• Fix more words that are only misspelled in comments
  
• Add kernel tests for prefixing of migrate process errors
  
• NodeCompleteNodeTranslationLookup should return NULL for non translated lookups
  
• Move non-migration book-related tests to the Book module
  
• Fix test performance of Drupal ode\Tests\NodeTranslationUITest
  
• ajax_page_state leaks through request in Views Ajax
  
• AliasStorage::preloadPathAlias() incorrectly prioritizes und aliases
  
• Split up JsonApiRegressionTest
  
• Mark some Kernel tests with @group #slow
  
• Add @group #slow to AddPermissionsUpdateTest
  
• Use 'present' for end year in COPYRIGHT.txt
  
• Fix typo in locale_config_batch_refresh_name causing "[warning] No configuration objects have been updated."
  
• Fix test performance of Drupal\system\Tests\Cache\PageCacheTagsIntegrationTest
  
• Use the API to set up languages in tests that are not specifically testing the language form
  
• Harden user_pass_rehash() against attack
  
• Fix the deprecation URL for #3356894 and #3372097
  
• Fix test performance of \Drupal\Tests

Läs mer: https://www.drupal.org/project/drupal/releases/10.2.3

10.2.2

(säkerhetsutgåvan)
17 Januari 2024 - 170MBSecurity

• Drupal core - Moderately critical - Denial of service - SA-CORE-2024-001 - The Comment module allows users to reply to comments. In certain cases, an attacker could make comment reply requests that would trigger a denial of service (DOS). Sites that do not use the Comment module are not affected.

Läs mer: https://www.drupal.org/project/drupal/releases/10.2.2

10.2.1

8 Januari 2024 - 170MBThis is a patch (bugfix) release of Drupal 10 and is ready for use on production sites.

Bug Fixes and Changes

• Add declare(strict_types=1) to all Unit tests
  
• Start FunctionalJavaScript tests before Functional tests
  
• Output buffering status check fails when run via CLI
  
• [D10.2 regression] Theme suggestions cannot alter variables anymore
  
• Decouple tour from ConfigInstallProfileOverrideTest
  
• Replace $GLOBALS['base_root'] with getAbsoluteUrl() in Functional Test
  
• Media revision listing is accessible to anonymous users
  
• Uncaught exception thrown when running database updates via drush
  
• Regression from #3341682: #states + #required do not automatically work together, resulting in an unsubmittable AccountSettingsForm
  
• big_pipe sometimes fails to load blocks
  
• Regression from #3295790 content-length header set earlier than expected
  
• Support MySQL GIPK mode
  
• FilterHtml data loss when iframe and/or textarea is allowed
  
• File validation logic from #3221793 broke backwards compatibility
  
• Only set content-length header in specific situations
  
• Form API #states property/states should use .once() to apply its rules (Can cause failures with BigPipe and possibly other situations)
  
• [random test failure] Re-enable AjaxTest::testAjaxFocus()
  
• system_page_attachments() varies by authenticated user role but does not add said cache context
  
• Regression from #2521800: using machine name element for ListStringItem breaks with existing data
  
• [regression] install_get_form does not allow install_settings_form ['driver'] to be null
  
• FinishResponseSubscriber could create duplicate headers
  
• FinishResponseSubscriber could create duplicate headers
  
• loadByProperties() and buildPropertyQuery() should document that you can pass value arrays to get an IN query condition
  
• Remove datetime_range icon and library
  
• Fix random performance test failures
  
• Only clear flood attempts when necessary during user login
  
• Add @group #slow to more tests
  
• Add @group slow to ForumTest, HelpTopicSearchTest, ModulesListFormWebTest
  
• [10.2 regression] CKEditor 5 image button is missing icon
  
• FileUrlGenerator::transformRelative() edge case errors
  
• Drupal\Tests\Composer\Plugin\VendorHardening\ConfigTest leaking configuration changes
  
• A new module version is not recognized by interface translation update
  
• Table Render Array Documention Is incomplete and confusing
  
• Link-widget throws exception when rebuilding a form with an invalid uri
  
• Deprecate system.performance stale_file_threshold
  
• Flood database backend ::isAllowed() should call ::ensureTableExists()
  
• Fix dependencies of taxonomy term translation migrations
  
• Fix workspace-support check in entity queries
  
• Editor entity class should document that it expects a 1-1 relationship with matching IDs with a format entity
  
• Remove @backtrace_string in ExceptionLoggingSubscriber::onClientError()
  
• Views RSS Feed Fields adds tag
  
• Remove remaining uses of t() in assertEquals() calls
  
• Avoid loading all terms on the taxonomy overview form
  
• Exposed filter values ignored when using batch
  
• Sync up core/.stylelintrc.json and stylelint-config-standard
  
• Error TypeError: Drupal\Core\Field\FieldTypeCategory::getDescription() if a FieldType has 'description' missing in its annotation
  
• Add database query spans to otel traces
  
• BuildTestBase makes assumptions it should not about the code layout

Läs mer: https://www.drupal.org/project/drupal/releases/10.2.1

10.2.0

(större version)
20 December 2023 - 170MBThe second feature release of Drupal 10 improves content modeling, block management, menu and taxonomy organization, and permission administration. New options to sanitize file names make it possible to clean up the names of uploaded files, and media item revisions now have a dedicated user interface.

Easier Content Management

• Field types for new fields are visually listed instead of a simple select list. Settings for fields are now all included on one form.
  
• Menu items and taxonomy terms have a dedicated option to add a child item, which makes item placement easier.
  
• Media items now have a dedicated user interface to review and manage older revisions.
  
• CKEditor's language selector can now be configured to only show languages supported on the site.
  

Other Improvements and Changes

• More flexible block placement: A user interface has been added to show or hide each block based on the HTTP response status, so that specific blocks can be added or removed when the page is not found (404) or access is denied (403).
  
• New built-in file name sanitization options: The functionality of one of the most popular contributed modules is now included in core! Replace whitespace in file names, transliterate text, convert to lowercase, and more.
  
• Faster permission management: The permissions page now comes with a filter on the top to make it easy to find the permission you planned to adjust.
  
• Performance improvements: Drupal 10.2 includes numerous performance improvements for content rendering and HTTP responses, as well as improved caching APIs.
  
• Works on the latest PHP: PHP 8.3 was released three weeks ago, and Drupal 10.2 is already compatible with it.
  
• Modern language feature: PHP attributes: Drupal core has started adopting PHP attributes, a modern PHP language feature, to provide better developer experience for plugin annotations. Contributed and custom code can begin adopting this improved API for their plugins, and Block and Action plugins can all be converted to the new API.
  
• Built-in project news updates: To help keep you up to date with project news, the Announcements Feed module became stable and is now installed by default with the standard profile.
  
• Help topics now in Help module: The experimental Help topics module is now marked as deprecated and all functionality has been integrated into the core Help module.
  

Developer Experience Improvements

• A PerformanceTestBase was added to support automated testing of performance metrics with support to send OpenTelemetry traces to an open telemetry endpoint.
  
• A new DeprecationHelper::backwardsCompatibleCall() method is available that helps write Drupal extensions that are compatible with multiple major versions at once.
  
• PHP Fibers support was added to BigPipe and the Renderer, which allows Drupal to potentially run different code while it's waiting for an asynchronous operation to return.
  
• Configuration validation was expanded to better support strict testing and make configuration form validation easier to implement.
  
• Symfony's autowiring support was adopted for services, based on PHP 8 attributes, making service creation easier.
  
• The HTML utility classes and filter system was updated to produce HTML5 syntax instead of XHTML.

Läs mer: https://www.drupal.org/project/drupal/releases/10.2.0

10.1.8

(säkerhetsutgåvan)
17 Januari 2024 - 170MBSecurity

• Drupal core - Moderately critical - Denial of service - SA-CORE-2024-001 - The Comment module allows users to reply to comments. In certain cases, an attacker could make comment reply requests that would trigger a denial of service (DOS). Sites that do not use the Comment module are not affected.

Läs mer: https://www.drupal.org/project/drupal/releases/10.1.8

10.1.7

6 December 2023 - 170MBThis is a patch (bugfix) release of Drupal 10 and is ready for use on production sites.

Bug Fixes and Changes

• #3367151 Docs on return type on two media constraints are misleading
  
• #3397890 Fix strict type errors in unit tests
  
• #3405798 Config deleted during import does not have correct initial values set
  
• #3343913 Add comments explaining performance improvement in TypedData
  
• #3403142 Make longwave a full committer
  
• #3181013 Faulty permanent config cache has been set to the cache backend on failed sql server connection
  
• #3391355 \Drupal\Core\Config\StorageInterface::read is typehinted as possibly returning bool, but never returns true
  
• #3400302 PHP OPcache bug detection issue
  
• #3370560 Update failed: dblog_update_10101 (TINYINT)
  
• #3390693 MigrationPluginManager::ExpandPluginIds can lose derivative plugins under certain circumstances
  
• #3402548 YamlFileLoaderTest fails if you have PECL yaml installed
  
• #3401764 Replace CollegeHumor URLs and logic in core test cases
  
• #3398400 Clean up repeated method calls in ValidReferenceConstraintValidator
  
• #3396153 Composer Scaffold plugin README is incomplete
  
• #3399992 Fix strict type errors in test traits
  
• #3399754 Fix strict type errors in functional JavaScript tests
  
• #3377310 400 exceptions result from requests for old asset paths which are missing the "theme" query string, possibly from cached pages
  
• #3401102 Nightwatch artifacts on GitLab not retained
  
• #3387959 Document new arguments in run-tests.sh
  
• #3400485 LibraryDependencyResolver::getMinimalRepresentativeSubset() calculates dependencies incorrectly
  
• #3277238 Fix \Drupal\taxonomy\Entity\Term::getName() to conform to the interface
  
• #3195583 Fix warning when RSS feed includes markup with an empty srcset attribute
  
• #3015369 Fix MigrateTestBase::executeMigrations() to execute migrations in dependency order
  
• #3383692 Document that NULL is an allowed return value for EntityRepositoryInterface::getTranslationFromContext()
  
• #3400045 Offering to co-maintain the User subsystem
  
• #3398321 Optimize GitLab resource requests phase 1
  
• #3399685 Remove Core version from install.php when the site already is installed - Information Disclosure - Leaking version information
  
• #3393955 Correct $suggestions documentation in hook_theme_suggestions_alter()
  
• #3385837 PathContentModerationTest should use API to set up language
  
• #3384935 ContactLanguageTest should use API to set up language
  
• #3385811 ContentTranslationUntranslatableFieldsTest should use API to set up language
  
• #3385834 MenuUiNodeTest should use API to set up language
  
• #3374537 PostCSS layout helpers inconsistency
  
• #3355603 Docs for ImageFieldCreationTrait and FileFieldCreationTrait are misleading
  
• #3399370 Remove @file annotation from test classes
  
• #3397991 Error in EntityFieldManager comment
  
• #2960381 Docs for FactoryInterface::createInstance() and MapperInterface::getInstance() are too similar and need more detail
  
• #2272637 Default file visibility setting not respected
  
• #3390212 [GitlabCI] stop turning off APC when running PHPStan

Läs mer: https://www.drupal.org/project/drupal/releases/10.1.7

10.1.6

1 November 2023 - 170MBThis is a patch (bugfix) release of Drupal 10 and is ready for use on production sites.

Bug Fixes

• SDC ComponentElement: Transform slots scalar values to #plain_text instead of throwing an exception
  
• Audit & fix Red asterisk for required fields WCAG contrast minimum
  
• Password is null if user has never logged in which causes PHP 8 warning
  
• getSetting()'s documentation should specify what happens when a setting doesn't exist
  
• Wrong comment display for sites configuring base field display in the UI
  
• Exclude copying 'core/node_modules' in getCodebaseFinder
  
• Config saved during import does not have correct initial values set
  
• Adding or editing a block through the UI saves the entity twice
  
• Decoupled menus test module declares their dependencies in wrong way
  
• Properly check for block content type in BlockPluginId process plugin
  
• Make BaseFieldOverride inherit internal property from the base field
  
• BlockContent JSON:API collection endpoint doesn't return unpublished block when filtered without administer block content permission
  
• Security update postcss (CVE-2023-44270)
  
• Cleanup cspell directives
  
• \Drupal\Core\Queue\QueueInterface::createItem is typehinted as possibly returning bool, but never returns true
  
• Improve the failure message from Drupal\KernelTests\Core\DependencyInjection\AutowireTest
  
• Dialog options are not honoured when open a dialog using GET
  
• Ensure Unit tests in phpass run and remove unneeded LegacyPasswordHashingTest::testInvalidArguments
  
• EntityListBuilder should return URL object vs mock
  
• Fix @return type, simple fixes
  
• Fix return type in \Drupal\Tests\rest\Functional\ResourceTestBase::recursiveKSort()
  
• Fix '@return null' return types
  
• Allow other Twig node visitors to modify 'display_start' and 'display_end'
  
• _TARGET_DB_TYPE does not exist
  
• Use "@return" instead of "@returns"
  
• Large placeholders are not processed
  
• Remove even more of the aggregate stale file threshold and state entry
  
• ckeditor5.dialog.fix.js throws "Uncaught TypeError: event.target.classList is undefined" in Firefox in Drupal 10 with the editor in a modal
  
• ExceptionLoggingSubscriber should not log HTTP 4XX errors using PHP logger channel
  
• _TARGET_DB_TYPE does not exist
  
• AssetResolver::getCssAssets() should not try to sort and optimise if $css is empty
  
• Security update composer/composer (CVE-2023-43655)
  
• Change references to README.txt in root directory

Läs mer: https://www.drupal.org/project/drupal/releases/10.1.6

10.1.5

5 Oktober 2023 - 170MBThis is a patch (bugfix) release of Drupal 10 and is ready for use on production sites.

Bug Fixes

• GitLab should retry jobs that fail outside test failures
  
• Remove variables export from test-only job
  
• Add linkByHrefExistsExact and linkByHrefNotExistsExact for matching links by href exactly
  
• Indirect modification of overloaded element with Views responsive table
  
• Return type of NodeInterface::getTitle() should be nullable
  
• Fix spelling of words only misspelled in tests, part 2
  
• [GitlabCI] SQLite currently not working
  
• [random test failure] Random failure in ThrobberTest::testProgressThrobberPosition
  
• Security update get-func-name (CVE-2023-43646)
  
• Add support for 'test only' changes to gitlab CI
  
• Display category-related recipes when seeing a recipe full page
  
• Generic Revision UI's Revision overview page generates wrong operations/view links for a translation
  
• CKEditor 5 should respect
  
• Unclear term 'internal library name' in theme API documentation
  
• document the reason for 'edit' vs. 'update' operations in field and entity access operation name
  
• Add GenericModuleTestBase and use it to test general module things
  
• Incomplete examples in API docs for the download process plugin
  
• Distribute @group #slow tests between test runners and mark more tests
  
• Creating a new translation may delete translations with drafts
  
• [DrupalMedia] Formatting lost when attempting to edit media within a list item in CKEditor 5
  
• [random test failure] Random failure in MigrateBlockContentTranslationTest
  
• Run nightwatch tests in parallel
  
• Don't make other tests depend on PHPUnit
  
• Only run one postgres version on commit
  
• Add postgresql 15/16 to testing matrix
  
• Fix change record link added in #3231341
  
• Add pagination to VersionHistoryController
  
• Disabled primary button in views area has grey text on blue background (bad contrast)
  
• "Enforced" Dependencies of Optional Configs Overwrite Other Dependencies
  
• Parent jobs are missing interruptible
  
• Copy less files around in ComponentsIsolatedBuildTest
  
• AccessAwareRouter does not respect HTTP method
  
• Each GitLab job exposes user email
  
• Move Gitlab linting steps to main job
  
• GitlabCI should fetch less from git
  
• Set GitlabCI matrix for Drupal 10.1 to use PHP 8.1 and MySQL 5.7 by default
  
• Configure GitLabCI matrix testing
  
• Node Access Rebuild never finishes (infinite loop)
  
• Libraries using jquery_ui assets directly shouldn't duplicate files
  
• DiffOpOutputBuilder does not correctly match the 10.0.x implementation and produces unexpected output (part 2)
  
• Returntype incorrect for UnitTestCase::getConfigFactoryStub()
  
• Remove error suppressions and workarounds for https://bugs.php.net/bug.php?id=50688
  
• Chunk multiple cache sets into groups of 100 to avoid OOM/max_allowed_packet issues
  
• Run jobs on GitLab CI branch tests
  
• Run jobs on GitLab CI branch tests
  
• GitLab CI integration for core
  
• incorrect sample code in docs for hook_library_info_build
  
• Move BrowserTestBaseTest tests checking WebAssert methods to WebAssertTest
  
• False positives when identifying what is a placeholder, for deprecation error
  
• Toolbar username lazy builder only XSS filters but doesn't escape user display name - stored remote request
  
• commit-code-check.sh doesn't allow optional chaining in JavaScript
  
• Improve spell checking in commit-code-check.sh
  
• Spell check all files if dictionary.txt changes
  
• Remove incorrect spellings from the dictionary that are no longer in the codebase
  
• DiffOpOutputBuilder does not correctly match the 10.0.x implementation and produces unexpected output
  
• Layout Builder jumps to top when removing section/block
  
• Drupal.t() does not respect locale_custom_strings
  
• Regression fix for (if feasible) uses of the jQuery trim function to use vanillaJS
  
• Add an example to Drupal\migrate\Plugin\migrate\process\SkipOnEmpty doc block
  
• Remove redefintion of t() from update-countries.sh
  
• Revert broken flexbox after Branding component creation
  
• aria-current is giving an invalid value
  
• optionExists throws exception with incorrect type if option doesn't exist

Läs mer: https://www.drupal.org/project/drupal/releases/10.1.5

10.1.4

(säkerhetsutgåvan)
22 September 2023 - 170MBSecurity

• Drupal core - Critical - Cache poisoning - SA-CORE-2023-006 - In certain scenarios, Drupal's JSON:API module will output error backtraces. With some configurations, this may cause sensitive information to be cached and made available to anonymous users, leading to privilege escalation. This vulnerability only affects sites with the JSON:API module enabled, and can be mitigated by uninstalling JSON:API.

Läs mer: https://www.drupal.org/project/drupal/releases/10.1.4

10.1.3

8 September 2023 - 170MB

• Add Gábor Hojtsy as facilitator to MAINTAINERS.txt
  
• ImageUrlTest fails on GitlabCI integration
  
• Installer can't create new database on PostgreSQL
  
• AJAX pager doesn't work with exposed filter which has a default value
  
• Absolute path for oembed iframe
  
• BrowserTestBase::drupalGet() does not appear to be handling base url properly
  
• Return early in EntityPermissionsForm::access if the user does not have "administer permissions"
  
• \Drupal\Core\Theme\Registry->build() does not always return \Drupal\Core\Utility\ThemeRegistry
  
• Need to catch Peast exceptions
  
• Username enumeration via one time login route when logged in as another user
  
• Investigate better ways to add anti-flicker JS
  
• Update Peast to 1.15.4
  
• Umami theme should declare dependency on SDC
  
• claro.jquery.ui css assets may be added the page multiple times
  
• Documentation problem with node_is_page
  
• Implement utility method for invoking backward compatible code
  
• Duplicate declaration of $context in WidgetBase
  
• Remove cruft from LanguageNegotiationMethodManager
  
• Views MysqlDateSql::getDateFormat() should translate PHP's 'o' format to MySQL's '%x'
  
• Ensure views Translate tabs are visible when editing
  
• [Random test failure] Random failure in CKEditor5AllowedTagsTest::testMediaElementAllowedTags
  
• Update CKEditor 5 to 39.0.1
  
• [Style] Add tests for inability to apply styles to div, ul, ol, table etc. in CKEditor 5 — and a allows applying it to all elements
  
• Convert enable/disable to install/uninstall in exception text
  
• Hardcoded color class for site branding when using RTL
  
• Update CKEditor 5 to 39.0.0
  
• The renderer throws away cache metadata from access result if it is not allowed
  
• ManyToOneHelper ignores group configuration for some cases
  
• File mode check in commit-code-check.sh is too strict

Läs mer: https://www.drupal.org/project/drupal/releases/10.1.3

10.1.2

22 Augusti 2023 - 170MB

• Invalid references to contextual_pre_render_links in contextual.api.php
  
• hook_entity_extra_field_info() is called unnecessarily often, hurting performance
  
• CSS Aggregation should not rewrite # url
  
• Errors on WorkspacePublishForm::submitForm are not being logged
  
• The active workspace is not deactivated when it's deleted
  
• WorkspacePublishForm $redirectDestination parameter appears not to be used
  
• Dialog close icon not reliably visible in forced colors mode
  
• Use aria-current=page in pagination links
  
• Password reset json endpoint reveals whether an email or username is in use
  
• Move getContent and getContentUpdate inline
  
• Fix deprecated overloaded function usage in PHP 8.3
  
• Improve docs for the Xss::filter() $html_tags parameter
  
• 4xx HTTP code theme suggestions are not applied if a node is set as 4xx path
  
• Create new SDC component for Umami Branding
  
• When AssetControllerBase delivers existing file should add content-type
  
• Tighten xpath selectors to decrease complexity in tests
  
• WSOD on admin/modules if description is set but is NULL in module.info.yml
  
• Fix spelling for words used once, beginning with 'j' -> 'm', inclusive
  
• Views 'Rearrange' dialog show the 'Remove' checkbox, which should be visually hidden
  
• Clarify why FieldConfigBase::getDataType() is 'list' and not 'field_config_base'
  
• Ensure that edge caches are busted on deployments for css/js aggregates
  
• Use constants when calling CommentTestBase::setCommentAnonymous
  
• Filter tips disappear when changing of text format is cancelled
  
• Prevent the Advanced details getting closed when making changes in the advanced section
  
• Wrong type of property MenuLinkContent::$link
  
• Locale configuration storage passes wrong arguments to install storage
  
• Passing null to parameter #1 ($num) of type int|float to abs() is deprecated
  
• Fix PHPStan L1 errors "Offset 'foo' on array{} in isset() does not exist."
  
• Form layout when the "main" region has a smaller height than the "secondary" region is broken
  
• Bad Color combination in "Block Layout" Example page
  
• document that config/optional is safe to use with duplicate configuration
  
• FileSystem::deleteRecursive() shouldn't log a message when it tries to delete a non-existent directory
  
• run-tests.sh references a non existent obsolete Core module's (simpletest) url
  
• Remove usage of setAccessible() when core requires PHP 8.1
  
• Security update multiple JavaScript dependencies
  
• Update mck89/peast composer dependency to 1.15.2
  
• [regression] "Comments field is required" when creating content for types with a comment field configured as hidden
  
• Return early if syslog configs are NULL to avoid openlog deprecation
  
• Password input width is incoherent and overflows
  
• Create new SDC component for Umami (disclaimer)
  
• Claro: Text overlaps the icon in select list on rtl
  
• Regression: infinite height prevention disables scrolling in Source view
  
• ^10.1 CSS aggregation breaks during maintenance mode
  
• There is a noticeable white border on the right side of "Place Block" button
  
• Menu link content changes are not visible on non-live workspaces
  
• Tests should check sqlite version using PDO_sqlite extension
  
• Replace BDFL with Project Lead
  
• Ajax state leaking to Views bulk operations
  
• Entity autocomplete widget does not pass along entity to AJAX request
  
• Grouped filters with a value of zero do not show when editing the filter
  
• MemoryStorage fails with "Argument #1 ($array) must be of type array" error on calling function readMultiple()
  
• Allow DriverSpecificSchemaTestBase::testChangePrimaryKeyToSerial to execute for non-core drivers
  
• Deprecated: preg_split(): Passing null in argument_validator
  
• Capitalize test group for typedData
  
• Minor hyperlink edit on Appearance page
  
• Extra Default value field when adding a field with an unlimited values
  
• Page scrolls when element inside bulk operations is focused
  
• Re-enable \Drupal\Tests\taxonomy\Functional\Rest\VocabularyJsonAnonTest::testGet

Läs mer: https://www.drupal.org/project/drupal/releases/10.1.2

10.1.1

6 Juli 2023 - 170MB

• Autocomplete throbber is visible when entering a blacklist character
  
• Remove the aggregate stale file threshold and state entry
  
• "Set default value" incorrect default state when using Media Library
  
• CommentAccessControlHandler::checkCreateAccess() does not check commented entity's comment field's status property
  
• Replace "Recipe Instruction" label with a better alternative
  
• Fix spelling of $add_ellipses is comment
  
• Display plus sign once on inline block create button with Stable9 theme
  
• Aggregation URL hashes should be built from normalized list of libraries
  
• Fix limit value in Explode process plugin documentation
  
• Make @todo for file_save_upload() refer to the correct issue
  
• string' is a reserved keyword as of PHP version 7.0 and should not be used to name a class, interface or trait or as part of a namespace (T_NAMESPACE)
  
• Update CKEditor 5 to 38.1.0
  
• [drupalMedia] When media is embedded in a view mode whose display is configured to link elsewhere, that link should not be clickable in CKEditor
  
• Update Maintainers for the Help module
  
• Fix MaximumFileSizeExceededUploadTest test for PHP 8.3
  
• Field layouts doen't seem to work for embedded forms
  
• generate sample values get dimensions wrong when min_resolution is bigger than 600x600
  
• EntityConstraintViolationList::findByCodes is inconsistent - followup
  
• EntityConstraintViolationList::findByCodes is inconsistent
  
• CommentSelection::entityQueryAlter() fails on validate when referencing entity is not a comment
  
• Asset controller should validate filename prefix
  
• guzzlehttp/promises 2.0 blocking update to 10.1 due to AWS SDK
  
• [random test failure] Random failure in CommentStatisticsTest

Läs mer: https://www.drupal.org/project/drupal/releases/10.1.1

10.1.0

(större version)
26 Juni 2023 - 170MBThis is a feature release for Drupal 10 and is ready for use on production sites.

This release provides improvements and new functionality. It does not not break backward compatibility (BC) for public APIs.There may be changes in internal APIs and experimental modules. If so, contributed and custom modules and themes may need updating. This is according to Drupal core's backward compatibility and experimental module policies.

Notes

• Sites using CKEditor 4 should upgrade to CKEditor 5 in Drupal 9.4 or 9.5 before updating to Drupal 10
  

Changes

• The root .htaccess file now unsets the X-Content-Type-Options header before setting it again. This prevents duplicate headers in some configurations of Apache. Site owners should update their .htaccess files with this change to avoid duplicate headers.
  
• The root .htaccess file now caches all files for one year instead of two weeks. This brings the value in line with industry standards.
  
• Drupal adds 'Samesite: Lax' as a session cookie attribute by default. This is configurable in default.services.yml and site owners should update their copy of the file to include the section.
  
• Sites using nginx and php-fpm may need to update their nginx.conf for changes to CSS and JavaScript aggregation.
  
• The file location for Drupal's asset aggregation system is now configurable. It can be set in settings.php via $settings['file_assets_path']. Existing sites will continue to use the public files location.
  
• A new setting $settings['sa_core_2023_004_phpinfo_flags'] in default.settings.php has been added to configure the behaviour of admin/reports/status/php.
  

Highlights

• New permissions for managing custom blocks. Administrators can delegate the management of custom block content to users without granting the 'administer blocks' permission. The permissions allow for control by custom block type and access to block administration pages.
  
• Block content entities now have a UI for managing revisions. Users with sufficient permissions can view, revert and delete block content revisions.
  
• Content administrators can be given permission to delete any file, rather than just files they created. An operations field can be added to views on File entities to add a delete button. The view that ships with the File module has been updated to include the operations field. Existing sites need to add themselves.
  
• The timestamp default formatter has a setting "Display as a time difference. This allows the date/time to display as a time difference (e.g. '2 hours 23 minutes ago'). The refresh interval is configurable.
  
• The CKEditor code block is now configurable, allowing the list of languages that can be input to be changed in the editor configuration. Modules or install profiles that provide default editor configurations may need to update their shipped config.
  
• A new “Development settings” page at /admin/config/development/settings that contains Twig development settings, as well as the ability to disable various caches. The settings are stored within the state table (as opposed to configuration), so the settings cannot be accidentally committed and uploaded to production environments.
  

New Experimental Features

• Announcements (beta)
  
• Single Directory Components (beta)
  

API Changes

• Some "notice" level user events are now logged at the lower-severity "info" level.
  
• The paths to manage custom-block types and block content (formerly custom blocks) have changed.
  
• /admin/structure/block/block-content/types is now /admin/structure/block-content and available as Block types from the Structure menu.
  
• /admin/structure/block/block-content is now /admin/content/block and available from the Blocks tab from the Content menu.
  
• /block/{block id} is now /admin/content/block/{block id}
  
• Drupal now uses the default PHP password_hash() and password_verify() functions in order to store and verify passwords securely. Backwards compatibility is provided by the new phpass module that will be installed on existing sites via an update.
  
• Passing a string to AddCssCommand is now deprecated, instead an array of attributes is expected like for AddJsCommand. CSS files added with Ajax commands are now loaded with loadjs and Ajax commands wait for all CSS files to load before executing the next commands.
  
• Passing an array value to a database condition without using a compatible operator is no longer supported and will result in an exception.
  
• The READ COMMITTED transaction isolation level is set by default for new installs on MySQL and equivalent databases such as MariaDB. This level has been recommended for several years and is configurable as before in the database connection settings. No change will be made for existing sites.
  
• A bug in Drupal's dependency injection container is fixed. The bug could allow certain private services to be accessed by $container->get() depending on code execution order. Custom or contributed module code accessing services in this way would have been fragile before the change, but will now always break. Public services are unaffected.
  
• Config dependencies now have validation constraints. These are not currently used by Drupal core. They will be used later for validating config entities at the data layer.
  
• Layout Builder field blocks will now display the user-specified label from the block configuration. Sites should review their existing blocks as this change may impact workflows that relied on the previous behavior.
  

Performance Improvements

• Only the CSS or JavaScript aggregate URL is built during the main request. Before the content of the aggregate was built and written to disk during the main request, which on complex pages could result in slow page loads. This now happens when the browser requests the CSS or JavaScript file.
  
• Comments and whitespace are removed from JavaScript files. This results in a significant file size reduction. Sites not using Drupal's aggregation should re-evaluate their aggregation and minification method.
  
• Responsive images now support lazy loading. Sites using the default responsive image configuration should update their config to include the new setting.
  
• The update to Symfony 6.3 includes a change to normalizers and denormalizers which should improve performance of JSON:API responses.
  

Bug Fixes

• It is possible to overflow the number of items allowed in Media Library
  
• Provide an upgrade path from "codesnippet" contrib CKEditor 4 plugin to "CodeBlock" core CKEditor 5 plugin
  
• Unable to override library auto-definition to add external CSS & JS
  
• [CKEditor5] Missing dependency on drupal.ajax
  
• [random failure] Curl error thrown for http in JSWebAssertTest
  
• Attached Library set to string instead of array
  
• [random test failure] \Drupal\Tests\ckeditor5\FunctionalJavascript\MediaTest::testViewMode random fail
  
• [random test failure] DrupalTestsmedia_libraryFunctionalJavascriptWidgetViewsTest::testWidgetViews random fail
  
• Remove truncation of path alias
  
• Remove outdated @todo's pointing to #3135457
  
• Phpdoc for ResourceTypeRepositoryInterface::get return value is incomplete
  
• Give users a way to access announcements if toolbar module is disabled
  
• Add "Edit permisisons" as local task on role edit form
  
• Add Lauri Eskola to Drupal core product managers
  
• CKEditor 5 Style plugin configuration tab does not appear
  
• OEmbedIframeController returns an HTTP response code that can be cached by forward proxies when it is given illegal parameters
  
• ContentTranslationContextualLinksTest should use API calls to set up translation
  
• [random test failure] MediaTest:: testEditableCaption()
  
• Add [#\ReturnTypeWillChange] attribute to TemporaryArrayObjectThrowingExceptions for PHP 8.3 compatibility
  
• Allow extending StatusMessages class
  
• Allow ?edit[field_xyz] as query parameter in contextual filter
  
• hook_condition_info_alter is not documented
  
• PhpMail : broken mail headers in PHP 8.0+ because of LF characters
  
• Uncomment assertions in StyleTest related to https://github.com/ckeditor/ckeditor5/issues/11709
  
• [regression] Inserting media via the media library modal when paged redirects to the wrong destination
  
• [random test failure] MediaTest::testLinkManualDecorator()
  
• [SDC] Improve error handling during prop validation errors
  
• [regression] route defaults are now automatically route parameters
  
• EntityCreateAnyAccessCheck::access() too restrictive
  
• SQL migrations cannot be instantiated if database is not available and Node, Migrate Drupal modules are enabled
  
• Better default base path in assets stream wrapper

Läs mer: https://www.drupal.org/project/drupal/releases/10.1.0

10.0.11

(säkerhetsutgåvan)
5 Oktober 2023 - 170MBThis is a security release of the Drupal 10 series.

Security

• Drupal core - Critical - Cache poisoning - SA-CORE-2023-006 - In certain scenarios, Drupal's JSON:API module will output error backtraces. With some configurations, this may cause sensitive information to be cached and made available to anonymous users, leading to privilege escalation.

Läs mer: https://www.drupal.org/project/drupal/releases/10.0.11

10.0.10

5 Juli 2023 - 170MB

• [CKEditor5] Missing dependency on drupal.ajax
  
• [random failure] Curl error thrown for http in JSWebAssertTest
  
• [random test failure] \Drupal\Tests\ckeditor5\FunctionalJavascript\MediaTest::testViewMode random fail
  
• Lock Drupal 10.0 on symfony/serializer and symfony/validator 6.2
  
• Remove outdated @todo's pointing to #3135457
  
• Phpdoc for ResourceTypeRepositoryInterface::get return value is incomplete
  
• Add Lauri Eskola to Drupal core product managers
  
• CKEditor 5 Style plugin configuration tab does not appear
  
• OEmbedIframeController returns an HTTP response code that can be cached by forward proxies when it is given illegal parameters
  
• ContentTranslationContextualLinksTest should use API calls to set up translation
  
• [random test failure] MediaTest:: testEditableCaption()
  
• Allow extending StatusMessages class
  
• Allow ?edit[field_xyz] as query parameter in contextual filter
  
• hook_condition_info_alter is not documented
  
• PhpMail : broken mail headers in PHP 8.0+ because of LF characters
  
• [random test failure] MediaTest::testLinkManualDecorator()
  
• [regression] route defaults are now automatically route parameters
  
• EntityCreateAnyAccessCheck::access() too restrictive
  
• Entering a non-numeric value for a start row value in 'Multiple field settings' for a views field leads to a fatal error
  
• Remove webchick from MAINTAINERS.txt
  
• Progress throbber position is incorrect
  
• Missing mapping for "nodereference_url" widget
  
• [needs backport] OptionsWidgetBase doesn't respect #required_error
  
• TypeError: Argument 1 passed to Drupal\Core\Entity\EntityViewBuilder::view() must implement interface Drupal\Core\Entity\EntityInterface, null given, called in core/modules/node/node.module on line 559
  
• Accidental use of CSS nesting in misc/dialog/off-canvas/css/details.css
  
• Update mglaman/phpstan-drupal and make daily "updated deps" QA jobs pass
  
• Improve how KernelTestBase manages its persistent key value storage
  
• Document that "Base system" is maintained by the framework managers
  
• Multiple usages of FieldPluginBase::getEntity do not check for NULL, leading to WSOD
  
• Do not use persist tag for keyvalue.memory in KernelTestBase
  
• Update guzzlehttp/psr7 constraint
  
• Don't allow @inheritdoc (no curly braces) annotation in PHPDocBlocks
  
• Media library is showing 'is required message' while the user has no access to the field
  
• Add phtml files to the list of potentially malicious extensions
  
• Allow DELETE requests to return a response body

Läs mer: https://www.drupal.org/project/drupal/releases/10.0.10

10.0.9

4 Maj 2023 - 170MB

• Workaround for "Call to a member function getLabel() after enabling layout_builder"
  
• Enable 'Drupal.Commenting.DocComment.ShortSingleLine' coding standard
  
• Xss::filterAdmin() incorrectly filters datetime attribute
  
• Update mglaman/phpstan-drupal and help make daily "updated deps" QA jobs pass
  
• Update guzzlehttp/psr7
  
• Fix incorrect type hint and make daily "updated deps" QA jobs pass
  
• Fix method comments in tests for Drupal.Commenting.DocComment.ShortSingleLine
  
• Method documented to raise error while it actually does not
  
• Update @todo comment in \Drupal\Core\Database\StatementInterface::fetchObject
  
• Update PHPDoc for DataDefinition
  
• Fix method comments in non tests for Drupal.Commenting.DocComment.ShortSingleLine
  
• Promote quietone and bnjmnm from provisional core committers to full core committers
  
• Select form field values are hidden at narrow screen widths in Claro theme
  
• Correct vertical tab does not focus on form validation
  
• [random test failure] Try to un-skip and fix InlineBlockPrivateFilesTest::testPrivateFiles() in context of [#3353085]
  
• [random test failure] Try to un-skip and fix LayoutBuilderNestedFormUiTest::testAddingFormBlocksToOverrides in context of [#3353085]
  
• [random test failure] Try to un-skip and fix LayoutBuilderTest::testLayoutBuilderUi in context of [#3353085]
  
• [random test failure] Try to un-skip and fix LayoutBuilderNestedFormUiTest::testAddingFormBlocksToDefaults in context of [#3353085]
  
• [random test failure] Try to un-skip and fix BlockFormMessagesTest::testValidationMessage() in context of [#3353085]
  
• [random test failure] Try to un-skip and fix InlineBlockTest::testDeletion in context of [#3353085]
  
• [no random test failure] Try to un-skip and fix LayoutBuilderDisableInteractionsTest::assertContextualLinksClickable in context of [#3353085]
  
• [random test failure] Try to un-skip and fix ContextualLinksTest in context of [#3353085]
  
• Fix spellcheck:make-drupal-dict
  
• Update mglaman/phpstan-drupal and make daily "updated deps" QA jobs pass
  
• Document return value in \Drupal\locale\LocaleTranslation::getStringTranslation
  
• 'Is not equal to' operator ignored on exposed, grouped filter
  
• Remove tstoeckler from MAINTAINERS.txt
  
• Library order asset weights do not work properly when a large number of javascript files is loaded between two jQuery UI libraries
  
• Do not use direct configuration changes in LanguageNegotiationSessionTest
  
• Leftover D10 deprecations in the contextual module
  
• @return docs for WorkflowTypeInterface::getTransitionsForState() are wrong
  
• Fix functions and test modules for Drupal.Commenting.DocComment.ShortSingleLine
  
• incorrect example code in Token docs
  
• Contextual links are not sorted by weight, contrary to documentation
  
• \Drupal\language\LanguageNegotiator does not handle PluginNotFoundException and break the site completely
  
• Refactor (if feasible) uses of the jQuery ready function to use VanillaJS
  
• Enabling "Edit" to show all contextual links breaks tabbing in edit forms in the backend
  
• Run yarn build:css in core/scripts/dev/commit-code-check.sh whenever core/package.json and/or core/package.lock change
  
• Skip numerous functional JS tests that repeatedly break HEAD
  
• Add deprecation silencer on Drupal 10.0
  
• ToolbarController::preRenderGetRenderedSubtrees() deletes parent's cacheability
  
• EntityReference ViewsSelection::stripAdminAndAnchorTagsFromResults() should call Element::children($results)
  
• copyRawVariables should support default route parameters
  
• HtmlResponseAttachmentsProcessor::processAttachments should reference processing placeholders
  
• [random test failure] DrupalTestslayout_builderFunctionalJavascriptLayoutBuilderUiTest::testReloadWithNoSections
  
• Update webpack
  
• Readonly doesn't work on #States
  
• Document how contrib hook_update_N() should be numbered now that modules can be compatible with multiple major branches and versioned semantically
  
• Improve preview usability
  
• .m4a files should use audio/mp4 MIME type, not audio/mpeg
  
• "Add or select media" not translated
  
• dropbuttons get weird white line when font size is changed and at at various zoom settings
  
• Duplicated summary item when linking to content with the MediaThumbnailFormatter
  
• Claro: fix size of H3 elements in status report
  
• Code error url fragment: wrong array key: key #fragment should be fragment
  
• Installing a module causes translations to be overwritten
  
• Use temporary redirect for RFC5785 change password well known resource
  
• Entity stubs doesn't follows fallback logic from entities and leads to a broken migration
  
• Improper use of aria-label in "System Powered By" block
  
• Skip Drupal\Tests\ckeditor5\FunctionalJavascript\MediaLibraryTest
  
• Create a README.md file in Olivero theme to explain the name of the theme
  
• Queue API topic and hook_queue_info() don't link to one another
  
• Skip Drupal\Tests\layout_builder\FunctionalJavascript\ContextualLinksTest
  
• Skip Drupal\Tests\media\FunctionalJavascript\MediaSourceFileTest
  
• Secondary tabs not accessible if more than X on screen size Y
  
• CsrfAccessCheck docblock extremely out of date
  
• Update the outdated user_help text for user.admin_permissions and the description of the select box on the role settings page
  
• ListItemBase::generateSampleValue() white screen when options list is empty
  
• Mobile menu is not positioned correctly when side canvas is open
  
• Uncaught exception in link formatter if a link field has malformed data
  
• Module constraint checks fail incorrectly due to str_replace
  
• CKEditor 5 content squashed in off-canvas sidebar
  
• Htaccess rewrite rules for gzipped CSS and JavaScript aggregates never match
  
• Unneccessary bitwise operation for file permissions check on Windows
  
• Remove stale Quick Edit section from MAINTAINERS.txt in 10.0.x and up
  
• Not optimal query in DatabaseBackend::garbageCollection()
  
• Claro: Wrong background for active vertical tab
  
• Deprecations for PHP 8.1 get_class() and get_called_class() without argument
  
• No error messages are shown for applied validation on a view exposed filter with on "AJAX"
  
• AJAX commands documentation is misleading when working with render arrays
  
• Required summary element hidden when other text-with-summary fields do not require summary
  
• Improve handling of invalid input in time zone abbreviation to TZID route
  
• \Drupal\taxonomy\Plugin\views\field\TermName::getItems should work with links
  
• Fix for Unit Test on Windows
  
• BatchNegotiator tests for an invalid route
  
• [regression] Inaccessible language switcher links are removed before alternatives can be provided
  
• DateTime::__construct(): Passing null to parameter #1 ($datetime) of type string is deprecated
  
• Incorrect totals count when importing config that contains a theme uninstall
  
• Setting media field to loading="eager" doesn’t work when using the media_thumbnail field formatter

Läs mer: https://www.drupal.org/project/drupal/releases/10.0.9

10.0.8

(säkerhetsutgåvan)
19 April 2023 - 170MBSecurity

• Drupal core - Moderately critical - Access bypass - SA-CORE-2023-005 - The file download facility doesn't sufficiently sanitize file paths in certain situations. This may result in users gaining access to private files that they should not have access to. Some sites may require configuration changes following this security release. Review the release notes for your Drupal version if you have issues accessing private files after updating.

Läs mer: https://www.drupal.org/project/drupal/releases/10.0.8

10.0.7

24 Mars 2023 - 170MBBug Fixes and Changes

• Revert "Issue #3344083 by longwave, lauriii, Wim Leers, smustgrave: Update CKEditor 5 to 36.0.1"

Läs mer: https://www.drupal.org/project/drupal/releases/10.0.7

10.0.6

24 Mars 2023 - 170MBBug Fixes and Changes

• Update CKEditor 5 to 36.0.1
  
• [regression] Language switcher block throws exception when no route is matched
  
• Add an API docs topic to cover entity characteristics in general and how they work
  
• Only show link to taxonomy overview when user has access
  
• Add informative error message for 'Connection refused' errors in MySQL
  
• Promote nod_ and justafish to full JavaScript package committers, and add them as provisional frontend framework managers
  
• Add an API docs topic to cover entity characteristics in general and how they work
  
• Link HTTP header should not be HTML-encoded
  
• Warning on AJAX call when changing the breakpoint_group field value of a responsive image style
  
• Views more link container theme suggestions are in the wrong order
  
• Validating managed files should account for null triggering elements
  
• EntityTypeInterface is overly prescriptive about 'required' link relationships
  
• Update UN official language list source
  
• Document why CORE_COMPATIBILITY is still 8.x in higher branches
  
• Added TermForm::getParentIds for allowing to override in contrib
  
• Role permissions are not sorted when saving via admin/people/permissions
  
• #states cannot check/uncheck checkboxes elements
  
• UserInterface::getPassword() can return NULL
  
• preg_split in _filter_url breaks for long html tags
  
• InvocationMocker::withConsecutive() is deprecated in PHPUnit 9.6 and removed from PHPUnit 10 - easy replacements
  
• Drupal\Tests\datetime\Functional\DateTimeWidgetTest fails when run at midnight
  
• SessionConfiguration::getCookieDomain() return value doc is incorrect
  
• Layout builder filter leaves blank space
  
• [PHP 8.1] Deprecated function: strpos(): Passing null to parameter #1 LayoutBuilderUiCacheContext.php on line 28
  
• Document the correct web-root default value
  
• Fix cspell use: specify globRoot and always pass --root to cspell
  
• Remove obsolete code from Drupal\sqlite\Driver\Database\sqlite\Statement
  
• Outbound path processors cannot override the specified URL fragment
  
• Views pagers do math on disparate data types, resulting in type errors in PHP 8
  
• Update documentation of PathBasedBreadcrumbBuilder
  
• Early rendering issue in big_pipe_page_attachments() for controllers returning Response objects
  
• XSS::filter and filter_xss can create malformed attributes when you would expect them to be stripped
  
• After using select to change plugin or region, element loses focus and page scrolls to bottom
  
• Allow switching to any workspace in CLI requests
  
• Improve documentation of hook_theme_suggestions_HOOK()
  
• Documentation of CacheTagsChecksumTrait::invalidateTags refers to a non-existant method
  
• StorageComparer does not work when storages are not in the default collection
  
• Change SelectComplexTest::testDistinct to test the distinct values not the count
  
• Use Xss::filter() for the view title to ensure that the preview matches the actual display
  
• Entity storage exception during module install missing !message parameter in watchdog_exception() call
  
• A route with a default title of 0 does not work
  
• Local variable $additional_headers in PhpMail is confusing, rename to $additional_params

Läs mer: https://www.drupal.org/project/drupal/releases/10.0.6

10.0.5

(säkerhetsutgåvan)
16 Mars 2023 - 170MBSecurity

• Drupal core - Moderately critical - Information disclosure - SA-CORE-2023-002 - The Media module does not properly check entity access in some circumstances. This may result in users seeing thumbnails of media items they do not have access to, including for private files. This release was coordinated with SA-CONTRIB-2023-010.
  
• Drupal core - Moderately critical - Information disclosure - SA-CORE-2023-003 - The language module provides a Language switcher block which can be placed to provide links to quickly switch between different languages. The URL of unpublished translations may be disclosed. When used in conjunction with a module like Pathauto, this may reveal the title of unpublished content.
  
• Drupal core - Moderately critical - Access bypass - SA-CORE-2023-004 - Drupal core provides a page that outputs the markup from phpinfo() to assist with diagnosing PHP configuration. If an attacker was able to achieve an XSS exploit against a privileged user, they may be able to use the phpinfo page to access sensitive information that could be used to escalate the attack. This vulnerability is mitigated by the fact that a successful XSS exploit is required in order to exploit it.

Läs mer: https://www.drupal.org/project/drupal/releases/10.0.5

10.0.4

1 Mars 2023 - 170MB

• 'node' variable in page.html.twig is not available on preview node page #3342891
  
• Drupal\migrate\Plugin\migrate\source\SourcePluginBase::rewind() is rewinding database statements #3339373
  
• Update stylelint rule function-linear-gradient-no-nonstandard-direction to be consistent with Drupal's CSS standards #2866811
  
• Refactor ContextualUnitTest to use a data provider #3185183
  
• Remove use of final Guzzle client class #3264167
  
• Views pager is using exposed_raw_input instead of exposed_input #2865401
  
• The Symfony method Request::setTrustedHosts() is a static method, we use it as non-static #3276939
  
• Fix failing "updated deps" test-runs on 10.x.x #3341254
  
• Update hook_node_grants docs to remove role ID reference, since it is no longer an integer #2910181
  
• #ajax 'options' property is undocumented #3324726
  
• Improve test coverage of the flood memory backend test and convert it to a unit test #2106939
  
• Fix commit-code-check.sh on DrupalCI #3343495
  
• Bundle restrictions from a route do not apply to revisionable entities #3317744
  
• Improve documentation on $is_syncing #3216430
  
• Custom role with all numeric name results in fatal error after assigning to user #2890726
  
• Umami demo: Tour popup close button hover effect movement #3256002
  
• States API: Empty/Filled state with number does not update when using spinner #3181634
  
• Contextual Links do not respect parameters in the destination #2738547
  
• Promote non-stable modules to the top of the list at admin/modules/uninstall form #3270378
  
• EntityTestAccessControlHandler allows viewing an unpublished entity #3179850
  
• TimeInterval plugin should not handle empty values #1956466
  
• Role permissions not sorted in config export #3039499
  
• Incorrect sprintf parameter usage #3328694
  
• #states defaultTrigger oldValue is out of date if values are updated via a state trigger #2498791
  
• Fix comment with a plural possessive typo in PluginBase.php #3283930
  
• Update variable type PHPDoc in _responsive_image_build_source_attributes function #3312883
  
• Warning when building an empty workspace tree #3154084
  
• Potentially speed up LinkFieldTest #3300957
  
• Increase the delta of the "weight" field to support reordering more than 20 blocks in a section #3077646
  
• DrupalKernelInterface methods & DrupalKernel::sitePath should document the format of a site path #3209468
  
• DrupalKernelInterface methods & DrupalKernel::sitePath should document the format of a site path #3209468
  
• Improve documentation for BookManagerInterface::saveBookLink() #2985165
  
• Improve GenerateThemeTest #3281193
  
• PHP 8.1 Return type of DeprecatedArray::unserialize() and ::serialize() #3283351
  
• MultiFormTest not executing #3103240
  
• HTML entities in Tour tip labels get double-escaped #3255895
  
• Rename test theme test_legacy_theme #3337195
  
• Incorrect EntityType::$label_count type documentation #3261347
  
• Fix inaccurate return types in user module #3326493
  
• Add sorting configuration to composer.json #3096546
  
• Fix descriptive text in Depth view filter #3339251
  
• Correct return typehint on BlockPluginTrait::blockAccess() #3332630
  
• Claro: Undefined array key "expose_button" #3333664
  
• ResourceTestBase::setUpAuthorization references wrong permission grant methods #3231184
  
• document run-tests.sh as not intended for public consumption #3228531
  
• Deprecated function: strpos() in layout_builder_entity_view_alter #3324574
  
• Add documentation for path_processing option to URLGeneratorInterface #3132334
  
• Content Moderation fatals when a moderated entity is re-saved on hook_insert() #3181439
  
• Incorrect use of FormattableMarkup in logger messages #3339400
  
• Fix failing "updated deps" test-runs by upping mglaman/phpstan-drupal to latest #3336586
  
• $install_state['settings_verified'] incorrectly set when config_sync_directory is missing #3247553
  
• Remove mtift from MAINTAINERS.txt #3328711
  
• Allow authors and editors to edit page layouts in Umami #3219967
  
• EntityDefinitionUpdateManagerInterface docblock improvement #3099085
  
• Fix PHPStan L1 error "Instantiated class Foo\Bar not found." #3326378
  
• LibraryDiscoveryParser::buildByExtension() is missing @throws tags #2822575
  
• File dictionary.txt is not sorted #3336828
  
• Remove migration of shortcuts from menu_link migration #3152943

Läs mer: https://www.drupal.org/project/drupal/releases/10.0.4

10.0.3

2 Februari 2023 - 170MB

• Update Symfony to v6.2.6 / v4.4.50 #3338301
  
• hook_theme() docs for path are inaccurate #2867796
  
• Make the AccessResult API even clearer #3087868
  
• CSpell dictionary is out of sync #3337327
  
• Claro: Select list chevron-down icon is showing on wrong position in RTL dir in views #3336002
  
• Fix LanguageNegotiationContentEntity::getLangcode() errors thrown #3130751
  
• Can't run tests with XDEBUG_CONFIG set to empty string #3178919
  
• Unable to uninstall base theme and subtheme via config sync at the same time #3001430
  
• Unable to uninstall base theme and subtheme via config sync at the same time #3001430
  
• Fix grammar ("an URL" should be "a URL") and consistent use of URL (not "url" / "Url") in documentation only #2574981
  
• Views UI filter form arrow positioned incorrectly in Claro #3334525
  
• Uncaught TypeError: this.$pluginSelect.find(...)[0] is undefined #3305706
  
• Fix LanguageNegotiationMethodInterface::getLangcode() result docblock #3126127
  
• Pager h4 causes accessibility flag on many pages #3333401
  
• Missing schema for comment_link_approve views field configuration #3294619
  
• Field storage settings give a scary red warning that they can't be changed when the cardinality is the only thing with restrictions #2895124
  
• Remove outdated @todo from the Locale module #3092672
  
• Cron queue gets processed every time cron is called, regardless of whether it's already being processed elsewhere #1875020
  
• A minor code comment mistake in NodeFieldAccessTest.php #3334679
  
• File Inclusion issue security hardening #3191389
  
• Blocks that have #attached set removed after upgrade #3333858
  
• Drop .stylelintignore in 10.x #3087006
  
• Fix or ignore words that start with "v", excluding real non-English words #3185640
  
• Select queries do not escape the GROUP BY fields #3191623
  
• Media thumbnail dimensions are wrong for YouTube videos #3088168
  
• BlockedIp::import violates MigrateDestinationInterface::import #3260391
  
• Responsive grid children overflow when min-width is greater than container width #3328593
  
• Cron links point to D7 documentation #3332712
  
• Documentation conflict re: affected rows vs. matched rows #3248575
  
• Update PHPStan to 1.9.9 to fix 10.x "updated deps" Drupal CI runs #3333065
  
• views_ui LibraryCachIngTest is failing randomly #3317938
  
• Upgrade yarn dependencies to fix vulnerabilities shown by yarn audit #3332447
  
• Nothing clears the "5 failed login attempts" security message when a user resets their own password #992540
  
• Fix spelling for words used once, beginning with 'e' -> 'i', inclusive #3219472
  
• PathAliasManager could not find the alias by the internal path #3226334
  
• The $entity_type property is protected, so fix views.api.php sample code to use a getter #3327974
  
• View combine filter operator "Is not equal to" use the same operator as "Is equal to" #3323353
  
• Remove unused variable $translation from BulkFormTest #3331900
  
• commit-code-check.sh gives unclear output when CSS is not properly rebuilt #3331818
  
• "core/drupal.checkbox" (misc/checkbox.js) has never loaded on user permission page #3244737
  
• TestSettingSummariesContentType has a few problems #3324901
  
• Don't allow {@inheritDoc} annotation in PHPDocBlocks #3327853
  
• Incorrect return type in LinkBase::getDefaultLabel() #3331438
  
• TypeError: Drupal\ckeditor5\HTMLRestrictions::__construct(): Argument #1 ($elements) must be of type array, Drupal\ckeditor5\HTMLRestrictions given #3326778
  
• [10.0.x backport] Fix PHPStan L1 error "Anonymous function has an unused use $foo." #3326371
  
• htmlspecialchars(): Passing null to parameter #1 ($string) of type string is deprecated #3310555
  
• Core FunctionalJavascript tests should not depend on Classy or Starterkit #3304378

Läs mer: https://www.drupal.org/project/drupal/releases/10.0.3

10.0.2

(säkerhetsutgåvan)
19 Januari 2023 - 170MB

• Drupal core - Moderately critical - Information disclosure - SA-CORE-2023-001 - The Media Library module does not properly check entity access in some circumstances. This may result in users with access to edit content seeing metadata about media items they are not authorized to access. The vulnerability is mitigated by the fact that the inaccessible media will only be visible to users who can already edit content that includes a media reference field.

Läs mer: https://www.drupal.org/project/drupal/releases/10.0.2

10.0.1

5 Januari 2023 - 170MB

• Update Twig to 3.5.0
  
• Fix failing "updated deps" test-runs by upping mglaman/phpstan-drupal to latest
  
• Reduce significantly PHPStan running time by enabling bleeding edge features
  
• Convert Module\InstallTest into a Kernel test
  
• Restructure core/modules/editor/tests/modules test modules
  
• TestCase::getMockClass() is deprecated in PHPUnit 9.6 and removed from PHPUnit 10
  
• Fix test mock related PHPStan 0 issues
  
• loadByProperties() shoud specify it does no access checking
  
• Update PHPStan to 1.9.3 and make daily "updated deps" QA jobs pass
  
• EntityTypeInterface::getGroup() doesn't explain what the group is
  
• OWASP link for useful HTTP headers is outdated
  
• Remove IE11 support from Umami
  
• Broken .eslintrc.legacy.json
  
• Explicitly test for pg_trgm extention in installer
  
• simplify logic in ConfigManager::getEntityTypeIdByName()
  
• Fix PHPStan L2 error "PHPDoc tag @throws with type Foo is not subtype of Throwable"
  
• Decide what to say very early in the installer if the site is below the absolute minimum
  
• Feature "Remember the last selection" for views exposed filters doesn't work anymore
  
• Stop unneeded cycles in ActionListBuilder::load
  
• Views 'Entity Operations' field crashes if on a non-required relationship
  
• Notice: Trying to access array offset on value of type null in Drupal\views\Plugin\views\display\EntityReference->query()
  
• Performance regression introduced by container serialization solution
  
• Remove obsolete -webkit-linear-gradient CSS
  
• Update JQuery to 3.6.3
  
• Invalid package.json in htaccess test fixtures
  
• Update PHPStan to 1.9.3 and make daily "updated deps" QA jobs pass
  
• DeprecatedServicePropertyTrait should point to 11.0
  
• Remove last remaining list() from core
  
• Upgrade Symfony dependencies to 6.2.2
  
• Remove dead code from Container::reset()
  
• Improve documentation and parameter naming for DateFormatter::dateFormat()
  
• \Drupal\FunctionalJavascriptTests\JSWebAssert::waitForHelper() should retry on more exceptions
  
• Add andy-blum as an official maintainer of Olivero
  
• $this->configFactory is not set properly in the constructor of \Drupal\system\Form\CronForm
  
• Regression: Testing non Drupal pages with WebdriverTestBase on 9.5 can be broken
  
• Add smustgrave as maintainer of telephone + text module

Läs mer: https://www.drupal.org/project/drupal/releases/10.0.1

10.0.0

(större version)
3 Januari 2023 - 170MBDrupal 10.0.0 enables continued stability and security for the longer term. All new features will be added to Drupal 10 going forward.

What's New

• Better looking on the frontend and backend: The new Olivero theme provides a modern look and feel. Olivero includes built-in support for multi-level menus and listings in responsive grids. The new administration theme, Claro, provides an accessible, clean interface for site management. The prior default themes Bartik and Seven are available as contributed projects if you wish to use them.
  
• CKEditor 5 is the new content editor: With CKEditor 4 reaching end of life at the end of 2023, it was time to upgrade. Thanks to a fantastic collaboration with its developers, Drupal 10 comes with CKEditor 5 built-in. The new version brings a modern editing experience with in-place controls and support for arbitrary input and output formats. For now, CKEditor 4 is also available as a contributed project, so you can continue using that for Drupal 10 for now until its end of support.
  
• Internet Explorer support is removed: Microsoft has ended support for Internet Explorer and so has Drupal. This allows Drupal themes to use modern solutions for user facing problems.
  
• Responsive grids in views: Views now supports a responsive grid display format. Instead of specifying the number of columns, and screen widths, users specify the maximum number of columns, the minimum grid cell width and the gutter spacing. When the grid cells resize to a point where they’re below the minimum width, the grid will reflow to have less columns. Alternatively, the grid will expand to fit in as many columns as permitted, while keeping the grid width above the minimum value. Dropping Internet Explorer 11 support enabled the addition of this feature.
  
• Starterkit theme generation tool: Drupal 10 introduces a new command line tool to generate a standalone theme from a compatible base theme. We recommend using the tool to prevent breaking a sub-theme when the base theme changes. Runtime theme extension is still supported, but only advised if you have full control of the base theme (e.g. by creating it with the starterkit command).
  
• Requires Symfony 6.2 and PHP 8.1: Drupal 10.0 depends on the Symfony 6.2 framework, and later Drupal 10 minor versions will be updated to future minor versions of Symfony 6. This sets Drupal up with the latest version of the underlying platform. As PHP 7 reached end of life on November 28, 2022, it was clear Drupal 10 must require at least PHP 8. Symfony 6.2 requires PHP 8.1 and choosing that version provides the best support timeline for Drupal 10 itself as well. PHP 8.2 is also fully supported.
  
• Non-essential features removed: The Quick Edit, Aggregator, HAL, RDF, and Color modules have been removed from core. They are available as contributed projects. This allows Drupal 10 to focus on the core strengths of the system.
  
• All features added since Drupal 9.0 are still here: Drupal 10.0.0 includes all of the features that were added to Drupal since 9.0, such as lazy image loading support for better frontend performance, WebP support in image styles, a dedicated Content Editor user role, "Manage permissions" tabs for entity bundles, and bundle classes on the PHP level for better code encapsulation, among many other improvements.
  
• Thousands of contributed projects ready at launch: Thanks to the diligent work of the Drupal community on automated code update tools, porting events and dedicated work on key projects over the past two and a half years, Drupal 10 launches with almost three thousand compatible extensions, 26% more than how many Drupal 9 launched with.

Läs mer: https://www.drupal.org/blog/drupal-10-0-0

9.5.11

(säkerhetsutgåvan)
22 September 2023 - 170MBSecurity

• Drupal core - Critical - Cache poisoning - SA-CORE-2023-006 - In certain scenarios, Drupal's JSON:API module will output error backtraces. With some configurations, this may cause sensitive information to be cached and made available to anonymous users, leading to privilege escalation. This vulnerability only affects sites with the JSON:API module enabled, and can be mitigated by uninstalling JSON:API.

Läs mer: https://www.drupal.org/project/drupal/releases/9.5.11

9.5.10

5 Juli 2023 - 170MB

• [CKEditor5] Missing dependency on drupal.ajax
  
• [random failure] Curl error thrown for http in JSWebAssertTest
  
• [random test failure] \Drupal\Tests\ckeditor5\FunctionalJavascript\MediaTest::testViewMode random fail
  
• Remove outdated @todo's pointing to #3135457
  
• Phpdoc for ResourceTypeRepositoryInterface::get return value is incomplete
  
• Add Lauri Eskola to Drupal core product managers
  
• Promote quietone and bnjmnm from provisional core committers to full core committers
  
• CKEditor 5 Style plugin configuration tab does not appear
  
• OEmbedIframeController returns an HTTP response code that can be cached by forward proxies when it is given illegal parameters
  
• [random test failure] MediaTest:: testEditableCaption()
  
• Allow ?edit[field_xyz] as query parameter in contextual filter
  
• hook_condition_info_alter is not documented
  
• PhpMail : broken mail headers in PHP 8.0+ because of LF characters
  
• [random test failure] MediaTest::testLinkManualDecorator()
  
• [regression] route defaults are now automatically route parameters
  
• EntityCreateAnyAccessCheck::access() too restrictive
  
• Entering a non-numeric value for a start row value in 'Multiple field settings' for a views field leads to a fatal error
  
• Remove webchick from MAINTAINERS.txt
  
• Entity stubs doesn't follows fallback logic from entities and leads to a broken migration
  
• Missing mapping for "nodereference_url" widget
  
• TypeError: Argument 1 passed to Drupal\Core\Entity\EntityViewBuilder::view() must implement interface Drupal\Core\Entity\EntityInterface, null given, called in core/modules/node/node.module on line 559
  
• Remove laminas-feed, laminas-escaper, and laminas-stdlib from drupal/core-recommended to allow Drupal 9.5 to be installed on PHP 8.2
  
• [needs backport] Library order asset weights do not work properly when a large number of javascript files is loaded between two jQuery UI libraries
  
• [needs backport] Library order asset weights do not work properly when a large number of javascript files is loaded between two jQuery UI libraries
  
• Improve how KernelTestBase manages its persistent key value storage
  
• Improve how KernelTestBase manages its persistent key value storage
  
• Document that "Base system" is maintained by the framework managers
  
• Correct vertical tab does not focus on form validation
  
• Do not use persist tag for keyvalue.memory in KernelTestBase
  
• Don't allow @inheritdoc (no curly braces) annotation in PHPDocBlocks
  
• Media library is showing 'is required message' while the user has no access to the field
  
• Add phtml files to the list of potentially malicious extensions
  
• Allow DELETE requests to return a response body*

Läs mer: https://www.drupal.org/project/drupal/releases/9.5.10

9.5.9

4 Maj 2023 - 170MB

• Fork laminas/laminas-diactoros
  
• Workaround for "Call to a member function getLabel() after enabling layout_builder"
  
• Enable 'Drupal.Commenting.DocComment.ShortSingleLine' coding standard
  
• Xss::filterAdmin() incorrectly filters datetime attribute
  
• Drupal 9 uses PHP syntax that's deprecated in PHP 8.2, so exclude that from error_reporting() and DeprecationListenerTrait
  
• Update guzzlehttp/psr7
  
• Fix method comments in tests for Drupal.Commenting.DocComment.ShortSingleLine
  
• Method documented to raise error while it actually does not
  
• Update @todo comment in \Drupal\Core\Database\StatementInterface::fetchObject
  
• Update PHPDoc for DataDefinition
  
• Fix method comments in non tests for Drupal.Commenting.DocComment.ShortSingleLine
  
• Fix spellcheck:make-drupal-dict
  
• Select form field values are hidden at narrow screen widths in Claro theme
  
• [random test failure] Try to un-skip and fix InlineBlockPrivateFilesTest::testPrivateFiles() in context of [#3353085]
  
• [random test failure] Try to un-skip and fix LayoutBuilderNestedFormUiTest::testAddingFormBlocksToOverrides in context of [#3353085]
  
• [random test failure] Try to un-skip and fix LayoutBuilderTest::testLayoutBuilderUi in context of [#3353085]
  
• [random test failure] Try to un-skip and fix LayoutBuilderNestedFormUiTest::testAddingFormBlocksToDefaults in context of [#3353085]
  
• [random test failure] Try to un-skip and fix BlockFormMessagesTest::testValidationMessage() in context of [#3353085]
  
• [random test failure] Try to un-skip and fix InlineBlockTest::testDeletion in context of [#3353085]
  
• [no random test failure] Try to un-skip and fix LayoutBuilderDisableInteractionsTest::assertContextualLinksClickable in context of [#3353085]
  
• [random test failure] Try to un-skip and fix ContextualLinksTest in context of [#3353085]
  
• Leftover D10 deprecations in the contextual module
  
• Document return value in \Drupal\locale\LocaleTranslation::getStringTranslation
  
• 'Is not equal to' operator ignored on exposed, grouped filter
  
• Remove tstoeckler from MAINTAINERS.txt
  
• Olivero: Toggle Nav does not always open and produces error Uncaught TypeError: Cannot read properties of null (reading 'classList') in console
  
• Do not use direct configuration changes in LanguageNegotiationSessionTest
  
• @return docs for WorkflowTypeInterface::getTransitionsForState() are wrong
  
• Fix functions and test modules for Drupal.Commenting.DocComment.ShortSingleLine
  
• Fix class comment doc blocks in tests for 'Drupal.Commenting.DocComment.ShortSingleLine'
  
• \Drupal\language\LanguageNegotiator does not handle PluginNotFoundException and break the site completely
  
• incorrect example code in Token docs
  
• [random test failure] Drupal\Tests\layout_builder\FunctionalJavascript\LayoutBuilderUiTest::testReloadWithNoSections()
  
• Contextual links are not sorted by weight, contrary to documentation
  
• Run yarn build:css in core/scripts/dev/commit-code-check.sh whenever core/package.json and/or core/package.lock change
  
• Skip Drupal\Tests\media\FunctionalJavascript\MediaSourceFileTest
  
• Skip Drupal\Tests\ckeditor5\FunctionalJavascript\MediaLibraryTest
  
• Skip Drupal\Tests\layout_builder\FunctionalJavascript\ContextualLinksTest
  
• Skip numerous functional JS tests that repeatedly break HEAD
  
• ToolbarController::preRenderGetRenderedSubtrees() deletes parent's cacheability
  
• EntityReference ViewsSelection::stripAdminAndAnchorTagsFromResults() should call Element::children($results)
  
• copyRawVariables should support default route parameters
  
• HtmlResponseAttachmentsProcessor::processAttachments should reference processing placeholders
  
• Update webpack
  
• Document how contrib hook_update_N() should be numbered now that modules can be compatible with multiple major branches and versioned semantically
  
• Improve preview usability
  
• .m4a files should use audio/mp4 MIME type, not audio/mpeg
  
• "Add or select media" not translated
  
• dropbuttons get weird white line when font size is changed and at at various zoom settings
  
• Duplicated summary item when linking to content with the MediaThumbnailFormatter
  
• Claro: fix size of H3 elements in status report
  
• Code error url fragment: wrong array key: key #fragment should be fragment
  
• Installing a module causes translations to be overwritten
  
• Use temporary redirect for RFC5785 change password well known resource
  
• Improper use of aria-label in "System Powered By" block
  
• Create a README.md file in Olivero theme to explain the name of the theme
  
• Queue API topic and hook_queue_info() don't link to one another
  
• Secondary tabs not accessible if more than X on screen size Y
  
• CsrfAccessCheck docblock extremely out of date
  
• Update the outdated user_help text for user.admin_permissions and the description of the select box on the role settings page
  
• ListItemBase::generateSampleValue() white screen when options list is empty
  
• Uncaught exception in link formatter if a link field has malformed data
  
• Module constraint checks fail incorrectly due to str_replace
  
• CKEditor 5 content squashed in off-canvas sidebar
  
• Htaccess rewrite rules for gzipped CSS and JavaScript aggregates never match
  
• Unneccessary bitwise operation for file permissions check on Windows
  
• No error messages are shown for applied validation on a view exposed filter with on "AJAX"
  
• Not optimal query in DatabaseBackend::garbageCollection()
  
• Deprecations for PHP 8.1 get_class() and get_called_class() without argument
  
• AJAX commands documentation is misleading when working with render arrays
  
• Required summary element hidden when other text-with-summary fields do not require summary
  
• Improve handling of invalid input in time zone abbreviation to TZID route
  
• \Drupal\taxonomy\Plugin\views\field\TermName::getItems should work with links
  
• Fix for Unit Test on Windows
  
• BatchNegotiator tests for an invalid route
  
• DateTime::__construct(): Passing null to parameter #1 ($datetime) of type string is deprecated
  
• [regression] Inaccessible language switcher links are removed before alternatives can be provided
  
• Incorrect totals count when importing config that contains a theme uninstall
  
• Setting media field to loading="eager" doesn’t work when using the media_thumbnail field formatter

Läs mer: https://www.drupal.org/project/drupal/releases/9.5.9

9.5.8

19 April 2023 - 170MBSecurity

• Drupal core - Moderately critical - Access bypass - SA-CORE-2023-005 - The file download facility doesn't sufficiently sanitize file paths in certain situations. This may result in users gaining access to private files that they should not have access to. Some sites may require configuration changes following this security release. Review the release notes for your Drupal version if you have issues accessing private files after updating.

Läs mer: https://www.drupal.org/project/drupal/releases/9.5.8

9.5.7

24 Mars 2023 - 170MBBug Fixes and Changes

• Revert "Issue #3344083 by longwave, ricardofaria, lauriii, Wim Leers, catch: Update CKEditor 5 to 36.0.1"

Läs mer: https://www.drupal.org/project/drupal/releases/9.5.7

9.5.6

24 Mars 2023 - 170MBBug Fixes and Changes

• Update CKEditor 5 to 36.0.1
  
• Update CKEditor 4 to 4.21.0
  
• [regression] Language switcher block throws exception when no route is matched
  
• Add an API docs topic to cover entity characteristics in general and how they work
  
• Only show link to taxonomy overview when user has access
  
• Promote nod_ and justafish to full JavaScript package committers, and add them as provisional frontend framework managers
  
• Add an API docs topic to cover entity characteristics in general and how they work
  
• Link HTTP header should not be HTML-encoded
  
• Warning on AJAX call when changing the breakpoint_group field value of a responsive image style
  
• Views more link container theme suggestions are in the wrong order
  
• Validating managed files should account for null triggering elements
  
• EntityTypeInterface is overly prescriptive about 'required' link relationships
  
• Update UN official language list source
  
• Document why CORE_COMPATIBILITY is still 8.x in higher branches
  
• Layout builder filter leaves blank space
  
• Added TermForm::getParentIds for allowing to override in contrib
  
• Role permissions are not sorted when saving via admin/people/permissions
  
• #states cannot check/uncheck checkboxes elements
  
• UserInterface::getPassword() can return NULL
  
• preg_split in _filter_url breaks for long html tags
  
• InvocationMocker::withConsecutive() is deprecated in PHPUnit 9.6 and removed from PHPUnit 10 - easy replacements
  
• Drupal\Tests\datetime\Functional\DateTimeWidgetTest fails when run at midnight
  
• SessionConfiguration::getCookieDomain() return value doc is incorrect
  
• After using select to change plugin or region, element loses focus and page scrolls to bottom
  
• [PHP 8.1] Deprecated function: strpos(): Passing null to parameter #1 LayoutBuilderUiCacheContext.php on line 28
  
• Document the correct web-root default value
  
• Remove obsolete code from Drupal\sqlite\Driver\Database\sqlite\Statement
  
• Outbound path processors cannot override the specified URL fragment
  
• Views pagers do math on disparate data types, resulting in type errors in PHP 8
  
• Update documentation of PathBasedBreadcrumbBuilder
  
• Early rendering issue in big_pipe_page_attachments() for controllers returning Response objects
  
• XSS::filter and filter_xss can create malformed attributes when you would expect them to be stripped
  
• Drupal\migrate\Plugin\migrate\source\SourcePluginBase::rewind() is rewinding database statements
  
• Allow switching to any workspace in CLI requests
  
• Improve documentation of hook_theme_suggestions_HOOK()
  
• Documentation of CacheTagsChecksumTrait::invalidateTags refers to a non-existant method
  
• StorageComparer does not work when storages are not in the default collection
  
• Change SelectComplexTest::testDistinct to test the distinct values not the count
  
• Use Xss::filter() for the view title to ensure that the preview matches the actual display
  
• 'node' variable in page.html.twig is not available on preview node page
  
• Entity storage exception during module install missing !message parameter in watchdog_exception() call
  
• A route with a default title of 0 does not work
  
• Local variable $additional_headers in PhpMail is confusing, rename to $additional_params

Läs mer: https://www.drupal.org/project/drupal/releases/9.5.6

9.5.5

(säkerhetsutgåvan)
16 Mars 2023 - 170MBSecurity

• Drupal core - Moderately critical - Information disclosure - SA-CORE-2023-002 - The Media module does not properly check entity access in some circumstances. This may result in users seeing thumbnails of media items they do not have access to, including for private files. This release was coordinated with SA-CONTRIB-2023-010.
  
• Drupal core - Moderately critical - Information disclosure - SA-CORE-2023-003 - The language module provides a Language switcher block which can be placed to provide links to quickly switch between different languages. The URL of unpublished translations may be disclosed. When used in conjunction with a module like Pathauto, this may reveal the title of unpublished content.
  
• Drupal core - Moderately critical - Access bypass - SA-CORE-2023-004 - Drupal core provides a page that outputs the markup from phpinfo() to assist with diagnosing PHP configuration. If an attacker was able to achieve an XSS exploit against a privileged user, they may be able to use the phpinfo page to access sensitive information that could be used to escalate the attack. This vulnerability is mitigated by the fact that a successful XSS exploit is required in order to exploit it.

Läs mer: https://www.drupal.org/project/drupal/releases/9.5.5

9.5.4

1 Mars 2023 - 170MB

• Refactor ContextualUnitTest to use a data provider #3185183
  
• Views pager is using exposed_raw_input instead of exposed_input #2865401
  
• The Symfony method Request::setTrustedHosts() is a static method, we use it as non-static #3276939
  
• Update hook_node_grants docs to remove role ID reference, since it is no longer an integer #2910181
  
• Aggregator page contents could be empty due to missing cache context #3273876
  
• #ajax 'options' property is undocumented #3324726
  
• Improve test coverage of the flood memory backend test and convert it to a unit test #2106939
  
• Fix commit-code-check.sh on DrupalCI #3343495
  
• Bundle restrictions from a route do not apply to revisionable entities #3317744
  
• Improve documentation on $is_syncing #3216430
  
• Custom role with all numeric name results in fatal error after assigning to user #2890726
  
• Umami demo: Tour popup close button hover effect movement #3256002
  
• States API: Empty/Filled state with number does not update when using spinner #3181634
  
• Contextual Links do not respect parameters in the destination #2738547
  
• Promote non-stable modules to the top of the list at admin/modules/uninstall form #3270378
  
• EntityTestAccessControlHandler allows viewing an unpublished entity #3179850
  
• TimeInterval plugin should not handle empty values #1956466
  
• Role permissions not sorted in config export #3039499
  
• [Needs backport] Uncaught RfcComplianceException when email From name contains a comma #3226117
  
• Incorrect sprintf parameter usage #3328694
  
• #states defaultTrigger oldValue is out of date if values are updated via a state trigger #2498791
  
• Fix comment with a plural possessive typo in PluginBase.php #3283930
  
• Update variable type PHPDoc in _responsive_image_build_source_attributes function #3312883
  
• Potentially speed up LinkFieldTest #3300957
  
• Increase the delta of the "weight" field to support reordering more than 20 blocks in a section #3077646
  
• PHP 8.1 Return type of DeprecatedArray::unserialize() and ::serialize() #3283351
  
• DrupalKernelInterface methods & DrupalKernel::sitePath should document the format of a site path #3209468
  
• DrupalKernelInterface methods & DrupalKernel::sitePath should document the format of a site path #3209468
  
• Improve documentation for BookManagerInterface::saveBookLink() #2985165
  
• Improve GenerateThemeTest #3281193
  
• MultiFormTest not executing #3103240
  
• HTML entities in Tour tip labels get double-escaped #3255895
  
• Incorrect EntityType::$label_count type documentation #3261347
  
• Fix inaccurate return types in user module #3326493
  
• Warning when building an empty workspace tree #3154084
  
• Fix descriptive text in Depth view filter #3339251
  
• Correct return typehint on BlockPluginTrait::blockAccess() #3332630
  
• Claro: Undefined array key "expose_button" #3333664
  
• ResourceTestBase::setUpAuthorization references wrong permission grant methods #3231184
  
• document run-tests.sh as not intended for public consumption #3228531
  
• Deprecated function: strpos() in layout_builder_entity_view_alter #3324574
  
• Error Phpunit test 9.5.x: PHP 8.1 & pgsql-14.1 : Passing an escaped locator to the named selector is deprecated as of 1.7 #3335343
  
• Add documentation for path_processing option to URLGeneratorInterface #3132334
  
• Content Moderation fatals when a moderated entity is re-saved on hook_insert() #3181439
  
• Incorrect use of FormattableMarkup in logger messages #3339400
  
• $install_state['settings_verified'] incorrectly set when config_sync_directory is missing #3247553
  
• Remove mtift from MAINTAINERS.txt #3328711
  
• Allow authors and editors to edit page layouts in Umami #3219967
  
• Add conflict on PHPUnit ^9.6 to Drupal 9 #3339854
  
• EntityDefinitionUpdateManagerInterface docblock improvement #3099085
  
• LibraryDiscoveryParser::buildByExtension() is missing @throws tags #2822575
  
• Remove migration of shortcuts from menu_link migration #3152943

Läs mer: https://www.drupal.org/project/drupal/releases/9.5.4

9.5.3

2 Februari 2023 - 170MB

• Update Symfony to v6.2.6 / v4.4.50 #3338301
  
• hook_theme() docs for path are inaccurate #2867796
  
• Make the AccessResult API even clearer #3087868
  
• CSpell dictionary is out of sync #3337327
  
• Claro: Select list chevron-down icon is showing on wrong position in RTL dir in views #3336002
  
• Can't run tests with XDEBUG_CONFIG set to empty string #3178919
  
• Unable to uninstall base theme and subtheme via config sync at the same time #3001430
  
• Unable to uninstall base theme and subtheme via config sync at the same time #3001430
  
• Fix grammar ("an URL" should be "a URL") and consistent use of URL (not "url" / "Url") in documentation only #2574981
  
• Uncaught TypeError: this.$pluginSelect.find(...)[0] is undefined #3305706
  
• Fix LanguageNegotiationMethodInterface::getLangcode() result docblock #3126127
  
• Missing schema for comment_link_approve views field configuration #3294619
  
• Remove outdated @todo from the Locale module #3092672
  
• Cron queue gets processed every time cron is called, regardless of whether it's already being processed elsewhere #1875020
  
• PHP 8.2 Creation of dynamic property Drupal\pgsql\Driver\Database\pgsql\Select::$alterMetaData is deprecated #3328005
  
• A minor code comment mistake in NodeFieldAccessTest.php #3334679
  
• Fix or ignore words that start with "v", excluding real non-English words #3185640
  
• Don't allow {@inheritDoc} annotation in PHPDocBlocks #3327853
  
• File Inclusion issue security hardening #3191389
  
• Blocks that have #attached set removed after upgrade #3333858
  
• Select queries do not escape the GROUP BY fields #3191623
  
• Fix spelling for words used once, beginning with 'e' -> 'i', inclusive #3219472
  
• Media thumbnail dimensions are wrong for YouTube videos #3088168
  
• BlockedIp::import violates MigrateDestinationInterface::import #3260391
  
• Cron links point to D7 documentation #3332712
  
• Documentation conflict re: affected rows vs. matched rows #3248575
  
• views_ui LibraryCachIngTest is failing randomly #3317938
  
• Upgrade yarn dependencies to fix vulnerabilities shown by yarn audit #3332447
  
• Nothing clears the "5 failed login attempts" security message when a user resets their own password #992540
  
• PathAliasManager could not find the alias by the internal path #3226334
  
• The $entity_type property is protected, so fix views.api.php sample code to use a getter #3327974
  
• View combine filter operator "Is not equal to" use the same operator as "Is equal to" #3323353
  
• Remove unused variable $translation from BulkFormTest #3331900
  
• commit-code-check.sh gives unclear output when CSS is not properly rebuilt #3331818
  
• "core/drupal.checkbox" (misc/checkbox.js) has never loaded on user permission page #3244737
  
• TestSettingSummariesContentType has a few problems #3324901
  
• Incorrect return type in LinkBase::getDefaultLabel() #3331438
  
• SSTI possible via translation of "Language" in CKEditor Language plugin #3331205
  
• htmlspecialchars(): Passing null to parameter #1 ($string) of type string is deprecated #3310555

Läs mer: https://www.drupal.org/project/drupal/releases/9.5.3

9.5.2

(säkerhetsutgåvan)
19 Januari 2023 - 170MB

• Drupal core - Moderately critical - Information disclosure - SA-CORE-2023-001 - The Media Library module does not properly check entity access in some circumstances. This may result in users with access to edit content seeing metadata about media items they are not authorized to access. The vulnerability is mitigated by the fact that the inaccessible media will only be visible to users who can already edit content that includes a media reference field.

Läs mer: https://www.drupal.org/project/drupal/releases/9.5.2

9.5.1

5 Januari 2023 - 170MB

• Log the exception rather than aborting the update if a configuration item does not exist in system_post_update_sort_all_config()
  
• Restructure core/modules/editor/tests/modules test modules
  
• TestCase::getMockClass() is deprecated in PHPUnit 9.6 and removed from PHPUnit 10
  
• loadByProperties() shoud specify it does no access checking
  
• Update Twig to 2.15.4
  
• EntityTypeInterface::getGroup() doesn't explain what the group is
  
• OWASP link for useful HTTP headers is outdated
  
• Fix PHPStan L2 error "PHPDoc tag @throws with type Foo is not subtype of Throwable"
  
• Decide what to say very early in the installer if the site is below the absolute minimum
  
• Feature "Remember the last selection" for views exposed filters doesn't work anymore
  
• Stop unneeded cycles in ActionListBuilder::load
  
• Views 'Entity Operations' field crashes if on a non-required relationship
  
• Notice: Trying to access array offset on value of type null in Drupal\views\Plugin\views\display\EntityReference->query()
  
• Performance regression introduced by container serialization solution
  
• Update JQuery to 3.6.3
  
• Invalid package.json in htaccess test fixtures
  
• [9.5.x backport] $this->configFactory is not set properly in the constructor of \Drupal\system\Form\CronForm
  
• Remove last remaining list() from core
  
• Remove dead code from Container::reset()
  
• Improve documentation and parameter naming for DateFormatter::dateFormat()
  
• \Drupal\FunctionalJavascriptTests\JSWebAssert::waitForHelper() should retry on more exceptions
  
• Add andy-blum as an official maintainer of Olivero
  
• Regression: Testing non Drupal pages with WebdriverTestBase on 9.5 can be broken
  
• Add smustgrave as maintainer of telephone + text module

Läs mer: https://www.drupal.org/project/drupal/releases/9.5.1

9.5.0

(större version)
16 December 2022 - 170MBThe fifth and final feature release of Drupal 9 brings a stable CKEditor 5 module, a command line theme generator and helps prepare for your update to Drupal 10. Bugfixes will be provided for Drupal 9.5 until June 2023 and security fixes will be provided until November 2023.

What's New

• CKEditor 5 support is now stable: Drupal 9.5.0 is the only feature release of Drupal that includes both a stable CKEditor 4 integration (labeled as the "CKEditor" module) and stable CKEditor 5 integration (exposed as a separate "CKEditor 5" module). CKEditor 4 has been removed from Drupal 10 and moved to a contributed project. The support overlap in Drupal 9.5.0 allows users to move to CKEditor 5 ahead of their Drupal 10 upgrade. (Sites may also install the CKEditor contributed project before upgrading to Drupal 10, but should take note that its security support will still likely end in November 2023.)
  
• Starterkit theme and theme generator are stable: The Starterkit theme is used as a basis to generate new standalone themes with the theme generator command line tool, rather than being extended at runtime like the Classy core base theme. Currently, the markup provided by the Starterkit theme is the same as Classy's, but its markup will be improved in future minor releases (whereas Classy's can't).
  
• Several themes and modules are deprecated: Drupal 9.5 deprecates numerous themes and modules that will no longer be a part of Drupal 10 core. Altogether the Bartik, Seven, Classy, and Stable themes have been deprecated, and the Aggregator, CKEditor (4), Color, HAL, Quick Edit, and RDF modules are all deprecated. (Some of these were initially deprecated in 9.4.)

Läs mer: https://www.drupal.org/blog/drupal-9-5-0

9.4.9

8 December 2022 - 170MB

• Correct the type of $pattern in DateFormat #2314645
  
• Remove unused help text in UserViewsData #3265724
  
• Referenced method in NoCorrespondingEntityClassException docblock does not exist #3303329
  
• FieldableEntityNormalizerTrait::extractBundleData() has incorrect return type #3174108
  
• Fix class comment doc blocks in non tests 'Drupal.Commenting.DocComment.ShortSingleLine' #3268818
  
• Fix wording in BROWSERTEST_OUTPUT_BASE_URL comment #3159842
  
• Terms lose as the parent when editing #2898903
  
• EntityInterface::toLink() $text documented as string|null actually also accepts an render array #3322485
  
• Views Roles Contextual Filters Multiple Option not saving #3318108
  
• Fatal error on config form with translation enabled when config is missing #2925297
  
• SQLite database locking errors cause fatal errors #1120020
  
• Update CKEditor 5 to 35.3.2 to fix voice control/IME on some platforms #3283802
  
• Fix PHPStan L2 error "PHPDoc tag @return with type Foo is incompatible with native type void." #3322763
  
• hook_views_pre_view incorrect documentation example #2689923
  
• Multiple webheads can cause infinite growth of Twig cache #3032078
  
• Saving media entity without an owner crashes #3260175
  
• CKEditor 5 Duplicated constants in assert statement #3321771
  
• Use cacheBackend->setMultiple in ContentEntityStorageBase::setPersistentCache #3164428
  
• Uncaught exception when data-caption contains markup upcasting to a model element #3276213
  
• update ckeditor5 to v35.3.1 #3321191
  
• NodeCreationTrait::createNode() doesn't work in kernel tests without the Filter module #3010132
  
• Exceptions in post updates are very broken since #3295625 #3319839
  
• Rename CKE5 button tooltip "Insert Drupal Media" to "Insert Media" #3319735
  
• Bump REQUEST_TIME deprecation to Drupal 11 #3318985
  
• Removing XssTest causes test failures due to UrlHelper's static $allowedProtocols #2503063
  
• Aggregation of nid when using COUNT produces syntax error #3247121
  
• Update CKEditor 5 to 35.3.0 #3318867
  
• CKEditor 5 plugin definitions should be derivable #3313473
  
• updb error processMultivalueBaseFieldHandler() #3145501
  
• Random fail in Drupal\Tests\quickedit\FunctionalJavascript\CKEditor5IntegrationTest::testArticleNode() on 9.4 and 9.5 #3317515
  
• Make run-tests.sh select all the required tests when testgroups: has more than one value #3251817
  
• ContextDefinition::isSatisfiedBy does not take into account cardinality #3314469
  
• Update CKEditor 5 to 35.2.1 #3313946
  
• Stabilize FunctionalJavascript testing AJAX: make ::setValue() trigger both "input" and "formUpdated" events #3316816
  
• Bring back temporary tables (Connection::queryTemporary()) #3312641
  
• Performance improvement for importing of project translations #3074765
  
• Follow-up for #3231334: global attributes should result in HTMLRestrictions becoming simplified #3314478
  
• Drupal\FunctionalJavascriptTests\Tests\JSWebAssertTest randomly fails #3316224
  
• Random fail in Drupal\Tests\layout_builder\FunctionalJavascript\InlineBlockPrivateFilesTest #3315490
  
• Fix 'should return {type} but return statement is missing' PHPStan L0 errors in test code #3309047
  
• Random fails in Drupal\Tests\ckeditor5\FunctionalJavascript\AdminUiTest and Drupal\Tests\ckeditor5\FunctionalJavascript\CKEditor5Test #3315319
  
• Random fail in Drupal\Tests\media_library\FunctionalJavascript\WidgetUploadTest #3315753
  
• Fix 'Cannot unset offset' PHPStan L0 errors #3259109
  
• Remove duplicate JSWebWithWebDriverAssertTest #3315362
  
• Drupal\Tests\views\FunctionalJavascript\Plugin\views\Handler\FilterTest is failing a lot at the moment #3315227
  
• dragTo random fails for example DrupalTestsfield_uiFunctionalJavascriptManageDisplayTest #3314710
  
• CKEditor 4 → 5 upgrade path may trigger warnings in some edge cases, making upgrade path tests impossible #3314511
  
• Remove unnecessary fill from SVG icon for the "Media Library" CKEditor 5 button — enabling dark mode support in contrib #3314541
  
• EntityTestRev has duplicate view_builder annotation entries #3314353
  
• Claro: "Spinner" loading icon not vertically aligned properly #3308733
  
• Add i18n_taxonomy_term_reference_plain to TaxonomyTermReference #3314134
  
• Claro: Highlight dependency errors on admin/modules page #3311776
  
• JsonApiDocumentTopLevelNormalizerTest::generateProphecies called with extra arguments #3280302
  
• [drupalMedia] MediaImageTextAlternativeUi has an extraneous border on the "cancel" button #3276469
  
• Views FilterPluginBase::groupForm double translates group item label strings #3284983
  
• Field mapping options in media type form are not sorted correctly #3251647

Läs mer: https://www.drupal.org/project/drupal/releases/9.4.9

9.4.8

7 Oktober 2022 - 170MB

• MigrateException documentation for class properties should link to where values are defined
  
• Issue #3165010 follow-up: Using the layout builder discard changes button should ignore any input and skip validation
  
• Small correction needed in ThemeInstallerInterface::uninstall() docblock
  
• Using the layout builder discard changes button should ignore any input and skip validation
  
• Fix test performance of Drupal\Tests\workspaces\Functional\WorkspacesUninstallTest
  
• Make it easy to run only tests for one specific core module
  
• Allow other CKEditor 5 plugins to rerender drupal-media when their attribute changes
  
• Date Only field shows incorrect default value when UTC date is different than user's date
  
• Document that more specific hooks might be called before the primary hook depending on the module names
  
• Convert remaining assertions involving use of xpath to WebAssert, where possible
  
• Move driver specific database Unit tests to their modules
  
• Improve Batch API $context['sandbox'] documentation
  
• Harden error logging of OEmbed thumbnail fetching logic (YouTube errors contain special characters)
  
• CategorizingPluginManagerTrait::getSortedDefinitions() sometimes returns plugins in the incorrect order if they have categories or labels translated
  
• ViewsExecutable->exposed_widgets has wrong variable type in definition
  
• "A(n) object was thrown while attempting to stub." Hard to debug migration message
  
• Broken issue links in @todos
  
• HTMLRestrictions should not allow because that is equivalent to
  
• Incorrect label in taxonomy glossary for terms that start with zero
  
• Default values are not displayed for image fields placed in Layout Builder
  
• Form alter hook called twice for views forms without view arguments
  
• MySQL Module - Help page directs user to a 404 (page not found) and a number of other modules as well
  
• LogMessageParser::parseMessagePlaceholders() needs to switch bang placeholder to colon placeholder
  
• Broken "Allowed Tags" updating: after all values for an attribute are allowed, it should not be overridden to allow only certain attribute values
  
• CacheableDependencyInterface::getCacheMaxAge does not document \Drupal\Core\Cache\Cache::PERMANENT
  
• Make CKEditor5PluginDefinition::getElements() consistent with CKEditor5PluginDefinition::get*()
  
• Add ckeditor5-stylesheets: false to Claro and Olivero (and fix it)
  
• Contrast perception issues with icons including low-opacity fills
  
• Audit of CKEditor 5 @todo items
  
• Allow using images from external source
  
• Olivero's blockquote pseudo-element decoration *sometimes* does not display properly
  
• Race condition with automatic deploy steps on ConfigImporter
  
• Update Editor + CKEditor 5 module to not use CKEditor 4 in tests
  
• Skip DownloadTest on SQLite
  
• [GHS] Custom/unofficial HTML tags not retained: , ,
  
• Configuration overlaps between Styles and other CKE5 plugins
  
• Simplify HtmlRestrictions and FundamentalCompatibilityConstraintValidator now that "forbidden tags" are deprecated
  
• Drupal 8 BC for database driver namespace fails for replicas
  
• Update CKEditor 5 to 35.1.0
  
• EntityListBuilderTest: @coversDefaultClass is incorrect
  
• Incorrect namespace in comment in EntityAutocomplete.php
  
• Comment being deleted instead of reassigned to Anonymous user

Läs mer: https://www.drupal.org/project/drupal/releases/9.4.8

9.4.7

29 September 2022 - 170MBSecurity

• Drupal core - Critical - Multiple vulnerabilities - SA-CORE-2022-016 - Drupal uses the Twig third-party library for content templating and sanitization. Twig has released a security update that affects Drupal. Twig has rated the vulnerability as high severity. Multiple vulnerabilities are possible if an untrusted user has access to write Twig code, including potential unauthorized read access to private files, the contents of other files on the server, or database credentials. The vulnerability is mitigated by the fact that an exploit is only possible in Drupal core with a restricted access administrative permission.

Läs mer: https://www.drupal.org/project/drupal/releases/9.4.7

9.4.6

21 September 2022 - 170MB

• [drupalMedia] alt_field setting on "Image" media not respected
  
• Status report should warn about OPcache bug in PHP 8.1.0 to 8.1.5
  
• Fix \Drupal\Tests\Core\Test\TestSetupTraitTest::testChangeDatabasePrefix() on PHP 8.2
  
• Update NoJavaScriptAnonymousTest to use Standard profile instead of listing modules
  
• Olivero: When in Safari, clicking "X" when search is open does not collapse the search
  
• Hide "Image" label for Scale crop 7:3 large and Responsive 3x2 image display modes
  
• CKEditor + HTML filter UX broken on Claro: "Based on the text editor configuration, these tags have automatically been added:" message never appears
  
• Fix intermittently failing Settings Tray Functional Javascript tests
  
• Fix intermittent failure in AjaxBlockTest
  
• HTMLRestrictions::mergeAllowedElementsLevel() fails when merging
  
• Create Starterkit readme
  
• [random test failure] Restore ContentPreviewToggleTest::testContentPreviewToggle()
  
• HTMLRestrictions::fromString() bug: multiple occurrences of same tag results in only last one being respected
  
• generate-theme scripts fails in a ddev environment
  
• Fix ProtectedUserFieldConstraintValidatorTest to not trigger deprecations on PHP 8.2
  
• Add vendor-update command to the build command for JS assets
  
• Regression in functional test performance with a large number of modules
  
• Views preview doesn't pass 0 to context filters
  
• 'Get' Process plugin should handle multiple
  
• @return of Section::getComponents should document array key
  
• unclear explanation of 'path' in hook_theme() docs
  
• Sort sniffs/rules in phpcs.xml.dist and write test to keep them sorted
  
• Get CKEditor 5 to work in (modal) dialogs
  
• Upgrade path from CKEditor 4's StylesCombo to CKEditor 5's Style
  
• Update terser and terser-webpack-plugin to the latest versions
  
• Update jQuery UI to the latest versions

Läs mer: https://www.drupal.org/project/drupal/releases/9.4.6

9.4.5

(säkerhetsutgåvan)
3 Augusti 2022 - 170MB

• Update CKEditor 5 to 35.0.1
  
• Warnings generated when using an optimized autoload file with Composer 1.10 / Composer 2
  
• Fix failed test on `symfony/http-foundation` 4.4.44/6.1.3 and later
  
• Term creation fail with php 8 when override_selector = TRUE
  
• Link options attributes removed on save

Läs mer: https://www.drupal.org/project/drupal/releases/9.4.5

9.4.4

29 Juli 2022 - 170MB

• Update Diactoros lock file version
  
• Remove the "replace" section from core/composer.json
  
• Follow-up to #3268983: Move test case to correct group
  
• HtmlFormController's contructor says it constructs a new \Drupal\Core\Routing\Enhancer\FormEnhancer object
  
• Update the description given for $form_id
  
• Wrong documentation since Drupal 8 for 'initial_form_field'
  
• Docblock of BaseFieldDefinition::setDisplayOptions still mentions setting type = hidden instead of region = hidden
  
• UncaughtExceptionTest is not working when using recommended-project
  
• Test unit behavior of EntityStorageBase::load(), loadMultiple() with invalid ID, UUID
  
• Fix 'Access to an undefined property' PHPStan L0 errors in test code
  
• Remove test that tests drupal/core-composer-scaffold when it is not allowed
  
• Drupal >=8.2.x doesn't allow to override all cache bins with $settings['cache']['default'] anymore, documentation says otherwise
  
• Testing system should explain why Guzzle responses can be unreadable
  
• Html::load() inconsistent space removal with old libxml2 versions
  
• Make the CKEditor 4 → 5 upgrade path work even when the CKEditor 4 module is removed
  
• [9.4 ONLY] Lower RECOMMENDED_PHP to 8.0
  
• Use $defaultTheme for using views_test_classy_subtheme
  
• Messages upon switching to CKEditor 5 are overwhelming
  
• [regression] FilterHtml throws Unsupported operand types error when * used in tag attribute
  
• Fix outdated references to form_type_checkboxes_value()
  
• CKEditor 5 plugins needing more complex conditions: point to handbook page
  
• Update TranslationWrapper deprecation to removal in 11.0.0
  
• Ensure Editor config entities using CKEditor 4 only store plugins settings for actually enabled plugins
  
• Use getStorage('taxonomy_term') instead of getStorage('taxonomy_vocabulary')
  
• On the user interface translation page the outline of all four focusable elements in the filter translatable strings fieldset lacks the left border
  
• Defaults not working for grouped filter with multiple selections
  
• Document \Drupal\Core\Template\TwigExtension::getPath $parameters argument as optional
  
• Notice in logs when setting invalid translation config for a content type
  
• FieldUiTestTrait::fieldUIAddExistingField() can randomly fail in javascript tests when no label is provided
  
• Handle NULL for data blob in User source plugin
  
• TermName views argument_validator is not working as expected
  
• Menu UI node type form documentation points to non-existent function
  
• Document that block_content entities are not designed to be displayed outside of blocks
  
• User::setExistingPassword() does not return $this for chaining
  
• Minor typo in @see reference ("ManyTonOneHelper")
  
• Fix inaccurate code comment in Media.php

Läs mer: https://www.drupal.org/project/drupal/releases/9.4.4

9.4.3

(säkerhetsutgåvan)
21 Juli 2022 - 170MBSecurity

• Drupal core - Moderately critical - Information Disclosure - SA-CORE-2022-012 - In some situations, the Image module does not correctly check access to image files not stored in the standard public files directory when generating derivative images using the image styles system.
  
• Drupal core - Moderately critical - Access Bypass - SA-CORE-2022-013 - Under certain circumstances, the Drupal core form API evaluates form element access incorrectly. This may lead to a user being able to alter data they should not have access to. No forms provided by Drupal core are known to be vulnerable. However, forms added through contributed or custom modules or themes may be affected.
  
• Drupal core - Critical - Arbitrary PHP code execution - SA-CORE-2022-014 - Drupal core sanitizes filenames with dangerous extensions upon upload (reference: SA-CORE-2020-012) and strips leading and trailing dots from filenames to prevent uploading server configuration files (reference: SA-CORE-2019-010). However, the protections for these two vulnerabilities previously did not work correctly together. As a result, if the site were configured to allow the upload of files with an htaccess extension, these files' filenames would not be properly sanitized. This could allow bypassing the protections provided by Drupal core's default .htaccess files and possible remote code execution on Apache web servers.
  
• Drupal core - Moderately critical - Multiple vulnerabilities - SA-CORE-2022-015 - The Media oEmbed iframe route does not properly validate the iframe domain setting, which allows embeds to be displayed in the context of the primary domain. Under certain circumstances, this could lead to cross-site scripting, leaked cookies, or other vulnerabilities.

Läs mer: https://www.drupal.org/project/drupal/releases/9.4.3

9.4.2

8 Juli 2022 - 170MB

• Composer v2.2 prompts to authorize another plugin when stability=dev
  
• PHP Notice logged when switching "Configuration type" in single configuration export screen
  
• Slow query in titleQuery Vid.php
  
• Composer v2.2 prompts to authorize pluginsile
  
• "Wierd" assertion in \Drupal\Tests\Views\Functional\Wizard\BasicTest
  
• Remove @todo in InlineBlockEntityOperations constructor
  
• Incorrect ckeditor5.plugin.media_media schema label
  
• Add Project Browser intitative to MAINTAINERS.txt
  
• Fixing missing use statement in ConfigOverrider test class
  
• Refactor ToolkitGdTest
  
• Decorated services crash on serialization
  
• Fix PSR4 path for database driver
  
• \Drupal\Core\Composer\Composer::preAutoloadDump contains duplicate if statement
  
• Handle NULL for max_filesize_per_file in d6\FieldInstanceSettings::convertSizeUnit
  
• Profile paths are not updated after moving them to other directories
  
• Fix var tag on recent commit
  
• "Create content" link within Olivero's "Getting started" page doesn't account for base directory
  
• Views Mini Pager's next button labeled "Previous" for screen readers in Olivero
  
• Remove views.module's direct use of the _serviceId property
  
• Restore missing backbone-min.js.map
  
• Update deprecation error made in [#3264633] from 9.5.0 to 9.4.2
  
• Migrate's DownloadFunctionalTest:: testExceptionThrow() is failing on guzzlehttp/psr7 2.3.0
  
• Remove \Drupal\layout_builder\QuickEditIntegration and refactor it so that quickedit contrib provides the integration with layout builder
  
• Fix \Drupal\FunctionalTests\Installer\InstallerTestBase tests to not test drupal.org

Läs mer: https://www.drupal.org/project/drupal/releases/9.4.2

9.4.1

(säkerhetsutgåvan)
22 Juni 2022 - 170MB

• guzzlehttp/guzzle 6.5.8 requires guzzlehttp/psr7 ^1.9
  
• Add test to ensure fieldset allows any non-empty-string #title
  
• Incorrect composer update instructions for Drupal core metapackages
  
• Fix a comment typo in FileFieldWidgetTest
  
• Fix 'should return {type} but return statement is missing' PHPStan L0 errors in test code
  
• Fix or ignore 15 words used in Help Topics
  
• \Drupal\Testsorum\Functional\ForumNodeAccessTest doesn't use tracker module
  
• PHP 8.2 compatibility: ${} string interpolation deprecated
  
• Scaffold ReplaceOp::copyScaffold() throws an error for empty files
  
• SettingsTrayBlockFormTest needlessly overrides getTestThemes
  
• Example given on FormBuilder::submitForm API Page is not working
  
• Add explicit test for session based language negotiation
  
• [random test failure] Un-skip and fix QuickEditIntegrationTest::testArticleNode()

Läs mer: https://www.drupal.org/project/drupal/releases/9.4.1

9.4.0

(större version)
16 Juni 2022 - 170MBThe fourth feature release of Drupal 9 brings a whole new frontend look with the Olivero theme by default and a refreshed backend interface with the Claro theme. There is also a new starterkit theme generator, better image loading performance and easier permission management.

New Features

• Drupal now uses the Olivero frontend theme by default: When you install Drupal 9.4.0, it will look quite different from previous releases because it uses the new modern Olivero frontend theme. While the theme looks beautiful, it also has superb accessibility and adapts well to various display sizes. The theme is named after Rachel Olivero (1982-2019). She was the head of the organizational technology group at the National Federation of the Blind, a well-known accessibility expert, a Drupal community contributor, and a friend to many.
  
• Drupal now uses the Claro backend theme by default: The Claro backend theme has been in the works for a while. It became stable and the default administration theme in Drupal 9.4.0. The new theme brings a modern look to the backend interface of Drupal. It has been available as a core experimental theme for some time, so it is well-tested with contributed projects and real-world sites. A delicious addition to the Umami demo in core is a new Borscht recipe (pictured), with a dedication to the fantastic Ukrainian Drupal community.
  
• New experimental Starterkit theme and theme generator: Drupal 9.4.0 ships with a new experimental Starterkit theme and theme generator. The new Starterkit theme is used as a basis to generate new standalone themes, rather than being extended at runtime like the Classy core base theme. Currently, the markup provided by the Starterkit theme is the same as Classy's, but its markup can be improved in future minor releases (whereas Classy's can't), so once it becomes stable, Starterkit will replace Classy. For more information, read the blog post on how the new starterkit will change theme creation in Drupal 10!
  
• New lazy loading configuration option added to image fields: A new lazy loading configuration option is added to image fields in 9.4.0 and most image fields shipped in core are now configured to lazy load. This helps browsers to delay downloading and displaying them until they become visible, which speeds up general page display.
  
• Easier permission management for content types, vocabularies, etc. When editing content types, vocabularies, and so on, site administrators previously had no way to control permissions in context for these entity bundles in the same interface. With Drupal 9.4.0 a new "Manage permissions" tab displays the permissions that depend on the given type, making them easier to configure correctly.
  
• Improvements to drupal/core-recommended for security update management: The drupal/core-recommended metapackage now allows patch-level updates for Composer dependencies. This means that site owners using drupal/core-recommended can now install most Composer dependency security updates themselves, without needing to wait for an upstream release of Drupal core that updates the affected package.
  

Known Issues

• #3285724: [regression] Drupal 9.4 breaks BC of \Drupal\Driver\* overriding core drivers during installation and parsing connection URLs
  
• #3287251: Error updating from 9.3.16 to 9.4.0
  
• #3285200: [regressopn] Importing older config without the mysql/pgsql module enabled will generate error

Läs mer: https://www.drupal.org/project/drupal/releases/9.4.0

9.3.22

29 September 2022 - 170MBSecurity

• Drupal core - Critical - Multiple vulnerabilities - SA-CORE-2022-016 - Drupal uses the Twig third-party library for content templating and sanitization. Twig has released a security update that affects Drupal. Twig has rated the vulnerability as high severity. Multiple vulnerabilities are possible if an untrusted user has access to write Twig code, including potential unauthorized read access to private files, the contents of other files on the server, or database credentials. The vulnerability is mitigated by the fact that an exploit is only possible in Drupal core with a restricted access administrative permission.

Läs mer: https://www.drupal.org/project/drupal/releases/9.3.22

9.3.21

(säkerhetsutgåvan)
3 Augusti 2022 - 170MB

• Update CKEditor 5 to 35.0.1
  
• Fix failed test on `symfony/http-foundation` 4.4.44/6.1.3 and later

Läs mer: https://www.drupal.org/project/drupal/releases/9.3.21

9.3.20

29 Juli 2022 - 170MB

• Update Diactoros lock file version
  
• Remove test that tests drupal/core-composer-scaffold when it is not allowed

Läs mer: https://www.drupal.org/project/drupal/releases/9.3.20

9.3.19

(säkerhetsutgåvan)
21 Juli 2022 - 170MBSecurity

• Drupal core - Moderately critical - Information Disclosure - SA-CORE-2022-012 - In some situations, the Image module does not correctly check access to image files not stored in the standard public files directory when generating derivative images using the image styles system.
  
• Drupal core - Moderately critical - Access Bypass - SA-CORE-2022-013 - Under certain circumstances, the Drupal core form API evaluates form element access incorrectly. This may lead to a user being able to alter data they should not have access to. No forms provided by Drupal core are known to be vulnerable. However, forms added through contributed or custom modules or themes may be affected.
  
• Drupal core - Critical - Arbitrary PHP code execution - SA-CORE-2022-014 - Drupal core sanitizes filenames with dangerous extensions upon upload (reference: SA-CORE-2020-012) and strips leading and trailing dots from filenames to prevent uploading server configuration files (reference: SA-CORE-2019-010). However, the protections for these two vulnerabilities previously did not work correctly together. As a result, if the site were configured to allow the upload of files with an htaccess extension, these files' filenames would not be properly sanitized. This could allow bypassing the protections provided by Drupal core's default .htaccess files and possible remote code execution on Apache web servers.
  
• Drupal core - Moderately critical - Multiple vulnerabilities - SA-CORE-2022-015 - The Media oEmbed iframe route does not properly validate the iframe domain setting, which allows embeds to be displayed in the context of the primary domain. Under certain circumstances, this could lead to cross-site scripting, leaked cookies, or other vulnerabilities.

Läs mer: https://www.drupal.org/project/drupal/releases/9.3.19

9.3.18

8 Juli 2022 - 170MB

• Composer v2.2 prompts to authorize another plugin when stability=dev
  
• Composer v2.2 prompts to authorize plugins

Läs mer: https://www.drupal.org/project/drupal/releases/9.3.18

9.3.17

(säkerhetsutgåvan)
22 Juni 2022 - 170MB

• guzzlehttp/guzzle 6.5.8 requires guzzlehttp/psr7 ^1.9
  
• Temporarily skip random test failures that hide real test failures, part 4
  
• Disable CKEditor 5's automatic link decorators (in Drupal filters should be used instead)
  
• Do not assume that plugin supporting also supports in SourceEditingRedundantTags and upgrade path
  
• ComposerHooksTest is broken on latest DrupalCI PHP container

Läs mer: https://www.drupal.org/project/drupal/releases/9.3.17

9.3.16

(säkerhetsutgåvan)
10 Juni 2022 - 170MBSecurity

• Drupal core - Moderately critical - Third-party libraries - SA-CORE-2022-011 - Drupal uses the third-party Guzzle library for handling HTTP requests and responses to external services. Guzzle has released two security advisories: (1) Failure to strip the Cookie header on change in host or HTTP downgrade; (2) Fix failure to strip Authorization header on HTTP downgrade. These do not affect Drupal core, but may affect some contributed projects or custom code on Drupal sites.

Läs mer: https://www.drupal.org/project/drupal/releases/9.3.16

9.3.15

2 Juni 2022 - 170MB

• HTMLRestrictions::merge() and ::toGeneralHtmlSupportConfig() fail on allowed attribute values that can be interpreted as integers
  
• [drupalMedia] add tests to confirm GHS attributes are retained in linked media
  
• Olivero's code block styling is slightly broken at various viewport widths
  
• Impossible to enable <ol type> or <ul type> with GHS: switch to List's successor, DocumentList
  
• Update to CKEditor 5 v34.1.0
  
• SA-CORE-2022-010
  
• ExtensionDiscovery is unable to find modules that have a comment at the end of the type property in a .info.yml file
  
• Don't convert, instead use response.entity_type in DrupalImageUploadEditing
  
• TermStorage::loadTree() doesn't document what the return array is keyed by
  
• Replace, in tests, mocks that do not configure doubles with their actual objects
  
• Fix missing newlines for 'Drupal.Commenting.DocComment.ShortSingleLine'
  
• Exceptions for CKEditor 5 plugin definitions containing wildcard tags when PHP is built with libxml 2.9.14
  
• Alignment being available as separate buttons AND in dropdown is confusing
  
• ResponsiveImageStyles source plugin must extend DrupalSqlBase
  
• Contact's MessageEntityTest wrongly uses 'edit' access operation on entities instead of 'update'
  
• HTMLRestrictions' diff operation bug: diff(<tag attr="A B">, <tag attr>) should return an empty result
  
• Find a way to not run contextual_preprocess() on every template
  
• (Not so) Random test failures QuickEditFileTest
  
• File tests should not rely on Classy
  
• Fix invalid @property annotations
  
• Fix typo in/rename SearchSimplifyTest
  
• History tests should not rely on Classy
  
• Test cleanup: Remove dead code from JsonApiFunctionalTest
  
• InlineBlockUsageInterface::getUsage can return FALSE but isn't documented
  
• Fix indentation in doc block \Drupal\Core\Render\RendererInterface::render
  
• Changing view name does not update page title in views ui
  
• Form is built when not using fields
  
• Follow-up to #3268318: Enable link manual decorator unrestricted test case
  
• Add extra test coverage for operators of views date filters
  
• Set revision_default when publishing
  
• [drupalMedia] The CKEditor 4 → 5 upgrade path for the media_embed filter should not forcefully allow the data-view-mode attribute on <drupal-media>

Läs mer: https://www.drupal.org/project/drupal/releases/9.3.15

9.3.14

(säkerhetsutgåvan)
26 Maj 2022 - 170MBSecurity

• Drupal core - Moderately critical - Third-party libraries - SA-CORE-2022-010 - Drupal uses the third-party Guzzle library for handling HTTP requests and responses to external services. Guzzle has released a security update which does not affect Drupal core, but may affect some contributed projects or custom code on Drupal sites.

Läs mer: https://www.drupal.org/project/drupal/releases/9.3.14

9.3.13

12 Maj 2022 - 170MB

• yarn upgrade for latest security vulnerabilities
  
• Review version constraints for production yarn dependencies
  
• Queue items only reserved by cron for 1 second
  
• Remove reference to contextual_pre_render_placeholder() function
  
• Update links to Drupal documentation pages in Umami
  
• Fix update module test fixture names for 8.2.0-rc2 sample data
  
• Dialog css references nonexistient --color-whitesmoke css variable
  
• Update contributor name and username in MAINTAINERS.txt
  
• Restrict allowed additional attributes to prevent self XSS
  
• [drupalMedia] Media View Modes don't work if alignment not enabled
  
• Use CKEditor 5's native <ol start> support (and also support <ol reversed>)
  
• Update @ckeditor/ckeditor5-list to v34.0.1
  
• Global attributes (<* lang> and <* dir="ltr rtl">): validation + support (fix data loss)
  
• Unit tests for all @CKEditor5Plugin plugin classes
  
• Ensure that all classes and functions in Drupal-specific CKEditor 5 plugins are documented
  
• [random test failure] Random test fail in EntityAutocompleteTest
  
• CKEditor5::shouldHaveVisiblePluginSettingsForm() does not correctly handle configurable CKE5 plugin that has a filter condition
  
• Some configurations of allowed view modes cause CKE to fail to initialize
  
• undocumented #has_garbage_value property of render elements
  
• [drupalMedia] Support choosing a view mode for
  
• Confusing behavior after pressing "Apply changes to allowed tags" with invalid value
  
• Enable table captions; override CKE5's default downcast to generate <table><caption></table> instead of <figure><table><figcaption></figure>
  
• Add "linktext" and "canvastext" to cspell dictionary.
  
• Active and hover state of skip to main content has a too low color contrast
  
• Ensure all of Claro's background images are visible in forced colors mode
  
• Claro element not rendering properly in forced colors
  
• Undocumented behaviour for Schema::findTables() when an underscore is used
  
• CKE5 and contrib: better "next action" description on upgrade path messages
  
• Migrate "codetag" contrib CKEditor 4 plugin to built-in equivalent in core's CKEditor 5

Läs mer: https://www.drupal.org/project/drupal/releases/9.3.13

9.3.12

(säkerhetsutgåvan)
21 April 2022 - 170MBSecurity

• Drupal core - Moderately critical - Improper input validation - SA-CORE-2022-008 - Drupal core's form API has a vulnerability where certain contributed or custom modules' forms may be vulnerable to improper input validation. This could allow an attacker to inject disallowed values or overwrite data. Affected forms are uncommon, but in certain cases an attacker could alter critical or sensitive data. We do not know of affected forms within core itself, but contributed and custom project forms could be affected. Installing this update will fix those forms.
  
• Drupal core - Moderately critical - Access bypass - SA-CORE-2022-009 - Drupal 9.3 implemented a generic entity access API for entity revisions. However, this API was not completely integrated with existing permissions, resulting in some possible access bypass for users who have access to use revisions of content generally, but who do not have access to individual items of node and media content. This vulnerability only affects sites using Drupal's revision system.

Läs mer: https://www.drupal.org/project/drupal/releases/9.3.12

9.3.11

(säkerhetsutgåvan)
14 April 2022 - 170MB9.3.11

Security

• This Drupal release updates Composer to the latest version as a security hardening.
  

9.3.10

Important

• The beta experimental CKEditor 5 module now uses version 34.0.0 of the CKEditor 5 JavaScript library, which fixes several critical issues.
  
• Previously, jQuery UI was an emeritus (unsupported) project. However, it recently began receiving support again. Therefore, Drupal core has replaced its fork of jQuery UI with jQuery UI itself, to make it easier to keep it up to date. Additionally, core's jQuery UI package dependencies have been updated to jQuery UI 1.13.1. The unminified source code is kept in core to allow easy audit during future library updates.
  

Bug Fixes and Changes

• Decide how CKEditor 5-provided types should be referenced
  
• Dialog loading text is unstyled
  
• Add test coverage for createDropdown in drupalElementStyles
  
• Expand SourceEditingRedundantTagsConstraintValidator to also check attributes and attribute values
  
• [drupalMedia] with GHS allowed attributes downcast wraps data-caption with
  
• Add ckeditor5-code-block package and CodeBlock plugin
  
• [drupalImage] Make image alt text required or strongly encouraged
  
• [drupalImage] Some Image attributes are lost in edge cases where image upcasts into inline image
  
• Update to CKEditor 5 v34.0.0
  
• system_site migrates default 403, 404 and front page paths as forward slash (/)
  
• Changes to "Manually editable HTML tags" lost if form is submitted without triggering AJAX
  
• Drupal Media JavaScript test suite causes database locks on SQLite
  
• Add a new recipe to Umami - Borscht with pork ribs
  
• Move all non migration Color tests to the module in preparation of removal
  
• Block add form ajax callback implementation issues
  
• Upgrade path never configures the ckeditor5_heading plugin to allow
  
• [random test failure] Restore LayoutBuilderTest::testConfigurableLayoutSections()
  
• Upgrading from CKEditor 4 for a text format that has FilterInterface::TYPE_MARKUP_LANGUAGE filters enabled
  
• Merging cells in tables is possible in UI, but lost upon saving
  
• Rewrite examples of form options to be less culturally specific
  
• Document checkboxes and radios element can have individual descriptions
  
• Views UI tests should not rely on Classy
  
• Layout Discovery tests should not rely on Classy
  
• jsonapi tests should not rely on Classy
  
• $block wildcard resolves into a superset of the actual $block tags
  
• [random test failure] Restore and fix LayoutBuilderDisableInteractionsTest::testFormsLinksDisabled()
  
• Duplicate word: directly
  
• editor_form_filter_format_form_alter() does not remove "editor_plugin" from form state when needed
  
• Claro: display the vertical scrollbar when many results are returned by linkit
  
• Array to string conversion in CacheContextsManager::convertTokensToKeys() because of the 'cookies' cache context
  
• Media library widget forgets ordering when adding or removing items
  
• Elements wrapping are not retained
  
• Plugin settings do not appear when a configurable plugin is added AFTER removing all buttons
  
• Editor does not load when using Edge + WHCM
  
• SmartDefaultSettings should select the CKE5 plugin that minimizes creation of HTML restriction supersets
  
• Toolbar config items missing "press arrow to do {x}" instructions for screenreaders
  
• Excessive aria-live announcing from ckeditor5-admin-help-message live region
  
• Resolve mismatch between <$block> interpretation by CKEditor 5 and Drupal
  
• [drupalMedia] Remove manual dataDowncast from DrupalMediaEditing
  
• Unable to change selection after linking inline media when manual decorators have been defined
  
• Bug in CKE 4 → 5 upgrade path "format" does not always map to "heading", it could map to "codeBlock" too, or both, or neither
  
• Composer 2 Fatal error Call to undefined method Composer\DependencyResolver\Operation\UpdateOperation::getJobType() in /home/mysite/public_html/core/lib/Drupal/Core/Composer/Composer.php:170
  
• Selected yet disabled individual options from checkboxes element don't persist through save
  
• Rename StateFileExists to StateFileExistsTest
  
• Missing return value documentation for TranslatableInterface::addTranslation()
  
• Temporarily skip failing tests
  
• In Callback Migrate process, document how to use functions that accept no argument as callable
  
• Improve Drupal.ckeditor5 documentation
  
• TypeError: strpos(): Argument #1 ($haystack) must be of type string, int given in strpos()
  
• Robustify and restore \Drupal\Tests\ckeditor5\FunctionalJavascript\MediaLibraryTest::testButton
  
• The element selector type "CSS, XPath" in JSWebAssert should be lowercase
  
• Fix error message when 'yarn check -s' fails in the commit check script
  
• Unfork jQuery UI
  
• [drupalMedia|drupalImage] Allow removing data-align in the UI, and making an image inline
  
• [drupalMedia] Toolbar should be visible when element inside is focused
  
• Support functionality equivalent to ckeditor_stylesheets
  
• [GHS] Partial wildcard attributes (<foo data-*>, <foo *-bar-*>, <foo *-bar>) and attribute values (<h2 id="jump-*">) not yet supported
  
• CKEditor 5 adds ie11.user.warnings library to every page, triggering a FOUC even for anonymous users
  
• Update to CKEditor5 v32.0.0
  
• Temporarily skip even more failing tests
  
• Missing argument type on hook_shortcut_default_set declaration
  
• Custom Block (block_content) tests should not rely on Classy
  
• DbLog triggers PHP deprecation on PHP8.1 when running from CLI
  
• \Drupal\Tests\quickedit\FunctionalJavascript\QuickEditIntegrationTest::testCustomBlock(). is failing on latest chromedriver
  
• AjaxTest is failing
  
• Remove the methods tableExists() and fieldExists() from Drupal\Core\Database\Driver\mysql\Schema

Läs mer: https://www.drupal.org/project/drupal/releases/9.3.11

9.3.9

(säkerhetsutgåvan)
22 Mars 2022 - 170MBSecurity

• Drupal core - Moderately critical - Third-party libraries - SA-CORE-2022-006 - Drupal uses the third-party Guzzle library for handling HTTP requests and responses to external services. Guzzle has released a security update which may affect some Drupal sites.

Läs mer: https://www.drupal.org/project/drupal/releases/9.3.9

9.3.8

(säkerhetsutgåvan)
17 Mars 2022 - 170MBSecurity

• Drupal core - Moderately critical - Third-party libraries - SA-CORE-2022-005 - The Drupal project uses the CKEditor library for WYSIWYG editing. Vulnerabilities are possible if Drupal is configured to allow use of the CKEditor library for WYSIWYG editing. An attacker that can create or edit content (even without access to CKEditor themselves) may be able to exploit one or more Cross-Site Scripting (XSS) vulnerabilities to target users with access to the WYSIWYG CKEditor, including site admins with privileged access.

Läs mer: https://www.drupal.org/project/drupal/releases/9.3.8

9.3.7

4 Mars 2022 - 170MB

• Update our yarn dev dependencies to the extent allowed by current constraints
  
• Add return typehint to TwigExtension::getFileUrl()
  
• TypeError: Argument 1 passed to Drupal\Core\File\FileUrlGenerator::generateString() must be of the type string, null given
  
• IE11 user warning has ungraceful failures
  
• Assigned shortcut set is not cleaned on user removal
  
• [GHS] Ensure GHS works with our custom plugins, to allow adding additional attributes
  
• BigPipe FunctionalJavascript tests should not rely on Classy
  
• Unmet installation requirements may contain render elements
  
• [drupalMedia] Show the Image Media's default alt text that is being overridden
  
• Include 'composer' directory in phpcs scans
  
• Enable aggregation for CKEditor 5 assets
  
• Updating to Drupal 9.3 fails when sql_require_primary_key MySQL system variable is ON
  
• BundleClassInheritanceException incorrectly thrown when a bundle class does not exist
  
• unclear terminology in EntityAccessCheck::access()
  
• TemporaryJsonapiFileFieldUploader::checkFileUploadAccess() checks for bundle
  
• [drupalMedia] Support captions on
  
• Input field description is not visible in Configure dialog box of layout builder
  
• [GHS] Unable to limit attribute values: ::allowedElementsStringToHtmlSupportConfig() does not generate configuration that CKEditor 5 expects
  
• inaccurate docs for hook_field_views_data()
  
• [drupalMedia] Media embed attributes are rendered in container div in editing view
  
• user_update_9301() causes data loss and a broken site on SQL Server
  
• Refactor ie11.filter.warnings.es6.js to simpler structure & other improvements
  
• Grey text in Claro theme failed accessibility
  
• [drupalImage] Add ckeditor5-image's imageresize plugin to allow image resizing
  
• Links in the tour tip body are visually the same as the rest of the text - Claro theme
  
• QuickStartTest: The waiting is the hardest part
  
• Remove duplicated margin properties from typography CSS
  
• API for contrib projects to load CKEditor translations
  
• ContextAwarePluginBase class not annotated as deprecated
  
• Fix LocaleTranslatedSchemaDefinitionTest when MINIMUM_SUPPORTED_PHP is used
  
• Fix NoPreExistingSchemaUpdateTest when MINIMUM_SUPPORTED_PHP is used
  
• Fix UpdateScriptTest when MINIMUM_SUPPORTED_PHP is used
  
• mkdir can fail in Drupal\TestTools\PhpUnitCompatibility\PhpUnit8::flushAlteredCodeToFile() because of a race condition
  
• Improve deprecation message for RequestStack::getMasterRequest()
  
• ToolkitGdTest uses checkRequirements() incorrectly
  
• Copy drupal-9.3.0.bare.standard.php.gz and drupal-9.3.0.filled.standard.php.gz from the Drupal 10 branch
  
• ImageTest::testWidth() has wrong selector, but no assertion: increases DrupalCI by 20 seconds
  
• Add nightwatch tests for toolbar
  
• Refactor isMediaUrl to more generic API that supplies frontend metadata about media entities
  
• Refactor HTMLRestrictionsUtilities to a HtmlRestrictions value object
  
• Compatibility issues with inline form errors
  
• Improve wording around twig.cache setting for production environments
  
• #type => 'toolbar_item' without a tab triggers a deprecation notice on PHP8.1
  
• Fix missing sprintf argument in CKEditor5ImageController
  
• Fuzzed tag values to EntityAutocompleteController::handleAutocomplete can cause deprecation warning
  
• Simplify code in assets.js, remove mix of await and promise code
  
• Enhance Toolbar's subtree caching so that menu links with CSRF token do not need one subtree cache item per session
  
• Translation of toolbar button tooltips not working when text part language plugin is enabled
  
• [drupalMedia] Support alignment on
  
• Improve keyboard accessibility in a particular edge case
  
• File links with query parameters no longer work
  
• getUntranslated() doesn't refer to anything
  
• Mark drupal_find_theme_functions() @internal in Drupal 9
  
• Element::properties() produces notices if given an array with integer keys
  
• [drupalImage] Only local images are allowed. upcast assumes HTML5: px unit, but HTML4 allowed % unit
  
• Research if the CKE off-canvas CSS reset could be optimized

Läs mer: https://www.drupal.org/project/drupal/releases/9.3.7

9.3.6

(säkerhetsutgåvan)
18 Februari 2022 - 170MBSecurity

• Drupal core - Moderately critical - Improper input validation - SA-CORE-2022-003 - Drupal core's form API has a vulnerability where certain contributed or custom modules' forms may be vulnerable to improper input validation. This could allow an attacker to inject disallowed values or overwrite data. Affected forms are uncommon, but in certain cases an attacker could alter critical or sensitive data.
  
• Drupal core - Moderately critical - Information disclosure - SA-CORE-2022-004 - The Quick Edit module does not properly check entity access in some circumstances. This could result in users with the "access in-place editing" permission viewing some content they are are not authorized to access.

Läs mer: https://www.drupal.org/project/drupal/releases/9.3.6

9.3.5

(säkerhetsutgåvan)
7 Februari 2022 - 170MB9.3.5

Security

• Twig is a third-party library used by Drupal 9. Today the Twig project released a security update. The disclosed vulnerability requires advanced, administrator-level permissions to exploit, so under our policy, we are not issuing a security advisory for it.
  

9.3.4

Bug Fixes and Changes

• Database dumps are no longer driver-agnostic
  
• Expand SmartDefaultSettingsTest to also test a format + editor with media embedding
  
• Improve messaging about Internet Explorer 11
  
• Fix unused variable $unpublished in TrackerTest.php
  
• Fix documentation for _toolbar_get_subtrees_hash()
  
• Wrong argument for @message in ModuleInstaller::install call to watchdog_exception
  
• CKEditor 5's toolbar occludes Drupal's toolbar if and only if CKEditor 5 has focus
  
• UID base field override configs can still have old default value callbacks
  
• scaffold README is out of date
  
• Entity query system does not document the NOT BETWEEN operator, but JSON:API supports/uses it
  
• Exclude system.batch_page.html from setting update security message
  
• Language toolbar item cannot be removed from the toolbar
  
• Correct visibility of getPluginDefinition function in ContextAwarePluginTrait
  
• Claro's password element handling invalid fails in some circumstances
  
• Dialog width and positioning issues in Claro
  
• Plugin definition DX: validate drupal.conditions
  
• Add documentation of migration yml files
  
• Add tests of row hash to trackChangesTest
  
• Add missing CKE5 SmartDefaultSettings test coverage (wildcard tag with unsupported attribute)
  
• View mode doesn't display in dropdown if numerical
  
• Split ckeditor5_alignment CKEditor 5 plugin, to allow for more precise upgrade path
  
• PHPUnit 9.5.12 (released 2022-01-21) throws unhandled deprecation notice on "Drupal\Tests\Listeners\DrupalListener"
  
• Extraneous closing parentheses and curly brace in visually-hidden button description text
  
• Update to Drupal 9.3.0 adding --2 suffix to (views-) block-ID's
  
• Fragment link pointing to should be redirected to CKEditor 5 instance when CKEditor 5 replaced that textarea
  
• Drupal-specific CKEditor 5 plugins should be able to use Drupal's JS translation API: Drupal.t()
  
• fix yarn vendor-update command
  
• Small typos in CKEditor 5 module
  
• [Symfony 6] Revert 3231603 to use our own TranslatorInterface
  
• FileUrlGenerator::generate() does not work with externally hosted files using stream wrappers
  
• Fix PHPStan L0 failures that cannot be included in baseline
  
• Fix \Drupal\Core\Asset\CssOptimizer::processFile() docblock

Läs mer: https://www.drupal.org/project/drupal/releases/9.3.5

9.3.3

(säkerhetsutgåvan)
20 Januari 2022 - 170MBSecurity

• Drupal core - Moderately critical - Cross Site Scripting - SA-CORE-2022-001 - CVE-2021-41184: XSS in the `of` option of the `.position()` util

Läs mer: https://www.drupal.org/project/drupal/releases/9.3.3

9.3.2

5 Januari 2022 - 170MB9.3.2

Bug Fixes and Changes

• This release hotfixes an issue with Drupal 9.3.1 that introduced a fatal error which made Drupal unusable. No other changes are included over those in 9.3.1.
  

9.3.1

Bug Fixes and Changes

• "Place a colon after the label" not working on grouping field label on views
  
• Make Link URI required if there is Link Text input
  
• Document that Configuration migrations can depend on Content migrations
  
• Ensure functional tests use the test mail collector
  
• MediaLibraryWidget can trigger an AJAX error if all media types can be referenced
  
• Fix Element/Table documentation
  
• Decimal and Float item generates wrong sample values
  
• LoggerChannelInterface documentation
  
• PHPdoc in update.authorize.inc
  
• Correct references from Symfony Framework
  
• Remove accidentally duplicated words in code comments
  
• Fix documentation comment in MainContentViewSubscriber
  
• The documentation page for NestedArray::unsetValue() shows example code that uses NestedArray::unset_nested_value()
  
• Fix incorrect @return docs and description for Row::getSource()
  
• Replace assertions involving calls to empty() with assertEmpty()/assertNotEmpty()/assertArrayNotHasKey()
  
• Remove jQuery dependency from date.js
  
• Fix phpdocs in core/lib/Drupal/Core/Database/Install/Tasks.php
  
• Write UnitTest for MigrationConfigurationTrait and fix Exception Handling
  
• Placeholder CSS selector in off-canvas.reset.css is wrong
  
• Write UnitTest for MigrationConfigurationTrait and fix Exception Handling
  
• Ensure SearchPlugin has a configuration array
  
• Ensure only needed permissions are used for Update module functional tests
  
• hook_views_post_render provides inaccurate information
  
• MigrateDestinationInterface::import() should document that it can throw a MigrateException
  
• Test fails due to Composer 2.2
  
• Olivero: Alignment of primary menu hover states and dropdowns is incorrect at wide widths
  
• Notice: Undefined index: name in Drupal ield_uiement\FieldUiTable::reduceOrder() (line 228 of /var/www/html/docroot/core/modules/field_ui/src/Element/FieldUiTable.php)
  
• If the database driver is provided by a module, it's name must be included in tests which check for enabled modules
  
• Do not uninstall the database driver module within installer tests
  
• AssertBreadcrumbTrait should not rely on Classy
  
• Missing documentation for "core_version_requirements" key in InfoParserInterface file
  
• system_post_update_sort_all_config can exhaust PHP memory in 9.3.0
  
• `?check_logged_in=1` causes `TrustedRedirectResponse` to fail
  
• Add Brian Gilbert (realityloop) as a full mentoring coordinator
  
• Add AmyJune Hineline (volkswagenchick) as a full mentoring coordinator
  
• Add Chris Darke (ChrisDarke) as a full mentoring coordinator
  
• Error: Cannot use object of type Drupal\Core\Render\Markup as array in Drupal\Core\Render\Renderer->doRender() (line 218. When checkbox 'Use field template' is checked
  
• Fix \Drupal\Coretension\ModuleDependencyMessageTrait to not cause deprecations in PHP 8.1
  
• Improve compatibility with composer 2.2
  
• Avoid comparing fields with different collations in SelectSubqueryTest
  
• Remove duplicate loading of update reports after refreshUpdateStatus
  
• Minor typo in d7_field_formatter_settings.yml comment

Läs mer: https://www.drupal.org/project/drupal/releases/9.3.2

9.3.0

(större version)
10 December 2021 - 170MBThis release provides new improvements and functionality without breaking backward compatibility (BC) for public APIs. Note that there may be changes in internal APIs and experimental modules that require updates to contributed and custom modules and themes per Drupal core's backward compatibility and experimental module policies.

Platform requirements

• From Drupal 9.3, PHP version 8.0 or higher is recommended. PHP 7.3 and higher remain supported. Drupal 10 will require at least PHP 8.0.
  

Changes and Bug Fixes

• Core Yarn watch builds CK5 plugins differently than yarn build
  
• Add a "Manage permissions" tab for each bundle that has associated permissions"
  
• Move tests for integrations between QuickEdit and CKEditor5 into QuickEdit so that it can more easily be moved into contrib
  
• comment_empty_title_test has invalid hook
  
• LocaleConfigSubscriber can result in data loss during install
  
• Installer tasks using multiple batch sets in non-interactive mode do not get executed
  
• Including settings.php a second time and without same context can result in errors
  
• Update Symfony 5 dependencies to 5.4.0

Läs mer: https://www.drupal.org/project/drupal/releases/9.3.0

9.2.10

26 November 2021 - 170MBImprovements and Bug Fixes

• This release updates Symfony components to 4.4.35 (where applicable). Note that the Symfony CVE fixed by 4.4.35 does not affect Drupal core, so this is being released as a regular patch release.

Läs mer: https://www.drupal.org/project/drupal/releases/9.2.10

9.2.9

(säkerhetsutgåvan)
18 November 2021 - 170MB9.2.9

Security

• Drupal core - Critical - Third-party library - SA-CORE-2021-011 - Vulnerabilities are possible if Drupal is configured to allow use of the CKEditor library for WYSIWYG editing. An attacker that can create or edit content (even without access to CKEditor themselves) may be able to exploit one or more Cross-Site Scripting (XSS) vulnerabilities to target users with access to the WYSIWYG CKEditor, including site admins with privileged access.
  

9.2.8

Improvements and Bug Fixes

• OEmbedWidget does not display the field's help text, only its own message
  
• HtmlHeadLink processing does not allow for duplicated alternate hreflang links
  
• Adding new text format gives Uncaught TypeError: f.format_tags.split is not a function
  
• Claro theme is incompatible with the Themable Forms module
  
• Update the Drupal\KernelTests\CoretitytityQueryAggregateTest::testAggregation() a little to make it pass for SQL Server
  
• Add explicit test coverage for JSON:API filtering on a datetime field
  
• Remove obsolete @todo for "Undo bug when first inserting media into unfocused CKEditor"
  
• Editing menus user-experience has regressed
  
• Machine name field throws notices if before source field
  
• media_requirements() should report missing source fields
  
• Fix source plugin documentation
  
• Contextual links of reusable content blocks are not displayed when rendering entities built via Layout Builder
  
• core/tests/Drupal/Tests/Composer/Plugin/Scaffold/fixtures/scripts/disable-git-bin/git is an odd file and it has the file mode 755
  
• Convert EntityViewsDataTest from a unit test to a kernel test
  
• the methods in FieldableEntity should document how they are meant to be used
  
• PHP errors when overriding the query settings
  
• Migration of nodes with cck nodereferrer fields fails (SQL error)
  
• Map text_plain field formatter to basic_string for long text fields
  
• FieldLink process plugin treats protocol-relative external URLs as internal ones
  
• Fix TermTranslation query and add missing source plugin test
  
• Fix EntityReferenceTranslationDeriver process pipeline
  
• d7_language_content_comment_settings triggers MigrateException if the source bundle is longer than 32 chars: use migration_lookup
  
• LogMessageParser breaks messages containing braces
  
• Toolbar menu theme override omits the 'menu_name' variable
  
• TypeError: Argument 1 passed to _editor_get_file_uuids_by_field() must implement interface Drupal\CoretitytityInterface
  
• Olivero: Z-index issue with the search bar
  
• Insufficient contrast on Olivero's inactive vertical form labels
  
• Insufficient contrast on Olivero's fieldset elements
  
• Olivero: Select dropdown icons need more contrast in Windows High Contrast mode
  
• Olivero: Primary nav search icon invisible in forced-colors mode in MS Edge
  
• CSS aggregation fails on many variations of @import
  
• Vertical tabs with #parents are broken in Claro
  
• Users deleted via JSON:API DELETE don't follow the site-wide cancel_method in the user settings
  
• Race Condition in 'public://simpletest' mkdir Call

Läs mer: https://www.drupal.org/project/drupal/releases/9.2.9

9.2.7

7 Oktober 2021 - 170MB

• Olivero: Text can be cut off at mobile if site-branding text goes to two lines
  
• Olivero: Skip link fails accessibility color test on hover
  
• Misuse of explicit colour for active pager item in -ms-high-contrast media query
  
• Olivero's wide dropdown hover states are broken
  
• Underlined text in CKEditor 5 not rendered as underlined in Claro
  
• \Drupal\media\Controller\OEmbedIframeController::render doesn't set a content-type header
  
• Views contextual filter: "allow multiple" doesn't work for user roles filter
  
• Improve test and add comments to ContentEntityTest
  
• Use dataprovider for constructor test in ContentEntityTest
  
• OembedMediaController doesn't properly bubble cacheability metadata/attachments
  
• Add index on source_ids_hash for migrate_message_* tables
  
• JSON:API Cannot upload files to public file root (Gets 422 Unprocessable Entity)
  
• MockBuilder::setMethods is deprecated in PHPUnit8 and removed from PHPUnit10
  
• JS error with elements in "allowed HTML tags" that can't be direct descendants of a div
  
• Comment form save button has incorrect background color and contrast ratio violation on hover
  
• Mobile search input in IE11 does not visually respond to keypress
  
• Replace drupal_render() in docblock and comments outside of @param, @return, @link, @see and outside of @code - @endcode
  
• Links with "@" are converted into email addresses even if there is no domain suffix present
  
• HAL links are broken if diffferent domains, protocols or ports are used in multisite or multi-domain setup
  
• Replace usages of AssertLegacyTrait::assertRaw, that is deprecated
  
• layout_builder_system_breadcrumb_alter doesn't check for a null route object
  
• Incorrect documentation in Drupal iews\Plugin iews\display::viewExposedFormBlocks)()
  
• Add ckrina, quietone, and bnjmnm as provisional committers in MAINTAINERS.txt
  
• Olivero: Titles should wrap around images in teaser when necessary
  
• Olivero: a11y color contrast test fail for primary button on hover
  
• Simplify ResourceTypeRepository control flow for returning cached data

Läs mer: https://www.drupal.org/project/drupal/releases/9.2.7

9.2.6

(säkerhetsutgåvan)
16 September 2021 - 170MBSecurity

• Drupal core - Moderately critical - Cross Site Request Forgery - SA-CORE-2021-006 - The Drupal core Media module allows embedding internal and external media in content fields. In certain circumstances, the filter could allow an unprivileged user to inject HTML into a page when it is accessed by a trusted user with permission to embed media. In some cases, this could lead to cross-site scripting.
  
• Drupal core - Moderately critical - Cross Site Request Forgery - SA-CORE-2021-007 - The QuickEdit module does not properly validate access to routes, which could allow cross-site request forgery under some circumstances and lead to possible data integrity issues. Sites are only affected if the QuickEdit module (which comes with the Standard profile) is installed.
  
• Drupal core - Moderately critical - Access bypass - SA-CORE-2021-008 - Drupal's JSON:API and REST/File modules allow file uploads through their HTTP APIs. The modules do not correctly run all file validation, which causes an access bypass vulnerability. An attacker might be able to upload files that bypass the file validation process implemented by modules on the site.
  
• Drupal core - Moderately critical - Access bypass - SA-CORE-2021-009 - The QuickEdit module does not properly check access to fields in some circumstances, which can lead to unintended disclosure of field data. Sites are only affected if the QuickEdit module (which comes with the Standard profile) is installed.
  
• Drupal core - Moderately critical - Access bypass - SA-CORE-2021-010 - Under some circumstances, the Drupal core JSON:API module does not properly restrict access to certain content, which may result in unintended access bypass. Sites that do not have the JSON:API module enabled are not affected.

Läs mer: https://www.drupal.org/project/drupal/releases/9.2.6

9.2.5

2 September 2021 - 170MB

• Move tests for integrations between QuickEdit and other modules into QuickEdit so that it can more easily be moved into contrib
  
• drupal/core is implicitly allowed by scaffold
  
• Fix copy-paste mistake in code comment
  
• Wrong path for Exception message in ThemeExtensionList
  
• docs for FormValidator::doValidateForm() should explain $form_id can detect recursion
  
• TaggedHandlersPass::process() doesn't document some of its features
  
• Remove outdated @todo in HtmlResponseAttachmentsProcessor
  
• Add brianperry as coordinator for the decoupled menus initiative
  
• Blockquote's content font size should be decreased when it is placed into the sidebar in the Olivero theme
  
• Olivero's top-level primary menu's hover states are not correct
  
• Olivero: Mobile menu prevents scroll & obscures page after click if menu item contains link to anchor on same page
  
• Olivero: IE11 primary menu submenus have horizontal scrollbar when submenu item has focus
  
• Olivero: focus state is invisible in Windows high contrast
  
• Update link to ChromeDriver site
  
• Remove misleading "toggle" phrase from Olivero's wide search form disclosure button
  
• MySQL driver allows settings.php to remove ANSI_QUOTES from sql_mode, but doesn't work when it is
  
• Always sort tables in db-tools.php dump
  
• Incorrect comment indentation in default.services.yml
  
• Remove bender-runner.config.json from CKEditor builds
  
• Olivero: Ensure proper visual hierarchy between headings
  
• Convert assertions involving use of xpath on links to WebAssert
  
• Olivero: elements are not inheriting theme's font
  
• Remove simple uses of t() in assertEquals() calls
  
• [backport] Remove uses of t() and switch to pageTextContains() in assert(No)Raw() calls
  
• [backport] Replace usages of AssertLegacyTrait::assertNoRaw, that is deprecated
  
• Remove redundant source: key in Substr example
  
• Remove deprecated documentation in DataType annotation
  
• Replace usages of AssertLegacyTrait::assertNoText, which is deprecated
  
• Installing the syslog module uses its configuration before it is written
  
• YouTube PlayLists can't be added to Remote Video due to regex issue
  
• Make MediaLibraryState implement CacheableDependencyInterface to remove the need for hardcoding a cache context

Läs mer: https://www.drupal.org/project/drupal/releases/9.2.5

9.2.4

(säkerhetsutgåvan)
13 Augusti 2021 - 170MBDrupal core - Critical - Third-party library - SA-CORE-2021-005

The Drupal project uses the CKEditor, library for WYSIWYG editing. CKEditor has released a security update that impacts Drupal.

Vulnerabilities are possible if Drupal is configured to allow use of the CKEditor library for WYSIWYG editing. An attacker that can create or edit content (even without access to CKEditor themselves) may be able to exploit one or more Cross-Site Scripting (XSS) vulnerabilities to target users with access to the WYSIWYG CKEditor, including site admins with privileged access.
Läs mer: https://www.drupal.org/project/drupal/releases/9.2.4

9.2.3

9 Augusti 2021 - 170MB

• Remove uses of t() in clickLink() calls
  
• Entity query needs to clarify what 'current revision' means
  
• ->willReturn(...) would make more sense here
  
• DocBlock for EntityDefinitionUpdateManagerInterface::getEntityType() missing NULL return
  
• ServiceNotFoundException You have requested a non-existent service "language_negotiator" - hook_modules_installed()
  
• bootstrap.php has incorrect comment about test trait namespace
  
• Test that the d7_entity_reference_translation follow-up migration runs not just for node entities
  
• The testbot does not run PHPCS on all files when core/phpcs.xml.dist is changed
  
• PHPCS failure in /core/modules/tour/src/TourViewBuilder.php
  
• Olivero: Messages "close" icon not visible in IE11 High Contrast (and maybe others)
  
• Media Library widget produces "This value should not be null" error when field is required
  
• Remove some calls to drupal_flush_all_caches() in tests
  
• Use of undefined $languages variable in NodeListBuilder::buildRow()
  
• PHPdoc parameter mistype for QueryInterface::condition()
  
• Test upsert return value and ensure that they are consistent regardless of database type
  
• Make oEmbed resource fetcher more tolerant of unexpected Content-Type headers
  
• Fix up topics to use new help_topic_link function
  
• PathAliasTestTrait::assertPathAliasExists message argument default value is incompatible with assertTrue()
  
• oEmbed system doesn't work if thumbnail url does not have a file extension
  
• Improve ScaffoldFilePath::__construct() documentation
  
• Unneeded assignment in ResourceTestBase::getEntityDuplicate
  
• Rename scripts.js to something more descriptive
  
• PHP Notice when using "left_formula" in views join
  
• example code for NullCoalesce isn't formatted properly
  
• Text item sample generation fails if max length < 3
  
• file_validate_extensions() incorrectly assumes $file->filename contains the file's extension
  
• Add return documentation for Merge::execute()
  
• Result of method PHPUnit\Framework\Assert::assertEquals() (void) is used

Läs mer: https://www.drupal.org/project/drupal/releases/9.2.3

9.2.2

(säkerhetsutgåvan)
26 Juli 2021 - 170MBSecurity

• Drupal core - Critical - Third-party library - SA-CORE-2021-004 - The Drupal project uses the pear Archive_Tar library, which has released a security update that impacts Drupal. The vulnerability is mitigated by the fact that Drupal core's use of the Archive_Tar library is not vulnerable, as it does not permit symlinks. Exploitation may be possible if contrib or custom code uses the library to extract tar archives (for example .tar, .tar.gz, .bz2, or .tlz) which come from a potentially untrusted source.

Läs mer: https://www.drupal.org/project/drupal/releases/9.2.2

9.2.1

7 Juli 2021 - 170MB

• Ensure Olivero's JS documentation matches standards
  
• Fix documentation for hook_views_query_alter()
  
• Views table format sorting + distinct results in a SQL error on some db engines
  
• Adding a SystemMainBlock to a layout builder layout causes a fatal error and should not be available
  
• Olivero: Inconsistent offset on close button within messages
  
• Olivero: focus state outline cut off from right in IE11
  
• Olivero: profile picture and comments are not aligned in IE11
  
• Class clean up and add #0c0d0e and #171e23 as variables in Olivero's footer.pcss.css
  
• Autoprefixer and PostCSS calc not generating proper IE11 grid syntax when repeat() function contains calc()
  
• Blockquote can overflow into the sidebar in the Olivero theme
  
• Olivero: Mobile sub-navigation menus slightly offset subsequent menu links when hidden
  
• Umami demo: hover state of buttons is odd on quick edit
  
• On Mobile screens, tags label and tags item are misaligned
  
• Olivero: Primary navigation toggle button(plus/minus) is not vertically center below 1200 res
  
• Olivero: Refactor second-level-navigation.es6.js to meet Drupal's JavaScript coding standards
  
• Olivero: Refactor navigation.es6.js to meet Drupal's JavaScript coding standards
  
• Olivero: Make IE11 close submenu when ESC key is pressed
  
• Olivero: Refactor comments.es6.js
  
• Replace usages of the at() matcher, which is deprecated
  
• Convert assertions involving use of xpath on labels to WebAssert
  
• Allow saving on menu LinkWidget
  
• Document that the $table argument of Connection::select() can be a subquery
  
• Remove gabesullice as Decoupled menus initiative coordinator
  
• Add bbrala as sub-system maintainer for JSON:API
  
• Update manager XML test fixtures contain D7 links to D8 releases
  
• Typo in the description of class MenuLinkContentAccessControlHandler
  
• SIMPLETEST_BASE_URL does not validate scheme
  
• [Code Review] wide image within article template a reusable component/class
  
• Figure out a clean way to manage the style of Olivero's menu block in the sidebar region
  
• Fix 'Drupal.Commenting.InlineComment.SpacingBefore' coding standard
  
• Olivero: Adjustments to landmark regions
  
• help_topics module can break during module uninstall
  
• OEmbed ProviderRepositoryTest::testEmptyProviderList() does not interact with Guzzle's API correctly
  
• Add documentation for remaining source plugins
  
• Add bundle to the sourceIDs to FieldOptionTranslation source plugin
  
• MigrationLookup plugin overrides source values for multiple migrations
  
• Add documentation for remaining node and taxonomy modules
  
• FieldableEntity::getFieldValues() does not guarantee that the returned field values are sorted by their delta
  
• Convert admin UI-related modules: contextual, help, inline_form_errors, quickedit, settings_tray, shortcut, toolbar, tour module hook_help() to topic(s)
  
• Convert action module hook_help() to topic(s), including views bulk operations
  
• Syndicate block outputs wrong feed URL
  
• Random fails due to drupal-settings-json being counted as page text
  
• Convert comment, node, path, taxonomy module hook_help() to topic(s)
  
• Replace replace assertEqual() in some comments
  
• PhpStreamWrapperInterface lacks docblocks
  
• When embedding media, don't let authors choose view modes that are not enabled for that media type
  
• Use assertSameSize() to check same size of two countable variables
  
• Move state entries out of migrate_drupal.migrate_drupal.yml
  
• Some calls to assertEquals have expected/actual parameters reversed
  
• AssertButtonsTrait has invalid PHP syntax
  
• Fix D7 migration database fixture (to follow documentation) and update the same outdated doc

Läs mer: https://www.drupal.org/project/drupal/releases/9.2.1

9.2.0

(större version)
18 Juni 2021 - 170MBThis minor release provides new improvements and functionality without breaking backward compatibility (BC) for public APIs. Note that there may be changes in internal APIs and experimental modules that require updates to contributed and custom modules and themes per Drupal core's backwards compatibility and experimental module policies.

Changes

• Vertical Tabs CSS classes applying to non-vertical tab detail element groups
  
• Add ModuleUninstallValidatorInterface hint to hook_uninstall docs
  
• Avoid format calls in DateTimePlus::createFromFormat
  
• Replace occurrences of outdated text "Extending Drupal 8" and its link
  
• Add a row for switching to the live workspace in the Workspaces listing UI
  
• Documentation needed in ConfigEntityDependency::getDependencies() to explain what the $type == module code is doing
  
• Update @drupal/once to 1.0.1
  
• ContentEntity source plugin should exclude user with uid "0"
  
• Incorrect calls to Connection::select() in MenuTreeStorage
  
• Service deprecations are only triggered on container build,not ::get()
  
• File field's Maximum upload size always passes validation
  
• View titles in breadcrumb and metatag title don't get properly translated
  
• Replace usages of assertFileNotExists(), that is deprecated
  
• Missed one conversion to expectWarning()
  
• Thumbnail updates read width and height from source image on save even if queued
  
• filterStatus behavior can't find settings markup after AJAX update
  
• Replace usages of expectException(Warning::class), that is deprecated
  
• Stop altering existing Permissions-Policy header in FinishResponseSubscriber
  
• EntityViewBuilder::addContextualLinks assumes an entity's canonical rel is routed/internal
  
• Replace usages of expectException(Error::class), that is deprecated
  
• Add tedbow and dww as maintainers for Update Manager
  
• Map all Datetime module's field formatters from D6/D7 to D8/D9
  
• Media fields with Media Library form widget trigger PHP 'Notice: Undefined index'
  
• Field called "link" breaks the RSS Views plugins
  
• Replace usages of assertFileNotIsWritable(), that is deprecated
  
• Content Moderation missing permission descriptions
  
• Combine tests using NormalizerDenormalizeExceptionsUnitTestBase
  
• Config export field should be cleared when config type changes
  
• Wrong type hint for getActiveMultiple() and getCanonicalMultiple() in EntityRepositoryInterface
  
• Replace usages of assertNotRegExp(), that is deprecated
  
• Use PHPUnit-bridge polyfills for forward compatibility layer
  
• Replace usages of assertDirectoryNotIsWritable(), that is deprecated
  
• Replace usages of assertRegExp(), that is deprecated
  
• Do not track viewing history for unsaved entities, nor when previewing existing entities
  
• Remove 'reply' link from comment field when threading is disabled
  
• Update dependencies except PHPUnit to latest releases as of June 3, 2021
  
• [Symfony 6] Retrieving a non-string value from "Symfony\Component\HttpFoundation\InputBag::get()" is deprecated"
  
• Update Symfony 5 components to 5.3
  
• Unicode::mimeHeaderEncode() doesn't correctly follow RFC 2047
  
• Symfony 6 KernelEvent bridge is incompatible with Symfony 5 EventDispatcher
  
• [Symfony 6] Retrieving a non-string value from "Symfony\Component\HttpFoundation\InputBag::get()" is deprecated
  
• [random test failure] Random fail in BuildTestTest::testPortMany
  
• Update Symfony 5 components to 5.3-rc1
  
• Bump minimum dependencies required for tests to pass
  
• Allow pre-release dependencies in Drupal pre-release milestones
  
• Fix CKEditor versions
  
• Update ckeditor to 4.16.1
  
• Claro is missing focus in "Available buttons" within CKEditor toolbar configuration
  
• [May 24, 2021] Remove usage of drupalPostForm
  
• Replace the start verb Test with Tests in method comments of tests
  
• Olivero: Message icon has border radius in firefox browser
  
• HTML5 validation with table sticky header is misaligned over the toolbar
  
• all translation/localization migrations should depend on the 'language' migration
  
• Check dependencies are correct in core/scripts/dev/commit-code-check.sh
  
• Avoid error from sort in ValidateMigrationStateTestTrait
  
• Unable generate sample data with defined random seed for the "string" or "link" field type
  
• Fix dependency in d6 user profile translation migrations
  
• Increase DRUPAL_RECOMMENDED_PHP to 7.4
  
• Display title checkbox is misaligned in Configure dialog box of layout builder
  
• Olivero's small button variation's text seem vertically mis-aligned
  
• Olivero header-search-wide.pcss.css and header-search-narrow.pcss.css adjustments
  
• Update symfony dependencies to latest release
  
• [May 25, 2021] Replace usages of AssertLegacyTrait::assertText, that is deprecated
  
• Fix Drupal.Commenting.InlineVariableComment
  
• [May 17th 2021] Replace assertEqual() with assertEquals()
  
• Olivero: Focus after submenu close via ESC key
  
• Remove stylelint-no-browser-hacks
  
• Deprecate and replace jQuery Joyride (for tours)
  
• Build + prettier not run after yarn dependency update 3210633
  
• ContextDefinition::create() can no longer be used with an entitytype-specific datatype (like entity:user)
  
• Replace @codingStandards comments with phpcs: comments
  
• Convert assertions involving use of xpath on spans to WebAssert
  
• Merge class_aliases.php into bootstrap.inc
  
• Update JavaScript dependencies for Drupal 9.2
  
• Update dependencies for Drupal 9.2
  
• Source count caching broken: impossible to enable source count caching for SqlBase-based source plugins (plus, unneeded cache I/O)
  
• Change ModuleInstallerInterface::uninstall() method doc comment that ModuleUninstallValidatorException can be thrown
  
• Add core/class_aliases.php
  
• [Symfony 6] Symfony\Component\HttpKernelent\KernelEvent::isMasterRequest() is deprecated, use isMainRequest() instead
  
• Reduce cache variations in locale cache
  
• When generating link to non-existent help topic, put topic ID in fallback text
  
• Add Permissions-Policy header to block Google FLoC
  
• Remove semi-colon from javascript test conditions
  
• Responsive image field formatter list should be sorted by label, not machine name
  
• Fix 'PSR2.Classes.PropertyDeclaration.Underscore' coding standard
  
• Fix 'Drupal.Commenting.VariableComment.WrongStyle' coding standard
  
• remove toolbar.html.twig template as #3174422 is fixed
  
• Convert CommentActionsTest to kernel test
  
• Get only translations for localized vocabularies d6/TermLocalizedTranslation.php
  
• Replace usages of assertions with strstr with assertStringContainsString()/assertStringNotContainsString()
  
• Add 'Reset' button on Custom block library page
  
• Remove todo in class Drupal\Core\Routing\RequestContext
  
• Add @throws docs to factory methods in \Drupal\update\ModuleVersion
  
• Fix incorrect Migration plugin description
  
• Using a data provider with array keys instead of comments in PhpTransliterationTest
  
• Error: Call to a member function getTotalCount() on bool in statistics_tokens()
  
• Fatal error when passing non-existing ID to entity parameter converter
  
• DbDumpCommand fails when data type is not a mapped Drupal schema field name
  
• Update jQuery to version 3.6.0
  
• cspell Dictionaries changed, checking all files
  
• Breadcrumb: $title could be an array, but Link() requires a string
  
• Undefined static method Drupal\Core\Database\Connection::serialize()
  
• Missing View not helpfully reported in preRenderViewElement()
  
• Display relevant Security Advisories data for Drupal
  
• FormTest::testRequiredFields() fails to drupal_render() elements of #type 'radios'
  
• Race condition when generating sub directories for image styles
  
• Missing parameter in process plugin DefaultValue example
  
• Update CKEditor to version 4.16.0
  
• Olivero: content below region 33/33/33 layout broken in IE11
  
• Update Sortable to 1.13.0
  
• Exception when creating an entity reference field targeting an entity type without an ID
  
• Route serialization incompatibilities between PHP 7.4 and 7.3 (9.x only)
  
• Remove the warning about the Umami profile on the install screen
  
• Olivero: Normalize JavaScript selectors in scripts.es6.js
  
• Account emails are missing newlines due to malformed YAML
  
• Drupal 9 is dependent on symfony/mime directly
  
• \Drupal\Tests\system\Functional\Common\UrlTest can be a kernel test
  
• CKEditorLoadingTest::testExternalStylesheets() should be a kernel test
  
• AggregatorFeedBlock::build must always return array
  
• Map all Link module's fieldformatters from D7 to D8/D9
  
• Olivero: Focused level-2 nav items should always be in viewport during keyboard navigation
  
• Ensure that tabledrag user interface is usable within Olivero
  
• Olivero: On mobile width, submenu can unintendedly close when user attempts to scroll on mobile
  
• Olivero: Skip link focus should not create layout shift
  
• Paragraph format dropdown in body field have extra left spacing
  
• cspell dislikes identifer in core/modules/views/src/Plugin/views/filter/FilterPluginBase.php and will fail any patch touching that file

Läs mer: https://www.drupal.org/project/drupal/releases/9.2.0

9.1.10

7 Juni 2021 - 170MBThis is a patch (bugfix) release of Drupal 9 and is ready for use on production sites.

Buf Fixes

• [9.1.x] Fix CKEditor versions
  
• Remove usage of drupalPostForm
  
• Replace usages of AssertLegacyTrait::assertText, that is deprecated
  
• Replace assertEqual() with assertEquals()
  
• Fix Drupal.Commenting.InlineVariableComment
  
• ContextDefinition::create() can no longer be used with an entitytype-specific datatype (like entity:user)
  
• Source count caching broken: impossible to enable source count caching for SqlBase-based source plugins (plus, unneeded cache I/O)
  
• Error: Call to a member function getTotalCount() on bool in statistics_tokens()
  
• DbDumpCommand fails when data type is not a mapped Drupal schema field name
  
• Missing View not helpfully reported in preRenderViewElement()
  
• Race condition when generating sub directories for image styles
  
• cspell dislikes identifer in core/modules/views/src/Plugin/views/filter/FilterPluginBase.php and will fail any patch touching that file
  
• Exception when creating an entity reference field targeting an entity type without an ID
  
• Exception when creating an entity reference field targeting an entity type without an ID
  
• Route serialization incompatibilities between PHP 7.4 and 7.3 (9.x only)
  
• AggregatorFeedBlock::build must always return array
  
• Map all Link module's fieldformatters from D7 to D8/D9

Läs mer: https://www.drupal.org/project/drupal/releases/9.1.10

9.1.9

(säkerhetsutgåvan)
31 Maj 2021 - 170MBMaintenance and security release of the Drupal 9 series. Sites are urged to upgrade immediately after reading the notes below and the security announcement:

Security

• Drupal core - Moderately critical - Cross Site Scripting - SA-CORE-2021-003

Läs mer: https://www.drupal.org/project/drupal/releases/9.1.9

9.1.8

14 Maj 2021 - 170MB

• Update Underscore.js to the latest version (1.13.1)
  
• [security] Update Nightwatch and locked dev dependencies to address security issues
  
• Update caniuse-lite as it is outdated
  
• Random errors in Javascript Testing
  
• Update composer/composer dev dependency in metapackages to 2.0.13
  
• Update Drupal 9 branches to the latest patch releases of Symfony components
  
• Convert assertions involving use of xpath on divs to WebAssert
  
• Drupal\Tests\Component\Annotation\PluginIdTest tests a non-existent constructor
  
• Ignore i18n-prefixed words in spellcheck
  
• Convert UpdateDescriptionTest to a kernel test
  
• Set system.css_js_query_string during install
  
• Umami includes non-existing css/components/regions/page-title/page-title.css
  
• Render caching in DisplayPluginInterface::buildRenderable is broken when arguments are provided
  
• Core themes are not added to the test autoloader
  
• Fix mismatched sprintf calls
  
• cleanup of docblock to UI text in update_get_update_list() is weak
  
• Missing use statement in Drupal\Core\KeyValueStore\DatabaseStorage
  
• The RequestPath ("request_path") condition plugin summary is inaccurate
  
• Don't expose entity types with string ids as a target option when creating comment types
  
• Update message that displays when configuration translation is saved without changes
  
• EntityQuery accessCheck: InlineBlockEntityOperations should not check access
  
• EntityQuery accessCheck: comment_user_predelete() should not check access
  
• Improve description of key concepts in migrate.api.php documentation
  
• Wrapper gets removed while adding html textfield or textarea using replacement patterns
  
• Add documentation for Migrate and Migrate Drupal source plugins
  
• Remove testing the internals of DependencySerializationTrait from LocaleTranslationTest
  
• Tables::addNextBaseTable() doesn't use square brackets syntax
  
• RoutePreloader: prevent preloading of routes generated by JSON:API
  
• Set entity type ID and field name in EntityFieldManager::buildFieldStorageDefinitions
  
• Do less unnecessary work in FieldHelpTest
  
• Attribute “hreflang” not allowed on element “span” and “button” at this point
  
• Use of strtoupper for URLs in MailFormatHelper.php's htmlToText() method triggers spam filters
  
• Logout option is displayed for anonymous users
  
• Fix 'Drupal.Commenting.DocComment.ParamGroup' coding standard
  
• Fix 'Generic.Formatting.DisallowMultipleStatements' coding standard
  
• EntityQuery accessCheck: more aggregator fixes

Läs mer: https://www.drupal.org/project/drupal/releases/9.1.8

9.1.7

(säkerhetsutgåvan)
22 April 2021 - 170MBSecurity

• Drupal core - Critical - Cross-site scripting - SA-CORE-2021-002 - Drupal core's sanitization API fails to properly filter cross-site scripting under certain circumstances. Not all sites and users are affected, but configuration changes to prevent the exploit might be impractical and will vary between sites. Therefore, we recommend all sites update to this release as soon as possible.

Läs mer: https://www.drupal.org/project/drupal/releases/9.1.7

9.1.6

8 April 2021 - 170MBChanges

• RouteNotFoundException: Route "jsonapi.[entity].[field_name].related" does not exist
  
• Add documentation for d6 field source plugins
  
• Add documentation for block source plugins
  
• [HEAD BROKEN] Consistent failure in MonthDatePluginTest
  
• EntityQuery accessCheck: tests should not check access unless relevant
  
• EntityQuery accessCheck: always specifiy accessCheck, don't rely on the default
  
• EntityQuery accessCheck: unique value validation should not be access sensitive
  
• BlockPluginTrait cannot call ::addContextAssignmentElement() itself
  
• Search results of multi-lingual pages fail Language of Parts
  
• Add tests for SA-CORE-2020-009
  
• Media types with missing source fields break the status report page
  
• Add documentation for d7 field source plugins
  
• EntityQuery accessCheck: aggregator module
  
• all methods in SelectionInterface() are missing @param docs
  
• EntityQuery accessCheck: menu_ui_get_menu_link_defaults() should not be access sensitive
  
• Error when saving config entity with "Link to entity" checked if field formatters
  
• Layout builder assumes all breadcrumb links are routable
  
• Wrong/Missing variable type hint for $row property of MigrateProcessTestCase class
  
• hook_link_alter() wrong example
  
• Calling system_requirements() can be expensive - do the cheap check first
  
• malformed twig in book-tree tremplate
  
• Off-canvas style resets are overriding styles (especially SVGs) resulting in display issues
  
• Filter glossary view by status
  
• Missing use statement in Drupal\Core\Database\Driver\mysql\Connection
  
• Undefined variable used in /core/modules/system/tests/src/Functional/FileTransfer/TestFileTransfer.php
  
• Set the proper handler type names on EntityTypeInterface::getHandlerClasses documentation
  
• Ensure that moderation can not be enabled for the 'workspace' entity type
  
• oEmbed URL resolution does not take multiple endpoints into account
  
• PHPUnit assertions do not return a value
  
• Incorrect PHPDoc comment for public function FormStateInterface::has($property)
  
• EntityQuery accessCheck: data cleanup should never care about the current user
  
• EntityQuery accessCheck: MediaRevisionAccessCheck::countDefaultLanguageRevisions should not check access
  
• EntityQuery accessCheck: workspacePublisher is wrongly access sensitive
  
• Convert content_moderation, workflows module hook_help() to topic(s)
  
• Optimize LibraryDependencyResolver::getMinimalRepresentativeSubset() and win >=4%
  
• EntityQuery accessCheck: MenuLinkContentDeriver::getDerivativeDefinitions should not be access sensitive
  
• Improve transliteration of Ukrainian letters
  
• Views block description is double-escaped if display name is set
  
• Add documentation for language source plugins
  
• Fix config schema for links and migration of link default values
  
• EntityQuery accessCheck: BlockContentUuidLookup should no be access sensitive
  
• Convert assertions involving use of xpath on textareas to WebAssert
  
• EntityQuery accessCheck: field ui cardinality validation should not be access sensitive
  
• FieldStorageConfigStorage::loadByProperties() with passed 'entity_type' and 'field_name' as conditions doesn't return any result
  
• EntityQuery accessCheck: LayoutBuilderEntityViewDisplayForm hasOverrides()
  
• EntityQuery accessCheck: user_is_blocked() should not be access sensitive
  
• EntityQuery accessCheck: _tracker_remove() updating should not be access sensitive
  
• EntityQuery accessCheck: bundle delete forms should warn of content at risk regardless of access
  
• Incorrect link for initiative responsibilities in MAINTAINERS.txt
  
• Convert assertions involving use of xpath on input tags to WebAssert
  
• EntityQuery accessCheck: Cron functions should never check access
  
• [random test failure] Random fail in media_library CKEditorIntegrationTest
  
• LogicException: Cannot use UTF-8 route patterns without setting the "utf8" option for route
  
• PHPUnit 9.4.3 Fatal error: Trait 'Prophecy\PhpUnit\ProphecyTrait' not found
  
• Test term parent ID in ContentEntityTest

Läs mer: https://www.drupal.org/project/drupal/releases/9.1.6

9.1.5

9 Mars 2021 - 170MB

• ContentEntity migration source adds revision ID as source key, incompatible with Drupal 8.8 and earlier
  
• PhpunitVersionDependentTestCompatibilityTrait has different cases
  
• Row->setSourceProperty() docs are misleading
  
• file_url_transform_relative() cannot handle URLs where the port is different from the site's request port
  
• hook_field_storage_config_update_forbid example uses access to protected member of implementing class
  
• Never generate migration dependencies on derivatives of itself is a self_referencing migration_lookup
  
• "Add new Forum topic" button appears also in forum containers
  
• LanguageInterface lacks @ingroup i18n
  
• New pseudo-fields cannot be removed, InvalidArgumentException thrown
  
• Collapsible nav button text should be more descriptive
  
• Preload the Metropolis-Regular typeface
  
• Remove ::selection style from Olivero
  
• Remove ::selection style from off-canvas dialog reset
  
• Autocomplete input in views exposed filters does not align with select and text inputs
  
• Topic maintainers lack a description in MAINTAINERS.txt
  
• empty migrate source does not populate fields with constants
  
• Update Archive_Tar to 1.4.13
  
• Fix 'Drupal.Commenting.HookComment' coding standard
  
• Views documentation for views_data is misleading
  
• Bulk output entity count errors from migrate_drupal_ui tests
  
• Add documentation for taxonomy terms source plugins
  
• Resolve Olivero config differences after install
  
• Convert assertions involving use of xpath on checkboxes to WebAssert
  
• Fatal error in CommentEntityTranslation @MigrationSource when source site does not have comment or node module installed
  
• Convert assertions involving use of xpath on select and option elements to WebAssert
  
• hook_validation_constraint_alter() example code
  
• Incorrect bundle/bundle key handling in EntityContentBase::processStubRow()
  
• Add optional parameters to StatementInterface::fetchObject() to be in line with the PDO implementation of the method fetchObject()
  
• Do not migrate comment related configurations if "comment" wasn't enabled on the source site
  
• Help block is placed into help region, but that doesn't exist
  
• #states doesn't work correctly with type text_format
  
• Module settings translation migrations should depend on the default settings migration
  
• Add documentation for variable source plugins
  
• If d7_menu_links depends on d7_menu, then node_translation_menu_links should too
  
• d7_shortcut migration should not have a dependency on d7_menu_links
  
• Link to php.net datetime formats documentation incorrect in FieldDateTest.php
  
• Editor module fails to track usage of files embedded in non-core fields
  
• Content types are ordered by machine name on /node/add page (+ similar issues with other entities)
  
• Inconsistent capitalisation for initiative leaders in MAINTAINERS.txt
  
• Migrations invalidate entity caches when trying to reclaim memory, should flush
  
• Drupal 9 MAINTAINERS.txt talks about Drupal 8
  
• None at this time" texts from MAINTAINERS.txt
  
• Fix documentation of StorageConfigBase::validateValue()
  
• UnroutedUrlTest is failing on dev versions of PHP
  
• Outbound HTTP requests fail with KernelTestBase

Läs mer: https://www.drupal.org/project/drupal/releases/9.1.5

9.1.4

4 Februari 2021 - 170MB

• Add Brian Gilbert (realityloop) as a provisional mentoring coordinator
  
• Add database dumps for 9.0.0
  
• Retire "Admin UI and JavaScript Modernisation" initiative in favour of "Decoupled menus" and the upcoming "Easy out of the box" initiative
  
• Launch Decoupled Menus Initiative
  
• Swap assertEqual arguments in preparation to replace with assertEquals
  
• Views "Global: Custom text" field handler should not be sortable
  
• Remove reference to load plugin, LoadEntity
  
• Migrate d6 and d7 block (configs) with title "" with "label_display" set to "0"
  
• Replace usages of deprecated AssertLegacyTrait::assertIdentical
  
• PHP 7.4 notice in views node wizard if a taxonomy field widget is hidden
  
• Make a minor docs improvement to NormalizerBase.php in order for Patchman to see it as a newer version than it was prior to SA-CORE-2019-003
  
• Service container aliases do not work
  
• Swap assertIdentical arguments in preparation to replace with assertSame
  
• Add JavaScript tests for Form API #states: required, visible, invisible, expanded, checked, unchecked
  
• Incorrect example of checking field name in hook_options_list_alter()
  
• Drupal\Component\Pluginception\PluginNotFoundException: The "'"--><" entity type does not exist
  
• Assert the current path on Views AJAX requests is not set with two leading slashes
  
• Convert assertEqual() calls involving NULL, TRUE and FALSE to more appropriate PHPUnit assertions
  
• MimeTypePass has undefined variables
  
• Add subsystem maintainers for Claro
  
• Use the source field main property to determine if the source field has changed
  
• Replace usages of deprecated AssertLegacyTrait::assertNotEqual
  
• Mark i18n migrations as finished
  
• Node previews are cached by dynamic page cache
  
• Entity QueryAggregate does not escape the field
  
• Convert assertIdentical(NULL..) to assertNull(...)
  
• hook_block_alter documentation missing
  
• Document what cache clearing from ContentEntityStorageBase::resetCache() actually clears
  
• Users with the 'administer workspaces' permission can not create a workspace
  
• AssertLegacyTrait::assert(No)Text() in functional tests still have a message passed in
  
• Add test for NULL source value to test of static_map process plugin
  
• "Items per page" checkbox does not stay checked in Views UI when creating a block display
  
• Fix PostgreSQL operator in views
  
• Handle long comment bundle names
  
• Migration sql source plugins can not be serialised because of reference to the database connection
  
• DrupalSqlBase::checkRequirements should test version with $minimum_version
  
• The docblock of Drupal\workspaces\WorkspaceAssociationInterface::deleteAssociations() is not correct
  
• AssertLegacyTrait::assert(No)Text() in functional tests still have a message passed in
  
• It should not be possible to have two dropdown menus appear at the same time within Olivero
  
• Make the Preview button on the Contact Forms to obey the "Manage form display" field settings
  
• RemoveSectionForm assumes there is a label
  
• Fix Umami's responsive layout styles
  
• Can not delete workspace if it has associated content

Läs mer: https://www.drupal.org/project/drupal/releases/9.1.4

9.1.3

(säkerhetsutgåvan)
21 Januari 2021 - 170MBSecurity

• Drupal core - Critical - Third-party library - SA-CORE-2021-001 - The Drupal project uses the pear Archive_Tar library, which has released a security update that impacts Drupal. Exploits may be possible if Drupal is configured to allow .tar, .tar.gz, .bz2, or .tlz file uploads and processes them.

Läs mer: https://www.drupal.org/project/drupal/releases/9.1.3

9.1.2

8 Januari 2021 - 170MBImportant

• This release hotfixes an issue with the 9.1.1 tag, which was applied to the wrong commit.
  
• CKEditor has been updated from from 4.15.0 to 4.15.1 for a security fix that does not affect Drupal.
  
• Chromedriver (a JavaScript development dependency) has been updated from 86.0.0 to 87.0.5 due to a security issue due to a security issue affecting one of its dependencies. (The security issue does not affect Drupal sites.)
  

Changes and Bug Fixes

• Update CKEditor to version 4.15.1
  
• Convert migrate, migrate_drupal, migrate_drupal_multilingual, migrate_drupal_ui module hook_help() to topic(s)
  
• Custom Commands indent: command not found on patches with nightwatch changes
  
• PCRE library version 10.35 with pcre.jit=1 makes \Drupal\Core\StringTranslation\Translator\FileTranslation::getTranslationFilesPattern() regex misbehave
  
• Convert file, image, media, media_library, responsive_image module hook_help() to topic(s)
  
• Menu tree storage does not populate route names for a definition
  
• system_maintenance migrations uses incorrect maintenance mode variable in Drupal 7 migrations
  
• Some tests only go green because they happen to run as UID1
  
• Specify table alias for File migration source plugin getIds method
  
• Holistically refactor use of Olivero's z-index rules to play nice with Core
  
• Convert config module hook_help() to topic(s)
  
• Remove references to WebTestBase
  
• install_check_translations() sometimes incorrectly returns NULL instead of array
  
• Update documented links from form.api.php
  
• DefaultMenuLinkTreeManipulators::collectNodeLinks() incorrectly documents its return value
  
• Displays are attached even when user does not have access
  
• Migrate Drupal 7 user settings
  
• The PHPUnit Initiative is complete!
  
• Add AmyJune Hineline (volkswagenchick) as a provisional mentoring coordinator
  
• Add Chris Darke (ChrisDarke) as a provisional mentoring coordinator
  
• Entity query fails for multi-property base fields if no property is specified
  
• Fix "d7_field_option_translation" process plugin
  
• Main page for api.drupal.org links in Further Information are broken
  
• Add more developer docs for Help Topics
  
• Use a custom error message for PluginNotFoundException in the migratelookup service
  
• Race condition in ImageStyle::createDerivative()
  
• Run same checks as committers do on DrupalCI
  
• EntityStorageBase::loadByProperties() is broken on PostgreSQL when using two or more case insensitive properties
  
• Multiple image upload breaks image dimensions
  
• Attribute.php code snippet not properly escaped
  
• Eliminate parent::prepareRow() calls with ignored return value from all migrate source plugins
  
• Add JavaScript test coverage for adding an exposed filter in Views UI
  
• DelayedRequeueException should call parent, and optionally allow providing default args
  
• Operator labels are not redrawn on filter removal
  
• System site translation shouldn't migrate properties which are not translatable
  
• StaticMap should document how/whether it handles source values of NULL, TRUE, FALSE
  
• Login screen after requesting new password is irrelevant
  
• Wrong language in token_options in user_mail function
  
• The `releaseItem()` and `delayItem()` of `Drupal\Core\Queue\DatabaseQueue` violates interfaces return type specifications
  
• "Callback" process plugin has removed method in the plugin description
  
• Remove redundant kernel tests in the Migrate module
  
• Document that run-tests.sh arguments --class and --file must be last
  
• Text field with multiple values overflows on narrow screens
  
• Allow PostCSS Plugin “Px to Rem” in core for Olivero theme
  
• SQL error on revision export from view
  
• Refactor Olivero's usage of layout CSS class in node--article--full
  
• Sort the options in the "Add view" wizard
  
• ConfigEntityType "missing 'config_export" error message doesn't say what annotation is missing
  
• Sort options should correspond to bundles selected for entity reference field settings
  
• Rename Olivero's "Flex Layout" region description
  
• Search settings migration (d7_search_settings) assumes that the search_default_module variable is always set
  
• Make the version a private class property
  
• Convert assertions involving use of xpath on submit inputs to WebAssert
  
• Return value is expected to be 'MigratePluginManager', 'MigrationPluginManagerInterface' returned
  
• Describe what setInternal does
  
• Layout Builder's ConfigureSectionForm forms do not display validation errors on submit
  
• Moderation State fields generate bad sample data
  
• System mail settings migration (d7_system_mail) assumes that the mail_system variable is always available
  
• Missing word in the documentation for ThirdPartySettingsInterface
  
• The @ContextDefinition annotation always kills the label and the description
  
• Fix typo in FileStorage error message
  
• Remove use of concatenated t() in assertions
  
• Variable comment in menu-local-tasks.html.twig refers to wrong variable
  
• AccountForm should read pass-reset-token only from query string
  
• When target_bundles is not set it produces a PHP notice and causes unexpected error
  
• Password reset process ignores the user's language preference
  
• PHPUnit 9.5 Call to undefined method ::getAnnotations()
  
• Session manager destroy misses isCli check
  
• Remove valthebald from the Core mentoring coordinators
  
• 500 error on passing invalid month to MonthDate view argument handler
  
• Optimise TaggedHandlerPass
  
• On hover link background height issue

Läs mer: https://www.drupal.org/project/drupal/releases/9.1.2

9.1.0

(större version)
4 December 2020 - 170MBWhat's New

• PHP 8 compatibility
  
• Symfony 5 and 6 forward-compatibility
  
• Bug fixes in robots.txt and .htaccess
  
• Drupal project templates no longer use minimum-stability "dev"
  
• Views exposed filter form changes
  
• Change to "Node from URL" context may affect block visibility
  
• SimpleTest stub module can no longer be installed
  

Known issues

• There are a few known issues with the display of form fields in Claro on wide monitors. Work to improve the design is ongoing.

Läs mer: https://www.drupal.org/project/drupal/releases/9.1.0

9.0.14

(säkerhetsutgåvan)
31 Maj 2021 - 170MBMaintenance and security release of the Drupal 9 series. Sites are urged to upgrade immediately after reading the notes below and the security announcement:

Security

• Drupal core - Moderately critical - Cross Site Scripting - SA-CORE-2021-003

Läs mer: https://www.drupal.org/project/drupal/releases/9.0.14

9.0.10

4 December 2020 - 170MB

• d6_term_node_revision references non-existent migration
  
• Don't remove all slashes from filepath in file.php
  
• LayoutBuilderHtmlEntityFormController breaks decoration
  
• Argument 1 passed to Drupal\Core\Form\SubformState::createForSubform() must be of the type array, null given
  
• Datetime-related test failures on PostgreSQL 12
  
• "0" can't be used a path alias, but no error is shown
  
• "Illegal choice 0 in Book element" when switching the book outline field from anything to "- None - "
  
• Path repositories need to be listed first for Composer 2
  
• Drupal 8.9.7 breaks Book Settings Form Validation
  
• Prevent Drupal 8.9 and 9.0 from being installed on PHP 8
  
• Unescaped "@" in ContextProviderInterface doc comment
  
• Always use HTTPS for fetching translations
  
• Notice: Undefined index: title in Drupal\update\ProjectSecurityRequirement
  
• Incorrect typehint documentation for FieldItemInterface::view() and FieldItemListInterface::view(): $display_options could also be a string
  
• Remove unused variable $assert_session in UpdateScriptTest.php, system module
  
• \Drupal\error_test\Controller\ErrorTestController::generateWarnings() notice is not a notice in PHP 8
  
• Correct typo "is has" in a few code comments and tests in core
  
• [8.9/9.0 backport] Fix 'Squiz.PHP.NonExecutableCode' coding standard
  
• [backport] Fix grammar, spelling, and style of the code comments in FormBuilder::prepareForm()
  
• BasicAuthTestTrait::basicAuthPostForm() does not work
  
• Fix Call to deprecated method addAutowiringType() of class Symfony\Component\DependencyInjection\Definition in YamlFileLoader
  
• [random test failure] Make QuickEditIntegrationTest more robust and fail proof
  
• ListInterface::first() return value is documented wrong
  
• The link given in FormState::setRedirect() for the page explaining what values are available for $options param takes to a class documentation page
  
• Inline documentation references removed function `drupal_installation_attempted`
  
• Promote pameeela to non-provisional committer facilitator
  
• Replace "does" to "do" in ProfileFieldCheckRequirementsTest.php
  
• Repetive 'using' word in DbImportCommand.php
  
• Unpublished books appear in the list of books at /book
  
• Remove unused #html property from DateTimeFormatterBase::buildDateWithIsoAttribute
  
• hold_test module creates files in incorrect place leading to possible random errors
  
• Do not decode a contact message twice

Läs mer: https://www.drupal.org/project/drupal/releases/9.0.10

9.0.9

(säkerhetsutgåvan)
29 November 2020 - 170MBSecurity

• Drupal core - Critical - Third-party library - SA-CORE-2020-013 - The PEAR Archive_Tar library has released a security update that impacts Drupal.

Läs mer: https://www.drupal.org/project/drupal/releases/9.0.9

9.0.8

(säkerhetsutgåvan)
20 November 2020 - 170MBSecurity

• Drupal core - Critical - Remote code execution - SA-CORE-2020-012 - Drupal core does not properly sanitize certain filenames on uploaded files, which can lead to files being interpreted as the incorrect extension and served as the wrong MIME type or executed as PHP for certain hosting configurations.

Läs mer: https://www.drupal.org/project/drupal/releases/9.0.8

9.0.7

8 Oktober 2020 - 170MB

• oEmbed validator should use the urlResolver to get the resource URL
  
• Fix English mistake in Connection.php
  
• Migrate empty, and link field
  
• Unused variable $pos in SearchQuery.php, search module
  
• Filename is not shown in the maximum allowed file size error message (w/o using the file_validate_size upload validator)
  
• admin/reports/upgrade redirect doesn't handle view arguments when enabled
  
• Remove unused variable $file_path in ConfigTest.php, system module
  
• The sunset of the API-first initiative
  
• Repeative 'or' word in FieldOptionTranslation.php
  
• Repeated 'not' word in PharExtensionInterceptor.php
  
• [backport] Add taxonomy_term_reference_plain and taxonomy_term_reference_rss_category to TaxonomyTermReference
  
• [backport] node_views_analyze() is never executed because it is in the wrong inc file
  
• MigrateProcessInterface documents ProcessPluginBase behaviour
  
• Remove Unused variable from Path Alias module
  
• SQL error if migration has too many ID fields
  
• ExtensionInstallStorage::createCollection() produces error
  
• Create a separate SourceProviderTest
  
• Add documentation for default_bundle to destination\Entity
  
• Prettier not run on Ckeditors imagecaption's plugin.es6.js
  
• "Symfony\Component\Lock\Factory" is deprecated since Symfony 4.4 and will be removed in 5.0 use "Symfony\Component\Lock\LockFactory" instead
  
• \Drupal\Component\Datetime\DateTimePlus should pass correct parameter types to checkdate()
  
• Not possible to overwrite the upload forms for media library
  
• Don't add term_access tag if SQL rewriting off
  
• Comments from variables.pcss.css create nonuseful noise in compiled css
  
• Combine two tests to one in d7 MigrateFieldTest and MigrateFieldInstance
  
• Remove @todos from migrate credentials form
  
• Disable csslint testing in core
  
• EntityReferenceAutocompleteWidget::getAutocreateBundle() unnecessarily requires the 'target_bundles' setting
  
• NodeLoadMultipleTest.php should be a kernel test
  
• by xjm: More coding standards fixes.
  
• SA-CORE-2020-011 followup by xjm: Clean up coding standards in test.
  
• CKEditorPluginManager::getEnabledButtons throws warnings on PHP 8.0.0 beta3
  
• Migrate messages from caught exceptions need file and line details
  
• Clean-up remains of $form['array_filter'] hack with array_filter in book module
  
• Use of \Drupal\Core\Database\Install\Tasks::getFormOptions() in \Drupal\migrate_drupal_ui\Form\CredentialForm::buildForm() results in confusing description for prefix form element
  
• Unicode::mimeHeaderDecode() doesn't support lowercased encoding
  
• LanguageContentSettingsTaxonomyVocabulary source plugin should only add language column if it exists
  
• SQLBase::mapjoinable still does not support SQLite
  
• Change \Drupal\error_test\Controller\ErrorTestController::generateWarnings() to throw E_NOTICE error compatible with PHP 8
  
• Remove dependency to localize.drupal.org on Nightwatch tests
  
• Add missing tests of filepath to FileTest

Läs mer: https://www.drupal.org/project/drupal/releases/9.0.7

9.0.6

(säkerhetsutgåvan)
21 September 2020 - 170MBSecurity

• Drupal core - Moderately critical - Cross-site scripting - SA-CORE-2020-007 - The Drupal AJAX API does not disable JSONP by default, which can lead to cross-site scripting.
  
• Drupal core - Moderately critical - Access bypass - SA-CORE-2020-008 - The experimental Workspaces module allows you to create multiple workspaces on your site in which draft content can be edited before being published to the live workspace. The Workspaces module doesn't sufficiently check access permissions when switching workspaces, leading to an access bypass vulnerability. An attacker might be able to see content before the site owner intends people to see the content. This vulnerability is mitigated by the fact that sites are only vulnerable if they have installed the experimental Workspaces module.
  
• Drupal core - Critical - Cross-site scripting - SA-CORE-2020-009 - Drupal 8 and 9 have a reflected cross-site scripting (XSS) vulnerability under certain circumstances. An attacker could leverage the way that HTML is rendered for affected forms in order to exploit the vulnerability.
  
• Drupal core - Moderately critical - Cross-site scripting - SA-CORE-2020-010 - Drupal core's built-in CKEditor image caption functionality is vulnerable to XSS.
  
• Drupal core - Moderately critical - Information disclosure - SA-CORE-2020-011 - A vulnerability exists in the File module which allows an attacker to gain access to the file metadata of a permanent private file that they do not have access to by guessing the ID of the file.

Läs mer: https://www.drupal.org/project/drupal/releases/9.0.6

9.0.5

(säkerhetsutgåvan)
3 September 2020 - 170MBThis release provides hotfixes for two issues:

• Yesterday, Symfony issued a security advisory for their symfony/http-client component, which is not used by Drupal. The Symfony release also updated some compatibility code in the symfony/http-kernel component. Although Drupal is not affected by this vulnerability, some site owners reported automated security scanners flagging the http-kernel update as a security update, breaking continuous integration builds, etc. For simplicity, this release updates Drupal's metapackages to use the latest release of symfony/http-kernel (version 4.4.13).
  
• A regression in Drupal 9.0.4 and 8.9.4 caused Paragraphs modal dialogs to not be displayed correctly due to a CSS change in core. The issue that introduced this change has been reverted (#3070375: Hidden buttons in off-canvas dialog are not being hidden) so Paragraphs should again work as expected.

Läs mer: https://www.drupal.org/project/drupal/releases/9.0.5

9.0.4

2 September 2020 - 170MBBug Fixes

• Empty *.libraries.yml file can cause fatal error
  
• Exposed term filters should not show term options that the user does not have access to
  
• Exception is thrown on changing "Site language" setting of a user if user account is translated
  
• Revert "Issue #3101738 by Lendude, jannakha, alexpott, daffie, bkosborne, Berdir: Exposed term filters should not show term options that the user does not have access to"
  
• Exposed term filters should not show term options that the user does not have access to
  
• ExceptionLoggingSubscriber should not log backtrace string on access denied exceptions
  
• $account->getDisplayName() should be used when outputing username in RDF module
  
• Fix DrupalCoreRenderElementEmail documentation
  
• Fatal errors while loading/building orphaned comments
  
• Convert all PHPDoc links targeting JSON:API contrib issues to target Drupal core issues
  
• Reference to RFC5424 severity levels is incorrect
  
• Hidden buttons in off-canvas dialog are not being hidden
  
• rdf comment storage load should not load NULL comments
  
• Views UI tags do not use autocomplete suggestions
  
• The document comment for Image::scaleDimensions() contains a reference to a function that isn't implemented in Drupal 8 and 9
  
• Required fields are not identifiable on Internet Explorer 11 high contrast
  
• oEmbed system does not remove query strings from local thumbnail filenames
  
• More uses of public static $modules
  
• Content moderation state filter incorrectly groups content type condition
  
• [regression] Impossible to filter for resources with an empty relationship object in JSON:API 2.x
  
• Revert "Issue #3112433 by AndyF, Baysaa, Sam152, SpadXIII: Content moderation state filter incorrectly groups content type condition"
  
• Content moderation state filter incorrectly groups content type condition
  
• Correct latest revision for node 1 in drupal6 test fixture
  
• Change static queries to dynamic queries in core/modules/{every module}/tests
  
• Correct PHP CodeSniffer coding-standards violation in autoload.php
  
• [backport] Replace use of whitelist/blacklist in Filter module
  
• Unused variable $id in field module, BulkDeleteTest.php
  
• Typo in DeprecatedServicePropertyTrait

Läs mer: https://www.drupal.org/project/drupal/releases/9.0.4

9.0.3

6 Augusti 2020 - 170MBThis is a bugfix release of Drupal 9 and is ready for use on production sites.

Changes

• Update.php includes link to 'Put site into maintenance mode' for users without permission to use it
  
• Fix error in d7 fixture field_config_instance table
  
• Replace use of whitelist in \Drupal\Core\Utility\ProjectInfo
  
• Replace use of whitelist/blacklist in Big Pipe module
  
• [backport] Replace usages of deprecated AssertLegacyTrait::assert(No)Link()
  
• Fix 18 spelling errors for migrate specific terms
  
• BooleanCheckboxWidget settings summary is not fully translatable
  
• Incorrect Drupal\Composer\VendorHardening namespace is used instead of Drupal\Composer\Plugin\VendorHardening
  
• AssertLegacyTrait::assertPattern() calls in functional tests still have a message passed in
  
• Fix "Don't" relevant typos in core
  
• Unclickable area to switch to a workspace
  
• Remove uses of t() in clickViewsOperationLink(), helperButtonHasLabel() and optionExists() calls
  
• Fix typo "existant" in Core
  
• [Symfony 5.1] Class "Symfony\Component\HttpKernel\Event\ViewEvent" is declared "final" and cannot be mocked
  
• Unused local variables in SelectComplexTest file
  
• Since symfony/http-foundation 5.1: The "Symfony\Component\HttpFoundation\Response::create()" method is deprecated, use "new Drupal\Core\Render\HtmlResponse()" instead
  
• Improve comment in default.settings.php
  
• Avoid initializing a local variable to an empty array before adding items to that array
  
• Update CKEditor to version 4.14.1
  
• The sample batch finished callback function should have the fourth parameter
  
• Can't show 'revision author' on Block content views
  
• Can't show 'revision author' on Media views
  
• EntityAutocomplete form element has no docs on how to use it
  
• Remove $no_operator = TRUE from Views BooleanOperator
  
• [backport] Properly deprecate AssertLegacyTrait::pass
  
• Improve test coverage of \Drupal\Tests\layout_builder\Unit\SectionTest::testUnsetThirdPartySetting()
  
• LocaleTranslation is not serializable
  
• var_export only returns if the second parameter set to TRUE
  
• \Drupal\Component\Utility\Bytes::toInt() - ensure $size is a number type
  
• Drupal::l() / Link::fromTextAndUrl $text documented as string, actually accepts string|array|\Drupal\Component\Render\MarkupInterface
  
• Remove Unused variables from Migrate Drupal module
  
• Remove local unused variables from RequestFormatRouteFilterTest.php file
  
• Fix notice at top of generated CSS files from PCSS
  
• AS keyword should be capitalised in SQL queries
  
• Unused local variables from ScaffoldTest.php file
  
• hook_node_access() no longer fires for the 'create' operation
  
• Remove Unused variable $method_definitions from PathProcessorTest.php file
  
• Avoid directly comparing string to blob in EntityDisplayTest
  
• Fix typos "iids, twoa, twob, roota, rootb, parentc" by refactoring
  
• Name field is always shown on media library form display when adding a new remote video media type
  
• Unrecognised entity operation passed to Menu Link Content throws exceptions
  
• Fix "wiget, escapeable, PHPunit" typos in Core
  
• Remove Unused variable $node_storage from NodeRevisionsUiBypassAccessTest.php file
  
• Remove landmark region role from Powered-by-Drupal block
  
• Unused variable $a in \Drupal axonomy\Plugin\Validation\Constraint\TaxonomyTermHierarchyConstraintValidator::validate()
  
• Not selecting an entity type on Config import single leads to a fatal error
  
• Remove unused variable $node from link module
  
• Unused local variables from ConfigSchemaTest file
  
• Replace protected properties of TempStoreDatabaseTest with local variables
  
• [backport] Setter injection arguments are not checked for unmet dependencies
  
• Fix typos: "exeption|gaurd|ouptut|withut|defintion" in core
  
• LegacyProject and RecommendedProject templates still reference Drupal 8 in the description for Drupal 9 branches
  
• Fix typos: "attibute|uneccesarilly|colletion|constucts|worklow" in core
  
• Add focus behaviour for media widget with max elements
  
• Broken context-aware block plugins throw an unexpected exception
  
• Fix "cache" related typos
  
• select query should quote aliases which are reserved words in MySQL
  
• Fix "finegrained|perfoming|fieldeset" typos in core
  
• Base field purging is not handling translatable fields correctly
  
• Fix 70 spelling mistakes
  
• Document MigrateIdMapInterface
  
• Convert search module hook_help() to topic(s)
  
• Sort order not specified in view test_view_fieldapi, but results must be ordered by nid
  
• Improve description for file paths on the CredentialFrom
  
• Remove unused variables from FormAjaxResponseBuilderTest.php file
  
• Documentation for \Drupal\serialization\RegisterEntityResolversCompilerPass is incorrect
  
• Sorting nested properties of config entity queries does not work
  
• Make the backend overridable service discovery also check the database type for an overridden service
  
• \Drupal\Core\Render\Element\StatusReport::preRenderGroupRequirements() and \Drupal\user\PermissionHandler::sortPermissions() sorts return bools
  
• Sorting nested properties of config entity queries does not work
  
• Harden SubProcess process plugin
  
• Moderation state views filter only works on base table entity
  
• \Drupal\Core\Url ensure fragment is not an empty string
  
• Fixing minor typo in path alias module test files
  
• Use unused variable $filters from DateTimeSchemaTest
  
• Remove Unused variables from Views UI module
  
• Remove weight field from Media Library widget when only single media can be attached
  
• View loses records after adding comment count field
  
• Content Moderation views should join on entity ID
  
• Fix grammar usage of singular/plural
  
• Make every migrate process plugin that provides 'default_value' be able to correctly handle 'NULL' default values
  
• Use American English spelling of "gray"
  
• Fix MissingContentEvent see reference
  
• Testing profile's locale.settings config override is not up-to-date
  
• Fixing comment error in viewAddForm file
  
• Drupal\Core\Config\Entity\Query\Condition::notExists() does not work when parent property is also missing
  
• diacritics are not removed from ǢǣǼǽǮǯ
  
• MapItem base fields cannot be uninstalled
  
• Replace the database query with an entity query in NodeRevisionsTest
  
• Add comment field for 'et' content type to d7 fixture
  
• Sort order not specified in view test_node_revision_uid, but results asserted to be in a specific order
  
• Sort order not specified in view test_node_revision_uid, but results asserted to be in a specific order"
  
• Sort order not specified in view test_node_revision_uid, but results asserted to be in a specific order
  
• The media library should perform access checks against the revision of the entity being edited
  
• Return type of ContentEntityFormInterface::validateForm() seems to be wrong
  
• Fix spelling error in Drupalilter\Plugin\migrate\process\FilterID::getSourceFilterType()
  
• HTML head has alternate hreflang links to unpublished translations
  
• Memory leak - typed data prototypes for field items are not re-used like intended
  
• Connection::__destruct() can't delete the sqlite file
  
• Can't create comments when comment is a base field
  
• assertOffCanvasFormAfterWait() doesn't check for the correct form ID
  
• Render API overview example of placeholders either incorrect or misleading
  
• Bracket-encapsulated field names for static queries in core/tests/Drupal/KernelTests/Core/Database

Läs mer: https://www.drupal.org/project/drupal/releases/9.0.3

9.0.2

9 Juli 2020 - 170MB

• #2914785 Entities with external urls as a uri relationship can not be deleted when menu_link_content is installed
  
• #3149930 Views table settings exposes "Details" field even when empty
  
• #3152003 EndOfTransactionQueriesTest does not include bootstrap.inc early enough for contrib database drivers
  
• #3027763 UnroutedUrlAssembler removes query params array item key in buildExternalUrl()
  
• #3144046 Incorrect example of adding Cache metadata in hook_menu_local_tasks_alter()
  
• #3144354 ModuleInstaller loads .module and .install before allowing classes to autoloaded
  
• #2834525 Permission denied caused by race condition during ensureDirectory should be silenced
  
• #3151520 Replace the database query with an entity query in UserInstallTest
  
• #2120877 Add tests for tracker module's Tools menu link
  
• #2898947 Change "writeable" to "writable" in documentation
  
• #3145930 Tableheader should recalculate on toolbar tray toggle
  
• #3154461 Removing getFormObject call from UserAccountFormFieldsTest
  
• #3151047 Expand LinkWidget test coverage
  
• #3116147 Remove @todo pertaining to RequestHelper::duplicate(), which has been removed
  
• #3138796 Fix the typos "cotrol" and make the one-line summaries containing it conform to standards)
  
• #3154611 Update composer.lock for 9.0.x and 8.9.x based on Composer 1.10 availability
  
• #3146474 Remove Unused variable $next from AggregatorController.php file
  
• #3154533 Fix "Drupal" typos in core
  
• #3153869 Remove leftover of wikimedia/composer-merge-plugin
  
• #3028621 BatchBuilder included files fails
  
• #2904467 Plugins do not preserve integer keys when parsing annotations
  
• #3149799 BasicAuth::authenticate() does not respect the implemented interface
  
• #3154203 Fix "appear" typos in core
  
• #3150731 FileSystemModuleDiscoveryDataProviderTrait needs to use DIRECTORY_SEPARATOR
  
• #3138788 Fix "autcomplete" typos in core
  
• #3138791 Fix "bubbleable" relevant typos in core
  
• #3153722 Make $modules property protected on DuplicateContextualLinksTest, NoMultilingualReviewPageTest and MenuActiveTrail403Test
  
• #3143316 "Getting the base fields is not supported for entity type" exception in ViewsConfigUpdater
  
• #3150471 incorrect constant in docs for DoTrustedCallbackTrait::doTrustedCallback()
  
• #3151091 Replace use of whitelist/blacklist in \Drupal\Component\Utility\Xss and its test and core/lib/Drupal/Core/Render/theme.api.php
  
• #3097540 The 'M' of Machine name overlaps with the green border around text box
  
• #3133033 Fix Drupal.Array.Array.LongLineDeclaration coding standard for instances of the drupalCreateUser() test method
  
• #3143482 Replace README.txt links that have a redirect with the preferred URL (including removing stale references to Drupal 8 docs)
  
• #3143196 Change the download link in CHANGELOG.txt to Drupal 9
  
• #3144331 Update comment in Drupal\Tests\RandomGeneratorTrait::randomStringValidate()
  
• #3135305 Remove Symfony 4.1 compatibility layer from EmailConstraint
  
• #3072305 Notice: Undefined index: #item in user_user_view_alter()
  
• Back to dev.
  
• Merged 9.0.1.
  
• #3139414 Replace usages of deprecated AssertLegacyTrait::assert(No)Link()
  
• #3150474 Inaccurate return type of \Drupal\views\Views::getView()
  
• #3139402 Replace usages of AssertLegacyTrait::assertIdenticalObject(), which is deprecated
  
• #2673688 Remove remains of hook_field_schema()
  
• #3135077 Remove usage of AssertLegacyTrait::pass() from traits
  
• #2947588 Refactor \Drupal\Tests\views\Kernel\ModuleTest::testViewsGetHandler
  
• #3143173 Followup: ProxyBuilder compatibility with Symfony 5 - needs to handle voids correctly
  
• #3150661 FileFieldRSSContentTest uses XPath incorrectly
  
• #3142752 AssertLegacyTrait::assert(No)Escaped() in functional tests still have a message passed in
  
• #3137430 label_collection is defined twice in BlockContentType entity annotation
  
• #3139422 Replace usages of deprecated AssertLegacyTrait::assertOptionByText()
  
• #3139132 Query uses hardcoded LIMIT instead of queryRange()
  
• #3151087 Replace use of whitelist/blacklist in file_munge_filename() and its tests
  
• #2946750 Node revisions forced even if bundle not under moderation workflow
  
• #3020387 Moderation state is the same for all node's translations in edit page
  
• #3150990 Updater::install() crashes on file transfer exceptions
  
• #3023311 Modal dialog style update
  
• #3127918 Add funding info in composer.lock
  
• #3016427 Default timezone selection incorrect
  
• #3146567 Wrong key name in "Missing required key (base_theme)" exception message
  
• #3143604 PhpUnitCompatibility\PhpUnit8\ClassWriter cannot detect PHPUnit source directory when running PHPStan check

Läs mer: https://www.drupal.org/project/drupal/releases/9.0.2

9.0.1

(säkerhetsutgåvan)
17 Juni 2020 - 170MBSecurity

• Drupal core - Critical - Cross-Site Request Forgery - SA-CORE-2020-004 - The Drupal core Form API does not properly handle certain form input from cross-site requests, which can lead to other vulnerabilities.
  
• Drupal core - Critical - Arbitrary PHP code execution - SA-CORE-2020-005 - Drupal 8 and 9 have a remote code execution vulnerability under certain circumstances. An attacker could trick an administrator into visiting a malicious site that could result in creating a carefully named directory on the file system. With this directory in place, an attacker could attempt to brute force a remote code execution vulnerability. Windows servers are most likely to be affected.
  
• Drupal core - Less critical - Access bypass - SA-CORE-2020-006 - JSON:API PATCH requests may bypass validation for certain fields. By default, JSON:API works in a read-only mode which makes it impossible to exploit the vulnerability. Only sites that have the read_only set to FALSE under jsonapi.settings config are vulnerable.

Läs mer: https://www.drupal.org/project/drupal/releases/9.0.1

9.0.0

(större version)
5 Juni 2020 - 170MBThis is the first supported release of the new Drupal 9 major version, and it is ready for use on production sites!

Highlights

• Deprecated code has been removed.
  
• Dependencies have been updated to new major versions as appropriate.
  
• Platform requirements (supported PHP and database versions) have been increased: PHP 7.3+, MySQL 5.7.8+ or MariaDB 10.3.7+
  
• Update system improvements and upgrade path fixes
  
• Migration system improvements
  
• Contributed project versioning improvements
  
• Render array hardening against remote code execution
  
• Removed core modules: Place Blocks has been removed and SimpleTests has been removed from core
  
• Changes to core themes and theme APIs
  
• Frontend (CSS and JavaScript) dependency changes

Läs mer: https://www.drupal.org/project/drupal/releases/9.0.0

8.9.20

(säkerhetsutgåvan)
18 November 2021 - 170MBSecurity

• Drupal core - Critical - Third-party library - SA-CORE-2021-011 - Vulnerabilities are possible if Drupal is configured to allow use of the CKEditor library for WYSIWYG editing. An attacker that can create or edit content (even without access to CKEditor themselves) may be able to exploit one or more Cross-Site Scripting (XSS) vulnerabilities to target users with access to the WYSIWYG CKEditor, including site admins with privileged access.

Läs mer: https://www.drupal.org/project/drupal/releases/8.9.20

8.9.19

(säkerhetsutgåvan)
16 September 2021 - 170MBSecurity

• Drupal core - Moderately critical - Cross Site Request Forgery - SA-CORE-2021-006 - The Drupal core Media module allows embedding internal and external media in content fields. In certain circumstances, the filter could allow an unprivileged user to inject HTML into a page when it is accessed by a trusted user with permission to embed media. In some cases, this could lead to cross-site scripting.
  
• Drupal core - Moderately critical - Cross Site Request Forgery - SA-CORE-2021-007 - The QuickEdit module does not properly validate access to routes, which could allow cross-site request forgery under some circumstances and lead to possible data integrity issues. Sites are only affected if the QuickEdit module (which comes with the Standard profile) is installed.
  
• Drupal core - Moderately critical - Access bypass - SA-CORE-2021-008 - Drupal's JSON:API and REST/File modules allow file uploads through their HTTP APIs. The modules do not correctly run all file validation, which causes an access bypass vulnerability. An attacker might be able to upload files that bypass the file validation process implemented by modules on the site.
  
• Drupal core - Moderately critical - Access bypass - SA-CORE-2021-009 - The QuickEdit module does not properly check access to fields in some circumstances, which can lead to unintended disclosure of field data. Sites are only affected if the QuickEdit module (which comes with the Standard profile) is installed.
  
• Drupal core - Moderately critical - Access bypass - SA-CORE-2021-010 - Under some circumstances, the Drupal core JSON:API module does not properly restrict access to certain content, which may result in unintended access bypass. Sites that do not have the JSON:API module enabled are not affected.

Läs mer: https://www.drupal.org/project/drupal/releases/8.9.19

8.9.18

(säkerhetsutgåvan)
13 Augusti 2021 - 170MBDrupal core - Critical - Third-party library - SA-CORE-2021-005

The Drupal project uses the CKEditor, library for WYSIWYG editing. CKEditor has released a security update that impacts Drupal.

Vulnerabilities are possible if Drupal is configured to allow use of the CKEditor library for WYSIWYG editing. An attacker that can create or edit content (even without access to CKEditor themselves) may be able to exploit one or more Cross-Site Scripting (XSS) vulnerabilities to target users with access to the WYSIWYG CKEditor, including site admins with privileged access.
Läs mer: https://www.drupal.org/project/drupal/releases/8.9.18

8.9.17

(säkerhetsutgåvan)
26 Juli 2021 - 170MBSecurity

• Drupal core - Critical - Third-party library - SA-CORE-2021-004 - The Drupal project uses the pear Archive_Tar library, which has released a security update that impacts Drupal. The vulnerability is mitigated by the fact that Drupal core's use of the Archive_Tar library is not vulnerable, as it does not permit symlinks. Exploitation may be possible if contrib or custom code uses the library to extract tar archives (for example .tar, .tar.gz, .bz2, or .tlz) which come from a potentially untrusted source.

Läs mer: https://www.drupal.org/project/drupal/releases/8.9.17

8.9.16

(säkerhetsutgåvan)
7 Juni 2021 - 170MBThis is a security release of the Drupal 8 series. Sites are urged to upgrade immediately after reading the notes below and the security announcement:

Security

• Drupal core - Moderately critical - Cross Site Scripting - SA-CORE-2021-003

Läs mer: https://www.drupal.org/project/drupal/releases/8.9.16

8.9.15

14 Maj 2021 - 170MB

• Update Underscore.js to the latest version (1.13.1)
  
• [security] Update Nightwatch and locked dev dependencies to address security issues
  
• Update caniuse-lite as it is outdated
  
• Update composer/composer dev dependency in metapackages to 2.0.13
  
• [backport] LocaleTranslation is not serializable
  
• Outbound HTTP requests fail with KernelTestBase
  
• Off-canvas style resets are overriding styles (especially SVGs) resulting in display issues
  
• RoutePreloader: prevent preloading of routes generated by JSON:API
  
• [HEAD BROKEN] Consistent failure in MonthDatePluginTest
  
• [backport] EntityQuery accessCheck: field ui cardinality validation should not be access sensitive
  
• Set access check to FALSE for entityQuery of user in user_is_blocked function
  
• Add tests for SA-CORE-2020-009
  
• Filter glossary view by status
  
• Improve transliteration of Ukrainian letters
  
• ContentEntity migration source adds revision ID as source key, incompatible with Drupal 8.8 and earlier
  
• EntityQuery accessCheck: Cron functions should never check access
  
• [random test failure] Random fail in media_library CKEditorIntegrationTest
  
• Update Archive_Tar to 1.4.13
  
• Editor module fails to track usage of files embedded in non-core fields
  
• 500 error on passing invalid month to MonthDate view argument handler
  
• UnroutedUrlTest is failing on dev versions of PHP
  
• Make a minor docs improvement to NormalizerBase.php in order for Patchman to see it as a newer version than it was prior to SA-CORE-2019-003

Läs mer: https://www.drupal.org/project/drupal/releases/8.9.15

8.9.14

(säkerhetsutgåvan)
22 April 2021 - 170MBSecurity

• Drupal core - Critical - Cross-site scripting - SA-CORE-2021-002 - Drupal core's sanitization API fails to properly filter cross-site scripting under certain circumstances. Not all sites and users are affected, but configuration changes to prevent the exploit might be impractical and will vary between sites. Therefore, we recommend all sites update to this release as soon as possible.

Läs mer: https://www.drupal.org/project/drupal/releases/8.9.14

8.9.13

(säkerhetsutgåvan)
21 Januari 2021 - 170MBSecurity

• Drupal core - Critical - Third-party library - SA-CORE-2021-001 - The Drupal project uses the pear Archive_Tar library, which has released a security update that impacts Drupal. Exploits may be possible if Drupal is configured to allow .tar, .tar.gz, .bz2, or .tlz file uploads and processes them.

Läs mer: https://www.drupal.org/project/drupal/releases/8.9.13

8.9.11

4 December 2020 - 170MBBug Fixes

• d6_term_node_revision references non-existent migration
  
• Argument 1 passed to Drupal\Core\Form\SubformState::createForSubform() must be of the type array, null given
  
• Datetime-related test failures on PostgreSQL 12
  
• "0" can't be used a path alias, but no error is shown
  
• "Illegal choice 0 in Book element" when switching the book outline field from anything to "- None - "
  
• Do not decode a contact message twice
  
• Path repositories need to be listed first for Composer 2
  
• Drupal 8.9.7 breaks Book Settings Form Validation
  
• Prevent Drupal 8.9 and 9.0 from being installed on PHP 8

Läs mer: https://www.drupal.org/project/drupal/releases/8.9.11

8.9.10

(säkerhetsutgåvan)
29 November 2020 - 170MBSecurity

• Drupal core - Critical - Third-party library - SA-CORE-2020-013

Läs mer: https://www.drupal.org/project/drupal/releases/8.9.10

8.9.9

(säkerhetsutgåvan)
20 November 2020 - 170MBSecurity

• Drupal core - Critical - Remote code execution - SA-CORE-2020-012 - Drupal core does not properly sanitize certain filenames on uploaded files, which can lead to files being interpreted as the incorrect extension and served as the wrong MIME type or executed as PHP for certain hosting configurations.

Läs mer: https://www.drupal.org/project/drupal/releases/8.9.9

8.9.8

6 November 2020 - 170MB

• Unescaped "@" in ContextProviderInterface doc comment
  
• Always use HTTPS for fetching translations
  
• Notice: Undefined index: title in Drupal\update\ProjectSecurityRequirement
  
• Incorrect typehint documentation for FieldItemInterface::view() and FieldItemListInterface::view(): $display_options could also be a string
  
• [backport] Allow attributes passed with CSS in libraries (SRI)
  
• Correct typo "is has" in a few code comments and tests in core
  
• [8.9/9.0 backport] Fix 'Squiz.PHP.NonExecutableCode' coding standard
  
• [backport] Fix grammar, spelling, and style of the code comments in FormBuilder::prepareForm()
  
• BasicAuthTestTrait::basicAuthPostForm() does not work
  
• ListInterface::first() return value is documented wrong
  
• The link given in FormState::setRedirect() for the page explaining what values are available for $options param takes to a class documentation page
  
• Promote pameeela to non-provisional committer facilitator
  
• Replace "does" to "do" in ProfileFieldCheckRequirementsTest.php
  
• Repetive 'using' word in DbImportCommand.php
  
• Unpublished books appear in the list of books at /book
  
• Remove unused *:buildDateWithIsoAttribute
  
• hold_test module creates files in incorrect place leading to possible random errors
  
• hold_test module creates files in incorrect place leading to possible random errors

Läs mer: https://www.drupal.org/project/drupal/releases/8.9.8

8.9.7

9 Oktober 2020 - 170MB

• oEmbed validator should use the urlResolver to get the resource URL
  
• Fix English mistake in Connection.php
  
• admin/reports/upgrade redirect doesn't handle view arguments when enabled
  
• Migrate empty, and link field
  
• Unused variable $pos in SearchQuery.php, search module
  
• Filename is not shown in the maximum allowed file size error message (w/o using the file_validate_size upload validator)
  
• Fatal errors while loading/building orphaned comments
  
• Remove unused variable $file_path in ConfigTest.php, system module
  
• Repeative 'or' word in FieldOptionTranslation.php
  
• Repeated 'not' word in PharExtensionInterceptor.php
  
• [backport] Add taxonomy_term_reference_plain and taxonomy_term_reference_rss_category to TaxonomyTermReference
  
• [backport] node_views_analyze() is never executed because it is in the wrong inc file
  
• MigrateProcessInterface documents ProcessPluginBase behaviour
  
• EntityReferenceAutocompleteWidget::getAutocreateBundle() unnecessarily requires the 'target_bundles' setting
  
• Revert "Create a separate SourceProviderTest"
  
• Remove Unused variable from Path Alias module
  
• Create a separate SourceProviderTest
  
• Add documentation for default_bundle to destination\Entity
  
• Prettier not run on Ckeditors imagecaption's plugin.es6.js
  
• \Drupal\Component\Datetime\DateTimePlus should pass correct parameter types to checkdate()
  
• Not possible to overwrite the upload forms for media library
  
• Don't add term_access tag if SQL rewriting off
  
• Comments from variables.pcss.css create nonuseful noise in compiled css
  
• Combine two tests to one in d7 MigrateFieldTest and MigrateFieldInstance
  
• Update docs link to EntityStorageInterface::delete() in core/includes/entity.inc
  
• Remove @todos from migrate credentials form
  
• Disable csslint testing in core
  
• More coding standards fixes.
  
• Clean up coding standards in test.
  
• CKEditorPluginManager::getEnabledButtons throws warnings on PHP 8.0.0 beta3
  
• Migrate messages from caught exceptions need file and line details
  
• SQLBase::mapjoinable still does not support SQLite
  
• Clean-up remains of $form['array_filter'] hack with array_filter in book module
  
• Use of \Drupal\Core\Database\Install\Tasks::getFormOptions() in \Drupal\migrate_drupal_ui\Form\CredentialForm::buildForm() results in confusing description for prefix form element
  
• Unicode::mimeHeaderDecode() doesn't support lowercased encoding
  
• LanguageContentSettingsTaxonomyVocabulary source plugin should only add language column if it exists
  
• oEmbed system does not remove query strings from local thumbnail filenames
  
• The media library should perform access checks against the revision of the entity being edited
  
• Remove dependency to localize.drupal.org on Nightwatch tests
  
• Add missing tests of filepath to FileTest

Läs mer: https://www.drupal.org/project/drupal/releases/8.9.7

8.9.6

(säkerhetsutgåvan)
22 September 2020 - 170MBSecurity

• Drupal core - Moderately critical - Cross-site scripting - SA-CORE-2020-007 - The Drupal AJAX API does not disable JSONP by default, which can lead to cross-site scripting.
  
• Drupal core - Moderately critical - Access bypass - SA-CORE-2020-008 - The experimental Workspaces module allows you to create multiple workspaces on your site in which draft content can be edited before being published to the live workspace. The Workspaces module doesn't sufficiently check access permissions when switching workspaces, leading to an access bypass vulnerability. An attacker might be able to see content before the site owner intends people to see the content. This vulnerability is mitigated by the fact that sites are only vulnerable if they have installed the experimental Workspaces module.
  
• Drupal core - Critical - Cross-site scripting - SA-CORE-2020-009 - Drupal 8 and 9 have a reflected cross-site scripting (XSS) vulnerability under certain circumstances. An attacker could leverage the way that HTML is rendered for affected forms in order to exploit the vulnerability.
  
• Drupal core - Moderately critical - Cross-site scripting - SA-CORE-2020-010 - Drupal core's built-in CKEditor image caption functionality is vulnerable to XSS.
  
• Drupal core - Moderately critical - Information disclosure - SA-CORE-2020-011 - A vulnerability exists in the File module which allows an attacker to gain access to the file metadata of a permanent private file that they do not have access to by guessing the ID of the file.

Läs mer: https://www.drupal.org/project/drupal/releases/8.9.6

8.9.5

(säkerhetsutgåvan)
4 September 2020 - 170MB8.9.5

This release provides hotfixes for two issues:

• Yesterday, Symfony issued a security advisory for their symfony/http-client component, which is not used by Drupal. The Symfony release also updated some compatibility code in the symfony/http-kernel component. Although Drupal is not affected by this vulnerability, some site owners reported automated security scanners flagging the http-kernel update as a security update, breaking continuous integration builds, etc. For simplicity, this release updates Drupal's metapackages to use the latest release of symfony/http-kernel (version 4.4.13).
  
• A regression in Drupal 9.0.4 and 8.9.4 caused Paragraphs modal dialogs to not be displayed correctly due to a CSS change in core. The issue that introduced this change has been reverted (#3070375: Hidden buttons in off-canvas dialog are not being hidden) so Paragraphs should again work as expected.
  

8.9.4

Bug Fixes

• Empty *.libraries.yml file can cause fatal error
  
• Exposed term filters should not show term options that the user does not have access to
  
• Exception is thrown on changing "Site language" setting of a user if user account is translated
  
• ExceptionLoggingSubscriber should not log backtrace string on access denied exceptions
  
• Fix DrupalCoreRenderElementEmail documentation
  
• Convert all PHPDoc links targeting JSON:API contrib issues to target Drupal core issues
  
• Reference to RFC5424 severity levels is incorrect
  
• The document comment for Image::scaleDimensions() contains a reference to a function that isn't implemented in Drupal 8 and 9
  
• Required fields are not identifiable on Internet Explorer 11 high contrast
  
• Content moderation state filter incorrectly groups content type condition
  
• Correct latest revision for node 1 in drupal6 test fixture
  
• Change static queries to dynamic queries in core/modules/{every module}/tests
  
• Correct PHP CodeSniffer coding-standards violation in autoload.php
  
• Unused variable $id in field module, BulkDeleteTest.php
  
• Typo in DeprecatedServicePropertyTrait
  
• [backport] rdf comment storage load should not load NULL comments
  
• [backport] Views UI tags do not use autocomplete suggestions
  
• [backport] Hidden buttons in off-canvas dialog are not being hidden
  
• [backport] $account->getDisplayName() should be used when outputing username in RDF module
  
• [backport] Replace use of whitelist/blacklist in Filter module
  
• [regression] Impossible to filter for resources with an empty relationship object in JSON:API 2.x

Läs mer: https://www.drupal.org/project/drupal/releases/8.9.5

8.9.3

7 Augusti 2020 - 170MBThis is a bugfix release of Drupal 8 and is ready for use on production sites.

Changes

• Update.php includes link to 'Put site into maintenance mode' for users without permission to use it
  
• Fix error in d7 fixture field_config_instance table
  
• Replace use of whitelist in \Drupal\Core\Utility\ProjectInfo
  
• Replace use of whitelist/blacklist in Big Pipe module
  
• Fix 18 spelling errors for migrate specific terms
  
• var_export only returns if the second parameter set to TRUE
  
• \Drupal\Component\Utility\Bytes::toInt() - ensure $size is a number type
  
• [backport] Drupal::l() / Link::fromTextAndUrl $text documented as string, actually accepts string|array|\Drupal\Component\Render\MarkupInterface
  
• [backport] Replace usages of deprecated AssertLegacyTrait::assert(No)Link()
  
• Update CKEditor to version 4.14.1
  
• BooleanCheckboxWidget settings summary is not fully translatable
  
• Incorrect Drupal\Composer\VendorHardening namespace is used instead of Drupal\Composer\Plugin\VendorHardening
  
• AssertLegacyTrait::assertPattern() calls in functional tests still have a message passed in
  
• Fix "Don't" relevant typos in core
  
• Unclickable area to switch to a workspace
  
• Remove uses of t() in clickViewsOperationLink(), helperButtonHasLabel() and optionExists() calls
  
• Fix typo "existant" in Core
  
• Unused local variables in SelectComplexTest file
  
• Improve comment in default.settings.php
  
• Avoid initializing a local variable to an empty array before adding items to that array
  
• EntityAutocomplete form element has no docs on how to use it
  
• Remove $no_operator = TRUE from Views BooleanOperator
  
• [backport] Properly deprecate AssertLegacyTrait::pass
  
• Improve test coverage of \Drupal\Tests\layout_builder\Unit\SectionTest::testUnsetThirdPartySetting()
  
• Remove local unused variables from RequestFormatRouteFilterTest.php file
  
• AS keyword should be capitalised in SQL queries
  
• Unused local variables from ScaffoldTest.php file
  
• hook_node_access() no longer fires for the 'create' operation
  
• Remove Unused variable $method_definitions from PathProcessorTest.php file
  
• Pathauto requirements confusing message when running -dev
  
• Avoid directly comparing string to blob in EntityDisplayTest
  
• Fix typos "iids, twoa, twob, roota, rootb, parentc" by refactoring
  
• Name field is always shown on media library form display when adding a new remote video media type
  
• Unrecognised entity operation passed to Menu Link Content throws exceptions
  
• Update composer/installers in root composer.json and lock so we can use Composer 2
  
• Fix "wiget, escapeable, PHPunit" typos in Core
  
• Remove Unused variable $node_storage from NodeRevisionsUiBypassAccessTest.php file
  
• Remove landmark region role from Powered-by-Drupal block
  
• Unused variable $a in \Drupal axonomy\Plugin\Validation\Constraint\TaxonomyTermHierarchyConstraintValidator::validate()
  
• Not selecting an entity type on Config import single leads to a fatal error
  
• Remove unused variable $node from link module
  
• Unused local variables from ConfigSchemaTest file
  
• [backport] Setter injection arguments are not checked for unmet dependencies
  
• Fix typos: "exeption|gaurd|ouptut|withut|defintion" in core
  
• Fix typos: "attibute|uneccesarilly|colletion|constucts|worklow" in core
  
• Add focus behaviour for media widget with max elements
  
• Broken context-aware block plugins throw an unexpected exception
  
• Fix "cache" related typos
  
• select query should quote aliases which are reserved words in MySQL
  
• Base field purging is not handling translatable fields correctly
  
• [backport] Remove leftover of wikimedia/composer-merge-plugin
  
• Document MigrateIdMapInterface
  
• Sort order not specified in view test_view_fieldapi, but results must be ordered by nid
  
• Improve description for file paths on the CredentialFrom
  
• Remove unused variables from FormAjaxResponseBuilderTest.php file
  
• Documentation for \Drupal\serialization\RegisterEntityResolversCompilerPass is incorrect
  
• Sorting nested properties of config entity queries does not work
  
• Can't create comments when comment is a base field
  
• \Drupal\Core\Render\Element\StatusReport::preRenderGroupRequirements() and \Drupal\user\PermissionHandler::sortPermissions() sorts return bools
  
• Sorting nested properties of config entity queries does not work
  
• Harden SubProcess process plugin
  
• Moderation state views filter only works on base table entity
  
• \Drupal\Core\Url ensure fragment is not an empty string
  
• Fixing minor typo in path alias module test files
  
• Use unused variable $filters from DateTimeSchemaTest
  
• Remove Unused variables from Views UI module
  
• View loses records after adding comment count field
  
• Content Moderation views should join on entity ID
  
• Fix grammar usage of singular/plural
  
• Fix MissingContentEvent see reference
  
• Testing profile's locale.settings config override is not up-to-date
  
• Fixing comment error in viewAddForm file
  
• Drupal\Core\Config\Entity\Query\Condition::notExists() does not work when parent property is also missing
  
• diacritics are not removed from ǢǣǼǽǮǯ
  
• Replace the database query with an entity query in NodeRevisionsTest
  
• Add comment field for 'et' content type to d7 fixture
  
• Sort order not specified in view test_node_revision_uid, but results asserted to be in a specific order
  
• Sort order not specified in view test_node_revision_uid, but results asserted to be in a specific order"
  
• Sort order not specified in view test_node_revision_uid, but results asserted to be in a specific order
  
• Return type of ContentEntityFormInterface::validateForm() seems to be wrong
  
• Fix spelling error in Drupalilter\Plugin\migrate\process\FilterID::getSourceFilterType()
  
• Update instances of Drupal\Core\Pager\RequestPagerInterface with Drupal\Core\Pager\PagerParametersInterface
  
• HTML head has alternate hreflang links to unpublished translations
  
• Memory leak - typed data prototypes for field items are not re-used like intended
  
• Can't create comments when comment is a base field
  
• assertOffCanvasFormAfterWait() doesn't check for the correct form ID
  
• Render API overview example of placeholders either incorrect or misleading

Läs mer: https://www.drupal.org/project/drupal/releases/8.9.3

8.9.2

9 Juli 2020 - 170MB

• #2914785 Entities with external urls as a uri relationship can not be deleted when menu_link_content is installed
  
• #3149930 Views table settings exposes "Details" field even when empty
  
• #3152003 EndOfTransactionQueriesTest does not include bootstrap.inc early enough for contrib database drivers
  
• #3027763 UnroutedUrlAssembler removes query params array item key in buildExternalUrl()
  
• #3144046 Incorrect example of adding Cache metadata in hook_menu_local_tasks_alter()
  
• #3144354 ModuleInstaller loads .module and .install before allowing classes to autoloaded
  
• #2834525 Permission denied caused by race condition during ensureDirectory should be silenced
  
• #3151520 Replace the database query with an entity query in UserInstallTest
  
• #2120877 Add tests for tracker module's Tools menu link
  
• #2898947 Change "writeable" to "writable" in documentation
  
• #3145930 Tableheader should recalculate on toolbar tray toggle
  
• #3154461 Removing getFormObject call from UserAccountFormFieldsTest
  
• #3116147 Remove @todo pertaining to RequestHelper::duplicate(), which has been removed
  
• #3138796 Fix the typos "cotrol" and make the one-line summaries containing it conform to standards)
  
• #3154611 Update composer.lock for 9.0.x and 8.9.x based on Composer 1.10 availability
  
• #3146474 Remove Unused variable $next from AggregatorController.php file
  
• #3154533 Fix "Drupal" typos in core
  
• #3028621 BatchBuilder included files fails
  
• #2904467 Plugins do not preserve integer keys when parsing annotations
  
• #3149799 BasicAuth::authenticate() does not respect the implemented interface
  
• #3154203 Fix "appear" typos in core
  
• #3150731 FileSystemModuleDiscoveryDataProviderTrait needs to use DIRECTORY_SEPARATOR
  
• #3138788 Fix "autcomplete" typos in core
  
• #3138791 Fix "bubbleable" relevant typos in core
  
• #3143316 "Getting the base fields is not supported for entity type" exception in ViewsConfigUpdater
  
• Revert "Issue #3143316 "Getting the base fields is not supported for entity type" exception in ViewsConfigUpdater"
  
• #3143316 "Getting the base fields is not supported for entity type" exception in ViewsConfigUpdater
  
• #3150471 incorrect constant in docs for DoTrustedCallbackTrait::doTrustedCallback()
  
• #3151091 Replace use of whitelist/blacklist in \Drupal\Component\Utility\Xss and its test and core/lib/Drupal/Core/Render/theme.api.php
  
• #3097540 The 'M' of Machine name overlaps with the green border around text box
  
• #3133033 Fix Drupal.Array.Array.LongLineDeclaration coding standard for instances of the drupalCreateUser() test method
  
• #3153677 Lockfile hash is wrong in 8.9.x since 8.9.1, causing test failures on PHP 7.3+
  
• #3143196 Change the download link in CHANGELOG.txt to Drupal 9
  
• #3072305 Notice: Undefined index: #item in user_user_view_alter()
  
• Back to dev.
  
• Merged 8.9.1.
  
• #3139414 Replace usages of deprecated AssertLegacyTrait::assert(No)Link()
  
• #3150474 Inaccurate return type of \Drupal\Views\Views::getView()
  
• #3139402 Replace usages of AssertLegacyTrait::assertIdenticalObject(), which is deprecated
  
• #2673688 Remove remains of hook_field_schema()
  
• #2947588 Refactor \Drupal\Tests\Views\Kernel\ModuleTest::testViewsGetHandler
  
• #3150661 FileFieldRSSContentTest uses XPath incorrectly
  
• #2937513 Fix 'Drupal.Commenting.DocComment.TagGroupSpacing' coding standard
  
• #3142752 AssertLegacyTrait::assert(No)Escaped() in functional tests still have a message passed in
  
• #3137430 label_collection is defined twice in BlockContentType entity annotation
  
• #3139422 Replace usages of deprecated AssertLegacyTrait::assertOptionByText()
  
• #3139132 Query uses hardcoded LIMIT instead of queryRange()
  
• #2946750 Node revisions forced even if bundle not under moderation workflow
  
• #3020387 Moderation state is the same for all node's translations in edit page
  
• #3151087 Replace use of whitelist/blacklist in file_munge_filename() and its tests
  
• #3127918 Add funding info in composer.lock
  
• #3150990 Updater::install() crashes on file transfer exceptions

Läs mer: https://www.drupal.org/project/drupal/releases/8.9.2

8.9.1

(säkerhetsutgåvan)
17 Juni 2020 - 170MBSecurity

• Drupal core - Critical - Cross-Site Request Forgery - SA-CORE-2020-004 - The Drupal core Form API does not properly handle certain form input from cross-site requests, which can lead to other vulnerabilities.
  
• Drupal core - Critical - Arbitrary PHP code execution - SA-CORE-2020-005 - Drupal 8 and 9 have a remote code execution vulnerability under certain circumstances. An attacker could trick an administrator into visiting a malicious site that could result in creating a carefully named directory on the file system. With this directory in place, an attacker could attempt to brute force a remote code execution vulnerability. Windows servers are most likely to be affected.
  
• Drupal core - Less critical - Access bypass - SA-CORE-2020-006 - JSON:API PATCH requests may bypass validation for certain fields. By default, JSON:API works in a read-only mode which makes it impossible to exploit the vulnerability. Only sites that have the read_only set to FALSE under jsonapi.settings config are vulnerable.

Läs mer: https://www.drupal.org/project/drupal/releases/8.9.1

8.9.0

(större version)
4 Juni 2020 - 170MBThis minor release provides improvements without breaking backward compatibility (BC) for public APIs. There may be changes in internal APIs and experimental modules that require updates to contributed and custom modules and themes per Drupal core's backwards compatibility and experimental module policies.

Drupal 8.9 is the final minor release of the 8.x series. It is a long-term support (LTS) version, and will be supported until November 2021. It also provides the same public API as Drupal 9.0 aside from deprecated code and dependency changes.

All changes

• #3134648 by alexpott, dww, greg.1.anderson, hussainweb, catch, xjm, Mixologic: [backport, needs scheduling] Don't pin the composer/installers version in drupal/core-recommended
  
• #3118741 by dww, lauriii, xjm, nod_, tedbow, longwave, catch: [Security] Update yarn dependencies to fix security issues
  
• by xjm: Revert PHPCS ruleset to 8.9.0-rc1 because enabling rules is not an allowed change during RC.
  
• #2824935 by idebr, mfernea, Deepak Goyal, pfrenssen, longwave, hgunicamp, jofitz, andypost, daffie: Fix Squiz.ControlStructures.SwitchDeclaration coding standard
  
• #3109795 by alexpott, Berdir: Entity plural label context is not set as expected
  
• #3144204 by alexpott, jungle, longwave: Update Drupal 8.9's dependencies prior to release
  
• #3143722 by shaal, jungle, xjm: Update symfony/http-foundation to 3.4.35 (a security release)
  
• #2891603 by eiriksm, alexpott, charlietoleary, Grayle, drclaw, fgm: Contextual links can't handle multiple occurrences of the same contextual links (again)
  
• #2983452 by ridhimaabrol24, Kwadz, cburschka, jungle, somersoft, julienjoye, dhirendra.mishra, beram, daffie, alexpott: Improve support for SQLite in memory database
  
• #3123095 by quietone, Neslee Canil Pinto, benjifisher, mikelutz, catch: Rollback of complete node migration fails
  
• #2710407 by bobbygryzynger, dww, Kingdutch, Krzysztof Doma≈Ñski, jp.stacey, johnny5th, tea.time, joachim, andileco, Lendude, xjm, percoction: Option for 'Transform dashes in URL to spaces in term name filter values' on term arguments doesn't affect the query
  
• #2969231 by quietone, NickDickinsonWilde, joachim, xjm: errors in migration process configuration don't give a clear message
  
• #3123065 by jungle, daffie: Fix 'Drupal.NamingConventions.ValidClassName' coding standard
  
• #3138774 by sja112, mohrerao, shalinigaur: Fix "DoesNot" relevant typos in core
  
• #3143085 by neclimdul: Define and optimize alias definition in OptimizedPhpArrayDumper
  
• #2901745 by kostyashupenko, pazhyn, MerryHamster, ridhimaabrol24, andypost, vacho, longwave, mfernea: Fix 'PSR2.Namespaces.UseDeclaration.UseAfterNamespace' coding standard
  
• #3123068 by longwave: Fix 'Drupal.Semantics.FunctionT.ConcatString' coding standard
  
• #2937552 by longwave: Fix 'Drupal.Commenting.DocComment.TagsNotGrouped' coding standard
  
• #3138793 by sja112, mohrerao: Fix "configuration" relevant typos in core
  
• #3138801 by sja112, ankit.singh: Fix "readily" relevant typos in core
  
• #3138787 by mohrerao, sja112: Fix "response" relevant typos in core
  
• #3138718 by sja112, longwave, dww, xjm, alexpott: Convert British English spellings to American English, for the umpteenth time
  
• #3138802 by sja112, kkalashnikov: Fix "snafus" relevant typos in core
  
• #3138803 by sja112: Fix "strength" relevant typos in core
  
• #3138792 by sja112, dww: Fix "compatibility" relevant typos in core
  
• #3138799 by sja112, kkalashnikov: Fix "description" relevant typos in core
  
• #3138786 by sja112, mohrerao: Fix "Protected" relevant typos in core
  
• #3138785 by sja112, ankit.singh: Fix "Picasso" relevant typos in core
  
• #3138775 by sja112, mohrerao: Fix "Monoceros" relevant typos in core
  
• #3143339 by mohrerao, mondrake, longwave: Clean up the arguments of calls to WebAssert::titleEquals() and AssertLegacyTrait::assertTitle()
  
• #3138591 by ankit.singh, benjifisher, xjm, mikelutz, andypost: [D8 only] Add missing E_USER_DEPRECATED to deprecation notices
  
• Revert "Issue #3128880 by daffie, alexpott, mondrake: Make ConnectionUnitTest also run for PostgreSQL"
  
• #3143115 by Ramya Balasubramanian, mrinalini9, atul4drupal, xjm: README.txt file format for Drupal
  
• #3139218 by sja112, mondrake, xjm, ketikagrover, daffie: Replace usages of AssertLegacyTrait::assertResponse(), which is deprecated
  
• #3133798 by Beakerboy, daffie: Semicolon removed from query even when it is allowed
  
• #3138789 by sja112, jungle, Maithri Shetty: Fix "blockquote" relevant typos in core
  
• #3138778 by sja112, jungle: Fix "Nourriture" relevant typos in core
  
• #3138783 by mohrerao, jungle, DevJoJodae: Fix "Partially" relevant typos in core
  
• #3138772 by sja112, kkalashnikov, jungle, DevJoJodae: Fix "Disable" relevant typos in core
  
• #1831560 by acbramley, CRZDEV, mvwensen, fago, David_Rothstein, harsha012, Lendude, mrinalini9, Devin Carlson, borisson_, Gábor Hojtsy: Remove Html::resetSeenIds() call during form processing
  
• #3002820 by daffie, pavnish, dww, sokru, mmjvb: PHP Warning in template_preprocess_update_report(): Invalid argument supplied for foreach()
  
• #3139439 by Bunty Badgujar, mondrake, xjm, daffie: Replace usages of deprecated AssertLegacyTrait::assertHeader()
  
• #3139403 by sja112, mondrake, xjm: Replace usages of deprecated AssertLegacyTrait::assertElement(Not)Present()
  
• #2766135 by hchonov, jeroen.b, amateescu, neclimdul, gordon, chipway, jmuzz, timmillwood, daffie: EntityQuery with condition on the revision field leads to wrong results
  
• #3128880 by daffie, alexpott, mondrake: Make ConnectionUnitTest also run for PostgreSQL
  
• #3134308 by quietone, mrinalini9, benjifisher, xjm: Change 'is was' to 'is' in comments
  
• #3101214 by mrinalini9, Sutharsan, Kristen Pol: Document that Core is implicitly allowed to scaffold files
  
• #3055055 by hash6, scott_euser, jhodgdon, amarphule, anmolgoyal74, Gayathri J, jenniferaube, alonaoneill, diqidoq, kishor_kolekar, abhisekmazumdar: Convert appearance-related modules: breakpoint, color, layout_builder, layout_discovery module hook_help() to topic(s)
  
• #3097651 by kishor_kolekar, sauravk, reinchek, Neslee Canil Pinto, Adam Szalapski, sibustephen, ravi.shankar, kostyashupenko, Krzysztof Doma≈Ñski, KondratievaS, lauriii, ckrina: Implement secondary tabs based on the designs
  
• #2974640 by ilya.no, Berdir: ExposedFormPluginBase::exposedFormAlter() sets a bogus weight key
  
• #3071682 by Sam152, Roensby, phenaproxima, Wim Leers: The oembed Resource value object should be more permissive for NULL dimensions
  
• #3044059 by jhodgdon, vadim.hirbu, Gayathri J, Vitor Faria, sukottokun, ChrisBee, BramDriesen, rkoller: Convert big_pipe, dynamic_page_cache, page_cache module hook_help() to topic(s)
  
• #3047806 by jhodgdon, Gayathri J, thejimbirch, anmolgoyal74, luwoldy, batigolix, shimpy, alonaoneill, volkswagenchick, tatarbj, Amber Himes Matz, rkoller, CelSki, xjm: Convert book.module hook_help() to topic(s)
  
• #3101210 by mrinalini9, Sutharsan, Kristen Pol, greg.1.anderson: Remove 'overwrite' as documented example in scaffold options

Läs mer: https://www.drupal.org/project/drupal/releases/8.9.0

8.8.12

(säkerhetsutgåvan)
29 November 2020 - 170MBSecurity

• Drupal core - Critical - Third-party library - SA-CORE-2020-013

Läs mer: https://www.drupal.org/project/drupal/releases/8.8.12

8.8.8

(säkerhetsutgåvan)
17 Juni 2020 - 170MBSecurity

• Drupal core - Critical - Cross-Site Request Forgery - SA-CORE-2020-004 - The Drupal core Form API does not properly handle certain form input from cross-site requests, which can lead to other vulnerabilities.
  
• Drupal core - Critical - Arbitrary PHP code execution - SA-CORE-2020-005 - Drupal 8 and 9 have a remote code execution vulnerability under certain circumstances. An attacker could trick an administrator into visiting a malicious site that could result in creating a carefully named directory on the file system. With this directory in place, an attacker could attempt to brute force a remote code execution vulnerability. Windows servers are most likely to be affected.
  
• Drupal core - Less critical - Access bypass - SA-CORE-2020-006 - JSON:API PATCH requests may bypass validation for certain fields. By default, JSON:API works in a read-only mode which makes it impossible to exploit the vulnerability. Only sites that have the read_only set to FALSE under jsonapi.settings config are vulnerable.

Läs mer: https://www.drupal.org/project/drupal/releases/8.8.8

8.8.6

(säkerhetsutgåvan)
20 Maj 2020 - 170MBSecurity

• Drupal core - Moderately critical - Third-party libraries - SA-CORE-2020-002 - The jQuery project released version 3.5.0, and as part of that, disclosed two security vulnerabilities that affect all prior versions.

Läs mer: https://www.drupal.org/project/drupal/releases/8.8.6

8.8.5

3 April 2020 - 170MBThis is a patch release of Drupal 8 and is ready for use on production sites.

Changes

• Bump minimist from ^1.2.0 to ^1.2.2
  
• EntityResourceTestBase.php uses a static query that should be dynamic
  
• Fix PHP 5 tests on 8.7.x
  
• The 'Update' page has no idea that some updates are incompatible
  
• If any extension has a missing or invalid version, Update manager throws errors and is confused about site update status
  
• Configuration synchronisation that both enables & configures a module fails and drupal_flush_all_caches()
  
• Merged 8.8.4.
  
• Add hook_removed_post_updates()
  
• Drupal 8.8.1+ and 9 can fail to install in the web browser due to cache pollution
  
• Revert: Drupal 8.8.1+ and 9 can fail to install in the web browser due to cache pollution
  
• ExpectDeprecationTrait is not compatible with PHPUnit 8
  
• Drupal 8.8.1+ and 9 can fail to install in the web browser due to cache pollution
  
• Fix typos in InfoParserUnitTest and UpdaterTest doc comments
  
• The description of the arguments for FieldDefinition::setDisplayOptions() conflicts with what reported in FieldDefinitionInterface::getDisplayOptions()
  
• The documentation comment for BanIpManager::__construct() says it constructs the BanSubscriber
  
• Revert: Drupal 8.8.1+ and 9 can fail to install in the web browser due to cache pollution
  
• Drupal 8.8.1+ and 9 can fail to install in the web browser due to cache pollution
  
• Missing return statement in EntityManager::clearDisplayModeInfo()
  
• update_fix_compatibility() puts sites into unrecoverable state
  
• Root README.txt installation profile section links to D7 docs
  
• taxonomy_post_update_make_taxonomy_term_revisionable() and the menu link content equivalent fail when entities have no default translation
  
• PrivateKey::__construct() describes itself as "Constructs the token generator."
  
• Follow-up to #3102724: CSSLint failure
  
• Improve the error message if a nonsense constraint is used in core_version_requirement
  
• Change @todo comment in core/modules/update/src/ProjectSecurityData.php to point to a better issue
  
• Scaffolding: Only add root files to gitignore
  
• UpdatePathTestBase calls setDatabaseDumpFiles twice, resulting in duplicate fixtures in some scenarios
  
• Drupal\KernelTests\Core\Database\SelectTest fails on postgres 10
  
• Update from 8.6 to 8.7 fails due to corrupt menu_link_content or taxonomy_term entity data
  
• Incorrect link for deprecated randomBytes() method description in utility component

Läs mer: https://www.drupal.org/project/drupal/releases/8.8.4

8.8.4

(säkerhetsutgåvan)
18 Mars 2020 - 170MBThis release fixes security vulnerabilities. Sites are urged to upgrade immediately.

Security

• Drupal core - Moderately critical - Third-party libraries - SA-CORE-2020-001

Läs mer: https://www.drupal.org/project/drupal/releases/8.8.4

8.8.3

4 Mars 2020 - 170MBThis is a patch release of Drupal 8 and is ready for use on production sites.

Known issues

• #3113992: The 'Update' page has no idea that some updates are incompatible
  

Changelog

• #3101299 by dww, alexpott: Install module from .zip URL fails
  
• #3105327 by bnjmnm, Wim Leers: Update CKEditor to version 4.13.1
  
• #3065720 by Lendude, alexpott, revati_gawas, texas-bronius: When creating a Page View in the wizard and setting a path with leading slash (/) the created View display ends up with a double-slash (//)
  
• #3110186 by benjifisher, tedbow, dww, xjm, tim.plunkett, Gábor Hojtsy, webchick, ckrina, worldlinemine, shaal: Simplify the wording of messages on the status report about security coverage for the site's installed minor version
  
• #2991207 by tedbow, dww, samuel.mortenson, robpowell, Spokje, Gábor Hojtsy, bnjmnm, xjm, benjifisher, drumm, tim.plunkett, larowlan, mpdonadio, webchick, AaronMcHale, jibran, catch: Drupal core should inform the user of the security coverage for the site's installed minor version including final 8.x LTS releases
  
• #3113292 by dww, tedbow, xjm, tim.plunkett: Update module has no tests for changes to status of the installed release (revoked, etc)
  
• #3114545 by Deepthi kumari, joachim: docs for role constants mention table instead of entity ID
  
• #3116198 by tedbow, dww, tim.plunkett: Make ProjectCoreCompatibility class final and internal
  
• #3111929 by tedbow, dww, webchick, xjm, tim.plunkett, catch: If no recommended update is found, Update Status recommends the latest release, even if it is unsupported
  
• #3102724 by dww, tedbow, bnjmnm, webchick, ckrina, Gábor Hojtsy, xjm, benjifisher, AaronMcHale, lauriii, shaal, andrewmacpherson, rainbreaw, worldlinemine: Improve usability of core compatibility ranges on available updates report
  
• #3116553 by Gábor Hojtsy tim.plunkett: Undeprecate Core/Field/PluginSettingsInterface as it is being used widely
  
• #3059387 by b_sharpe, AaronChristian: Taxonomy Terms cannot be rendered when in preview: EntityMalformedException
  
• #3074993 by tedbow, kim.pepper, bnjmnm, drumm, xjm, tim.plunkett, Gábor Hojtsy, alexpott: Use current in update URLs instead of CORE_COMPATIBILITY to retrieve all future updates
  
• #3101547 by ravi.shankar, Gábor Hojtsy, tedbow, dww, lauriii: Clean up code documentation for display of core compatibility ranges for available module updates
  
• #3096078 by tedbow, bnjmnm, Gábor Hojtsy, lauriii: Display core compatibility ranges for available module updates
  
• #3056539 by plach, DamienMcKenna, catch, hchonov, amateescu, tim.plunkett: Updating an entity type from non-revisionable to revisionable fails if it has non-revisionable fields stored in dedicated tables
  
• #3104071 by jungle, knyshuk.vova: DrupalDateTime::$formatTranslationCache should be an array
  
• #3098427 follow-up by amateescu, catch, alexpott: Manipulating the revision metadata keys before running the BC layer breaks the BC layer
  
• #3105095 by mikeegoulding, Eric_A: ElementInfoManagerInterface::getInfoProperty() return type incorrect
  
• #3108640 by godotislate, tim.plunkett: Entity reference field blocks not bubbling cache metadata when view access to referenced entity is not allowed
  
• #3098427 by hchonov, amateescu, Meenakshi.g, daffie, alexpott: Manipulating the revision metadata keys before running the BC layer breaks the BC layer
  
• #3114116 by lauriii, andypost, Gábor Hojtsy: Re-schedule removal of deprecated JavaScript code to Drupal 10
  
• #3095922 by huzooka, Wim Leers, quietone, andypost: The comment "language" column in D7 might be empty after migrating from D6, this is invalid in D8
  
• #3113236 by jhodgdon, rksyravi: Help topics module - documentation page not found
  
• #3103918 by greg.1.anderson, Mile23, alexpott, Mixologic, catch: [policy + patch] Decide on backwards compatibility policy for Composer plugins in Drupal 8
  
• #3098718 follow-up by alexpott: system_update_8804() fails if any path alias is created before it runs
  
• #2989609 by CeraRose, Sivaji: $filter_hander typo in Views ExposedFormPluginBase.php
  
• #3067576 by idebr, bgreco, Lendude: menu items lost on migration
  
• #3104372 by Gábor Hojtsy, mondrake, longwave, andypost, catch: Fix Drupal\FunctionalTests\AssertLegacyTrait inconsistent deprecation messages
  
• #3098718 by plach, pameeela, catch, Berdir, tim.plunkett: system_update_8804() fails if any path alias is created before it runs
  
• #3113509 by mondrake: Replace @expectedException* annotations with dedicated methods
  
• #3113476 by alexpott, mpdonadio: Fallback when request is not available on the stack in Time service
  
• #3113284 by mpdonadio: Move deprecation of REQUEST_TIME to Drupal 10
  
• #3088077 by Sam152, bkosborne, rensingh99, tim.plunkett: Layout builder does not correctly bubble up cache metadata for empty blocks
  
• #3110104 by Tritof, catch: Incorrect documentation for RouteProvider::getRouteByName()
  
• #3111729 by bnjmnm, prabha1997, ravi.shankar, dww: Stable templates/CSS that differ only in comments or indentation should match core's version
  
• #3112829 by alexpott: Fix fails due to Generic.CodeAnalysis.EmptyPHPStatement.SemicolonWithoutCodeDetected due to recent dependency updates
  
• #3108540 by Beakerboy, bronk: The format of the deprecation errors in core database classes is incorrect
  
• #3111658 by Deepthi kumari, kiamlaluno: editor_field_formatter_info_alter() is wrongly reported to be an implementation of hook_form_FORM_ID_alter()
  
• #2871374 by mondrake, daffie, bohart, catch: SelectTest::testVulnerableComment fails when driver overrides Select::__toString
  
• #3106215 by Hardik_Patel_12: Unused private method updateAccess()
  
• #3100046 by alexpott, Wim Leers, super_romeo, quietone: Duplicate column name 'type'
  
• #2809237 by dmitryl, alexpott, iampuma, muschpusch, louisnagtegaal, twfahey, aburrows, Mike Lewis, nickmans, borisson_, jcnventura: Properly deprecate AllowedTagsXssTrait
  
• #3112263 by alexpott, Gábor Hojtsy: Undeprecate REGIONS_* constants
  
• #3111390 by Deepthi kumari, design.er: Attributes key missing hash or pound sign in claro
  
• #3086644 by Mile23, alexpott, Mixologic, greg.1.anderson, jibran, catch: LegacyProject composer templates wrongly reference 8.x + fix test coverage
  
• #2738879 by mr.baileys, trobey, dawehner, alexpott, ravi.shankar, dww, catch, Fernly: system.schema can end up with missing schema information for some modules, resulting in hook_update_N() not getting called.
  
• #3086374 by mondrake, alexpott, joseph.olstad, Spokje, ravi.shankar, Gábor Hojtsy, heddn, catch, Charlie ChX Negyesi, amateescu: Make Drupal 8 & 9 compatible with PHP 7.4
  
• #2738879 by mr.baileys, trobey, dawehner, alexpott, ravi.shankar, catch, Fernly: system.schema can end up with missing schema information for some modules, resulting in hook_update_N() not getting called
  
• #3063912 by alexpott, jhedstrom: Move UpdatePathTestBase::runUpdates() to a trait
  
• #3090145 by mondrake, andralex, alexpott, amateescu, andypost, longwave: Ensure that mixing array and Attribute objects in theme rendering is managed properly
  
• #3090017 by amjad1233, larowlan, alexpott, mondrake, andypost: Isolate test dependency on easyrdf/easyrdf to a single trait
  
• #3111504 by andypost, longwave, Berdir: Properly deprecate AccessResult::cacheUntilEntityChanges()
  
• #3091518 by webchick: Remove webchick as Admin UI initiative coordinator

Läs mer: https://www.drupal.org/project/drupal/releases/8.8.3

8.8.2

2 Februari 2020 - 170MBThis is a patch release of Drupal 8 and is ready for use on production sites.

Important Bug Fixes

• A workspaces update has been refactored in order to avoid conflicts with contributed module updates: #3099986: Move part of workspaces_post_update_move_association_data() to a hook_update_N
  

Changes

• Remove cilefen as Drupal 8 core maintainer
  
• Function testNumericExpressionSubstitution uses non-standard SQL
  
• Datetime::getInfo() caches user's timezone causing unpredictable timestamps
  
• Remove, or mark as core only: testPrimaryKeyUpdate()
  
• Set $defaultTheme for install profiles using configuration install
  
• Set install profile correctly in the 8.8 database dumps
  
• fix deprecation notices in REST bc layers
  
• drupal_installation_attempted() deprecation referencing wrong change record
  
• Properly deprecate MENU_MAX_MENU_NAME_LENGTH_UI
  
• ConfigEntityQueryTest::testCaseSensitivity can randomly fail
  
• Create trait for getDefinitionFromEntity
  
• Revert "Issue Create trait for getDefinitionFromEntity"
  
• Fix misspellings in Twig comments
  
• Create tests that cover contrib non-full releases and contrib patch versions
  
• Add t() context to "Order" string for views module
  
• Expected type hint "WorkflowInterface"; found "WorkflowTypeInterface"
  
• Improve the Workspaces toolbar UI for desktop and mobile
  
• "Convert line breaks into HTML" filter should exclude tag
  
• Drupal 8.x on Postgresql 12
  
• hook_toolbar() documentation still makes reference to toolbar_pre_render()
  
• Fix broken references in Field UI module
  
• EntityForm's use of magic setter/getter breaks any subclasses that don't declare a property
  
• "Cannot load a NULL ID" assertion in EntityStorageBase should say the entity type
  
• Copy media library styles from Seven to Claro
  
• PHP 7.2: Warning: count(): Parameter must be an array or an object that implements Countable n Drupal\views\Plugin\views\argument_validator\Entity->validateEntity()
  
• Fix default link button styles
  
• EditorMediaDialog triggers an "undefined index" notice for data-view-mode
  
• Default Value Migration Process plugin produces unexpected behavior when updating list field from D7 to D8
  
• LocaleConfigSubscriberTest has many assertions that don't run
  
• Content Moderation requirements check relies on Views UI module
  
• Improve CKEditorTestTrait
  
• Allow other loggers than core loggers to FieldDiscovery.php
  
• PHP 7.4 Deprecated curly brace syntax for accessing array elements
  
• Views attachments missing for some display machine names
  
• Add purgeDeletedWorkspacesBatch to the WorkspaceManagerInterface
  
• #size for Select field documentation is wrong
  
• PHP 7.4 deprecated reverse order of glue and pieces in implode
  
• Rename SafeMarkupKernelTest to FormattableMarkupKernelTest
  
• MigrateExecutableMemoryExceededTest has mismatched argument type mock expectations (and fails in PHPUnit8)
  
• Update docs in PagerManagerInterface
  
• Modernize Drupal\KernelTests\Core\Database\ConnectionUnitTest
  
• hotfix for test failures on PHP 7.0
  
• Hard-coded uri string in WorkflowListBuilder breaks if Drupal is installed in (webroot) subfolder
  
• Update handbook page link on cron settings form
  
• ViewExecutableTest::testAddHandler and ::testAddHandlerWithEntityField are misusing the mock expectation
  
• Refactor image and file field widgets to improve contrib compatibility and to make their templates and preprocess functions DRY
  
• Change ValidateMigrationStateTestTrait to only test one version
  
• links.html.twig docs are out of date
  
• Deprecate DRUPAL_PHP_FUNCTION_PATTERN and replace its usages
  
• ViewExecutableTest uses a mocked argument callback wrongly (and fails in PHPUnit8)
  
• Copy change to Views UI module
  
• Remove transition from CKEditor border-color
  
• d7_node_title_label migration plugin incorrectly generating base_field_override for every node type, even those that don't have an overridden title label
  
• Missing migration filters that are replaced with filter_null may have invalid settings applied
  
• migrate_drupal's Variable source plugin always returns a row for processing, even if none of the variables for a migration are set on the source site
  
• Drupal 7 date fields configured to not collect the hour/minute/second granularities can have "00" MM or DD attributes
  
• Drupal 7 date fields configured to not collect the hour/minute/second granularities can have a different "settings" structure than the migration assumes
  
• Invalid .eslintrc.json file in the scaffold fixtures
  
• Workspaces should only alter non-deprecated path_alias services
  
• HEAD broken on - updates required for prophecy 1.10.0
  
• Merged 8.8.1.
  
• Undefined index: identifier in view's DisplayPluginBase->isIdentifierUnique()
  
• Error backtrace malformatted
  
• Views bulk forms perform redirects to the confirmation page even if it is not allowed for the user
  
• Reusing initialized constraint validators overwrittes validation errors
  
• Move part of workspaces_post_update_move_association_data() to a hook_update_N
  
• Config entity updater misbehaves when updating multiple entity types
  
• Move existing assertions of IdConflict page to new test files
  
• Multi-select list items "escape" bounding box in Off-Canvas Forms when using WebKit and Mozilla based browsers
  
• Code comment says "reusable" instead of "not reusable"
  
• getHighestId() should not fail when there is a destination id with type string
  
• getHighestId() should not fail when there is a destination id with type string
  
• Allow contrib test modules to not need a core or core_version_requirement key
  
• Numerical machine names create problems in view filters
  
• Fix "The "serializer.normalizer.file_entity.hal" normalizer service is deprecated: it is obsolete, it only remains available for backwards compatibility." deprecation error
  
• Several code comments refer to \Drupal\Update instead of \Drupal\update
  
• Missing hash in attributes key in Seven (another one)
  
• Class 'Drupal\Core\Controller\ArgumentResolver\RawParameterValueResolver' not found during update to 8.8.0
  
• Call to JSON:API test helper method passes an argument that no longer exists
  
• Exposed sort label is double-escaping special characters (apostrophe)
  
• Minor improvements to block topics
  
• Cannot delete or edit a block that is placed in a section of the layout_builder
  
• Workspace drawer CSS fix for better consistency

Läs mer: https://www.drupal.org/project/drupal/releases/8.8.2

8.8.1

(säkerhetsutgåvan)
19 December 2019 - 170MBThis release fixes security vulnerabilities. Sites are urged to upgrade immediately.

Security

• Moderately critical - Denial of Service - SA-CORE-2019-009 - A visit to install.php can cause cached data to become corrupted. This could cause a site to be impaired until caches are rebuilt.
  
• Moderately critical - Multiple vulnerabilities - SA-CORE-2019-010 - Drupal 8 core's file_save_upload() function does not strip the leading and trailing dot ('.') from filenames, like Drupal 7 did.
  
• Moderately critical - Access bypass - SA-CORE-2019-011 - The Media Library module has a security vulnerability whereby it doesn't sufficiently restrict access to media items in certain configurations.
  
• Critical - Multiple vulnerabilities - SA-CORE-2019-012 - The Drupal project uses the third-party library Archive_Tar, which has released a security update that impacts some Drupal configurations.

Läs mer: https://www.drupal.org/project/drupal/releases/8.8.1

8.8.0

(större version)
4 December 2019 - 155MBThis is a minor version (new-feature release) of Drupal 8 and is ready for use on production sites.

This minor release provides new improvements and functionality without breaking backwards compatibility (BC) for public APIs. There may be changes in internal APIs and experimental modules that require updates to contributed and custom modules and themes per Drupal core's backward compatibility and experimental module policies.

Minor releases may include string changes and additions. Translators can review the latest translation status on localize.drupal.org.

IMPORTANT NOTES

• If you have the contributed Pathauto module enabled, you must update to the latest version of Pathauto before you update to Drupal 8.8.0.
  

FAILURE TO UPDATE PATHAUTO BEFORE UPDATING CORE COULD RESULT IN DATA LOSS. Drupal 8.8.0 declares a conflict with Pathauto 8.x-1.5 or lower for this reason.

• The Path Alias core subsystem has been moved to the path_alias module. An upgrade path is provided from Drupal 8.7 for this change.
  
• Custom URL aliases are now provided by a new revisionable and publishable "path_alias" content entity type. Path alias services have been kept in place for backwards compatibility, and path alias hooks have been deprecated.
  
• As part of the change to path aliases, path alias administration forms have been converted to generic entity forms. This means form IDs and form class names have changed, so custom code needs to be updated for any hook_form_alter() or hook_form_FORM_ID_alter() implementations that were using the previous form IDs. Additionally, some path routes have been deprecated and replaced by generic entity route.
  
• Updating Drupal is no longer supported for sites on PHP 5.5 or 5.6. PHP 5.5 and 5.6 support was officially removed in 8.7, but Drupal still allowed sites to apply security updates on those PHP 5 versions. Drupal 8.8.0 ends that support and updates will now fail if domains are not using at least PHP 7.0.8.
  

Security

• security fixes for SA-CORE-2018-002 and SA-CORE-2018-004
  

Changes

• Support for some uncommon older browser versions has been removed
  
• Deprecated core modules; SimpleTest, Place Blocks
  
• Substantial changes to JavaScript dependencies and new JavaScript deprecations
  
• Testing system changes
  
• New stable core module: Media Library
  
• JSON:API changes
  
• Views changes
  
• Configuration system changes
  
• New revisions are created every time an entity or revision is updated, if that entity is being moderated with content moderation
  
• The temporary file path is now a setting in settings.php, and is no longer stored in configuration
  
• Changed coding standards
  
• Dependency updates
  

Bug Fixes

• Form sets system.theme:admin to '0' breaking Quick Edit and making no sense
  
• Race condition in file_save_upload causes data loss
  
• Migrate UI - allow modules to declare the state of their migrations
  
• Limit what can be called by a callback in render arrays to reduce the risk of RCE
  
• [Plan] Remove unused jQuery UI components and replace with a suite of contrib packages for the continuous upgrade path
  
• 8.7.0-rc1 database updates fail on media_library configuration dependencies due to missing form and view modes
  
• Implementation of user name in JSON:API can result in overwriting data
  
• Mark kernel tests that perform no assertions as risky
  
• \Drupal\Core\Field\Plugin\Field\FieldType\EntityReferenceItem::onDependencyRemoval() sets auto_create to an invalid data type
  
• Rename action.post_udate.php to action.post_update.php so that the upgrade path runs correctly
  
• Views referencing missing roles fail views_post_update_revision_metadata_fields()
  
• Remove code that tries to use _raw_variables for route argument resolution as it does not work
  
• Make Workspaces and Content Moderation work together
  

Known Issues

• There are some outstanding compatibility issues with PHP 7.4 (which was released on November 28). These issues are being addressed in #3086374: Make Drupal 8.8 compatible with PHP 7.4.
  
• A database updates issue has been reported for Workspaces: #3098427: Manipulating the revision metadata keys before running the BC layer breaks the BC layer.
  
• Users of Organic Groups have also reported issues updating due to a bug in Organic Groups.
  
• Some users have reported #3098873: Declaration of Drupal\Core\Security\PharExtensionInterceptor::assert(string $path, string $command): bool must be compatible with TYPO3\PharStreamWrapper\Assertable::assert($path, $command). If you have this issue, please document on the linked issue which PHP version you are using (including the patch version, e.g. "PHP 7.2.14"), whether your site has been installed from a tarball, and also the exact version of typo3/phar-stream-wrapper that has been installed on your site if you are using Composer.

Läs mer: https://www.drupal.org/project/drupal/releases/8.8.0

8.7.11

(säkerhetsutgåvan)
19 December 2019 - 155MBThis release fixes security vulnerabilities. Sites are urged to upgrade immediately.

Security

• Moderately critical - Denial of Service - SA-CORE-2019-009
  
• Moderately critical - Multiple vulnerabilities - SA-CORE-2019-010
  
• Moderately critical - Access bypass - SA-CORE-2019-011
  
• Critical - Multiple vulnerabilities - SA-CORE-2019-012

Läs mer: https://www.drupal.org/project/drupal/releases/8.7.11

8.7.10

14 November 2019 - 155MBThis is a patch release of Drupal 8 and is ready for use on production sites.
Läs mer: https://www.drupal.org/project/drupal/releases/8.7.10

8.7.9

6 November 2019 - 155MBThis is a patch release of Drupal 8 and is ready for use on production sites.

• Admin toolbar not usable with latest versions of JAWS due to mis-use of aria-owns
  
• \Drupal\Core\Menu\Form\MenuLinkDefaultForm::$moduleData is unused
  
• Performance Degradation in Layout Builder and other places likely
  
• Duplicate "attributes" in docblock
  
• migrate_drupal_migration_plugins_alter() should only alter definitions that exist"
  
• migrate_drupal_migration_plugins_alter() should only alter definitions that exist
  
• Views plugin "Rendered Entity" must add langcode in render function
  
• Installing a new field storage definition during a fieldable entity type update is not possible

Läs mer: https://www.drupal.org/project/drupal/releases/8.7.9

8.7.8

(säkerhetsutgåvan)
3 Oktober 2019 - 155MBThis is a patch release of Drupal 8 and is ready for use on production sites.

Important

• Core versioning support in *.info.yml files since 8.7.7. Drupal 8.7.7 introduces a new core_version_requirement key to *.info.yml files, allowing contributed modules to specify specific versions for Drupal core compatiblity, as well as to indicate that they are compatible with both Drupal 8 and the forthcoming Drupal 9 release.
  

Known Issues

• Some users are reporting issues with webflo/drupal-core-require-dev
  

Dependency Updates

• nightwatch has been updated to version 1.2.1
  
• chromedriver has been updated to version 75.1.0
  
• stylelint-no-browser-hacks has been updated to 1.2.1
  

Changes

• FunctionalJavaScript tests fail because newer versions of curl/selenium webdriver require additional headers
  
• Denormalizing NULL for an optional @FieldType=address or @FieldType=geolocation field fails due to either no main property name or computed read-only main property
  
• Vendor cleanup fail for twig/twig
  
• AdminRouteSubscriber incorrectly identifies paths such as /administration-position as admin paths
  
• Shipping a profile with multiple languages without locale module not possible
  
• Vertical Tabs are unnecessarily hiding content with overflow: hidden
  
• Spelling errors in Nightwatch drupalCreateUser command
  
• \Drupal\user\Plugin\views\access\Role::access() does not conform to the base class documentation
  
• AjaxResponse::getCommands has wrong return type
  
• Fix small issue in DocBlock comment for umami_theme_suggestions_block_alter
  
• Documentation fix date render element
  
• upgrade_d6_imagecache_presets fails if blank "action" is enountered
  
• run-tests.sh ignores final classes
  
• drupalUserIsLoggedIn doesn't work on https sites
  
• Duplications within migration process plugin
  
• EntityStorageBase::loadMultiple returns unwanted entities when the static cache is warm
  
• Incompatibility between zend-diactoros and psr-http-message-bridge versions: require symfony/psr-http-message-bridge >=1.1.2
  
• EntityReferenceAutocompleteWidget should define its size setting as an integer
  
• Memory leak in the entity schema converter
  
• [Security] Update yarn packages to fix 19 vulnerabilities by updating nightwatch
  
• ExtensionList::reset() doesn't document its return value
  
• Add kim.pepper as maintainer for file.module
  
• Mistake in the comment documenting the "image" method of the "Random" utility class
  
• expectedException() usage in two pre-8.7.7 commits has broken PHP 5 testing for 8.7.x
  
• Add title attribute to oEmbed iframe for accessibility
  
• Notice: Undefined index: target_bundles when new reference media field created
  
• Media library does not enforce order which can lead to different hashes

Läs mer: https://www.drupal.org/project/drupal/releases/8.7.8

8.7.7

4 September 2019 - 150MBBug Fixes

• ViewsEntitySchemaSubscriber may fail when a view has a broken handler
  
• Followup minor test fix to not catching exception for invalid 'core_version_requirement' in info.yml files
  
• Don't catch exception for invalid 'core_version_requirement' in info.yml files
  
• Core version key in module's .info.yml doesn't respect core semantic versioning
  
• Failing assertions when bundle ID contains only numbers
  
• Migrating to Date-only field does not drop time value
  
• Boolean Field On and Off Label not Migrating
  
• \Drupal\Tests\ckeditor\FunctionalJavascript\CKEditorIntegrationTest fails on Sqlite
  
• D6 OptionWidgetsField migrate plugin has wrong namespace
  
• Typed Data's EntityDeriver does not derive bundle-level data types when a bundle has the same name as its entity type (f.e. entity:comment:comment)
  
• Revert "Issue #3076609 by oknate: \Drupal\Tests\ckeditor\FunctionalJavascript\CKEditorIntegrationTest fails on Sqlite"
  
• \Drupal\Tests\ckeditor\FunctionalJavascript\CKEditorIntegrationTest fails on Sqlite
  
• getHtml5DateFormat and getHtml5TimeFormat in Drupal\Core\Datetime\Element\Datetime have incorrect Type in phpDoc
  
• Revert "Issue #3061610 by gabesullice, Wim Leers, tedbow, larowlan: Typed Data's EntityDeriver does not derive bundle-level data types when a bundle has the same name as its entity type (f.e. entity:comment:comment)"
  
• PATCH 405 for untranslatable content entities with different default language than English
  
• Typed Data's EntityDeriver does not derive bundle-level data types when a bundle has the same name as its entity type (f.e. entity:comment:comment)
  
• Remember the page you were on and take you back there when switching Workspaces
  
• JavaScript tests don't work with Chromedriver 75 and higher
  
• Clarify how to set MINK variables at phpunit.xml.dist
  
• Class name must be a valid object or a string in core/modules/image/src/Entity/ImageStyle.php on line 174
  
• Fix The "Symfony\Component\BrowserKit\Response::getStatus()" method is deprecated since Symfony 4.3, use getStatusCode() instead
  
• Add a composer conflict for symfony/dom-crawler >=4 to 8.7 only
  
• TwigExtension::getUrl() declares the wrong return type
  
• XSS in date format configuration

Läs mer: https://www.drupal.org/project/drupal/releases/8.7.7

8.7.6

8 Augusti 2019 - 150MB

• hook_node_access() is called with $op = 'delete' when the create node form is shown
  
• FormatterBase should pass along third party settings
  
• EntityViewsData missed revisionable validation
  
• Media library pagination is broken due to invalid entity_id parameter
  
• badly named and documented parameter for FormBuilder::buildForm()
  
• One of methods documented by Drupal core to create a CKEditor build does not work anymore: update docs
  
• Stop invoking pre-save methods in EntityStorageInterface::restore()
  
• Docblock for "neutral" method in AccessResult.php is incorrect
  
• Stop invoking pre-save methods in EntityStorageInterface::restore()
  
• assertEscaped() and assertUnescaped don't work as you would expect in JavascriptTestBase
  
• oembed link does not pass the URL parameter to the provider
  
• DatabaseStatementPrefetch::current PHP function array_unshift() are used incorrectly
  
• SA-CORE-2019-008
  
• Workspaces views query alter multiplies result set by number of languages
  
• Support translation of the list of styles in CKEditor
  
• Allow updating modules with new service dependencies
  
• Several post-update functions try to update config entity types without checking if they exist
  
• Document summary_attributes variable in details.html.twig
  
• ConditionManager::execute() implementation doesn't conform to the interface
  
• Fix docs for ConditionPluginBase
  
• Update CKEditor to 4.11.4

Läs mer: https://www.drupal.org/project/drupal/releases/8.7.6

8.7.5

(säkerhetsutgåvan)
18 Juli 2019 - 150MBSecurity

• Drupal core - Access bypass - SA-CORE-2019-008 - In Drupal 8.7.4, when the experimental Workspaces module is enabled, an access bypass condition is created.
  

Other Changes

• #3038254 by phenaproxima, seanB, Wim Leers, yogeshmpawar, effulgentsia, alexpott, larowlan: Delegate media library access to the "thing" that opened the library
  
• #3042223 follow-up by alexpott: Map text_plain field formatter to string
  
• Revert "Issue #3054649 by Mile23, alexpott: DrupalKernelTest results in ERROR HANDLER CHANGED!"
  
• #3035408 by seanB, andrewmacpherson, phenaproxima, mgifford, rainbreaw: Identify purpose of vertical tabs in MediaLibraryWidget dialog for assistive tech users
  
• #3055760 by huzooka, thangaraj.moorthi, John Cook: Fix RTL styles of Vertical tabs in Seven theme
  
• #3054649 by Mile23, alexpott: DrupalKernelTest results in ERROR HANDLER CHANGED!
  
• #2829990 by Krzysztof Domański, idebr, lamp5: Image formatter does not support URL/Link options
  
• #3056454 by Krzysztof Domański, John Cook, johndevman: Hexadecimal validation returns true if the color contains multiple hashes (e.g. '###FF0')
  
• #3059022 by alexpott, bnjmnm, dww, phenaproxima, seanB, Krzysztof Domański: If Vimeo is down our tests break
  
• #2979044 by BR0kEN, alexpott: Unable to change menu items weight when the "system.site.weight_select_max" exceeded and "#pre_render" for "number" element is modified
  
• #3054582 by jeqq, blazey, Leksat, Gábor Hojtsy, larowlan, amateescu: Add field ui to workspaces
  
• #3042223 by juampynr, heddn: Map text_plain field formatter to string
  
• #3045384 by mxr576, yogeshmpawar, amateescu: Fix incorrect assumption that all entity are revisionable
  
• #3060081 by pfrenssen, borisson_: Recalculation of display cacheability metadata during module install causing error
  
• #3049895 by quietone: Move setupMigrations to Credential form and remove duplicate code
  
• #3062556 by alexpott, catch, phenaproxima, larowlan: UpdatePathTestBase does not support the $configSchemaCheckerExclusions property
  
• #3061564 by cyb.tachyon: Fix null type hint on \Drupal::getContainer()
  
• #3050577 by fconnolly, mgifford: Remove hidden site name link in menu
  
• #2944552 by mpdonadio, bhanuprakashnani, liquidcms, Sophie.SK, tacituseu: Documentation for #default_value in Date form element is incorrect
  
• #3056414 by yogeshmpawar, R.shaikh, joachim, John Cook: inaccurate property docs for Drupal\Core\Site\Settings
  
• #3060603 by nuez, marcoscano, phenaproxima, alexpott, seanB: Live preview is broken when editing the media_library view
  
• #3044649 by phenaproxima, seanB, Wim Leers, alexpott: Delegate media library selection handling to the "thing" that opened the library
  
• Revert "Issue #2979966 by quietone, PieterDC, masipila, heddn, Gábor Hojtsy: Migrate D7 i18n taxonomy term language"
  
• #3027598 by amateescu, pmelab, alexpott, larowlan: Omit workspaces entity presave and predelete hooks for internal entities
  
• #3021247 by jeqq, alexpott, amateescu: Bypass workspace access permission is not working as expected
  
• #2991577 by BrightBold, cristiroma, lolcode, morrisona, cosmicdreams, Eli-T, alexpott, jcloys, pawandubey, shaal, kjay: Pluralise taxonomy terms in Umami's Recipe Category vocabulary
  
• #3060983 by alexpott, Eli-T: Upgrade chokidar so that we can install on OSX with the latest stable node/npm/yarn binaries
  
• #3039730 by ndobromirov, Wim Leers, e0ipso, l0ke, webchick, xjm: Include paths are resolved for every resource in a resource collection, instead of once per unique resource type
  
• #2990664 by nuez, seanB, cbccharlie, Wim Leers, deepaksingh05, Pancho, Chi, wwedding, Berdir, phenaproxima: Media library does not work when Drupal is installed into a sub-directory
  
• #2979966 by quietone, PieterDC, masipila, heddn, Gábor Hojtsy: Migrate D7 i18n taxonomy term language
  
• #2993927 by juampynr, quietone, deviantintegral: Taxonomy Term field with Rendered Entity formatter breaks migration
  
• #3035446 by seanB, bnjmnm, phenaproxima, andrewmacpherson, Wim Leers, alexpott, rainbreaw: Inform assistive tech users about the outcome of using the MediaLibraryWidget dialog
  
• #3058943 by Mohammed J. Razem, alonaoneill: Fix Media Library module name according to module naming convention
  
• #3056008 by alexpott, Lendude: Set default window size in \Drupal\FunctionalJavascriptTests\WebDriverTestBase
  
• #3038350 by seanB, Wim Leers, effulgentsia: Deny access to all media library View Displays if there is no valid state object
  
• #2763637 by Jo Fitzgerald, quietone, hussainweb, timwood, alexpott, heddn, mikeryan, phenaproxima, maxocub, BenStallings, catch: D7 taxonomy term fields are not migrated with allowed vocabularies
  
• #3016064 by yogeshmpawar, vacho, msankhala, singhkiran, deepanker_bhalla, gambry, dpi: Improve documentation for Datetime and Datelist #date_timezone property
  
• #2968170 by joelpittet, idebr, heddn, quietone, mikelutz, tim.plunkett: MenuLinkParent breaks migration when Parent URI is external
  
• #3059564 by yogeshmpawar, fredysan, init90, joachim, alexpott: error in deprecation note on EntityInterface::link()
  
• #3056616 by idebr, Pasqualle, init90, alexpott: Remove dead code in NodeTypeForm::actions()
  
• #3044366 by shaal, kjay, tim.plunkett, bnjmnm, alexpott, pawandubey, smaz, lauriii, markconroy, Gábor Hojtsy: Fix styling of Umami for layout builder

Läs mer: https://www.drupal.org/project/drupal/releases/8.7.5

8.7.3

6 Juni 2019 - 150MB

• #3057314 by alexpott, chr.fritsch, larowlan: Harden hash checking in core
  
• #3041326 by Sam152, amateescu, Berdir: Remove 'title' and 'description' from MenuSettingsConstraintValidator when used with content moderation by creating a draft of menu link content when a draft of it's parent content is created
  
• #2939356 by Lendude, mediabounds, Manuel Garcia, validoll, justclint, hctom: Fatal error during import translaton of workflows.workflow.editorial.yml config
  
• Revert "Issue #3054315 by yogeshmpawar, alexpott: Sort out ApcuBackendTest"
  
• #3048196 by tetranz, Tom Konda, Berdir: A field title isn't translated if "Account administration pages" plugin is enabled
  
• #2994315 by BackEndTea: Allow installation of latest paragonie/random_compat
  
• #3057370 by Wim Leers, seanB: MediaLibraryState::fromRequest() may result in invalid MediaLibraryState::create() call
  
• #3058013 by plach: Promote plach to full-fledged Framework Manager
  
• #3054315 by yogeshmpawar, alexpott: Sort out ApcuBackendTest
  
• #2927012 by deviantintegral, alexpott, arunkumark: _drupal_log_error() returns a 0 exit code on errors
  
• #3043907 by alexpott, dawehner, starlightE, cilefen: DatabaseCacheBackend::ensureBinExists() does not properly handle exceptions
  
• #3023220 by tim.plunkett, andyg5000, Berdir, phenaproxima, bkosborne: Performance: Prevent extra Layout Builder code from running when rendering fields in isolation (Views results, FieldBlock, etc)
  
• #3046007 by Sam152, alexpott, amateescu, tim.plunkett: In some circumstances the override field is not cleared from the field map when a bundle is deleted, resulting in a fatal error in layout_builder_post_update_make_layout_untranslatable
  
• #3056348 by Pasqualle: Wrong code comment in NodeRevisionRevertForm
  
• #3051908 by Roensby, gabesullice: Documentation in json.api.php describes wrong query parameter
  
• #3053330 by Maithri Shetty: Update Dependencies Format in workspaces in .info.yml file
  
• #3045211 by nlisgo, yogeshmpawar, Nebel54, heddn, quietone: Prevent link field migration from creating invalid link attributes
  
• #3055474 by Gribnif, Berdir: template_preprocess_file_link will not work with a stdClass object, though it tries to
  
• #3055918 by kkalaskar, kpv: Fix typo in LibraryDiscoveryParser::parseLibraryInfo() docblock
  
• #3053827 by gabesullice: Leaked cache metadata detected when using JSON:API to GET a threaded comment when RDF module is installed
  
• #3035980 by jhedstrom: Provide a better error when a NULL is passed to EntityStorageBase::load()
  
• #3048434 by claudiu.cristea, Lendude: Convert FileManagedAccessTest into a Kernel test
  
• #2892440 follow-up by alexpott: Provide helper test method to wait for an element to be removed from the page
  
• #2892440 by bnjmnm, tedbow, alexpott, Krzysztof Domański, Lendude: Provide helper test method to wait for an element to be removed from the page
  
• #3056536 by alexpott, tedbow: LayoutBuilderDisableInteractionsTest randomly fails
  
• #3048707 by Daniel Korte, Lendude: Views AJAX arguments are not HTML decoded
  
• #3052940 by Krzysztof Domański: Incorrect data type for the expected parameter
  
• #3055001 by Neslee Canil Pinto: Typo error in comment module file
  
• #3043087 by tedbow, Sam152: Retrieving plugins with entity context definitions from cache is expensive, which is noticeable when used with Layout Builder's FieldBlockDeriver
  
• #2901792 by alexpott, tedbow, dww, bnjmnm, jhodgdon, Krzysztof Domański: Disable all animations in Javascript testing

Läs mer: https://www.drupal.org/project/drupal/releases/8.7.3

8.7.2

24 Maj 2019 - 150MB

• #3052271: media_library_update_8701() fails during update from 8.6.15 to 8.7.0
  
• #3052147: comment_update_8701 fails if there are comments without field_name
  
• #3052467: System update 8702 fails with " Error: Call to a member function getKey() on null in core\modules\system\system.install"
  
• #3053552: Bump typo3/phar-stream-wrapper library version to v2.1.2 to remove fileinfo extension dependency
  
• #3052431: layout_builder_post_update_make_layout_untranslatable() still attempts to query all revisions for non-revisionable entities

Läs mer: https://www.drupal.org/project/drupal/releases/8.7.2

8.7.1

(säkerhetsutgåvan)
9 Maj 2019 - 150MBSecurity

• Drupal core - Third Party Libraries - SA-CORE-2019-007 - This security release fixes third-party dependencies included in or required by Drupal core.

Läs mer: https://www.drupal.org/project/drupal/releases/8.7.1

8.7.0

(större version)
3 Maj 2019 - 150MBThis minor release provides new improvements and functionality without breaking backward compatibility (BC) for public APIs.

New Features

• Layout Builder: Layout Builder allows content editors and site builders to easily and quickly create visual layouts for displaying content. Users can customize how content is arranged on a single page, or across types of content, with an easy to use drag-and-drop interface.
  
• JSON:API: JSON:API is now included in core. Contributed modules that depend on the contrib JSON:API project should remove this dependency now that the module is in core.
  

Important bug fixes

• The Entity system now provides an API for retrieving an entity variant that is safe for editing and previewing in editorial workflows, depending on the specified context, by default the current context.
  
• #2942675: Layout builder should use the active variant of an entity to avoid orphaned revisions
  
• #2990517: Adding a display mode to a content type using layout, and disabling layout on that new display mode removes the layout_builder__layout field and breaks layout in already configured display modes.
  
• #3033686: Saving Layout override will revert other field values to their values when the Layout was started.
  
• #3037823: The system.theme.data key remains corrupted in state causing performance issues and is not used in >= 8.7
  
• #3042993: Translatable and revisonable installed entity type definitions are missing the 'revision_translation_affected' entity key
  
• #2554235: Make the content entity storage and entity query use the last installed definitions instead of the ones living in code
  
• #2891754: [regression] UserMailRequiredValidator fails on new user entities
  
• #2787185: track_changes does not work when the map is joinable
  
• #3033653: InvalidArgumentException when adding reference field without Media type
  
• #3051826: 8.7.0-rc1 database updates fail on media_library configuration dependencies due to missing form and view modes

Läs mer: https://www.drupal.org/project/drupal/releases/8.7.0

8.6.18

14 November 2019 - 150MBThis is a patch release of Drupal 8 and is ready for use on production sites.
Läs mer: https://www.drupal.org/project/drupal/releases/8.6.18

8.6.16

(säkerhetsutgåvan)
9 Maj 2019 - 150MBSecurity

• Drupal core - Third Party Libraries - SA-CORE-2019-007 - This security release fixes third-party dependencies included in or required by Drupal core.

Läs mer: https://www.drupal.org/project/drupal/releases/8.6.16

8.6.15

(säkerhetsutgåvan)
18 April 2019 - 150MBThis is a maintenance and security release. Sites are urged to upgrade immediately.

8.6.15

Security

• Drupal core - Third Party Libraries - SA-CORE-2019-005
  
• Drupal core - Third Party Libraries - SA-CORE-2019-006
  

8.6.14

Bug Fixes

• Symfony 3.4.24 made a change with how session are saved, which is incompatible with Drupal's lazy session handling, this caused a critical bug on sites upgraded via composer, including breaking password reset links. Drupal's lazy session handling has been updated to be compatible with this change.
  

Known Issues

• After upgrade to 7.63, 8.6.7, or 8.5.10 still get TYPO3 phar error for drush
  
• \Drupal\Core\Security\PharExtensionInterceptor is incompatible with GeoIP and other libraries that use phar aliases or Phar::mapPhar()

Läs mer: https://www.drupal.org/project/drupal/releases/8.6.15

8.6.13

(säkerhetsutgåvan)
21 Mars 2019 - 150MBSecurity

• Drupal core - Cross-Site Scripting - SA-CORE-2019-004 - Under certain circumstances the File module/subsystem allows a malicious user to upload a file that can trigger a cross-site scripting (XSS) vulnerability.

Läs mer: https://www.drupal.org/project/drupal/releases/8.6.13

8.6.10

(säkerhetsutgåvan)
20 Februari 2019 - 150MBSecurity

• Drupal core - Remote code execution - SA-CORE-2019-003
  

Bug Fixes

• Updating to 8.6.8 or 8.6.9 with Drush 8 causes data loss via update_fix_compatibility() to prevent Drush 8 issues for sites updating directly from an earlier security release

Läs mer: https://www.drupal.org/project/drupal/releases/8.6.10

8.6.9

8 Februari 2019 - 150MB8.6.9

• Regression on Internet Explorer 11
  
• Update from 8.6.7 to 8.6.8 warnings - Drupal\Core\Extension\Extension has no unserializer
  
• Resolve random failure in LayoutBuilderTest so that it can be added to HEAD
  

8.6.8

Known Issues

• After upgrade to 7.63, 8.6.7, or 8.5.10 still get TYPO3 phar error for drush
  
• \Drupal\Core\Security\PharExtensionInterceptor is incompatible with GeoIP and other libraries that use phar aliases or Phar::mapPhar()
  

Bug Fixes

• Changing machine name of image style leads to WSOD when loading widgets that used the old name
  
• SQL error from profile_fields when migrating d6 (or d7) to d8 without Profile module
  
• Drupal\Core\Entity\EntityInterface\ContentEntityStorageBase::doCreate() assumes that the bundle is a string
  
• SiteConfigureForm overrides value from install profile
  
• Security update introduces breaking changes to content moderation
  
• Behaviors get attached to removed forms
  
• Language selector is immune to hook_entity_field_access in entity forms
  
• Wrong documentation of Drupal\Component\Plugin\Derivative\DeriverInterface::getDerivativeDefinitions()
  
• Incorrect blacklist condition in WorkspaceManager
  
• [regression] Table Drag handles no longer respond to up/down arrow keys
  
• [regression] Table Drag handles no longer respond to up/down arrow keys"
  
• [regression] Table Drag handles no longer respond to up/down arrow keys
  
• Improve robustness of FieldBlockTest
  
• cache_key source plugin configuration not documented
  
• Correct the documentation on method UserMigrationClassTest
  
• Add error msg to assertions in MigrateSourceTestBase
  
• Fix plural typo in workspaces field
  
• DatabaseStorageExpirable:setWithExpireIfNotExists is not respecting expired
  
• View more link in recipe cards is not fully translated
  
• Update username
  
• Update "Running tests" section in core.api.php
  
• Update the Umami Vegan Chocolate Brownie recipe
  
• Umami - favicon
  
• Add change record to @deprecated for AccountInterface
  
• Command examples in core/tests/README.md are confusing and not executable
  
• Make the tabbing order match the visual reading order in MediaLibraryWidget
  
• Wrong assert in NodeTitleTest
  
• Duplicate BrokenSetUpTest for BrowserTestBase
  
• Convert AJAX part of \Drupal\responsive_image\Tests\ResponsiveImageFieldUiTest to JavascriptTestBase and the rest to BrowserTestBase
  
• SqlContentEntityStorage no longer update entities with certain (id) fields
  
• ConfigEntityBase::__sleep() serializes plugin instances if they were not previously initialized
  
• MigrateDrupalTestBase::migrateContent(['translations') does not migrate translations
  
• EntityStorageException: Default revision can not be deleted in content_moderation_entity_revision_delete()"
  
• Rename MigrateUpgrade tests
  
• EntityStorageException: Default revision can not be deleted in content_moderation_entity_revision_delete()
  
• ArchiveTar is throwing fatal error
  
• Not affecting spacing in PhpTransliterationTest
  
• @see directive used in the wrong place outputs the wrong HTML markup
  
• Fatal error after upgrade to 8.6x [due to regression in extension system]
  
• ConfigFactory static cache gets polluted with data from config overrides
  
• Test module no_transitions_css has invalid hook_page_attachments
  
• Layout builder prevents the rendering of extra fields (like Links) on pages not using Layout Builder
  
• [PHP 7.3] Fix EnvironmentTest::providerTestCheckMemoryLimit() notice
  
• D6 profile migrations assume stubs, which fail
  
• Improve batch_process() documentation
  
• Migrate Drupal 6 user profile field value option translations
  
• Extension objects should not implement \Serializable
  
• Limiting options for exposed Language filters causes errors and doesn't work for special languages

Läs mer: https://www.drupal.org/project/drupal/releases/8.6.9

8.6.7

30 Januari 2019 - 150MB

• This is a hotfix release for a regression affecting some Drush installations that was introduced by the fix for SA-CORE-2019-002. No other fixes are included.

Läs mer: https://www.drupal.org/project/drupal/releases/8.6.7

8.6.6

(säkerhetsutgåvan)
16 Januari 2019 - 150MBSecurity

• Drupal core - Third Party Libraries - SA-CORE-2019-001 - Drupal core uses the third-party PEAR Archive_Tar library. This library has released a security update which impacts some Drupal configurations. Refer to CVE-2018-1000888 for details.
  
• Drupal core - Arbitrary PHP code execution - SA-CORE-2019-002 - Some Drupal code (core, contrib, and custom) may be performing file operations on insufficiently validated user input, thereby being exposed to a remote code execution vulnerability which exists in PHP's built-in phar stream wrapper when performing file operations on an untrusted phar:// URI. This vulnerability is mitigated by the fact that such code paths typically require access to an administrative permission or an atypical configuration.

Läs mer: https://www.drupal.org/project/drupal/releases/8.6.6

8.6.5

8 Januari 2019 - 150MBThis is a patch release of Drupal 8 and is ready for use on production sites.
Läs mer: https://www.drupal.org/project/drupal/releases/8.6.5

8.6.4

19 December 2018 - 140MBThis is a patch release of Drupal 8 and is ready for use on production sites.
Läs mer: https://www.drupal.org/project/drupal/releases/8.6.4

8.6.3

26 November 2018 - 140MBThis is a patch release of Drupal 8 and is ready for use on production sites.
Läs mer: https://www.drupal.org/project/drupal/releases/8.6.3

8.6.2

18 Oktober 2018 - 140MBThis release fixes security vulnerabilities. Sites are urged to upgrade immediately after reading the notes below and the security announcement:

Security

• Drupal Core - Multiple vulnerabilities - SA-CORE-2018-006 - In some conditions, content moderation fails to check a users access to use certain transitions, leading to an access bypass.
  

Important Information

• Previously, users who didn't have access to use any Content Moderation transitions were granted implicit access to update content provided the state of the content did not change. This access has been removed. Site owners should ensure that all content editor roles have access to appropriate transitions for moderated content types (including published to published where appropriate).

Läs mer: https://www.drupal.org/project/drupal/releases/8.6.2

8.6.1

17 September 2018 - 140MBThis minor release provides new improvements and functionality without breaking backward compatibility (BC) for public APIs. There may be changes in internal APIs and experimental modules that require updates to contributed and custom modules and themes per Drupal core's backwards compatibility and experimental module policies. Developers should review the Drupal 8.6.x change records for information on API additions and internal backwards compatibility breaks.

Important bug fixes

• Missing taxonomy hierarchy items in 8.6.0 after running taxonomy_update_8502

Läs mer: https://www.drupal.org/project/drupal/releases/8.6.1

8.6.0

(större version)
7 September 2018 - 140MBThis minor release provides new improvements and functionality without breaking backward compatibility (BC) for public APIs. There may be changes in internal APIs and experimental modules that require updates to contributed and custom modules and themes per Drupal core's backwards compatibility and experimental module policies. Developers should review the Drupal 8.6.x change records for information on API additions and internal backwards compatibility breaks.

Important bug fixes

• #2976335: Use Zend-Feed's standalone extension managers to prevent sites breaking
  
• A regression since 8.5.0's release has been resolved for: #2952962: Block visibility setting tab for Roles not showing
  
• #2557299: Any AJAX call disregards machine name verification when AJAX is used and leads to a fatal error
  
• #2930101: i18n / statistics - node counter not updated for translations
  
• To resolve a regression where effects could not be added to image styles through the UI, changes were needed to the EntityListBuilder destination handling for entity operation links. This may cause issues with list builders with custom redirects.
  
• #2662932: Fix file upload progress bar.

Läs mer: https://www.drupal.org/project/drupal/releases/8.6.0

8.5.15

(säkerhetsutgåvan)
19 April 2019 - 140MBThis is a maintenance and security release. Sites are urged to upgrade immediately.

8.5.15

Security

• Drupal core - Third Party Libraries - SA-CORE-2019-005
  
• Drupal core - Third Party Libraries - SA-CORE-2019-006
  

8.5.14

Security

• Drupal core - Cross-Site Scripting - SA-CORE-2019-004
  

8.5.13

Bug Fixes

• The third-party Twig library, which powers Drupal 8's theme system, recently released new versions (Twig 1.38.0 and 1.38.1) that introduced a fatal error for Drupal 8 sites using Composer. Drupal 8.5.12 was released yesterday with an update to Twig 1.38.2 in order to resolve that error. However, this update also led to a different regression for certain Drupal 8 themes that use Twig {% embed %} tags. This release hotfixes Drupal 8 to resolve that regression. No other changes are included.
  

8.5.12

Bug Fixes

• The third-party Twig library, which powers Drupal 8's theme system, recently released a new minor version (1.38.0) that introduced a fatal error when used with Drupal 8. As a result, Drupal 8 sites managed with Composer encountered this fatal error when updating Twig to version 1.38.0 or 1.38.1. This release updates Drupal to require Twig 1.38.2, which resolves the fatal error.
  
• The recent releases for SA-CORE-2019-003 introduced a serialized data integrity issue affecting some contributed and custom modules, including the Default Content and Paragraphs modules. This release resolves the issue for affected sites.

Läs mer: https://www.drupal.org/project/drupal/releases/8.5.15

8.5.11

(säkerhetsutgåvan)
20 Februari 2019 - 140MBSecurity

• Drupal core - Remote code execution - SA-CORE-2019-003

Läs mer: https://www.drupal.org/project/drupal/releases/8.5.11

8.5.10

9 Februari 2019 - 140MBThis is a hotfix release for a regression affecting some Drush installations that was introduced by the fix for SA-CORE-2019-002. No other fixes are included.

Known Issues

• After upgrade to 8.5.10 still get TYPO3 phar error for drush

Läs mer: https://www.drupal.org/project/drupal/releases/8.5.10

8.5.9

16 Januari 2019 - 140MBSecurity

• Drupal core - Third Party Libraries - SA-CORE-2019-001 - Drupal core uses the third-party PEAR Archive_Tar library. This library has released a security update which impacts some Drupal configurations. Refer to CVE-2018-1000888 for details.
  
• Drupal core - Arbitrary PHP code execution - SA-CORE-2019-002 - Some Drupal code (core, contrib, and custom) may be performing file operations on insufficiently validated user input, thereby being exposed to a remote code execution vulnerability which exists in PHP's built-in phar stream wrapper when performing file operations on an untrusted phar:// URI. This vulnerability is mitigated by the fact that such code paths typically require access to an administrative permission or an atypical configuration.

Läs mer: https://www.drupal.org/project/drupal/releases/8.5.9

8.5.6

(säkerhetsutgåvan)
6 Augusti 2018 - 140MB8.5.6

Maintenance and security release of the Drupal 8 series.

This release fixes security vulnerabilities and sites are urged to upgrade immediately.

8.5.5

This is a patch release of Drupal 8.

Bug Fixes

• Add support to migrate multilingual revisions
  
• typo in test_node_revision_links views yml file
  
• Revert: MigrationLookupTest::testMultipleSourceIds() uses wrong class for mocking
  
• MigrationLookupTest::testMultipleSourceIds() uses wrong class for mocking
  
• Activity Tracker cannot be enabled if there are unpublished nodes
  
• UUID component's composer.json has wrong description
  
• Match setup() functionality of MigrateFileTest with MigratePrivateFileTest
  
• Add TwoD as maintainer for the editor.module component
  
• Add ltrim($path, '/') in drupalGet method
  
• run-test.sh doesn't work in directories with spaces
  
• Choose policy for defining font-weight on Umami theme
  
• BasicSyntaxTest::testConcatFields fails with contrib driver
  
• Improve test coverage of using bulk actions when the view has an exposed form using AJAX
  
• views_add_contextual_links() references to non existent views_preprocess_page() function
  
• DataDefinition::setConstraints() should be on DataDefinitionInterface
  
• Document why UserInterface + FileInterface + MenuLinkContentInterface + … extend \Drupal\Core\Entity\ContentEntityInterface
  
• badly formatted sample code in docs for Select::orderBy()
  
• Revert: Migrate D6 i18n loacalized translations of taxonomy terms"
  
• incorrect @return for Tables::getTableMapping()
  
• The URL "/ " with trailing space is not getting recognized as
  
• Proper way to install Drupal, missing vendor folders, example.gitignore
  
• Umami support for Internet Explorer 11
  
• Wrong documentation on SiteCacheContext class
  
• Add README.txt to Bartik theme
  
• Migrate D6 i18n loacalized translations of taxonomy terms
  
• description for EntityForm::actions() could use rewording
  
• EntityReferenceFieldItemList::referencedEntities() doesn't work for computed fields
  
• Migrate Drupal 7 Entity Translation settings to Drupal 8
  
• FormInterface::getFormId() should state restrictions on the returned ID string
  
• User cancel link doesn't redirect to the homepage
  
• unclear docs in MigrateProcessInterface
  
• Log message if static_map plugin skips the row
  
• Risky count() in SQLite Statement
  
• CachePluginBase::cacheGet()/::cacheSet() doesn't document @params or @return

Läs mer: https://www.drupal.org/project/drupal/releases/8.5.6

8.5.4

15 Juni 2018 - 140MBKnown Issues

• View with user/% path breaks login/logout on 8.5.x - a regression from 8.4.x
  

Changes

• collection link template for comment_type entity type is incorrect
  
• Add getHttpClient() to BrowserTestBase
  
• Update symfony (security release)""
  
• Downloaded translation file should replace existing
  
• Update symfony (security release)
  
• Validate file path on Credential form
  
• Incorrect transliteration of some Russian Cyrillic characters
  
• Incorrect transliteration of some Russian Cyrillic characters"
  
• Update symfony (security release)
  
• badly formatted sample code in core.api.php for hook_config_import_steps_alter
  
• Update symfony/* and twig/twig
  
• Incorrect transliteration of some Russian Cyrillic characters
  
• Scale and crop image effect can't be edited in Large 3:2 (768x512) image style
  
• Colored background of link focus in a sentence is a bit weak
  
• Migration lookup process plugin doesn't check validity of provided migration(s)"
  
• Fix FilterIdTest test names
  
• Links in footer could be more accessible
  
• StatisticsViewsResult should only deal in integer values
  
• Migration lookup process plugin doesn't check validity of provided migration(s)
  
• Add an article to Umami demo - Baking mishaps
  
• Add chili sauce to Umami
  
• Fix "MigrateCckFieldInterface is deprecated in Drupal 8.3.x and will be removed before Drupal 9.0.x. Use \Drupal\migrate_drupal\Annotation\MigrateField instead." deprecation message
  
• Config save resets overridden configuration too late
  
• Fix typo at MigrateField.php
  
• Unrouted URLs cannot have have overridden query or fragments
  
• i18n menu links translation in wrong directory"
  
• Adding NOT NULL to base fields with multiple columns is broken
  
• i18n menu links translation in wrong directory
  
• Impossible to make trigger_error in some files without test fails
  
• entity query nested conditions must use LEFT joins when any of the parent condition groups is using OR
  
• Add the label of the entity type to the error message when there are outstanding entity changes in UpdatePathTestBase
  
• Problems creating a d6 user profile field storage with an name longer than 32 characters
  
• Fix "CckFile is deprecated in Drupal 8.3.x and will be be removed before Drupal 9.0.x. Use \Drupal\file\Plugin\migrate\process\d6\FieldFile instead." deprecation message
  
• Remove @todo in content_moderation related to NULL values of the moderation_state field
  
• Moderation state set to default after entity is serialized
  
• Umami theme login link is not showing underline on hover
  
• D6 User Profile Source Fields
  
• Move all entity type REST tests to the providing modules
  
• Switch datatypes to data types
  
• Disallow moderation of internal entity types
  
• FileAccessControlHandler cacheability metadata inaccurate
  
• Remove spaces around row.content
  
• Random fail in ExposedFormUITest
  
• #plain_text doesn't render empty-like values (e.g. 0 and "0")
  
• Fix typos in core.api.php and correct incorrect @see
  
• Docblock for dropbutton theme function is incorrect
  
• Random fail in TipPluginTextTest
  
• Circular entity references cause infinite loop in EntityReferenceItem::generateSampleValue()
  
• Convert \Drupal\Tests\taxonomy\Functional\Views\TaxonomyDefaultArgumentTest to a kernel test
  
• NegotiationMiddleware calls $request->setRequestFormat('html') when there is no _format request parameter, but shouldn't
  
• Typo at DestinationBase.php
  
• Array member variables initialized with NULL in TwigSandboxPolicy
  
• ThemeRegistryLoader::findTemplate() breaks Twig_Loader_Filesystem signature
  
• Document that alternate Drupal 8 theme engines must implement auto-escape or they are not secure
  
• Stop tests like LocaleConfigTranslationImportTest from failing if l.d.o becomes unavailable
  
• [Link module] Validation for title but no link, when title optional
  
• ActiveLinkResponseFilter fails to set active link with query in non-alphabetical order
  
• .ht.router.php causes a redirect loop when invoked from parent directory
  
• hook_entity_field_access() should explain when $items is not given
  
• Add initiative coordinator(s) for Out-of-the-Box
  
• Fix "The Drupal\migrate\Plugin\migrate\process\Iterator is deprecated in Drupal 8.4.x and will be removed before Drupal 9.0.0. Instead, use Drupal\migrate\Plugin\migrate\process\SubProcess"
  
• improve documentation and type hinting of FormValidatorInterface and FormValidator
  
• Provide explicit test coverage for isDefaultRevisionPublished and its usage within ModerationStateFieldItemList
  
• Entity::uriRelationships() throws exceptions if an URL cannot be generated because of missing mandatory parameters
  
• Views result summary still renders when there's no results
  
• Convert web tests to browser tests for image module (Part 2)
  
• ContentTypeHeaderMatcher should not run for DELETE requests
  
• Remove dead code from UserCancelTest::testUserCancelUid1()
  
• Fix "Passing a Session object to the ExpectationException constructor is deprecated as of Mink 1.7. Pass the driver instead."
  
• Fix "LinkField is deprecated in Drupal 8.3.x and will be be removed before Drupal 9.0.x. Use \Drupal\link\Plugin\migrate\field\d7\LinkField instead." deprecation message
  
• Fix "The Drupal\taxonomy\Entity\Term::getVocabularyId method is deprecated since version 8.4.0 and will be removed before 9.0.0. Use Drupal\taxonomy\Entity\Term::bundle() instead to get the vocabulary ID." deprecation message
  
• FieldItemListInterface::getEntity() should return FieldableEntityInterface rather than EntityInterface
  
• Cannot save theme settings form for themes without logo or favicon features
  
• Add missing type hinting to Locale module docblocks
  
• Wrong comment in \Drupal\image\Routing\ImageStyleRoutes.php
  
• Replace drupal_render() in @param, @return, @see, @link, etc
  
• Add Change record for Revision Metadata Base Fields change to Annotation
  
• Clean up the MAINTAINERS.txt
  
• Convert web tests to browser tests for rdf module
  
• Content Moderation module marked as stable produces failures in Workbench Moderation assets loading
  
• Path of CHANGELOG.txt in core/INSTALL.txt
  
• missing details in param docs for DateTimePlus::format()
  
• Improve example code in block.module
  
• Change getSourceIDsHash to getSourceIdsHash in the Migrate module
  
• Change getConnectionID to getConnectionId in kernel tests
  
• Incorrect image URL using an image style should return a 404 instead of a 403
  
• Replace drupal_render() in sample code
  
• ConfigSync.php tries to include non-existing file config.admin.inc
  
• The ContentEntityBase entity key cache is purged incorrectly when two keys exist for one field
  
• Convert web tests to browser tests for menu_ui module
  
• phpunit.xml.dist has an incorrect instruction on how to disable deprecation errors
  
• Footer of Umami, [find out more] links the whole div
  
• Unable to order transitions if there are more than 20
  
• TipPluginText's ariaId is not unique
  
• Do not attach history for non-node entities in CommentViewBuilder::buildComponents()
  
• Layout Builder defaults should support third party settings
  
• status-messages.html.twig documentation refers to non-existing variable 'display'
  
• Fix dev version constant.
  
• Add a /INSTALL.txt pointing to /core/INSTALL.txt
  
• Fix simultaneous file uploads re-posting data
  
• Handle entity_references related to Drupal 6 and 7 node translations with different IDs
  
• error in docs for DrupalKernel::findSitePath()
  
• Fix styles for border radius on hover state for Recipies banner in Umami
  
• Change lookupSourceID and lookupDestinationID to lookupSourceId and lookupDestinationId in the Migrate module
  
• Text 'logged in as admin' in update.php message is ambiguous
  
• Add deprecation test to d6/DateField
  
• Wrong deprecation message in core/lib/Drupal/Core/Routing/RouteFilterInterface.php
  
• Add Crema Catalana to Umami
  
• View mode class is not built correctly in media.html.twig
  
• Fix @see path in MigrateDestinationInterface
  
• Add a $connection property to DatabaseTestBase kernel test class to be used by extending classes
  
• Remove Cottser as Drupal 8 core maintainer and Stable theme maintainer
  
• FileValidationConstraintValidator assumes that the file exists
  
• Cleanup HistoryUserTimestamp views filter handler
  
• Views argument validators that modify argument values aren't reflected in token replacement
  
• Unable to convert a non-translatable entity into a revisionable entity
  
• content_moderation_post_update_update_cms_default_revisions fails if content_moderation was enabled but no entity types were being moderated
  
• Convert web tests to browser tests for image module
  
• Views argument validators that modify argument values aren't reflected in token replacement"
  
• Fix multilingual install on Drupal dev version for CLI utilities
  
• Views argument validators that modify argument values aren't reflected in token replacement
  
• Exceptions thrown during Layout Builder preview are not caught
  
• Migrate D6 i18n menu links
  
• Migrate D6 i18n menu links"
  
• Upgrade path for Color 7.x
  
• Migration dependencies are not set when using the migration_lookup or iterator process plugins
  
• Migrate D6 i18n menu links
  
• Sample code needs to have namespace on the Url class
  
• Document the session subsystem
  
• missing class docs for ContainerDerivativeDiscoveryDecorator
  
• Update Layout Builder CSS to match updated mockups
  
• "Edit Summary" link not showing if "Help Text" is set
  
• Remove PirateDayCacheabilityMetadataConfigOverride::isCacheabilityMetadataApplicable because is not used anywhere
  
• Documentation of options on POWriter is missing in one place, wrong in the other
  
• ConfigValidation class contains code that is brittle and changing for every addition
  
• [PHP 7.2] DrupalKernel.php: ini_set(): Headers already sent
  
• Prevent memory leak and inconsistent entity references when serializing entity storages
  
• Docs fix in MigrateUpgradeForm
  
• Views pagers include ajax metadata
  
• ContextDefinition isSatisfiedBy() check fails for context using inherited class
  
• EntityDisplayModeListBuilder is limited to 50 view modes
  
• source plugin source_module testing seems incomplete
  
• Default value not correctly set in the ModerationStateWidget
  
• SiteConfigureForm ignores 'skip_permissions_hardening' setting
  
• Translated user can not be deleted
  
• Responsive Image shows an Error in Views
  
• Properly document possible exceptions for EntityTypeManagerInterface::getStorage()
  
• Allow BaseFieldDefinition::setInitialValueFromField() to set a default value - this fixes issues with block_content_update_8400()
  
• Message on PHPUnit requirements problem needs small update
  
• User performing revert should be set as revision author (revision_uid)
  
• Correct bundle info service interface name in EntityManager deprecation messages
  
• Restore Menu Link parent references when deleting nested links
  
• Block visibility setting tab for Roles not showing
  
• Move Common tests in system.module to BTB
  
• Fix english in RequestSanitizer docs
  
• Use PHPUnit 6 for PHP 7.0 / 7.1 testing"
  
• Saving to the private tempstore doesn't start a session for anonymous users
  
• file_url_transform_relative() should escape $http_host
  
• Use tags-style autocompletion for categories and tags in Umami
  
• Handle menu_items related to Drupal 6 and 7 node translations with different IDs
  
• Use PHPUnit 6 for PHP 7.0 / 7.1 testing
  
• Third argument passed to hook_menu_local_tasks_alter is undocumented
  
• OverviewTerms page has invalid table HTML when the user does not have access to some terms
  
• AccessResult::orIf() fails to retain the reason if both operands are neutral or forbidden, but the first contains a reason and the second one does not
  
• Split SettingsTrayBlockFormTest into multiple class to only enable modules when needed
  
• i18n / statistics - node counter not updated for translations
  
• RequiredTest is not testing what it thinks it is testing"
  
• RequiredTest is not testing what it thinks it is testing
  
• Add missing jquery.form.min.js.map file
  
• EmailAction incorrectly uses the result of ->mailManager->mail()
  
• ContentTranslationUITestBase stragglers
  
• Wrong views exposed raw input values for multivalue filter field
  
• TermInterface setName has incorrect parameter type
  
• Fix EntityReferenceEntityFormatter variable description
  
• OffCanvasTest is set as @group settings_tray when it's not any more
  
• Missing mappings for "nodereference_buttons" & "nodereference_autocomplete" widgets
  
• No mapping to upgrade list_float fields
  
• Remove stale deprecated code
  
• When allowing content items to have customized layouts, clicking 'Layout' on full view of a node takes you to the configuration for the 'default' view mode
  
• Custom Display Settings - Order the view modes based on name rather than key
  
• Fix doc comments for DefaultTableMapping::allowsSharedTableStorage() and DefaultTableMapping::requiresDedicatedTableStorage()
  
• Move elements of \Drupal\layout_builder\Entity\LayoutBuilderEntityViewDisplayStorage into a stand-alone service or static methods
  
• Missing a test for table TRUNCATE while in transaction
  
• Restrict build targets to IE11 and above
  
• /filter/tips page is listed by search engines
  
• incorrectly formatted docs in mainPropertyName()
  
• Remove redundant ')' from TimestampItem FieldType annotation doc
  
• Non-helpful error when BrowserTestBase::clickLink doesn't find the link
  
• Fix ControllerBase stateService documentation
  
• Drupal PHPUnit tests currently NEED the profiles directory to exist
  
• incorrect docs in EntityTypeInterface::setAccessClass
  
• Upgrade path for Book 6.x and 7.x
  
• Traits on WebTestBase cause PHP Fatal error in php 5.6
  
• Query settings missing when display type Entity Reference
  
• Undefined index ReviewForm->buildForm() line 240
  
• Unreadable text on site branding block when placed outside of the header
  
• Documentation on datetime #date_increment is incorrect/misleading
  
• Remove outdated and misleading comment re. temp directory from file_save_upload
  
• Deprecate SystemConfigFormTestBase and create kernel test version
  
• Fix Weight form element behavior
  
• The description of the FormStateInterface refers to the nonexistent property \Drupal\Core\Form\FormState::$internalStorage
  
• Node type form alter sets new revision to false on subsequent saves
  
• Add documentation to EntityUser destination plugin
  
• Installer: Convert system functional tests to phpunit
  
• rest_test module for testing REST module could be reused by contrib JSON API module
  
• DefaultTableMapping does not return the revision table name for multi-valued base fields
  
• Path to statistics.php is not correct when the path start with index.php
  
• Fix Weight form element behavior
  
• Document that SqlBase source plugin must use the ignore_map configuraition option if expressions are used in the query
  
• Entity links aren't added to views using the revision table as a base
  
• Cannot uninstall Config module via drush config-import

Läs mer: https://www.drupal.org/project/drupal/releases/8.5.4

8.5.3

25 April 2018 - 120MBSecurity

• Drupal core - Critical - Remote Code Execution - SA-CORE-2018-004 - A remote code execution vulnerability exists within multiple subsystems of Drupal 7.x and 8.x. This potentially allows attackers to exploit multiple attack vectors on a Drupal site, which could result in the site being compromised. This vulnerability is related to Drupal core - Highly critical - Remote Code Execution - SA-CORE-2018-002. Both SA-CORE-2018-002 and this vulnerability are being exploited in the wild.

Läs mer: https://www.drupal.org/project/drupal/releases/8.5.3

8.5.2

(säkerhetsutgåvan)
20 April 2018 - 120MBSecurity

• Drupal core - Moderately Critical - Cross Site Scripting - SA-CORE-2018-003 - CKEditor, a third-party JavaScript library included in Drupal core, has fixed a cross-site scripting (XSS) vulnerability. The vulnerability stemmed from the fact that it was possible to execute XSS inside CKEditor when using the image2 plugin (which Drupal 8 core also uses).

Läs mer: https://www.drupal.org/project/drupal/releases/8.5.2

8.5.1

(säkerhetsutgåvan)
28 Mars 2018 - 120MBSecurity

• Drupal core - Highly Critical - Remote Code Execution - SA-CORE-2018-002 - A remote code execution vulnerability exists within multiple subsystems of Drupal 7.x and 8.x. This potentially allows attackers to exploit multiple attack vectors on a Drupal site, which could result in the site being completely compromised.

Läs mer: https://www.drupal.org/project/drupal/releases/8.5.1

8.5.0

(större version)
18 Mars 2018 - 120MBHighlights

• PHP 7.2 is now supported.
  
• Media in core improved and available to all site builders.
  
• Settings Tray and Content Moderation now stable.
  
• New experimental Layout Builder module.
  
• Big steps for migrations.
  
• BigPipe by default.
  
• Groundwork for a Drupal 8 "Out of the Box" demo.
  

Important

• Drupal will no longer support PHP 5.5 and 5.6 as of March 7 2019, one year from now.
  
• Symphony has been updated to version 3.4.5.
  
• Validation has been added to custom modules that deal with pending revisions or loading revisions.
  
• Viewing public files now requires 'access content' permission.
  
• There are significant changes to PHPUnity integration.
  
• Multi-value fields in views now use correct field names.
  
• There are changes to EntityListBuilder and ConfigEntityListBuilder.
  

Bug Fixes

• Following a number of critical bugfixes, Drupal 8.5.0 will be the first core release to fully support PHP 7.2. Please report any issues you encounter with PHP 7.2 in the issue queue.
  
• When Drupal-to-Drupal migrations are run through the user interface, the site owner will now be warned if the migration might overwrite existing data. However, a similar fix is not yet available for Migrate Drush, so site owners running migrations on the command line should take care to ensure data is not overwritten.
  
• In earlier releases, the route cache on multilingual sites could sometimes become corrupted, leading to "page not found" errors for vaild pages. This is now resolved.
  
• When editing a view, cloning a display could cause the original display to be deleted. This is now resolved.
  
• This release resolves #2885469: Regression: manually setting the ID field for newly-created content entities is not possible anymore (public follow-up to SA-2017-002), a regression introduced in Drupal 8.4.4, as well as #2939885: UX regression (again): Prevent links in node preview from being clicked which was introduced in Drupal 8.4.0.
  
• (And hundreds more documented in the release notes.)

Läs mer: https://www.drupal.org/project/drupal/releases/8.5.0

8.4.8

25 April 2018 - 115MBSecurity

• Drupal core - Critical - Remote Code Execution - SA-CORE-2018-004 - A remote code execution vulnerability exists within multiple subsystems of Drupal 7.x and 8.x. This potentially allows attackers to exploit multiple attack vectors on a Drupal site, which could result in the site being compromised. This vulnerability is related to Drupal core - Highly critical - Remote Code Execution - SA-CORE-2018-002. Both SA-CORE-2018-002 and this vulnerability are being exploited in the wild.

Läs mer: http://drupal.org/project/drupal/releases/8.4.8

8.4.7

(säkerhetsutgåvan)
20 April 2018 - 115MBSecurity

• Drupal core - Moderately Critical - Cross Site Scripting - SA-CORE-2018-003 - CKEditor, a third-party JavaScript library included in Drupal core, has fixed a cross-site scripting (XSS) vulnerability. The vulnerability stemmed from the fact that it was possible to execute XSS inside CKEditor when using the image2 plugin (which Drupal 8 core also uses).

Läs mer: http://drupal.org/project/drupal/releases/8.4.7

8.4.5

(säkerhetsutgåvan)
25 Februari 2018 - 115MBThis security release of the Drupal 7 series. It is highly recommended that you update.

Highlights

• Fixed multiple security vulnerabilities.

Läs mer: http://drupal.org/project/drupal/releases/8.4.5

8.4.4

8 Januari 2018 - 115MBBug Fixes

• datetime_type is not set correctly when migrating datetime fields from D7
  
• Recursive rebuild caused by installing admin_toolbar_tools module
  
• Concurrently editing two translations of a node may result in data loss for non-translatable fields
  
• Case mismatch in ExportForm.php
  
• Change wording of annotation keys to properties
  
• The documentation makes reference to a function that doesn't exist
  
• hook_field_widget_form_alter() still reference a hook that is not used anymore
  
• Timestamp field type misses schema for value
  
• Fix 'Squiz.WhiteSpace.SemicolonSpacing' coding standard
  
• `quote` should be `blockquote` in off-canvas.base.css
  
• ModerationInformation::getLatestRevisionId returns access-specific results
  
• Error when calling ModerationStateFieldItemList::updateModeratedEntity() if the entity doesn't have workflow
  
• Duplicate AJAX wrapper around a file field
  
• Improve API documentation of DrupalSqlBase source plugin
  
• Add documentation to SqlBase source plugin
  
• Module: Convert system functional tests to phpunit
  
• badly constructred link in drupal_set_message
  
• [PHP 7.2] count() parameter must be an array or an object that implements Countable
  
• Incorrect handling of file upload limit exceeded - file widget disappears
  
• Preview of content - Notice: Undefined offset: 0 in _quickedit_entity_is_latest_revision() (line 196 of core/modules/quickedit/quickedit.module)
  
• Config sync should not throw a warning when not being writable
  
• Backport --supress-deprecations to run-tests.sh 8.4.x
  
• Exception when trying to save a new revision after manually setting the original revision ID
  
• Tests under "core/modules/ckeditor/tests/modules/src/Kernel" are in the wrong folder and do not get tested
  
• Allow PHPUnit 6+ support for object mocking
  
• Add documentation to EntityFieldInstance destination plugin
  
• Add documentation to EntityFieldStorageConfig destination plugin
  
• Correct references to 'iterator' plugin to be 'sub_process'
  
• Aggregator feed "refresh" field should have a default value
  
• Various tests do not set values for required field when creating entities
  
• Config import change profile message
  
• Fix 'Squiz.WhiteSpace.LanguageConstructSpacing' coding standard
  
• Revert "Issue #2929076 by marcoscano: Fix wrong \Drupal\Core\Entity\EntityTypeInterface::getBundleLabel() docblock"
  
• Fix wrong \Drupal\Core\Entity\EntityTypeInterface::getBundleLabel() docblock
  
• Update DbLogResourceTest to use the ResourceTestBase base class instead of the deprecated RESTTestBase
  
• Site name is not UTF-8 encoded in email headers

Läs mer: http://drupal.org/project/drupal/releases/8.4.4

8.4.3

21 December 2017 - 115MBHighlights

• Segfault on PHP5.5 and PostgreSQL
  
• Migration module breaks with PHP 7.2 due to inherited method signature differences
  

Bug Fixes

• Add @justafish as JavaScript subsystem maintainer in MAINTAINERS.txt
  
• Theme suggestions may not be in theme include files, Search and Views UI suggestions are not (always) found
  
• Revert "Issue #2662574 by RajeevK, Adita, pritish.kumar, afi13, AjitS, greyghost: Theme suggestions may not be in theme include files, Search and Views UI suggestions are not (always) found"
  
• Theme suggestions may not be in theme include files, Search and Views UI suggestions are not (always) found
  
• NodeTranslationHandler references old publish and unpublish actions
  
• ConfigEntityInterface::onDependencyRemoval() called with incorrect dependency list
  
• Revert "https://www.drupal.org/files/issues/2850973-38.patch"
  
• Revert "Issue #2915820 by martin107, tim.plunkett, dawehner: [PHP 7.2] FormValidator: Parameter must be an array or an object that implements Countable"
  
• [PHP 7.2] FormValidator: Parameter must be an array or an object that implements Countable
  
• Using testing.services.yml in a kernelTest fatals when trying to copy this to the test site
  
• Warn users of old PHP versions
  
• Move part of DownloadTest::testFileCreateUrl() to a new Kernel test
  
• Replace deprecated usage of entity_create('config_test') with a direct call to ConfigTest::create()
  
• Use ComputedFieldItemListTrait for the path field type
  
• Fix wrong documentation in comment module
  
• format_plural() does not handle D7 translations with a plural form after @count
  
• Revert "Issue #2421001 by eiriksm, pfrenssen, YesCT, DuaelFr, gnuget, StryKaizer, Lendude, Jo Fitzgerald, andrewmacpherson, mgifford, geertvd, John Cook, mohit_aghera, Sinan Erdem, yoroy, thorandre, xjm, catch, joelpittet, idebr, alexpott, cilefen, dawehner, Cottser: Fix regression in the link widget where help text does not show"
  
• Revert "Issue #2139467 by vaplas, Gábor Hojtsy, andypost, Sutharsan, alexpott, dillix: format_plural() does not handle D7 translations with a plural form after @count"
  
• Fix regression in the link widget where help text does not show
  
• https://www.drupal.org/files/issues/2850973-38.patch
  
• Hotfix for ToolkitGdTest take 3
  
• Revert "Issue #2918570 by xjm: Hotfix for ToolkitGdTest take 2"
  
• Hotfix for ToolkitGdTest take 2
  
• Hotfix for ToolkitGdTest
  
• Multiple data types must be separated by a vertical bar
  
• When installing a site in a language besides English, the site name is not saved and reverts to "Drupal"
  
• EntityReferenceItem logs critical errors in onDependencyRemoval()
  
• check_markup() and FilterInterface refer to non-existent function filter_process_text()
  
• Move d6_taxonomy_term_translation and test to content_translation
  
• Fields with a manually defined initial value in the schema have an Entity schema definition mismatch after updating to Drupal 8.4
  
• \Drupal\views\Tests\ViewResultAssertionTrait::assertIdenticalResultsetHelper() does not cast entity field values to strings
  
• Missing @var annotation for scalars that provide default values
  
• Fix existing but somehow invalid @var annotation
  
• Numerous deprecation messages for test traits do not reference the correct replacement
  
• Wrap JS comments in Settings Tray to 80 character limit
  
• The one-line summary of ImageEffectInterface::getDerivativeExtension() is too long
  
• Simplify ModerationInformation::getLatestRevisionId()
  
• Fix incorrect FieldFormatter id for weight field in base field definition in display options
  
• Revert "Issue #2923747 by morsok, drpal: Wrong declaration of no-mutable-exports JS coding standard rule"
  
• Wrong declaration of no-mutable-exports JS coding standard rule
  
• Wrong description for "view latest version" permission
  
• setDialogTitle in the OpenDialogCommand doesn't set the title
  
• Make media name available on manage display
  
• BrowserTestBase: Steer new test development away from translation
  
• Fix 'Drupal.Commenting.DataTypeNamespace' coding standard
  
• Don't try to include Media CSS library if Media Entity 1.x is being used
  
• Revert "Issue #2864816 by Wim Leers, dawehner, larowlan, tedbow: HAL LinkManager doesn't add 'url.site' cache context when needed"
  
• HAL LinkManager doesn't add 'url.site' cache context when needed
  
• Remove hard coded reference to node/2179269
  
• Set revision creation time when moderating content
  
• Segfault on PHP5.5 and PostgreSQL
  
• Fix 'Squiz.WhiteSpace.SuperfluousWhitespace' coding standard
  
• Add plach to MAINTAINERS.txt as a provisional framework manager
  
• Add Change record to @deprecated for Renderer service
  
• Add Change record to @deprecated for email-validator service
  
• Add Change record to @deprecated for Date format changes
  
• FieldItemList::equals() doesn't work correctly for computed fields with custom storage
  
• Add Change record to @deprecated for AssetCollectionOptimizerInterface::getAll() and ::deleteAll()
  
• Fix coding standard for closures - Drupal.WhiteSpace.ScopeClosingBrace and Generic.Functions.OpeningFunctionBraceKernighanRitchie
  
• Add Change record to @deprecated for function rightJoin
  
• MINK_DRIVER_ARGS does not support associative arrays
  
• Unclosed conditional comments in html tag result in broken html head
  
• Warning: mkdir(): File exists in Drupal\Component\PhpStorage\FileStorage->createDirectory
  
• Promote the provisional product and framework managers
  
• Add Change record to @deprecated for redirect.destination service
  
• Revert "Issue #2920003 by mairi, shashikant_chauhan, tedbow, dinarcon, kwhite: Add Change record to @deprecated for redirect.destination service"
  
• Add Change record to @deprecated for UrlHelper::stripDangerousProtocols()
  
• Add a trait to standardize handling of computed item lists
  
• Add documentation to EmptySource source plugin
  
• Document public function MigrateSourceInterface::getIds return value better
  
• Add hchonov as an Entity API maintainer
  
• FieldDefinitionIntegrityTest does not respect module dependencies
  
• Cache bins are not deleted when the module that declares them is uninstalled
  
• Migration module breaks with PHP 7.2 due to inherited method signature differences
  
• Add change record to @deprecated for drupal_render_children()
  
• Field Layout should not alter fields placed into regions it doesn't know about
  
• Add Change record to @deprecated for element_info service
  
• Merge branch 'drupal-8.4.2' into 8.4.x
  
• Revert "Issue #2908864 by Wim Leers, eleleka: Update CKEditor library to 4.7.3"
  
• URL generator may have a stale route provider during module installation
  
• providerTestCleanCssIdentifier line comments reference wrong lines
  
• Unused local variable in TaxonomyTermViewTest
  
• The same link "available updates" links to two different pages in the same paragraph when there is a problem checking available updates
  
• Document magic methods in DateTimePlus and DrupalDateTime using phpDoc @method

Läs mer: http://drupal.org/project/drupal/releases/8.4.3

8.4.2

(större version)
29 November 2017 - 115MBHighlights

• #2912120: Migrations with a highwater property are not applying correct orderBy() on first run
  
• #2914649: [D7] Vocabulary migration: vid incorrectly mapped from vocabulary name instead of machine_name
  
• #2887142: NodeType source plugin should include comment information
  
• #2897254: URLs without http:// are broken after migration from d6 or d7
  

Bug Fixes

• #2919983 by xjm: Restore the 8.4.0 phpcs.xml.dist on 8.4.x
  
• #2919130 by masipila, heddn: Add masipila to MAINTAINERS.txt for migrate subsystem
  
• #2864995 followup by amateescu, xjm: Don't disrupt QueryInterface in a patch release.
  
• Revert "Issue #2915673 by borisson_, alexpott, Gábor Hojtsy: Ignore coding standards in sites/* PHP files as they are for configuration and not real code"
  
• #2915673 by borisson_, alexpott, Gábor Hojtsy: Ignore coding standards in sites/* PHP files as they are for configuration and not real code
  
• #2914668 by Jo Fitzgerald, shashikant_chauhan, heddn, quietone: MigrateNodeDeriverTest::testNoTranslations() does not install node module
  
• #2913460 by Eric_A: drupal/core-class-finder missing from replace section
  
• #2913459 by Eric_A: drupal/core-class-finder missing in ComposerIntegrationTest
  
• #2825204 by dawehner, BR0kEN, xjm, pcambra, Wim Leers, tim.plunkett, tstoeckler, damiankloip, larowlan, effulgentsia, alexpott: REST views: authentication is broken
  
• #2915490 by Wim Leers: Modernize & harden HalLinkManagerTest
  
• #2905227 by maxocub, yoroy, jjpoole, heddn, phenaproxima, vulcanr, quietone, wturrell, xjm: Migrate UI: Improve 'Review Upgrade' page UX
  
• #2912120 by phenaproxima, heddn, Berdir, quietone, maxocub: Migrations with a highwater property are not applying correct orderBy() on first run
  
• Revert "Issue #2843765 by vaplas: EntityResource: Provide comprehensive test coverage for EntityViewDisplay entity"
  
• Revert "Issue #2701393 by tim.plunkett, Wim Leers, thpoul, xjm: Switching between editors on the format configuration causes errors upon save"
  
• Revert "Issue #2912399 by wengerk, Wim Leers: Extend the CKEditorIntegrationTest for DrupalImage"
  
• #2888905 by vaplas, Lendude: ConvertConfigTranslationUiTest WTB to JTB & BTB for config_translation module
  
• #2843765 by vaplas: EntityResource: Provide comprehensive test coverage for EntityViewDisplay entity
  
• #2909164 by drunken monkey, dawehner: Fatal error with stub container in DependencySerializationTrait::__wakeup()
  
• #2912399 by wengerk, Wim Leers: Extend the CKEditorIntegrationTest for DrupalImage
  
• #2701393 by tim.plunkett, Wim Leers, thpoul, xjm: Switching between editors on the format configuration causes errors upon save
  
• #2915767 by heddn: CckFieldPluginBase doesn't implement MigrateCckFieldInterface
  
• #2864995 by amateescu, Dinesh18, Sam152: Allow entity query to query the latest revision
  
• #2897254 by Jo Fitzgerald, heddn, rakesh.gectcr, maxocub, masipila, phenaproxima, larowlan: URLs without http:// are broken after migration from d6 or d7
  
• #2887311 by naveenvalecha, vaplas, Lendude: Convert BlockContentTypeTest web tests to browser tests for block_content module
  
• #2809483 by michielnugter, ApacheEx, Lendude, dawehner: Convert AJAX part of \Drupal\field\Tests\FormTest::testFieldFormJSAddMore to JavascriptTestBase
  
• #2870439 by vaplas, andypost, Jo Fitzgerald, jonathan1055, Lendude, dawehner, alexpott, GoZ: Convert web tests to browser tests for config module
  
• #2887813 by vaplas: Convert web tests to browser tests for content_translation module Part 2
  
• #2908600 by neclimdul: YamlTest writes temporary files but never uses them
  
• #2870457 by ApacheEx, andypost, dawehner, naveenvalecha, vaplas, nlisgo, Wim Leers, Lendude, alexpott: Convert web tests to browser tests for page_cache module
  
• #2910081 by mpdonadio, neclimdul, gambry, jhedstrom, alexpott: DateTimePlus calls should be chainable
  
• #2914033 by alexpott, borisson_: Complete deprecation of install_ensure_config_directory()
  
• #2915900 by David_Rothstein: MAINTAINERS.txt doesn't indicate that the database API is in need of a maintainer
  
• #2909163 by mfernea: Fix 'Drupal.Commenting.InlineComment.WrongStyle' coding standard
  
• #2916642 by quietone, heddn: Private and Public file migrations use the same name
  
• #2870456 by ApacheEx, Lendude: Convert web tests to browser tests for Settings Tray module
  
• #2573807 by 20th, Sam152, msgph, sherakama, heikki, jcnventura, Wim Leers: Fatal error: Call to a member function getTimestamp()
  
• #2843781 by vaplas, Wim Leers: EntityResource: Provide comprehensive test coverage for EntityViewMode entity
  
• #2909183 by Wim Leers, tedbow: Add path alias (PathItem) field PATCH test coverage
  
• #2901722 by mfernea: Fix 'Squiz.Functions.FunctionDeclarationArgumentSpacing' coding standard
  
• #2843780 by vaplas, jamesdesq, Wim Leers: EntityResource: Provide comprehensive test coverage for EntityFormMode entity
  
• #2578485 by Mile23, mayeco, TamCalderwood, alduya, Gravypower, Andy_D, alexpott, slde_rorschach: Composer::preAutoloadDump fails with no specified classmap
  
• #2915664 by alexpott, dawehner: Sites installed by InstallerTestBase should have a timezone of 'Australia/Sydney'
  
• #2916025 by Wim Leers: Rename $denormalized to $normalized in \Drupal\hal\Normalizer\FieldItemNormalizer::normalizedFieldValues()
  
• Update CHANGELOG with more accurate Drush compatibility information.
  
• #2572787 by alexpott, mfernea, attiks, andriyun, andypost, RoSk0, hussainweb, klausi, martin107: Fix 'Drupal.WhiteSpace.CloseBracketSpacing' coding standard
  
• #2911165 by mfernea, Jo Fitzgerald: LoggingTest.php - Weird comments
  
• #2901572 by Jo Fitzgerald, bluccas, mfernea, klausi: Fix 'Drupal.Commenting.PostStatementComment' coding standard
  
• #2908864 by Wim Leers, eleleka: Update CKEditor library to 4.7.3
  
• #2711353 by Jo Fitzgerald, rakesh.gectcr, quietone, chx, Yogesh Pawar, Pavan B S, biguzis, mikeryan, vasi, catch, iMiksu, dawehner, Berdir, benjy: Migrate never unsets existing data for content entitites
  
• #2907420 by DyanneNova, tedbow: The Off-Canvas CSS reset prevents SVGs from displaying
  
• Revert "Issue #2894068 by Jo Fitzgerald, davidsickmiller, Yogesh Pawar, heddn, quietone: datetime_type is not set correctly when migrating datetime fields from D7"
  
• #2356913 by jmolivas, mgifford, maurizio.ganovelli, zhuber: Fix rebuild_token_calculator
  
• #2881348 by benjifisher, guncha25, Jo Fitzgerald, anya_m, Dinesh18, pritish.kumar, andypost, alexpott, James Nesbitt, larowlan, znerol, dawehner: SessionCacheContext calls getId() on null
  
• #2894068 by Jo Fitzgerald, davidsickmiller, Yogesh Pawar, heddn, quietone: datetime_type is not set correctly when migrating datetime fields from D7
  
• #2909368 by mfernea, reflie, zaporylie: Fix 'Drupal.Commenting.VariableComment.InlineVariableName' coding standard
  
• #2892377 by Wim Leers, Gábor Hojtsy: Document relationship of entities, entity revisions and entity translations
  
• #2805449 by joelpittet: Comment out 'extension_discovery_scan_tests' in example.settings.local.php
  
• #2680097 by maxocub, quietone, vg3095, heddn, xjm: Update Migrate entries in MAINTAINERS.txt
  
• #2914738 by _gradient_: Fix typo in MapperInterface::getInstance() description
  
• #2862670 by Jo Fitzgerald, pk188, heddn, edysmp, shashikant_chauhan, dhruveshdtripathi, pritish.kumar, quietone, maxocub, mikeryan: Add documentation to SourcePluginBase source plugin
  
• #2913957 by geertvd, mpdonadio: Fix invalid casing in date argument's namespace
  
• #2914408 by fgm: Incorrect code/endcode in API files
  
• #2912666 by shashikant_chauhan, tobiberlin, dawehner: Clarify param in KernelTestBase::installConfig()
  
• #2898373 by Mile23, Jo Fitzgerald, joachim, dawehner, Gábor Hojtsy, Lendude: Gaps in docs for KernelTestBase
  
• #2909367 by iKb, zaporylie, mfernea: Fix 'Drupal.Commenting.VariableComment.DuplicateVar' coding standard
  
• #2909373 by karthikkumarbodu, xjm, mfernea, dawehner: Views TaxonomyIndexTidDepth has a weird commented IN condition
  
• #2901789 by mfernea, andriyun, borisson_: Fix 'PEAR.Functions.FunctionCallSignature' coding standard
  
• #2572699 by rajeshwari10, andriyun, mfernea, pashupathi nath gajawada, marvin_B8, attiks, andypost, alexpott: Fix 'Drupal.ControlStructures.InlineControlStructure' coding standard
  
• #2901744 by mfernea: Fix 'PSR2.Namespaces' coding standard
  
• #2901726 by mfernea, gmario, finn.lewis, robertoperuzzo, rachel_norfolk: Fix 'Squiz.Functions.MultiLineFunctionDeclaration' coding standard
  
• #2873750 by eheller: Add Change record to @deprecated for install_ensure_config_directory()
  
• #2887142 by maxocub, phenaproxima, Jo Fitzgerald, Adita, heddn, andypost: NodeType source plugin should include comment information
  
• #2911280 by alexpott, andypost, dawehner: RectangleTest.php takes a very long time to scan for coding standards
  
• #2851468 by tameeshb, dhirendra.mishra, alexpott, joelpittet: Wrong usage of file_prepare_directory in hook_install documentation
  
• #2857789 by vegantriathlete, snte, narnua, xjm, lauriii: Correct spelling/non-standard use of "therefor"
  
• #2902190 by chenderson: Docblock on FileUsageTemporaryDeletionConfigurationUpdateTest::testUpdateHookN() is incorrect
  
• #2911164 by mfernea, Jo Fitzgerald: Undo accidental commenting of message in MetadataGeneratorTest
  
• #2911166 by mfernea, Jo Fitzgerald: Undo accidental commenting of message in EntityDefinitionUpdateTest
  
• #2873768 by dhopki12, WidgetsBurritos, harsha012, Mile23, catch: Add Change record to @deprecated for *.modules constants
  
• #2744663 by jholding, rivimey, John Cook, hctom, mahalingam_cs: Batch missing title on screen
  
• #2901478 by Sam152, Jo Fitzgerald, timmillwood: Test ModerationStateWidget::isApplicable with a BaseFieldOverride
  
• #2877480 by Yogesh Pawar, hardik.p, eojthebrave, Cyberschorsch: Update #cache example code on Render API overview to use Node::getCacheTags instead of hard coding
  
• #2914649 by masipila, dipakmdhrm, phenaproxima, maxocub: [D7] Vocabulary migration: vid incorrectly mapped from vocabulary name instead of machine_name
  
• #2857843 by vaplas, mpdonadio, Jo Fitzgerald, gambry: Random fail in Drupal\KernelTests\Core\Entity\ContentEntityChangedTest::testChanged
  
• #2914249 by maxocub, dillix, masipila, phenaproxima: Translated forum vocabulary migration creates duplicate forum vocabularies
  
• #2903007 by rakesh.gectcr, dipakmdhrm, maxocub, dillix, masipila, quietone, phenaproxima: [D7] Forum containers are migrated as forums
  
• #2902018 by harsha012, Meenakshi Gupta, vijaycs85, Sam152, timmillwood, amateescu: Use array_column instead of array_map where possible in the Workflows module
  
• #2894765 by bendev, Sam152, arunkumark, cedric_a: BlockContentModerationHandler::enforceRevisionsEntityFormAlter sets incorrect keys in form
  
• #2864613 by vaplas, Jo Fitzgerald, andypost, dawehner: Convert ViewEditTest in views_ui module to BrowserTestBase
  
• #2907282 by BramDriesen, joachim: EntityTypeBundleInfoInterface::getBundleInfo() param should say 'ID'
  
• #2759757 by gambry, claudiu.cristea, heldercor, dawehner, -enzo-, TimRutherford, amateescu, joachim: EntityQuery wrong SQL with two reference fields conditions targetting same entity type
  
• #2901943 by amateescu, Berdir: Content entity form validation does not respect the #limit_validation_errors property from field widgets
  
• #2913445 by Ashley George: Incorrect description of cache invalidation tags
  
• #2910005 by catch, samuel.mortenson: JavaScript errors thrown when viewing non-latest default revision of entity
  
• #2895685 followup by xjm: Remove outdated CHANGELOG references to the alpha.

Läs mer: http://drupal.org/project/drupal/releases/8.4.2

8.3.7

26 Augusti 2017 - 115MB8.3.7
This release fixes security vulnerabilities. Sites are urged to upgrade as soon as possible.

Security

• Views - Access Bypass - Moderately Critical - CVE-2017-6923
  
• REST API can bypass comment approval - Access Bypass - Moderately Critical - CVE-2017-6924
  
• Entity access bypass for entities that do not have UUIDs or have protected revisions - Access Bypass - Critical - CVE-2017-6925
  

8.3.6

• #2897576: Resaving a view display results in deletion of view display
  
• #2896960 by tedbow, Wim Leers: Updated inline docs for data-off-canvas-main-canvas in twig template
  
• #2897306 by Wim Leers, tedbow: Remove dead CSS
  
• #2891911 by vaplas: Random fail in Drupal\Tests\locale\Functional\LocaleTranslationUiTest::testStringTranslation
  
• #2897576 by Lendude, Ismaels: Resaving a view display results in deletion of view display
  
• #2879512 by bkosborne: Path aliases can be forgotten after a cache rebuild due to race condition in CacheCollector
  
• Revert "Issue #2891911 by vaplas: Random fail in Drupal\Tests\locale\Functional\LocaleTranslationUiTest::testStringTranslation"
  
• #2894427 by yoroy, tedbow, Wim Leers: White toolbar background when in edit mode is distracting and not pretty
  
• #2896143 by tedbow, Wim Leers, DyanneNova: Unintentional animation of the body while Settings Tray is installed
  
• #2896063 by timmillwood, Sam152: Add a workflows.module component to drupal issue queue and MAINTAINERS.txt
  
• Revert "Issue #2801777 by Berdir, Wim Leers, Pol, alexpott, dawehner, Jo Fitzgerald, Munavijayalakshmi, poornima.n, ifrik, Bojhan, catch: Prevent drupal from deleting temporary files"
  
• #2801777 by Berdir, Wim Leers, Pol, alexpott, dawehner, Jo Fitzgerald, Munavijayalakshmi, poornima.n, ifrik, Bojhan, catch: Prevent drupal from deleting temporary files
  
• #2892469 by shashikant_chauhan: deprecation notice for entity_get_form_display() is badly formatted and doens't display properly on api site
  
• #2883483 by tedbow, Wim Leers: Assert that calls to waitForElementVisible() actually return element in OutsideIn javascript tests
  
• #2541228 by amateescu, g089h515r806, Berdir, pawel_r: FieldConfigBase::setPropertyConstraints() and addPropertyConstraints() are broken
  
• #2882729 by tedbow, tim.plunkett, Bojhan: In off-canvas block form hide Title input unless it will be displayed and change label to Block Title
  
• Removing Larry Garfield from technical leadership positions.
  
• Revert "Issue #2892942 by Chi: Contextual links support options but not use them to generate links"
  
• #2892942 by Chi: Contextual links support options but not use them to generate links
  
• #2893371 by Mile23: Several methods theoretically added to TestInfoParsingTest were actually not
  
• #2891784 by FeyP: Use correct class name for EventDispatcherInterface in Events API documentation
  
• #2873782 by Jo Fitzgerald, Dinesh18, vrwired: Add Change record to @deprecated for MigrateCckFieldPluginManagerInterface

Läs mer: http://drupal.org/project/drupal/releases/8.3.7

8.3.5

20 Juli 2017 - 115MBWhat's New

• #2884894 by amateescu, tstoeckler: Remove obsolete + duplicate EntityTestUpdate class
  
• #2867882 by vegantriathlete, Dinesh18, naveenvalecha, Gábor Hojtsy, Berdir: Expand @deprecated docblocks in EntityManager.php
  
• #2890824 by Wim Leers: Some HAL module functional tests are tagged "@group rest" instead of "@group hal"
  
• #2872322 by lcontreras, Jo Fitzgerald, Manuel Garcia, Lendude, rroose, catch: Views preview title is double escaped
  
• #2543796 by mikeker, therealssj, mariagwyn: Using token views to rewrite css output causes Twig_Error_Syntax, "Unexpected token "end of template" of value " in Twig/ExpressionParser.php line 190
  
• #2889803 by mpdonadio: Add test coverage for default time zone in tests
  
• #2850312 by heddn, Charlotte17, ohthehugemanatee, Gribnif, mikeryan, kubrt, Jo Fitzgerald, michaelmallett, phenaproxima: d6_filter_format is hard coded, causing dependent migration to fail
  
• #2873789 by ponies, Wim Leers, xjm: Add change record to @deprecated for TypeLinkManagerInterface
  
• #2888689 by pk188, Pavan B S, dhruveshdtripathi, naveenvalecha, tstoeckler: Fix description for StylePluginBase::$usesRowPlugin property
  
• #2854046 by andypost: Only call getDerivativeId() when needed
  
• #2870464 by naveenvalecha, Antonnavi, dawehner, Lendude: Convert web tests to browser tests for update module
  
• #2889350 by naveenvalecha, Lendude, dawehner: Convert BookRelationshipTest web tests to BrowserTestBase
  
• #2889352 by naveenvalecha, jibran, dawehner, Lendude: Convert ContactFieldsTest & ContactLinkTest web tests to browser tests for contact module
  
• #2889433 by pramodga, pk188, Chi: Fix incorrect plugin variable names in AddRoleUserTest
  
• #2889353 by naveenvalecha, Lendude: Convert ForumIntegrationTest web tests to browser tests for forum module
  
• #2505283 by quietone, maxocub, Jo Fitzgerald, mikeryan, Pavan B S, penyaskito, chriscalip, phenaproxima: Handle import of private files
  
• #2870440 by naveenvalecha, andypost, snetcher, michielnugter, dawehner: Convert web tests to browser tests for config_translation module
  
• #2862791 by mitrpaka, Jo Fitzgerald, RajeevK, quietone, harings_rob: LanguageContentSettings source plugin needs tests
  
• #2864005 by naveenvalecha, GoZ, Jo Fitzgerald, Lendude: Convert web tests to browser tests for block_content module
  
• #2870459 by naveenvalecha, Lendude, zahord, Jo Fitzgerald, dawehner, larowlan, claudiu.cristea: Convert web tests to browser tests for taxonomy module
  
• #2888296 by jalpesh: Incorrect filename in INSTALL doc
  
• #2886801 by phenaproxima: Migrate D6 user reference values to D8
  
• #2872059 by naveenvalecha, mpdonadio, dawehner, Lendude: Convert web tests to browser tests for locale module
  
• #2870441 by naveenvalecha, dawehner, Lendude: Convert web tests to browser tests for content_translation module
  
• #2883921 by vinothkannan, dharizza: Place migrate sections in alphabetical order in MAINTAINERS.txt
  
• #2873867 by kwhite, Calystod: Add Change record to @deprecated for config.storage.staging in core.services.yml
  
• #2784371 by Jo Fitzgerald, quietone, phenaproxima, Gábor Hojtsy, mikeryan, jhodgdon: Migrate D6 i18n taxonomy terms
  
• #2225781 by quietone, alexpott, Jo Fitzgerald, RajeevK, mikeryan, Gábor Hojtsy, mpp, xjm: Migrate D6 i18n taxonomy vocabularies
  
• Revert "Issue #2887114 by alauzon, Balu Ertl: Misleading text on automatic/manual update"
  
• #2887114 by alauzon, Balu Ertl: Misleading text on automatic/manual update
  
• #2886365 by kiamlaluno: Comments for the UserData::get() code are unclear and wrongly use "was" instead of "were"
  
• #2873761 by sorabh.v6, Wim Leers: Add Change record to @deprecated for ResourcePluginManager
  
• #2757023 by claudiu.cristea, naveenvalecha, GoZ, jibran, Jo Fitzgerald, dawehner, klausi: Convert all aggregator web tests to BrowserTestBase
  
• #2886198 by acbramley: Refactor \UserLoginHttpTest::testLogin() to use a protected method and remove the nested loops
  
• #2862641 by martin107, boaloysius, Jo Fitzgerald, dawehner, alexpott: Image: Convert system functional tests to phpunit
  
• #2873825 by josephcheek: Add Change record to @deprecated in SafeMarkup
  
• #2868759 by dpagini: ConditionInterface::conditionGroupFactory API documentation typo AND/OR
  
• #2885522 by kiamlaluno: ModuleHandler::loadInclude() example contains a syntax error
  
• #2885878 by tim.plunkett: Threecol layout 33/34/33 is only 33/33/33
  
• #2884715 by timmillwood, Sam152, larowlan, tstoeckler: Initial Content Moderation transitions are not correct
  
• #2883699 by prajaankit, ahmad.h.khalil, cilefen: hook_theme_suggestions_HOOK() is not clear enough about what should be returned
  
• #2884769 by tim.plunkett, larowlan, tedbow: \Drupal\Core\Block\BlockManager::getGroupedDefinitions() triggers a notice on every call
  
• #2867304 by maxocub, michielnugter, Jo Fitzgerald, dawehner, quietone: Convert web tests to browser tests for migrate_drupal_ui module
  
• #2835586 by Grayside, heddn, tjh: Allow customization of stub rows from Migration process plugin
  
• #2872151 by Lendude, phenaproxima, dawehner: Database/DrupalKernel: Convert system functional tests to PHPUnit
  
• #2883646 by shashikant_chauhan, Dinesh18: Fix incorrect mention of getBaseInfo() on BaseFormIdInterface to getBuildInfo()
  
• #2884887 by jibran: Add Lee Rowlands as a provisional framework manager to MAINTAINERS.txt
  
• #2747167 by michielnugter, dawehner, Lendude, mglaman, Mac_Weber, Jo Fitzgerald, klausi: Convert first part of web tests of views_ui
  
• #2828912 by tedbow, RajeevK, tim.plunkett, a-fro: Offcanvas width is not reset if tray is open with different width and not closed

Läs mer: http://drupal.org/project/drupal/releases/8.3.5

8.3.4

(säkerhetsutgåvan)
22 Juni 2017 - 115MBHighlights

• Drupal Core - Critical - Multiple Vulnerabilities - SA-CORE-2017-003

Läs mer: http://drupal.org/project/drupal/releases/8.3.4

8.3.3

8 Juni 2017 - 115MBHighlights

• #2302137: Improve performance when menu link value matches with the original value
  
• #2804391: Resaving menu links that points to a non-node entity changes the type to node and breaks the link
  

Changelog

• Revert "Revert "Issue #2870453 by Lendude, michielnugter, dawehner: Convert web tests to browser tests for node module""
  
• #2863267 by Lendude, Jo Fitzgerald, michielnugter, dawehner, klausi: Convert web tests of views
  
• Revert "Issue #2870453 by Lendude, michielnugter, dawehner: Convert web tests to browser tests for node module"
  
• #2870453 by Lendude, michielnugter, dawehner: Convert web tests to browser tests for node module
  
• #2447729 by phenaproxima, heddn: Migrate D6 user reference fields to D8 entity reference field storage config entities
  
• #2848508 by timmillwood, dragos-dumi, Sam152, Pavan B S, pradeep22saini, catch, Manuel Garcia, Postovan Dumitru: Reverting a revision causes validation error on edit form submit
  
• #2864807 by droplet, Wim Leers, amateescu, cilefen, CatsFromStonehenge: Autocomplete textfield surrounds titles with double quotes
  
• #2785135 by tedbow, RajeevK, effulgentsia, alexpott: Rename protected property SystemMenuOffCanvasForm::$entity to $menu?
  
• #2745009 by DamienGR, Mile23: Locale doc - Wrong return value key
  
• #2784881 by tedbow, bnjmnm, RajeevK: Update Outside-In Javascript based tests to test against all core themes
  
• #2862885 by dagmar, Lendude, martin107, Jo Fitzgerald, dawehner, larowlan, alexpott: Batch: Convert system functional tests to phpunit
  
• #2843756 by vaplas, Wim Leers, brentschuddinck, jamesdesq: EntityResource: Provide comprehensive test coverage for FieldStorageConfig entity
  
• #2879942 by cilefen, xjm, Dries: Make cilefen a full core committer for Drupal 8 (release manager)
  
• #2881884 by pk188, Devaraj johnson, vijaycs85, dawehner: Docblock of configFactory property in ControllerBase is wrong
  
• #808416 by lostchord, daniels220, gaurav.kapoor, jp.stacey, JacobSanford, er.pushpinderrana, jhodgdon, oriol_e9g, kiwimind, Dries: Document that clock drift will cause lock system to fail
  
• #2843779 by vaplas, Yogesh Pawar: EntityResource: Provide comprehensive test coverage for ShortcutSet entity
  
• #2865498 by jhedstrom, timmillwood, alexpott: Latest revision tab should respect 'view own unpublished content' permission
  
• #2880911 by Mile23, dawehner: Remove unused KernelTestBase::getCompiledContainerBuilder()
  
• #2864020 by Maouna, amateescu, alexpott: Entity autocomplete displays default value's entity labels only in the default entity language
  
• #2826505 by quietone, pen, Yogesh Pawar, mikeryan, drzraf, mglaman: Undefined index: allowed_html FilterSettings.php:45
  
• #2872812 by rakesh.gectcr, cosmicdreams, mikeryan: Create process plugin to log a message
  
• #2873775 by josephcheek, gaurav.kapoor, John Cook, cilefen: Add Change record to @deprecated for all deprecated functions in file.inc
  
• #2303409 by damiankloip, Grimreaper, dawehner: Resave all the views
  
• #2880645 by Gun5m0k3: Incorrect cache class in DefaultPluginManager
  
• #2881200 by Manuel Garcia: Incorrect syntax on content_moderation.permissions.yml and workflows.permissions.yml
  
• #2877913 by Sam152, timmillwood, amateescu, Wim Leers: Bring content_moderation library definition into line with the rest of core
  
• #2881012 by Lendude, dawehner, michielnugter: Move generatePermutations out of testbase into a trait
  
• #2851786 by LoMo, alexrayu, arshadcn: Path validation sets error on wrong element
  
• #2873738 by sorabh.v6, vrwired, edwdeapri, heddn: Add Change record to @deprecated for LinkUri
  
• #1952926 by Lendude, shyam kumar kunkala, alexpott, Leon Kessler, Mirnaxvb, portico, finne, gigabates, tadityar: NumericField.php does not support negative value rendering in range -0.xx
  
• #2865213 by acbramley, Sam152, timmillwood: Moderation form submission does not set revision author
  
• #2868429 by Sam152, timmillwood, Adita, catch, RaisinBranCrunch: ModerationStateWidget depends on EntityTypeInterface::getBundleEntityType despite content moderation supporting entity types without a bundle
  
• #2843767 by arshadcn, Wim Leers, tstoeckler: EntityResource: Provide comprehensive test coverage for BaseFieldOverride entity + add missing access control handler
  
• #2843771 by arshadcn, Wim Leers: EntityResource: Add an admin permission to RdfMapping entity and provide comprehensive test coverage
  
• #2880480 by er.pushpinderrana, joachim: ObjectWithPluginCollectionInterface::getPluginCollections() shouldn't mention entities
  
• #2836384 by chr.fritsch, phenaproxima, Munavijayalakshmi: Field UIs operations array is broken for entities with restricted access
  
• #2873742 by heddn, DrupalMattS, Adita, jhood, mikeryan: Add Change record to @deprecated for Term
  
• Revert "Issue #2876210 by Lendude, michielnugter: Convert \Drupal\views\Tests\ViewElementTest and \Drupal\views\Tests\Plugin\StyleGridTest to kernel tests"
  
• #2876210 by Lendude, michielnugter: Convert \Drupal\views\Tests\ViewElementTest and \Drupal\views\Tests\Plugin\StyleGridTest to kernel tests
  
• #2875443 by pankajsachdeva, pritish.kumar, brentgees: Remove D7 links from D8 Render API documentation
  
• #2862661 by heddn, Jo Fitzgerald, phenaproxima: Add documentation to EntityConfigBase destination plugin
  
• #2862655 by Jo Fitzgerald, heddn, phenaproxima: Add documentation to Config destination plugin
  
• #2839844 by chaitanya17, tomasnagy: Notice: Undefined index: package in system_requirements() (line 60 of core\modules\system\system.install).
  
• #2302137 by alexpott, dawehner, pwolanin, xjm, kgoel, catch: Improve performance when menu link value matches with the original value
  
• #2795051 by legovaer, Lendude, dawehner: Move \Drupal\simpletest\WebTestBase::drupalBuildEntityView into a trait and make it available in BTB
  
• #2852608 by Manuel Garcia, DyanneNova, markconroy, tim.plunkett, joelpittet, DickJohnson, Scorpid: Review layout CSS and markup
  
• #2874073 by dagmar: Add dagmar as maintainer for Syslog module
  
• #2844595 by ohthehugemanatee, Jo Fitzgerald, heddn, moshe weitzman: SQLBase breaks GROUP BY queries
  
• #2874878 by zengenuity, LoMo, alexpott: Status Report is not clear when cron job is not running or PHP memory limit too low
  
• #2876740 by c.nish2k3, gaurav.kapoor, dagmar, alexpott: Cleanup Logger\SysLog constructor
  
• #2879385 by vijaycs85: Move workflow entity handlers to entity annotation
  
• #2826268 by Lendude, LoMo, dawehner: Don't fatal on rss feeds when the page display is disabled
  
• #2878369 by mfernea: Tests for local tasks in Manage Display are not correct
  
• #2804391 by Jo Fitzgerald, Berdir, amateescu, gaurav.kapoor, arunkumark, wolffereast: Resaving menu links that points to a non-node entity changes the type to node and breaks the link
  
• #2876357 by michielnugter, Lendude, jonathan1055: Incomplete test coverage on AssertLegacyTrait field assertions
  
• #2831598 by idebr, alexpott, Dane Powell, LoMo: Two SVG icons have crlf line endings
  
• #2878529 by c.nish2k3, joachim: broken @see in docs for hook_ckeditor_plugin_info_alter()
  
• #2848120 by kristiaanvandeneynde, tim.plunkett, Pavan B S, tstoeckler: Short term fix: Make ContentTranslationController recognize 'add' and 'edit' form handlers
  
• #2865497 by quietone, pritish.kumar, Jo Fitzgerald, moshe weitzman, phenaproxima: Fix high-water condition for new migrations
  
• #2873832 by josephcheek: Add Change record to @deprecated in EntityInterface
  
• #2199829 by dpi: Missing documentation for some variables in template_preprocess_username()
  
• #2877259 by pfrenssen: Remove outdated remark in documentation of ContextDefinition
  
• #2814949 by phenaproxima: Support migration of node reference field values from Drupal 6
  
• #2845364 by Wim Leers, EAnushan: Test coverage to show that as a non-administrator, you're able to modify the 'name' field, but only if you have the 'change own username' permission
  
• #2876408 by Mile23, Eric_A: Update wikimedia/composer-merge-plugin to ~1.4
  
• #2862749 by Jo Fitzgerald, phenaproxima, quietone: Add documentation to EntityViewMode destination plugin
  
• #2761639 by Leksat, Wim Leers, Berdir, hitfactory, stella: PageCache should not use $request->getUri()
  
• #2878166 by Sam152: Remove deprecated ModerationStateTestBase from core
  
• #2870513 by michielnugter, alexpott, xjm, dawehner, dagmar, Lendude, Gábor Hojtsy: New initiative leads for the PHPUnit initiative
  
• Revert "Issue #2870513 by michielnugter, xjm, dawehner, dagmar, Lendude, Gábor Hojtsy: New initiative leads for the PHPUnit initiative"
  
• #2877593 by alexpott, Berdir, Wim Leers: Improve \Drupal\hal\LinkManager\RelationLinkManager::getRelations() documentation
  
• #2868362 by Berdir, Ginovski, dawehner, Wim Leers, alexpott: HAL RelationLinkManager caches and returns entity type definition object instead of id
  
• #2878030 by dagmar: Use testing profile for NodeRevisionsAllTest
  
• #2869415 by Wim Leers, tstoeckler, dawehner: EntityResourceTestBase::getUrl() overrides BrowserTestBase::getUrl(), yet offers different functionality
  
• #2876428 by hardik.p, joachim, c.nish2k3: Documentation for LocalTaskManager::getLocalTasks() is incorrect
  
• #2875796 by diamondsea: Small typo in file test
  
• #2742953 by Jo Fitzgerald, mikeryan, Adita: SqlBase::mapJoinable() should not join across databases with PostgreSQL
  
• #2746253 by borisson_, Leksat, eiriksm, alexpott: Configuration translation save triggers an undefined index notice
  
• #2876145 by michielnugter, Mile23, Lendude, dawehner, alexpott: ConfigTranslationViewListUiTest is a WTB test in the Functional namespace
  
• #2870451 by andypost, snetcher, michielnugter, dawehner: Convert web tests to browser tests for menu_link_content module
  
• #1827854 by jamesrward, dman, superspring, joseph.olstad, legolasbo, anrikun, bceyssens, mdeletter, Damien Tournoud: W3C HTML5 Validation error with PHP array-based query-strings built with url() containing [ ] characters (eg views filters)
  
• #2821716 by flocondetoile, anish.a, amateescu, Thew: Fatal error when viewing node with content moderation enabled if a module which implements hook_node_grants() is enabled
  
• #2843782 by arshadcn: EntityResource: Provide comprehensive test coverage for Editor entity
  
• #2864008 by nlisgo: Convert web tests to browser tests for content_moderation module
  
• Revert "Issue #2868429 by Sam152, timmillwood, Adita, RaisinBranCrunch, catch: ModerationStateWidget depends on EntityTypeInterface::getBundleEntityType despite content moderation supporting entity types without a bundle"
  
• #2876630 by Manuel Garcia: Add test coverage for saving a node after a revision has been reverted
  
• #2868429 by Sam152, timmillwood, Adita, RaisinBranCrunch, catch: ModerationStateWidget depends on EntityTypeInterface::getBundleEntityType despite content moderation supporting entity types without a bundle
  
• #2859704 by alexpott, tacituseu, xjm, vaplas, mpdonadio, catch, Mixologic: Intermittent segfaults on DrupalCI (some did
  
• Revert "Issue #2853509 by alexpott: Don't render status messages if there are no messages"
  
• #2876633 by drpal: Add drpal to MAINTAINERS.txt for JavaScript subsystem
  
• #2597680 by stimalsina, neclimdul, paryank, Derimagia, timodwhit, Dries, vinothg, heddn, benjy, effulgentsia: Some migrations have warnings when node types don't exist
  
• #2817835 by timmillwood, Sam152, alexpott: When enabling moderation apply a relative state
  
• #2873749 by pritish.kumar, kwhite, dietric@gmail.com, davidneedham, cosmicdreams, johnshortess, catch: Add Change record to @deprecated in bootstrap.inc
  
• #2876224 by droplet: Make Drupal.tableDrag.restripeTable 10x faster
  
• #2824671 by mikeryan, heddn, quietone: Document dangers of preserving IDs on migration
  
• #2867700 by erozqba, mondrake, mradcliffe, cilefen: ConnectionUnitTest::testConnectionOpen fails if the driver is not implementing a PDO connection
  
• #2779931 by Sam152, alexpott, timmillwood, Wim Leers, catch, dawehner: Add storage exception that enforces unique content_entity_type_id and content_entity_id on the content moderation state content entity, and add access control handler to forbid all access
  
• #2809519 by martin107, gaurav.kapoor, michielnugter, dawehner, alexpott: Convert AJAX part of \Drupal\system\Tests\Ajax\AjaxFormPageCacheTest to JavascriptTestBase
  
• #2870513 by michielnugter, xjm, dawehner, dagmar, Lendude, Gábor Hojtsy: New initiative leads for the PHPUnit initiative
  
• #2811717 by tedbow, drpal, RajabNatshah, droplet, alexpott: [outsidein] Uncaught TypeError: Cannot read property 'addEventListener' of null
  
• #2872660 by phenaproxima: Migrate D6 node reference fields to D8 entity reference field definitions
  
• #2863542 by quietone: Refactor MigrateDefaultLanguageTest to be consistent with other migration tests
  
• #2698023 by Jo Fitzgerald, mitrpaka, mohit_aghera, gaurav.kapoor, heddn, edysmp, mikeryan: Get sourceid values sorted from Row
  
• #2874043 by naveenvalecha, timmillwood, phenaproxima, mpdonadio: Node module should have a listed maintainer
  
• #2875102 by c.nish2k3: Alphabetize the initiatives

Läs mer: http://drupal.org/project/drupal/releases/8.3.3

8.3.2

4 Maj 2017 - 115MBHighlights

• #2867493: Error: Call to a member function getTotalCount() on boolean in statistics_get()
  
• #2867887: statistics_get() test mashes 0 too much
  
• #2753971: ContentEntityStorageBase::deleteRevision() function does not remove node_field_revision entries
  

Changelog

• #2871541 by Wim Leers, dagmar, e0ipso: Add API-first initiative to MAINTAINERS.txt
  
• Revert "Issue #2867700 by erozqba, mondrake, mradcliffe, cilefen: ConnectionUnitTest::testConnectionOpen fails if the driver is not implementing a PDO connection"
  
• #2867700 by erozqba, mondrake, mradcliffe, cilefen: ConnectionUnitTest::testConnectionOpen fails if the driver is not implementing a PDO connection
  
• #2868841 by erozqba, Sam152, kristiaanvandeneynde, mikeker: \Drupal\user\Plugin\views\filter\Roles::calculateDependencies breaks when using the empty/not empty operators
  
• #2844874 by jp.stacey: Improve documentation for ChainedFastBackendFactory
  
• #2864938 by fenstrat, timmillwood, Sam152: Content moderation form doesn't appear on new entities
  
• #2855636 by idebr, Pavan B S, chiranjeeb2410, nikunjkotecha, NikitaJain, hugovk, krknth, xjm: Regression: incorrect human-readable name for content type
  
• Revert "Issue #2868019 by michielnugter, dawehner, Lendude: AssertLegacyTrait field assertions not compatible with Simpletest assertions"
  
• Revert "Issue #2863416 by zviryatko, michielnugter, Jo Fitzgerald: Convert web tests to browser tests for filter module"
  
• #2847685 by semiuniversal, tameeshb, benjifisher: Update doc blocks for configureEntityFormDisplay() and configureEntityViewDisplay()
  
• #2854454 by Maouna, hchonov: EntityReferenceFormatterBase::view() is applying the cacheability metadata but it should be merging it in order to preserve already present cacheability metadata
  
• #2863416 by zviryatko, michielnugter, Jo Fitzgerald: Convert web tests to browser tests for filter module
  
• Revert "Issue #2863416 by zviryatko, Jo Fitzgerald, michielnugter: Convert web tests to browser tests for filter module"
  
• #2872562 by kala4ek, arunkumark, Chi: Drupal\views\Plugin\views\style\StylePluginBase::renderGroupingSets() incorrect documentation
  
• #2871097 by zaporylie, LoMo: Malformed HTML in translatable string (block_content_help)
  
• #2868019 by michielnugter, dawehner, Lendude: AssertLegacyTrait field assertions not compatible with Simpletest assertions
  
• #2863416 by zviryatko, Jo Fitzgerald, michielnugter: Convert web tests to browser tests for filter module
  
• #2864121 by Lendude, GoZ, dawehner: Convert web tests to browser tests for statistics module
  
• #2871400 by dagmar: Make ViewsListingTest more readable
  
• #2782555 by marcoscano, YesCT, Berdir: FileUsageInterface::add() and ::delete() have incorrect param documentation
  
• #2862625 by Maxfire, tedbow, gaurav.kapoor, drpal, lauriii: Rename offcanvas to two words in code and comments.
  
• #2843774 by jamesdesq, vaplas: EntityResource: Provide comprehensive test coverage for BlockContentType entity
  
• #2869904 by tstoeckler: Config schema missing for less common HTTP methods in REST resources configured using 'method' granularity
  
• #2870410 by tim.plunkett: Field UI should show fields with unknown regions in the "Disabled" section
  
• #2872793 by peaton, rakesh.gectcr, phenaproxima, heddn, vasi: Create Entity Exists Process Plugin
  
• #2607210 by malavya, Maninders, jwilson3, prateekS, jordana, ameymudras, Shabbir, Manjit.Singh, Cottser, EdgarPE, Nitesh Pawar, mikeohara, timisoreana, emma.maria, joelpittet, alexpott, kostyashupenko, Vidushi Mehta, jhodgdon: Visual regression: Sidebar menus are missing indentation styles
  
• #2862752 by Jo Fitzgerald, phenaproxima: Add documentation to PerComponentEntityFormDisplay destination plugin
  
• #2640668 by sathish.redcrackle, shashikant_chauhan, claudiu.cristea, Goodmood: Fix TermInterface::getVocabularyId() method return type in documentation
  
• #2620364 by quietone, bburg, Jo Fitzgerald, Yogesh Pawar, amoebanath, phenaproxima, Gábor Hojtsy, catch: Variable to config: theme settings [d7]
  
• #2845486 by Jo Fitzgerald, quietone, gaurav.kapoor, ohthehugemanatee, heddn, Yogesh Pawar, catch, shabana.navas, phenaproxima, mikeryan: Rename Migration process plugin and add documentation
  
• #2870146 by droplet, Lendude, michielnugter: Even more random fails in \Drupal\Tests\outside_in\FunctionalJavascript\OutsideInBlockFormTest
  
• #2824610 by quietone, Jo Fitzgerald, ohthehugemanatee, heddn, catch: Rename DedupeBase/DedupeEntity process plugins to MakeUnique and add documentation
  
• #2566779 by quietone, hussainweb, keithm, heddn, kekkis, Shawn DeArmond, Jo Fitzgerald, mlbrgl, phenaproxima, mikeryan, 13jupiters, Gábor Hojtsy: Migration D6 > D8 of CCK date fields
  
• #2837013 by benjifisher, leslieg, alexpott: clean_class Twig filter does not work with Views rewriting
  
• #2867749 by pfrenssen, claudiu.cristea: Parsing an URL with another URL in the query arguments throws undefined offset notice
  
• #2665196 by rakesh.gectcr, quietone, Manuel Garcia, Jo Fitzgerald, webflo, mikeryan, phenaproxima, heddn: Migration for email fields is missing
  
• #2862751 by Jo Fitzgerald, phenaproxima: Add documentation to PerComponentEntityDisplay destination plugin
  
• #2683435 by quietone, Jo Fitzgerald, hussainweb, mikeryan, Steven Jones, alexpott, phenaproxima, Sam152, Pavan B S, michael_wojcik, Prashant.c, heddn, benjy: CCK does not exist in Drupal 7, rename Migrate's cckfield plugins to field plugins
  
• #2869570 by AdamPS: Missing dependency of drupal.ckeditor on drupal.displace
  
• #2685097 by damiankloip, Wim Leers: Fatal error: Call to a member function normalize() on a non-object in XmlEncoder when encoding into xml and there are embedded objects in the response
  
• Revert "Issue #2665196 by rakesh.gectcr, quietone, Manuel Garcia, Jo Fitzgerald, webflo, mikeryan, phenaproxima, heddn: Migration for email fields is missing"
  
• #2849861 by masipila, joelpittet, jeffwpetersen, xjm: D6 text area formatting settings not respected when migrating to D8
  
• #2867340 by Jo Fitzgerald, boaloysius, Cottser: Improve readability of Migration process plugin tests
  
• #2744069 by kristiaanvandeneynde, achton, dawehner, ohthehugemanatee: views_query_views_alter() does not handle IN queries
  
• #2753971 by dagmar, alexpott, hampercm, Berdir, generalredneck, xjm, catch: ContentEntityStorageBase::deleteRevision() function does not remove node_field_revision entries
  
• #2869120 by penyaskito, Mixologic, Berdir: run-tests.sh ignores classes if they have whitespace before the declaration using --directory
  
• #2781819 by subson, chetan.s: EntityListBuilder::load() doesn't say what the return array is keyed by
  
• #2869881 by sahilsharma011, quietone: Misnamed migrate test module
  
• #2843754 by rogierbom, Wim Leers, gaurav.kapoor, vaplas: EntityResource: Provide comprehensive test coverage for Feed entity
  
• #2333985 by quietone, jarsenx, ultimike, heddn: Migrate menu_default_node_menu setting
  
• #2850034 by hampercm, dawehner, Wim Leers: CORS allow-origin '*' not possible because of cached headers
  
• #2724903 by rocketeerbkw, gaurav.kapoor, Jo Fitzgerald, phenaproxima: Migrated custom block body field is hidden on form and display
  
• #2863996 by nlisgo, Jo Fitzgerald, scuba_fly, dawehner: Convert web tests to browser tests for ckeditor module
  
• #2869741 by edwardaa: FIx http_middleware priority explanation
  
• #2786193 by tedbow, gaurav.kapoor, fabian.marz, tkoleary, Bojhan, tim.plunkett, larowlan: Differentiate 2 "Quick edit" links for custom blocks
  
• #2784567 by tedbow, 20th, dmsmidt, miteshmap, dbjpanda, bendev, crasx, tkoleary: List "Quick edit" before "Configure" in contextual links while in Edit mode
  
• #2870315 by klausi: Klausi stepping down from all leadership positions
  
• #2861067 by vaplas: Random fail in Drupal\aggregator\Tests\FeedAdminDisplayTest::testFeedUpdateFields
  
• #2865537 by nlisgo: Convert web tests to browser tests for minimal profile
  
• #2863336 by hchonov, tstoeckler, alexpott: Default revision flag doesn't propagate to all entity translation objects
  
• #2422229 by quietone, ultimike, vprocessor, anish.a, Jo Fitzgerald, phenaproxima: D6->D8 Core block migrations missing settings tests
  
• #2852886 by Wim Leers, pdenooijer, lauriii: Comment improvement CKEditorPluginButtonsInterface
  
• #2780063 by mpdonadio, Jo Fitzgerald, GoZ, boaloysius, Lendude, klausi: Convert web tests to browser tests for datetime and datetime_range modules
  
• #2863268 by nlisgo, Lendude, michielnugter: Convert web tests to browser tests for tracker module
  
• #2864177 by xjm, droplet: Random failure in FormErrorHandlerCKEditorTest
  
• #2843763 by arshadcn, Wim Leers: EntityResource: Provide comprehensive test coverage for ContentLanguageSettings entity
  
• #2843766 by arshadcn: EntityResource: Provide comprehensive test coverage for FieldConfig entity
  
• #2843773 by Wim Leers: EntityResource: Provide comprehensive test coverage for RestResourceConfig entity
  
• #2850353 by timmillwood, Pavan B S, Sam152: Test content_moderation with a non-bundleable content entity
  
• #2864060 by nlisgo, Lendude, alexpott: ModerationStateNodeTypeTest::testEnablingOnExistingContent assertion is misleading
  
• #2858159 by Artusamak, Lendude: The "User has a revision" views argument handler generates a SQL error
  
• #2862988 by timmillwood, catch: EntityOperations::entityPresave doesn't always set the correct default revision
  
• #2359245 by Wim Leers, clemens.tolboom, marthinal, dawehner: REST resource plugin annotation class misses some properties
  
• #2865295 by JayKandari: $menuLinkManager property on MenuLinkTree is undocumented
  
• #2862006 by quietone, Jo Fitzgerald, phenaproxima: MigrateSourceTestBase returns false positives for most plugin tests
  
• #2866656 by alexpott, yoroy, timmillwood: Clicking on "New Draft" tab allows you to archive the content
  
• #2858607 by c.nish2k3, RenatoG, jhodgdon, yoroy: Non-accessible and D7 link in _update_manager_check_backends()
  
• #2655154 by generalredneck, claudiu.cristea, gaurav.kapoor, olegel, Jo Fitzgerald, mikeryan, phenaproxima: Optionally log messages for skip_on_empty and skip_row_if_not_set
  
• #2807913 by quietone, erozqba, Jo Fitzgerald, svendecabooter, phenaproxima: Convert Migrate_drupal's Migrate source tests to new base class
  
• #2867570 by alexpott: Drupal 8.3.0 is not compatible with Drush <8.1.10 - lets declare that in composer.json
  
• #2862672 by Jo Fitzgerald, quietone, heddn: Add documentation to EmbeddedDataSource source plugin
  
• #2820490 by mpdonadio, heddn, Manuel Garcia, Jo Fitzgerald, shabana.navas, mikeryan, tstoeckler, quietone, Grayside, phenaproxima, damondt: FormatDate process plugin
  
• #2344045 by jhodgdon, EclipseGc, chx, CocoaBean, andrei.dincu, tim.plunkett, fago: ContextInterface needs documentation
  
• #2108243 by Wim Leers, prics, linclark, YesCT: Document that HAL's RelationLinkManager(Interface) also supports registered link relation types
  
• #2725081 by quietone: Previous versions of Drupal allow vocabulary machine names longer than 32 characters
  
• #2701795 by quietone, Jo Fitzgerald, rakesh.gectcr, ifrik, hauruck, yoroy, heddn, mikeryan: Provide menu links for Drupal Upgrade UI pages
  
• #2826407 by Wim Leers, dawehner, Jo Fitzgerald: PATCH + POST allowed format validation happens in RequestHandler::handle(), rather than in the routing system
  
• #2868442 by Adita: Wrong namespace in StatisticsSettingsForm constructor docblock
  
• #2807875 by quietone, Jo Fitzgerald, erozqba, phenaproxima: Convert Comment's Migrate source tests to new base class
  
• #2782221 by Grimreaper, dawehner, Lendude, alexpott: Result summary Area plugin not displayed when there is no result
  
• #2845489 by Jo Fitzgerald, quietone, phenaproxima, ultimike: Add documentation to StaticMap process plugin
  
• #2816307 by GoZ, himanshu-dixit, james.williams, Jo Fitzgerald, dawehner, claudiu.cristea, catch: array_unique notice from List unmet configuration dependencies instead of just failing
  
• #2851661 by alexpott, dawehner, xjm: Ensure that we're using the right ruleset for coding standards checking
  
• #2866056 by vaplas, mpdonadio, Wim Leers, dawehner: ResourceTestBase should not have a timeout
  
• #2864690 by renatog, sandeepscs, cilefen: Fix typos in core README files
  
• #2867887 by xjm: statistics_get() test mashes 0 too much
  
• #2867599 by tim.plunkett, DyanneNova: Add DyanneNova to MAINTAINERS.txt for the Layout Initiative
  
• #2867493 by xjm, alexpott, connectedrobots, webchick: Error: Call to a member function getTotalCount() on boolean in statistics_get()
  
• #2857681 by Jo Fitzgerald, quietone: Comments not starting with a capital letter in d6_file.yml & d7_file.yml

Läs mer: http://drupal.org/project/drupal/releases/8.3.2

8.3.1

21 April 2017 - 115MBThis is a critical access bypass vulnerability. A site is only affected by this if all of the following conditions are met:

• The site has the RESTful Web Services (rest) module enabled.
  
• The site allows PATCH requests.
  
• An attacker can get or register a user account on the site.

Läs mer: http://drupal.org/project/drupal/releases/8.3.1

8.3.0

(större version)
7 April 2017 - 115MBAdded modules

• Added the Workflows module (experimental) which abstracts transitions and states from Content Moderation into a separate component for reuse by other modules implementing non-publishing workflows.
• Added the Layout Discovery module (experimental) which provides an API for modules or themes to register layouts.
• Added the Field Layout module (experimental) which provides the ability for site builders to rearrange fields on content types, block types, etc. into new regions, for both the form and display, on the same forms provided by the normal field user interface.

Updated vendor libraries

• Updated to Twig 1.25.
• Updated to jQuery 2.2.4.
• Updated to CKEditor 4.6.2 (with new Moono-Lisa skin).
• Updated Symfony components to 2.8.18.
• Updated PHPUnit to 4.8.35.
• Applied patch-level updates to the latest versions for all dependencies wherever possible. Minor updates applied for Symfony PSR-7 Bridge and Zend Stdlib, which Drupal does not depend on directly.

Browser support

• Advance notice: Internet Explore 9 and 10 will no longer supported from 8.4.x, scheduled for October 2017. Microsoft has now ended support for these browsers. Drupal will still support Internet Explorer 11 and its replacement, Edge.

Raised stability levels of experimental modules

• Updated the BigPipe module from beta to stable.
• Updated the Migrate module from alpha to beta.
• See https://www.drupal.org/core/experimental#versions for more information about the stability levels of experimental modules.

Improved authoring features

• Can now drag and drop images into image fields in Quick Edit mode.
• Image fields are now limited to only accepting images, so that users on mobile clients are not offered a confusing and non-functional video upload option.
• CKEditor now utilizes the AutoGrow plugin to better take advantage of larger screen sizes.

Improved site building and administration

• Redesigned status report.
• Standardized display of Views overview page to more closely match that of other administrative overview pages.
• Views filter order now matches the table column order below in Content and People overview pages.
• The "Allowed HTML tags" input has been converted to a textarea, which significantly improves the usability of HTML filter configuration.
• Removed the 'disabled' region from block administration.
• Incoming paths are again case-insensitive for routing, similar to earlier major Drupal versions.

Content Moderation improvements (experimental)

• Refactored to use new experimental Workflows module.
• Now supports moderation of non-translatable entity types.
• When reverting a moderated revision, the moderation state is now reverted too.
• Added an API to create and enforce default workflow states and transitions.
• Allow moderation of entity types without bundles, as long as they have revisions.
• Publishes any entity type that implements EntityPublishedInterface, not just Nodes.

Migration improvements (experimental)

• Drupal 7 core node translations are now migrated to Drupal 8.
• Configuration translation support is added to migrations in general and implemented for Drupal 6 user profile fields.

Improved REST API and decoupled site features

• REST API now supports the registering of users.
• Anonymous REST API performance increased by 60% by utilizing the internal page cache.
• Improved the response bodies and status codes for requests with incorrect request headers or request bodies, in dozens of situations.
• Massive overhaul of the test coverage.
• 403 responses now return reason why access was denied.
• Serialized values for Booleans and integers are now returned as the correct data type, rather than incorrectly typed as strings.

Improved performance/scalability

• Optimized class loader detection made more generic to support class loaders other than ApcClassLoader.
• ViewsData and Token info cache now use the default cache bin to prevent APCu memory from being filled too quickly.
• Improve statistics performance by adding a swappable backend.

Improved developer APIs

• Deprecated several routing services in favor of two more unified services.
• Replaced the deprecated Symfony ExecutionContextInterface by subclassing from ConstraintValidator to prepare for an update to Symfony 3.
• EntityPublishedInterface and EntityPublishedTrait have been added to give a generic publishing API, and are being used by Node and Comment entity types.
• Added a collection label to EntityType. This is a plural uppercase label for a collection of entities - e.g. "Workflows".

Changed coding standards

• Officially adopted short array syntax and updated all of core accordingly.
• PHP CodeSniffer and Drupal Coder have been added as composer dev requirements, so they can be installed automatically with `composer install --dev` rather than requiring separate installation. (Do not use `composer install --dev` for production sites.)
• Most global constants in Drupal 8 have been deprecated in favor of class constants. As a best practice, use appropriate class constants rather than global constants.

Testing improvements

• Integrated PHPUnit verbose output in SimpleTest UI.
• Improved backward compatibility with WebTestBase.
• Improved backward compatibility between BrowserTestBase and WebTestBase.
• Many old WebTestBase tests have been moved to BrowserTestBase.
• Expanded automated test coverage for JavaScript.

Package management

• composer.json now uses the new official endpoint for modules and themes, packages.drupal.org.
• Custom modules and themes can now be installed to correct locations using composer.
• Added Package.json enabling new JavaScript language features.

Läs mer: http://drupal.org/project/drupal/releases/8.3.0

8.2.8

(säkerhetsutgåvan)
27 April 2017 - 115MBSecurity

• Drupal Core - Critical - Access Bypass - SA-CORE-2017-002

Läs mer: http://drupal.org/project/drupal/releases/8.2.8

8.2.7

(säkerhetsutgåvan)
16 Mars 2017 - 115MBSecurity

• Editor module incorrectly checks access to inline private files - Drupal 8 - Access Bypass - Critical - CVE-2017-6377 - When adding a private file via a configured text editor (like CKEditor), the editor will not correctly check access for the file being attached, resulting in an access bypass.
• Some admin paths were not protected with a CSRF token - Drupal 8 - Cross Site Request Forgery - Moderately Critical - CVE-2017-6379 - Some administrative paths did not include protection for CSRF. This would allow an attacker to disable some blocks on a site. This issue is mitigated by the fact that users would have to know the block ID.
• Remote code execution - Drupal 8 - Remote code execution - Moderately Critical - CVE-2017-6381: A 3rd party development library including with Drupal 8 development dependencies is vulnerable to remote code execution. This is mitigated by the default .htaccess protection against PHP execution, and the fact that Composer development dependencies aren't normal installed. You might be vulnerable to this if you are running a version of Drupal before 8.2.2. To be sure you aren’t vulnerable, you can remove the /vendor/phpunit directory from the site root of your production deployments.

Läs mer: http://drupal.org/project/drupal/releases/8.2.7

8.2.6

2 Februari 2017 - 115MB

• #2509268 by joshi.rohit100, dmsmidt, tim.plunkett, willzyx, SKAUGHT, pfrenssen, left, mgifford, ok_lyndsey, TR, kattekrab, alexpott, bojanz, yched: Inline errors repeated on child elements in module uninstall form
• #2818011 by shashikant_chauhan, rakesh.gectcr, yashsharma01, dalin, akalata, Chi, catch, rosschive: Missing 'attributes' under 'options' in docs for Link::createFromRoute
• #2844181 by maxocub, Alex Bukach, alexpott: PluralTranslatableMarkup serialization error
• #2634156 by dpi, jian he, dawehner: Missing configuration schema and tests for "user_current" views filter handler
• #2829848 by xjm, mpdonadio, alexpott: Random test failure in DateRangeFieldTest
• #2837676 by michielnugter, droplet, alexpott, Lendude, jibran, klausi, Wim Leers: Provide a better way to validate all javascript activity is completed
• #2843901 by tedbow, drpal: Settings tray should use toolbar models to close the toolbar items
• #2781579 by Vidushi Mehta, amit.mall, brahmjeet789, nathanlawson91, tedbow, naveenvalecha, Manjit.Singh, moonpeak, tkoleary, Gábor Hojtsy, xjm: Fix overlapping Edit buttons on menu sidebar in outside-in
• #2843259 by alexpott, Mile23: Drupal\Tests\ComposerIntegrationTest breaks when composer.lock generated with composer version 1.3 and higher
• #2572821 by AbhishekLal, xxronis, Adita, ritzz, dimaro, hardik.p, amit.drupal, gianani, quietone, subhojit777, alexpott: Fix documentation on hook_user_format_name_alter()
• #2754217 by alexpott, xjm, martin107, dawehner: Random Test Failure with "failed to open stream" for temporary://.htaccess
• #2823400 by vaplas, Adita, hardik.p, alexpott: Random fail in CopyFileTest
• #2793849 by tedbow, drpal, alexpott, xjm, tim.plunkett, Wim Leers, phenaproxima: Handle offcanvas differently at lower widths
• #2815831 by tedbow, drpal, droplet: Move Off-canvas related CSS from drupal.outside_in library to drupal.off_canvas
• #2784159 by dawehner, alexpott, hchonov: Remove CURL timeout in BTB
• #2157927 by alexpott: Intermittent test fails in LocaleUpdateTest::testUpdateImportSourceRemote()
• #2825603 by quietone, mikeryan: Fix rollback of configuration translations
• #2840595 by amateescu, Berdir: The 'Source feed' field of aggregator items has to be updated and marked as required
• #2843828 by alexpott, timmillwood: \Drupal\Core\DrupalKernel::initializeSettings() can result in moving the autoloader position
• #2817727 by Wim Leers: Add test coverage to prove controller is called *after* authentication validation
• #2834316 by Berdir, claudiu.cristea: Node preview shows and defaults to "Default" instead of "Full" view mode
• #2673960 by Jo Fitzgerald, hussainweb, phenaproxima, mikeryan, quietone, vasi: Unable to migrate D7 User cck fields
• #2325463 by claudiu.cristea, swentel, GroovyCarrot, bircher, Berdir, lokapujya, mohit_aghera, yanniboi, mgifford, BarisW, Yogesh Pawar: Destination URL breaks preview
• #2843358 by alexpott, mallezie, dawehner: Postgres fail in Drupal\Tests\path\Kernel\Migrate\d6\MigrateUrlAliasTest
• #2731419 by hgoto, michielnugter, pareshpatel, tocab, Chernous_dn, Sabbi0612, cilefen, droplet: "cannot call methods on dialog prior to initialization" logged when resizing after closing a modal
• Revert "Issue #2793849 by tedbow, drpal, alexpott, tim.plunkett, phenaproxima, Wim Leers: Handle offcanvas differently at lower widths"
• #2843074 by tim.plunkett, alexpott, claudiu.cristea, denutkarsh, effulgentsia: Stale dependencies passed to onDependencyRemoval() result in data loss on uninstallation
• #2793849 by tedbow, drpal, alexpott, tim.plunkett, phenaproxima, Wim Leers: Handle offcanvas differently at lower widths
• #2784571 by tedbow, drpal, nod_, naveenvalecha, miteshmap, droplet, Everett Zufelt: Outside-in Accessibility: Allow escape from edit mode with ESC key
• #2840596 by alexpott, catch, dawehner: Update Symfony components to ~2.8.16
• #2837072 by BarisW: Incorrect closing of the t() call in the help pages
• #1867030 by larowlan, Berdir, Oleksiy, andypost, fil00dl: Contact message preview appears at random form position after sorting fields in Manage fields
• #2801097 by dawehner, Berdir: Converting feed to absolute URLs fails on invalid XML, results in empty output
• #2782915 by tedbow, droplet, nickgs, drpal, xjm, tkoleary, cashwilliams, tim.plunkett, alexpott, phenaproxima, nod_: Standardize the behavior of links when Outside In editing mode is enabled
• Revert "Issue #2828438 by Adita, timmillwood, Sam152, rachel_norfolk, jp.stacey: Exception when adding tab to a node managed by content moderation"
• #2839951 by chiranjeeb2410, badjava: API docs FormattableMarkup::placeholderFormat %variable example contain errors
• #2828438 by Adita, timmillwood, Sam152, rachel_norfolk, jp.stacey: Exception when adding tab to a node managed by content moderation
• #2489606 by 20th, slashrsm: hook_file_download() docblock refers to a non-existing function file_download()
• #2842910 by Lendude: Views module contains several bad namespace in a @see
• #2842982 by alexpott: Fix Drupal\system\Tests\System\UncaughtExceptionTest in PHP7.1
• #2842942 by alexpott: Fix tempnam() usage in PHP7.1
• #2842952: Fix Drupal\taxonomy\Tests\TermTest in PHP7.1
• #2827644 by maxocub, phenaproxima: Fix path alias migration of translated nodes [D6]
• #2842741 by alexpott: Fix MigrateExecutable for PHP7.1
• #2842763 by alexpott: views_ui_preprocess_views_view() broken in PHP 7.1
• #2838095 by cilefen, pjcdawkins: Only one site slogan character in site slogan when using PHP 7.1
• #2838968 by Ginovski, Berdir: BlockContentListBuilder should use RedirectDestinationTrait instead of hardcoding the collection link template
• #2841948 by Mile23, dawehner: Modify run-tests.sh to show file paths of all discovered tests
• #2599956 by claudiu.cristea, apmsooner: Handler admin summary is double escaped
• #2824827 by damiankloip, dawehner, Wim Leers, klausi: \Drupal\hal\Normalizer\ContentEntityNormalizer::denormalize() fails with fatal PHP error when bundles are missing from link relation types
• #2794699 by Jo Fitzgerald, klausi, phenaproxima: MigrateMenuSettingsTest.php is not in the correct location
• #2828559 by tacituseu, alexpott, mpdonadio, amateescu, hchonov, catch, xjm, Wim Leers, Mixologic: UpdatePathTestBase tests randomly failing
• #2623568 by yanniboi, claudiu.cristea, himanshugautam, anil280988, sidharthap, Sagar Ramgade, dawehner, tstoeckler: Config schema of argument_default plugins is incorrect
• #2786443 by alexpott, Berdir, RKopacz, milos.kroulik, generalconsensus: \Drupal\field\FieldStorageConfigStorage::mapFromStorageRecords() can fail without a reasonable error
• #2838205 by 20th, panshulk, Damien Flament: Invalid YAML syntax in code examples in documentation
• #2829484 by vegantriathlete, 20th, xjm: Incorrect spelling of possessive "its own" in multiple comments

Läs mer: http://drupal.org/project/drupal/releases/8.2.6

8.2.5

5 Januari 2017 - 115MB

• #2838954 by damiankloip: Ignore 'Transfer-Encoding' header in EntityResourceTestBase::testGet
• #2837645 by cburschka: Views::viewsDataHelper declares the wrong return type
• #2838678 by andrewmacpherson: Typo in documentation of ArgumentPluginBase - bellow
• Revert "Issue #2797169 by Wim Leers, Fabianx: Mark BigPipe as stable/non-experimental"
• #2797169 by Wim Leers, Fabianx: Mark BigPipe as stable/non-experimental
• Revert "Issue #2836381 by phenaproxima, Wim Leers: Seven's entity-add-list template omits link attributes"
• #2836381 by phenaproxima, Wim Leers: Seven's entity-add-list template omits link attributes
• #2830485 by michielnugter, klausi, tedbow, xjm, catch, tim.plunkett, dawehner, alexpott, Wim Leers, Lendude: \Drupal\Tests\outside_in\FunctionalJavascript\OutsideInBlockFormTest fails randomly
• #2721725 by Vinay15, snehi, zerbash, er.pushpinderrana, jhodgdon, xjm, Ashish.Dalvi, joachim, Kevin Davison, ckrina: Select form element has undocumented properties
• #2651328 by aerozeppelin, GeduR: Views Handler Filter InOperator exposed fires illegal choice when all option has been selected
• #2823955 by Jo Fitzgerald, benjy, quietone, claudiu.cristea, mikeryan: No need to specify operator for Vocabulary filter in Term source
• #2836434 by alexpott, oriol_e9g, NickWilde, bradjones1, AdamPS, carteriii, gapple, tstoeckler, soulsymphonies: We should not ever recommend APC in Drupal 8
• #2828542 by claudiu.cristea, pfrenssen, cebasqueira, heddn, alexpott: Properly check if a destination folder for a file exists
• #2822296 by shashikant_chauhan, jp.stacey, xjm: Wrong fully qualified class name \Drupal\Core\Routing\LinkGeneratorInterface::generate() in docs of Drupal::l()** Revert "Issue #2828438 by Adita, Sam152, rachel_norfolk, timmillwood, jp.stacey: Exception when adding tab to a node managed by content moderation"
• #2828438 by Adita, Sam152, rachel_norfolk, timmillwood, jp.stacey: Exception when adding tab to a node managed by content moderation
• #2548713 by yongt9412, larowlan, Berdir, swentel, subhojit777, effulgentsia: Only one additional new value saved unlimited field and no non-field values are restored after preview
• #2781927 by pguillard, kiamlaluno, Eda, kiwimind: Improve description of render array properties and examples
• #2729663 by dmsmidt, thpoul, SKAUGHT, Wim Leers, Lendude, droplet, effulgentsia, xjm, Reinmar, alexpott: Fragment link pointing to should be redirected to CKEditor instance when CKEditor replaced that textarea
• #2746671 by Jo Fitzgerald, stella, andrewmacpherson, hussainweb, tom friedhof, chriscalip, mikeryan: CCK field data not available for D7 taxonomy term migrations
• #2835604 by Wim Leers, effulgentsia: BigPipe provides functionality, not an API: mark all classes & interfaces @internal
• #2822881 by Jo Fitzgerald, tstoeckler: Improve Entity URI checking in menu link migration
• #2829759 by ruloweb: Wrong @return doc comment in \Drupal\user\Controller\UserAuthenticationController.php
• #2834453 by dixon_: Remove dixon_ as maintainer for Comment module
• #2830333 by Wim Leers, tedbow: All REST update path test coverage fixtures contain no-op code and other mistakes
• #2832246 by dangur: d6_profile_values.yml contains obsolete configuration
• #2828559 by amateescu, alexpott: More random fails in UpdatePathTestBase tests: "settings.cache failed with: missing schema"
• #2130277 by phenaproxima, michaellenahan, Jo Fitzgerald, David Hernández, hardik.p, fastangel, alvar0hurtad0: Variable to config: filter.settings [D7 only]
• #2826200 by claudiu.cristea, pfrenssen: Don't let the whole migration crash on a download failure
• #2309695 by quietone, alexpott, mikeryan, benjy: Add query batching to SqlBase
• #2814035 by klausi, dawehner: Make $modules property protected on BrowserTestBase and KernelTestBase
• #2833462 by alexpott, tim.plunkett, Berdir: hook_requirements($phase = 'install') does not work as expected for experimental modules

Läs mer: http://drupal.org/project/drupal/releases/8.2.5

8.2.4

28 December 2016 - 115MBHighlights

• [regression] REST in Drupal 8.2.x does not allow HTTP methods other than GET/PATCH/POST/DELETE: OPTIONS, PUT, et cetera all fail
• CommentResourceTestBase::testPostDxWithoutCriticalBaseFields() always fails on PHP 5.6 & MySQL 5.5 (works fine on other PHP versions)
• Entity query allows to specify entity type ID for reference fields
• md_entity destination plugin deprecated

Läs mer: http://drupal.org/project/drupal/releases/8.2.4

8.2.3

17 November 2016 - 115MBSecurity

• Inconsistent name for term access query (Less critical - Drupal 7 and Drupal 8)
• Incorrect cache context on password reset page (Less critical - Drupal 8
• Confirmation forms allow external URLs to be injected (Moderately critical - Drupal 7)
• Denial of service via transliterate mechanism (Moderately critical - Drupal 8)

Läs mer: http://drupal.org/project/drupal/releases/8.2.3

8.2.1

17 Oktober 2016 - 115MB

• #2811519 by tim.plunkett, dbourrion, cilefen, futurmat: Blocks do not appear after being placed with the Rules module enabled (or other missing schemata for Condition plugins)
• #2811927 by timmillwood, alexpott: Disabling Content moderation on a bundle, removes the ability to perform create content on that bundle

Läs mer: http://drupal.org/project/drupal/releases/8.2.1

8.2.0

(större version)
6 Oktober 2016 - 115MBThe new version includes experimental modules to place blocks on pages, edit block configuration without leaving the page, create content moderation workflows, and use date ranges. Many smaller authoring, site building, and REST improvements are included as well.
Läs mer: http://drupal.org/project/drupal/releases/8.2.0

8.1.10

26 September 2016 - 115MBSecurity

• Users without "Administer comments" can set comment visibility on nodes they can edit. (Less critical). Users who have rights to edit a node, can set the visibility on comments for that node. This should be restricted to those who have the administer comments permission.
• Cross-site Scripting in http exceptions (critical): An attacker could create a specially crafted url, which could execute arbitrary code in the victim’s browser if loaded. Drupal was not properly sanitizing an exception
• Full config export can be downloaded without administrative permissions (critical): The system.temporary route would allow the download of a full config export. The full config export should be limited to those with Export configuration permission.

Läs mer: http://drupal.org/project/drupal/releases/8.1.10

8.1.7

(säkerhetsutgåvan)
19 Juli 2016 - 115MBSecurity

• Drupal 8 uses the third-party PHP library Guzzle for making server-side HTTP requests. An attacker can provide a proxy server that Guzzle will use. The details of this are explained at https://httpoxy.org/. (Drupal Core - Highly Critical - Injection - SA-CORE-2016-003)

Läs mer: http://drupal.org/project/drupal/releases/8.1.7

8.1.3

(säkerhetsutgåvan)
17 Juni 2016 - 115MBSecurity

• Saving user accounts can sometimes grant the user all roles (User module - Drupal 7 - Moderately Critical)
• Views can allow unauthorized users to see Statistics information (Views module - Drupal 8 - Less Critical)

Läs mer: http://drupal.org/blog/drupal-8-1-3-and-7-44

8.1.1

9 Maj 2016 - 115MBImportant

• #2407853: TaxonomyIndexTid Views plugin stores selected terms with the ID instead of UUID
• #2699627: url.path cache context for breadcrumbs is unnecessarily granular

Known Issues

• There is not yet per-commit testing for MySQL 5.7.9 or MariaDB 10.1.8 (both released October 2015), but there are no known issues with them. We intend to add per-commit testing on one of these databases in the future.
• Particular Apache configurations may have issues with serving public file assets. Issue: #2619250: Disabling -MultiViews in .htaccess can cause 500 errors

Changelog

• #2671344 by jwilson3: Better documentation for suspicious encoded string in dblog tests
• #2716991 by mpdonadio: Incorrect ISO datetime attribute for date-only fields w/ default formatter
• #2717401 by Boobaa: Link with in-page fragment only is rendered improperly
• #2696353 by mpdonadio, dpovshed: Bad dates in Select List widget throw an exception
• #2613178 by mikeryan, heddn: default_value: null in static map skips empty rows
• #2647916 by Lendude, dawehner: Views ajax modals stop working in certain scenarios
• #2407853 by alexpott, aerozeppelin, Berdir, vladan.me, dawehner: TaxonomyIndexTid Views plugin stores selected terms with the ID instead of UUID
• #2711537 by chgasparoto, kostyashupenko: Syntax errors (un-quoted or mis-quoted strings) in various code examples in docs
• #2715741 by Mile23, pfrenssen: Fix 'Drupal.Classes.FullyQualifiedNamespace' coding standard
• #2707371 by Mile23: Fix several errors in the 'Drupal.Commenting.DocComment' coding standard
• #2667588 by dimaro, malavya, johnrosswvsu: Document that a module's classes are not available during hook_requirements() 'install' phase
• #2697235 by mpdonadio: Add jhedstrom as co-maintainer for DateTime module
• #2572793 by attiks, andypost: Fix 'Drupal.WhiteSpace.OperatorSpacing' coding standard
• #2626676 by neclimdul: Fix coversDefaultClass annotations to be FQSEN
• #2707641 by alexpott, anoopjohn: Ensure core compliance to Drupal.Commenting.FunctionComment.ParamCommentIndentation (part 2)
• #2707261 by alexpott, jhodgdon: Calling moduleInvokeAll in Help block is wrong
• #2572307 by vprocessor, attiks, andriyun, alexpott, pfrenssen: Fix 'Generic.PHP.UpperCaseConstant' coding standard
• #2702609 by Wim Leers, Berdir, Fabianx: Disable placeholdering (and BigPipe) on unsafe requests to help find forms as fast as possible (to allow EnforcedResponses to work)
• #2572731 by attiks, andypost: Fix 'Drupal.Formatting.SpaceUnaryOperator' coding standard
• #2582475 by alexpott: Installation fails if a valid config sync directory is defined
• #2707619 by alexpott: Composer install generates warning
• #2614202 by alexpott, felribeiro, dawehner, catch: CoreServiceProvider::registerUuid() assumes all environments have the same functions available
• #2711645 by alexpott, dawehner: ConfigInstaller::isSyncing() should return true always during a config sync
• #2714829 by Mile23: Fix 'Generic.Functions.FunctionCallArgumentSpacing' coding standard
• #2702001 by olafkarsten, Wim Leers: Inject config factory for BigPipe (including in exception handlers)
• #2697909 by pguillard, himanshugautam, snehi, aburrows, jhodgdon: Fix "login (noun/adjective)" vs. "log in (verb)" in comments (and logout/log out)
• #2711973 by Berdir: buildRenderable() does not work with display plugin embed
• #2702281 by edurenye, dpopdan, larowlan, alexpott, dawehner: Move Drupal\simpletest\RandomGeneratorTrait, Drupal\simpletest\WebAssert and Drupal\simpletest\SessionTestTrait into Drupal\Tests namespace
• #2572601 by attiks, alexpott, tatarbj: Fix 'Drupal.Classes.ClassCreateInstance' coding standard
• #2710081 by alexpott: Fix 'Drupal.Formatting.SpaceInlineIf' coding standard
• #2572707 by attiks, alexpott: Fix 'Drupal.Files.EndFileNewline' coding standard
• #2699627 by catch, dawehner, Wim Leers: url.path cache context for breadcrumbs is unnecessarily granular
• #2714207 by alexpott: FieldUnitTestBase
• #2711963 by jibran: Modernized ToolbarIntegrationTest
• #2610344 by mikeker, dimaro, mohit_aghera, andriyun, anil280988, Cottser, joelpittet: Re-add some documentation about what you can get from the node object in node.html.twig
• #2456477 by Berdir, dawehner, heddn, pguillard: Convert deprecated \Drupal\simpletest\KernelTestBase tests to KernelTestBaseNG
• #2710103 by Pashupathi Nath Gajawada: Cleanup phpunit.xml.dist
• #2678822 by DamienMcKenna, David_Rothstein, stefan.r, Berdir: Drupal 7.43 / 8.0.4 regression: When an anonymous user submits a form with an un-uploaded file that leads to a validation error, the file is lost on the next correct submission
• #2710685 by dimaro, er.pushpinderrana, jhodgdon: inconsistent use of tags in docs for template_preprocess_links()
• #2700261 by timmillwood, amateescu: allRevisions() entity queries ignore non-revisionable fields
• #2710395 by joelrguezaleman, dimaro, nesta_, jhodgdon: No docs for ArgumentValidatorPluginBase::validateArgument(); other methods have bad first lines
• #2700415 by nicolas.rafaelli, dimaro, rashid_786, er.pushpinderrana, korgik, David Hernández, jhodgdon: Problems with documentation of options in Url class
• #2657826 by er.pushpinderrana: FieldHandlerInterface::getEntity() can also return NULL
• #2709581 by Torenware, pepegarciag, jhodgdon: Better explain the $modules variable in kernel tests
• #2708485 by damiankloip: Views Row caching still caches rows when cache plugin is 'none'
• #2710669 by er.pushpinderrana: template_preprocess_item_list() '#wrapper_attributes' property is undocumented
• #2708629 by tim.plunkett: \Drupal\system\Plugin\Condition\RequestPath::evaluate() fails if the current path is '/'
• #2709411 by dagmar, jhodgdon: t() is used in an inconsistent way on Drupal\Core\Render\Element documentation
• #2701851 by amateescu, animaci: The 'system.db_update' route should restrict access via the 'access_check.db_update' service
• #2709625 by tim.plunkett: Wrong @group name on PermissionAccessCheckTest
• #2073753 by amateescu, Sweetchuck, amitaibu, dawehner: Fix and add tests for the recursive rendering protection of the 'Rendered entity' formatter
• #2696771 by Wim Leers, thpoul: Minor clean-up of \Drupal\ckeditor\Plugin\CKEditorPlugin\Internal::getConfig()
• #2709541 by alexpott, dawehner: Set opcache.revalidate_freq when running tests
• #2709525 by kevin.dutra: Comment bundle label is incorrect
• #2684123 by dawehner: \Drupal\Core\Routing\RouteProvider::preLoadRoutes doens't handle the exception case correctly
• #2700405 by amateescu, vasike: User ref field includes the Anonymous user when 'include_anonymous' is set not to, when using select widget
• #2612334 by NickWilde: Remove dead code in \Drupal\Core\Asset\[Css|Js]Collection[Grouper|Optimizer]
• #2667224 by rlhawk: Adding or editing "Change the author of content" action causes error
• #2703487 by RobLoach: Move Drupal.php autoloading from "files" to "classmap"
• #2707471 by dagmar: Langcode is duplicated in filter.format.plain_text.yml
• #2697933 by felribeiro: Replace "does not" with "do not" in SearchLanguageTest
• #2709569 follow-up by dawehner: Adjustments to CHANGELOG.txt

Läs mer: http://drupal.org/project/drupal/releases/8-1-1

8.0.6

13 April 2016 - 115MBKnown Issues

• Installs on php-fpm environments may see fatal errors on enabling modules, due to #2572293: Do not rebuild router in kernel.terminate.
• There is not yet per-commit testing for MySQL 5.7.9 or MariaDB 10.1.8 (both released October 2015), but there are no known issues with them. We intend to add per-commit testing on one of these databases in the future.
• Particular Apache configurations may have issues with serving public file assets. Issue: #2619250: Disabling -MultiViews in .htaccess can cause 500 errors

Changelog

• #2694243 by marthinal, jhodgdon: node_field_data and search_index tables should match on langcode
• #2699869 by er.pushpinderrana: deprecation notice for format_string() says to use SafeMarkup::format(), but that is also deprecated
• #2698595 by davidhernandez: Named spelled incorrectly in Maintainers file
• #2696919 by chgasparoto, snehi: EntityResource annotation class has @see after plugin annotation
• #2614824 by alexpott, xjm, catch: Tests fail when version constant is stable
• #2664748 by amateescu, alexpott, TravisCarden: Node revision queries tagged for node access cause "no node table" exception
• #2677414 by blue_waters: VerticalTabs' #default_tab broken due to wrong/mismatching class name
• #1458824 by idebr, JvE, mayaz17, cwoky, Henrik Opel: Ajax doesn't work with Tableselect with checkboxes
• #2685021 by Lendude, cilefen, r0nn1ef, andypost: Fatal error: $this when not in object context in views.theme.inc
• #2679883 by lokapujya: Audit use of YAML to ensure we're not using deprecated syntax
• #2651986 by maxocub, balagan, Tom Robert, Kristen Pol, tstoeckler: Local task link "Translate" is not translated
• #2535660 by david_garcia: PDO Exception in Node Search Plugin
• #2274153 by dixon_, Wim Leers: Make RESTTestBase::httpRequest() work with HEAD requests
• #2664290 by tstoeckler: Remove array typehints from batch callbacks
• #2669418 by pwolanin: Php Storage not defining secret index
• #2688813 by sidharthap: Documentation for FieldPluginBase::addSelfTokens is missing "__"
• #2573975 by alexpott, juampynr, Berdir, edurenye: function_exists check in PluralTranslatableString is wrong
• #2609874 by tstoeckler, mikeker, Kristen Pol, tassilogroeper: Boolean field "On label" and "Off label" are not translatable
• #2687837 by alexpott: run-tests.sh --types does not work with --directory
• #2664274 by alexpott, bojanz, fortis, Mile23, arknoll: Combination of --prefer-dist and .gitattributes confuses our vendor test cleanup
• Revert "Issue #2609874 by tstoeckler, Kristen Pol, tassilogroeper: Boolean field "On label" and "Off label" are not translatable"
• #2609874 by tstoeckler, Kristen Pol, tassilogroeper: Boolean field "On label" and "Off label" are not translatable
• #2638856 by bojanz, webflo, SiliconMind: Unable to install modules with core dependencies via composer
• #2633568 by quietone, ultimike: Improve method for migrating link attributes from D6
• #2669590 by Lendude, joe_carvajal: IntegrityConstraintViolationException using an entity reference in a view with a entity reference display
• #2684575 by chx, benjy, quietone: Get is unable to pick up 0
• #2685463 by rakesh.gectcr: Typo in the usage example of HtmlTag API page
• #2281393 by ultimike, mrjmd, bdone, quietone, Xano, vendion, benjy, brockfanning, alexpott: D6->D8 Blocks - Custom titles not imported
• #2680057 by alexpott, dawehner, isntall: Allow to not override the simpletest results on a new test run
• #2658412 by leolando.tan, lokapujya, rakesh.gectcr, harsha012, thisisit, zweishar, miteshmap: Config API topic makes no mention of getEditable()
• #2248223 by olli, Lendude, peterg.griffin, finne, mikeker, pjonckiere, b0unty, ohthehugemanatee, zniki.ru, dawehner, jhodgdon, effulgentsia, xjm, droplet, metzlerd: Adding a new Views filter and making it exposed returns user back to list of filters
• #2679953 by malavya, subharanjan, AjitS, aditya_anurag, mikebell_, jhodgdon: Replace mentions of url() in docs
• #2684319 by TravisCarden, jhodgdon: ConfigFormBaseTrait::config() @return doxygen is inaccurate
• #2676026 by dimaro, subharanjan, Girish-jerk, zaurav, jhodgdon: Correct documentation of ThemeNegotiatorInterface
• #2680307 by metzlerd, jhodgdon: Direct people to Services and Elements pages on API sites in a clearer way
• #2225477 by quietone: Add migrate sources and destinations for D6 i18n variables
• #2177335 by drintios, idebr, czigor, oo0shiny, bdimaggio, samiullah, alexpott: Selecting 'Disabled' does not move the block to the disabled region when there are no disabled blocks
• #2670978 by dawehner, isntall, jibran, alexpott: Allow to run just specific types when running all tests
• #2616220 by webflo, quietone: Obey field cardinality in vocabulary migration
• #2609680 by alexpott, jhedstrom: Add an AssertMailTrait to allow mail testing in Kernel tests and fix odd stdout not found in test output
• #2608692 by snehi, r_sharma08, anil280988, marvin_B8, rakesh.gectcr, ashhishhh, malavya, heykarthikwithu, kaushalkishorejaiswal, jhodgdon: Revise docblock for BookManager methods
• #2626106 by Wim Leers, gceja, thpoul: The image button does not work unless width+height attributes are allowed, even though those are optional
• #2682367 by leolando.tan: Wrong comment in AdminRouteSubscriber::getSubscribedEvents
• #2683391 by amateescu: Backport EntityKernelTestBase to 8.0.x
• #2471689 by klopez, shashikant_chauhan, harings_rob, snehi, jhodgdon: Entity API documentation should consistently refer to handlers rather than controllers
• #2676472 by micaelamenara, jhodgdon: docs for t() and related functions don't explain how context works
• #2572125 by rodrigoaguilera, vijaycs85, swentel, Berdir, Wim Leers, tstoeckler: Content translation local tasks are not getting displayed due to caching
• #2675000 by alexpott: SQLBase::mapjoinable does not support SQLite part 2
• #2179537 by jweowu, alexpott: Drupal 8 has a broken UUID generator
• #2672512 by Birk, kurund: CKEditorPluginConfigurableInterface::settingsForm() docs don't match API usage
• #2664150 by dawehner: Expand BrowserTestBase with error handling support
• #2665738 by droplet, zviryatko: jQuery Autocomplete applies "_renderItem" option only for first element on the page
• #2679006 by blazey: 'incloming' in SourcePluginBase::$trackChanges comment
• #2580177 by DuaelFr, GoZ: Language list is not correctly ordered when it's localized
• #2668008 by dimaro, kannan@kiluvai.com, rakesh.gectcr, felribeiro, jhodgdon, eojthebrave, xjm, mobaid: Internationalization topic refers to format_plural() function that does not exist
• #2614764 by snehi, priya.chat, rakesh.gectcr, anil280988, amit.drupal, jhodgdon: Wrong @param doc in class Composer
• #2677672 by fago: Improve docs of getDataDefinition for lists and complex data
• #2678620 by stBorchert: HandlerBase::breakString does not work with decimal values
• #2623940 by alexpott, Berdir: ConfigInstaller tries to install optional config with missing dependencies
• #2302259 by quietone: Test coverage for user profile link type from D6

Läs mer: http://drupal.org/drupal-8.0.6-release-notes

8.0.5

16 Mars 2016 - 115MBImportant

• #2496867: Translatable image file is not working unless you also config the image field. Config can get lost anyway.
• #2602268: Translated string are loaded into Views UI and then saved as default language strings.
• #2616164: /update.php/run URL is generated with language prefix and returns 404 error
• #2642374: Dependency removal logic incorrectly affects indirect dependents
• #2665410: Book module breadcrumb remains cached when node title (or access) changes
• #2671916: node_access_rebuild() will never work after since entityQuery has now accessCheck default set to true and the grants are deleted beforehand
• #2649352: views_embed_view() should use a render array so metadata can bubble up

Changelog

• #2660446 by tduong: Test the node argument_default plugin
• #2559695 by leolando.tan, bhavikshah9, falufalump, nod_, eiriksm: JSDoc tabledrag.js
• #2364343 by damien_vancouver, criz, ksenzee, joegraduate, Neograph734, droplet, pounard, jp.stacey, ciss: Fix robots.txt to allow Google access to CSS, JavaScript and image files
• #2578741 by amateescu, swentel, subson, larowlan: Add setting for size to email widget
• #2646410 by claudiu.cristea, dawehner: Container cannot be saved to cache
• #2676680 by klausi: Rename "Phone module" to "Telephone module" in MAINTAINERS.txt
• #2534532 by michaellander, longwave: Cannot reinstall Forum after it was previously installed
• #2472633 by Mile23, dawehner: Expand PHPUnit test coverage of the Diff component
• #2488540 by Lendude, SteffenR, geertvd, nlisgo, ozin, joshuajleonard, Lóna Lore: Rewrite external links in views fields
• #2676682 by klausi: Remove Drupal 6 from MAINTAINERS.txt
• #2613878 by edysmp, heddn, Adita, Lord_of_Codes, jian he, chx, miiimooo, alexpott, benjy, mikeryan: Use hash for Migration source keys, rather than verbatim values
• #2672442 by rakesh.gectcr, dimaro, aditya_anurag, jhodgdon: In the documentation, change all instances of "an URL" to "a URL"
• #2676346 by alexpott, dawehner: Coding standards check on DB dump fixtures causes PHPCS to out of memory on PHP5.5 and is slow cause of huge files
• #2501735 by snehi, lokapujya, malavya, priya.chat, sdstyles, ChuChuNaKu, er.manojsharma, mglaman, joelpittet: Add throws to Twig extension comments
• #2660486 by pwolanin, dawehner, rrrob: MenuLinkDefaultForm::extractFormValues() does not include the plugin ID
• #2599594 by agoradesign, mdespeuilles, nagwani: Multilingual content: Menu link is not correctly stored on translation
• #2496867 by Berdir, swentel, alexpott, rodrigoaguilera, yobottehg, trebormc: Translatable image file is not working unless you also config the image field. Config can get lost anyway
• #2541252 by HOG, pazhyn, finnsky, LewisNyman, nlisgo, saki007ster, alvar0hurtad0, maris.abols, PapaGrande, pjbaert, emma.maria, bruvers, ti2m, tstoeckler: Replace the .region-content ul/ol selector with text-formatted to refactor code + fix visual bugs
• #2674480 by twistor: Views does not properly ignore the query cache during preview
• Back to dev.
• #2673552 by mcjim: Add missing @return documentation for _buildArguments() in ViewExecutable.php
• #304540 by typhonius, BrockBoland, nabiyllin, RobLoach, marcingy, ravi.khetri, jyotisankar, sudhanshug, jaredsmith, nesta_: Disable themes when theme engine or base theme aren't available
• #2575533 by leolando.tan, AlviMurtaza, LewisNyman, j2r, joaogarin: Add warning message to Seven and Bartik that they can change in the future
• #2673918 by David Hernández: hook_entity_view_mode_info_alter still shows hook_entity_view_mode_info, that has been removed
• #2649352 by dawehner, borisson_: views_embed_view() should use a render array so metadata can bubble up
• #2674198 by neclimdul: @menu_name in menu_links migration_template is invalid yaml
• #2204037 by kpv, Lendude: Views allows removal of required relationships and gives a fatal error on save
• #2514212 by Berdir, tduong, chx: Entity::getEntity() does not correctly deal with an existing ID mapping without a destination ID
• #2602268 by Berdir: Translated string are loaded into Views UI and then saved as default language strings
• Revert "Issue #2561619 by phenaproxima, nod_, lokapujya, droplet, tic2000: Drupal Ajax objects and settings grows endlessly"
• #2621422 by stefan.korn, harsha012, aditya_anurag, rakesh.gectcr, joyceg, Cottser, jhodgdon: Wrong default path for page.html.twig given
• #2642374 by alexpott, Berdir, drunken monkey, beejeebus: Dependency removal logic incorrectly affects indirect dependents
• #2579931 by rjacobs, stevector: Pager option not saved on views add form page widget
• #2669898 by thpoul, DuaelFr, Wim Leers: cke_widget_element CSS Class get wrongly returned by the drupallink plugin
• #2659100 by dawehner, alexpott: Allow run-tests.sh to run just the javascript Functional tests
• #2561619 by phenaproxima, nod_, lokapujya, droplet, tic2000: Drupal Ajax objects and settings grows endlessly
• #2461017 by aerozeppelin, Berdir, Lendude: TaxonomyIndexTid doesn't check whether there are any values before trying to loop over it
• #2668008 by dimaro, rakesh.gectcr, kannan@kiluvai.com, felribeiro, jhodgdon, eojthebrave, mobaid, xjm, AjitS: Internationalization topic refers to format_plural() function that does not exist
• #2575101 by quietone, jcnventura, jgrubb, hussainweb, chr.fritsch, heddn, benjy: Add an explode/separator process plugin
• #2671182 by lokapujya: Views validates displays on Cancel
• #2671916 by Berdir, mgoedecke: node_access_rebuild() will never work after since entityQuery has now accessCheck default set to true and the grants are deleted beforehand
• #2671946 by mikeryan: d6_url_alias_language should accept language as a scalar
• #2620576 by cilefen, alexpott, chapf, xjm, longwave, dawehner: fnmatch() is not available on all environments (i.e QNAP QTS)
• #2665410 by catch, pwolanin, Wim Leers: Book module breadcrumb remains cached when node title (or access) changes
• #2662592 by marcingy: TimestampFormatter.php has invalid input name
• #2393387 by mondrake, gnuget, tim.plunkett: Add test for editing image effect when configuration form is Ajax enabled
• #2226455 by quietone, ultimike, brockfanning: Migrated URL aliases not working until nodes are re-saved
• #2668926 by DuaelFr: ReplaceCommand minor documentation glitch
• Revert "Issue #994360 by DuaelFr, andypost, emosbaugh: #states cannot disable/enable radios and checkboxes"
• #2321995 by jhodgdon: More info needed in hook_views_data docs/sample body
• Revert "Issue #2521782 by paulmckibben, swentel: HTML head has alternate hreflang links to unpublished translations"
• #2536682 by eporama, r_sharma08, snehi, rakesh.gectcr, chegor, Prashant.c: default.settings.php database instructions need to be user friendly
• #2659564 by miteshmap: Wrong return type in TermStorageInterface::loadTree()
• #2656578 by felribeiro, malavya: Tableselect documentation around #header needs more detail
• #2667304 by felribeiro: Error in variables documentation for vertical-tabs.html.twig
• #2606246 by rang501, heykarthikwithu: StaticTranslation::getLanguage, add @return values in the comment docblocks
• #2540136 by Shreya Shetty, rang501, chx, priya.chat: Improve ContextualLinkInterface doxygen
• #1811214 by Mile23, naveenvalecha, tisteegz: Add missing type hinting to Language module docblocks
• #2610202 by rang501, Lars Toomre: Docblock fixes for file.module file
• #1811328 by sushyl, Mile23: Add missing type hinting to Filter module docblocks
• #2627052 by leolando.tan, snehi, anil280988, jhodgdon: Fix docblocks in file views/src/ViewExecutable.php
• #1811888 by bleen, Mile23, a_thakur, Nitesh Sethia, naveenvalecha: Add missing type hinting to Tracker module docblocks
• #2627038 by ashhishhh, jordanpagewhite, snehi, Manjit.Singh, jhodgdon, sudhanshug: Fix docblock for createTerm in TaxonomyTestBase.php
• #2521782 by paulmckibben, swentel: HTML head has alternate hreflang links to unpublished translations
• #2606304 by snehi, priya.chat, rang501, rakesh.gectcr: Wrong @param doc for construct function in class PrivateTempStore
• #2666702 by heilop: Fix comments in the attributes of the TaggedWithTest class
• #2348219 by Fabianx, dawehner, webchick, Berdir, damiankloip, joelpittet, gnuget: You have requested a non-existent service "cache.backend.null"
• #2469553 by Lendude, geertvd, oenie: Views filtering on boolean fields doesn't use right formatter
• #2667288 by felribeiro: FilterProcessResult docs refers to class as FilterProcess
• #2659524 by gaydabura, rakesh.gectcr: Removing wrongly added @return in core/includes/form.inc
• #2667606 by AchillesKal: Missing single quote on the Buttons element usage example
• #2667172 by mikeker: core.api.php links to the old (deprecated) KernelTestBase
• #2668652 by lokapujya: DisplayTest - drupalPlaceBlock() has wrong parameters
• #2487269 by alexpott, Oliver Sommersberg, zhuber: Postgres insert queries that fail in a transaction break the entire transaction
• #2663290 by edurenye, Berdir, dawehner: Argument validator schemas are broken
• #2630886 by dawehner: Correct the join from revision data table to revision base table
• Revert "Issue #2630886 by dawehner: Correct the join from revision data table to revision base table"
• Revert "Issue #2598502 by alexpott: Double escaping in views attachment titles"
• #2609504 by Lendude, mohit_aghera, ibustos: Default People display shows date since unix timestamp 0 as 'Last access'
• #2485683 by Wim Leers: REST entity resource missing entity & field access cacheability metadata
• #2667932 by nod_: Update eslint config for eslint 2.0 update
• #2638410 by dawehner, Lendude: Views overview page doesn't filter on tags
• #2516930 by coleman.sean.c, alexpott, jhedstrom, mohit_aghera: Remove from outline button goes to node/x/delete instead
• #994360 by DuaelFr, andypost, emosbaugh: #states cannot disable/enable radios and checkboxes
• #2598502 by alexpott: Double escaping in views attachment titles
• #2652068 by alexpott, mglaman: Update jcalderonzumba/gastonjs to a tagged release
• #2662152 by rafaolf: Entity::preSave() throws a exception, but this is not documented
• #2509722 by NickWilde, dawehner, Lendude, rakesh.gectcr, Nitesh Pawar, xjm, tstoeckler: "Error: missing help" in Views for Node fields without descriptions
• #2471593 by JeroenT, Devaraj johnson: Replace the use of entity_load_unchanged() in ImageAdminStylesTest
• #2567091 by slashrsm: AJAX updates of an element in a #group are not working
• #2616164 by agoradesign, swentel, facine, dawehner: /update.php/run URL is generated with language prefix and returns 404 error
• #2571929 by klausi: REST entity POST request is not cacheable: cacheability metadata is unnecessary
• #2661642 by neclimdul: ResourceResponse can't serialize empty array
• #2666552 by mikeker: Incorrect path for unit tests in core.api.php
• #2663936 by milodesc: Include .gitattributes file in list of core files to move in INSTALL.txt instructions
• #2650588 by tim.plunkett, Wim Leers, alexpott, dawehner: Entities with plugin collections should be updated before serialization
• #2397271 by Wim Leers, larowlan, penyaskito, MattA: REST configuration fails if it contains a plugin reference that does not exist
• #2665232 by dawehner: Add the line to Error::formatBacktrace()
• #2568413 by grasmash, pwolanin, dawehner, Wim Leers, xjm, klausi: REST views: Pass views style plugin instance to REST Export serializer
• #2575549 by Wim Leers, znerol, Fabianx: Add Page Cache to MAINTAINERS.txt
• #2664396 by TravisCarden: hook_node_access_records() doxygen refers to non-existent node_access_write_grants()
• #2664882 by chx: RedirectDestinationInterface::get is factually wrong
• #2575245 by toniteof: Click-sorting broken in previews
• #2662006 by pwolanin, incrn8, jtyocum: Fatal error when trying to edit book nodes (that have children) in large books
• #2641092 by laranajim: Wrong file doc block on some tests
• Revert "Issue #2595613 by krknth, heykarthikwithu, k4v, aerozeppelin, naveenvalecha, swentel: Forms - '#title_display' => 'invisible' is not working for radio buttons ?"
• #2660464 by mallezie: Migrate sql base toString method not accessible by subclasses
• #2417917 by clemens.tolboom, sudhanshug, Wim Leers, joelpittet: Include content type format name in error response
• #2418587 by xjm, marthinal, AjitS, Wim Leers, neilmc, Berdir: Set entity values to NULL instead of using unset() method: unset() is misleading
• #2602536 by cosmicdreams: Unused local variable in testSerialization()
• #2624256 by roderik, jhodgdon, dawehner: Fix mention of menu_router_rebuild() in LockBackendInterface comment
• #2494131 by webchick, mgifford, mohit_aghera, LewisNyman, yoroy: Placeholder text for site name in installer can be confusing
• #2412363 by Arla, zealfire, mgifford, xjm, fago: ComplexDataDefinition::getPropertyDefinition() does not need to check ->propertyDefinitions
• #2512668 by MattA, martin107, dawehner: Dblog rest plugin throws exception with incorrect parameters
• #2587755 by aerozeppelin, NickWilde, swentel: AJAX error when using progress bar on file field widget
• #2621794 by ShaunDychko, Alan D., joelpittet, chx: Drupal 6 image field settings incorrect after migration
• #2615790 by Xano: Field item properties do not prevent the services they contain from being serialized
• #2595613 by krknth, heykarthikwithu, k4v, aerozeppelin, naveenvalecha, swentel: Forms - '#title_display' => 'invisible' is not working for radio buttons ?
• #2637680 by Dom., mikeocana, laranajim: Submit buttons for GET forms in search/views are not W3C valid due to empty 'name' attribute
• #2646786 by dawehner: Add a backtrace for logged exceptions
• #2649602 by hchonov: hook_translation_create is not invoked with the new entity translation but with the previous entity object
• #2639254 by dawehner, heddn: Make it possible to skip empty migration destinations
• #2663830 by chx: Remove action.api.php
• #2571539 by Lendude, Surabhi Gokte, Cottser, swentel, emma.maria, alexpott, Manjit.Singh: Progress bar higher than progress track
• #2651766 by eojthebrave, malavya, jhodgdon, alexpott: Update link in documentation block for t() function
• #2578173 by Peacog, maximpodorov, marvin_B8, andypost, alexpott, tatisilva: Increase menu title maxlength to 255 in forms containing menu items
• #2645036 by chx: Performance: system_path_* doesn't pass the source
• #2641540 by Mac_Weber: Replace deprecated usage of entity_create('entity_test_mulrev') with a direct call to EntityTestMulRev::create()
• #2626548 by dawehner, slashrsm: The static caching in \Drupal\Core\Entity\EntityTypeManagerInterface::getFormObject() is problematic
• #2640962 by Berdir: Theme Registry does not support switching the active theme
• #2662108 by Cottser: Add Scott Reeves (Cottser) as a provisional core committer for Drupal 8 (cherry picked from commit e495c4904974dde67a93ad395b8ef252e08bed8d)

Läs mer: http://drupal.org/drupal-8.0.5-release-notes

8.0.4

(säkerhetsutgåvan)
24 Februari 2016 - 115MBThis release contains security fixes.

Security

• File upload access bypass and denial of service (File module - Drupal 7 and 8 - Moderately Critical): A vulnerability exists in the File module that allows a malicious user to view, delete or substitute a link to a file that the victim has uploaded to a form while the form has not yet been submitted and processed. If an attacker carries out this attack continuously, all file uploads to a site could be blocked by deleting all temporary files before they can be saved. This vulnerability is mitigated by the fact that the attacker must have permission to create content or comment and upload files as part of that process.
• Brute force amplification attacks via XML-RPC (XML-RPC server - Drupal 6 and 7 - Moderately Critical): The XML-RPC system allows a large number of calls to the same method to be made at once, which can be used as an enabling factor in brute force attacks (for example, attempting to determine user passwords by submitting a large number of password variations at once). This vulnerability is mitigated by the fact that you must have enabled a module that provides an XML-RPC method that is vulnerable to brute-forcing. There are no such modules in Drupal 7 core, but Drupal 6 core is vulnerable via the Blog API module. It is additionally mitigated if flood control protection is in place for the method in question.
• Open redirect via path manipulation (Base system - Drupal 6, 7 and 8 - Moderately Critical): In Drupal 6 and 7, the current path can be populated with an external URL. This can lead to Open Redirect vulnerabilities. This vulnerability is mitigated by the fact that it would only occur in combination with custom code, or in certain cases if a user submits a form shown on a 404 page with a specially crafted URL. For Drupal 8 this is a hardening against possible browser flaws handling certain redirect paths.
• Form API ignores access restrictions on submit buttons (Form API - Drupal 6 - Critical): An access bypass vulnerability was found that allows input to be submitted, for example using JavaScript, for form button elements that a user is not supposed to have access to because the button was blocked by setting #access to FALSE in the server-side form definition. This vulnerability is mitigated by the fact that the attacker must have access to submit a form that has such buttons defined for it (for example, a form that both administrators and non-administrators can access, but where administrators have additional buttons available to them).
• HTTP header injection using line breaks (Base system - Drupal 6 - Moderately Critical): A vulnerability in the drupal_set_header() function allows an HTTP header injection attack to be performed if user-generated content is passed as a header value on sites running PHP versions older than 5.1.2. If the content contains line breaks the user may be able to set arbitrary headers of their own choosing. This vulnerability is mitigated by the fact that most hosts have newer versions of PHP installed, and that it requires a module to be installed on the site that allows user-submitted data to appear in HTTP headers.
• Open redirect via double-encoded 'destination' parameter (Base system - Drupal 6 - Moderately Critical): The drupal_goto() function in Drupal 6 improperly decodes the contents of $_REQUEST['destination'] before using it, which allows the function's open redirect protection to be bypassed and allows an attacker to initiate a redirect to an arbitrary external URL. This vulnerability is mitigated by that fact that the attack is not possible for sites running on PHP 5.4.7 or greater.
• Reflected file download vulnerability (System module - Drupal 6 and 7 - Moderately Critical): Drupal core has a reflected file download vulnerability that could allow an attacker to trick a user into downloading and running a file with arbitrary JSON-encoded content. This vulnerability is mitigated by the fact that the victim must be a site administrator and that the full version of the attack only works with certain web browsers.
• Saving user accounts can sometimes grant the user all roles (User module - Drupal 6 and 7 - Less Critical): Some specific contributed or custom code may call Drupal's user_save() API in a manner different than Drupal core. Depending on the data that has been added to a form or the array prior to saving, this can lead to a user gaining all roles on a site. This issue is mitigated by the fact that it requires contributed or custom code that calls user_save() with an explicit category and code that loads all roles into the array.
• Email address can be matched to an account (User module - Drupal 7 and 8 - Less Critical): In certain configurations where a user's email addresses could be used to log in instead of their username, links to "have you forgotten your password" could reveal the username associated with a particular email address, leading to an information disclosure vulnerability. This issue is mitigated by the fact that it requires a contributed module to be installed that permits logging in with an email address, and that it is only relevant on sites where usernames are typically chosen to hide the users' real-life identities.
• Session data truncation can lead to unserialization of user provided data (Base system - Drupal 6 - Less Critical): On certain older versions of PHP, user-provided data stored in a Drupal session may be unserialized leading to possible remote code execution. This issue is mitigated by the fact that it requires an unusual set of circumstances to exploit and depends on the particular Drupal code that is running on the site. It is also believed to be mitigated by upgrading to PHP 5.4.45, 5.5.29, 5.6.13, or any higher version.

Läs mer: http://drupal.org/drupal-8.0.4-release-notes

8.0.3

3 Februari 2016 - 115MBThis release only contains bug fixes, along with documentation and testing improvements.

Bug fixes

• #2625258: LocaleConfigManager::updateConfigTranslations() deletes translations if a config object's name happens to match that of a shipped configuration object
• #2639352: File records, files themselves lost in translation
• #2646100: Exception on php7 + APCu without backwards compatibilty enabled
• #2606548: \\Drupal\\rest\\Plugin\\views\\row\\DataFieldRow::render should take into account the 'exclude' flag

Known issues

• Installs on php-fpm environments may see fatal errors on enabling modules, due to #2572293: Do not rebuild router in kernel.terminate.
• There is not yet per-commit testing for MySQL 5.7.9 or MariaDB 10.1.8 (both released October 2015), but there are no known issues with them. We intend to add per-commit testing on one of these databases soon.
• Particular Apache configurations may have issues with serving public file assets. Issue: #2619250: Disabling -MultiViews in .htaccess can cause 500 errors

Changelog

• #2392057 by tim.plunkett, vasi, benjy, alexpott, Gábor Hojtsy, YesCT: Config schema fails to expand dynamic top-level types
• #2624594 by pwolanin, lauriii, Xano: Local action plugins do not have any way to provide cacheability metadata
• #2559241 by droplet, tic2000: Closing an #ajax dialog triggers Javascript errors when scrolling
• #2660502 by floydm: Syntax error on the Usage example of class Radios
• #2660034 by naveenvalecha: Move .eslintrc into core/.eslintrc
• #2567339 by Lendude, penyaskito, dawehner: PHP Warning when using link field tokens in a view
• #2660026 by theMusician: Remove obsolete \Drupal\Core\Config\Entity\ConfigEntityBase::$pluginConfigKey
• #2610116 by rakesh.gectcr, lipi1: Removing unused variables
• #2659078 by dpi: Unexpected access operation throws exception when node grant system is active
• #2635242 by quietone, alvar0hurtad0: Add tests for node body [d6] [d7]
• #2618804 by webflo: Migrate required setting from vocabulary to field
• #2618830 by webflo, jan.stoeckler: Term widget migration should depend on tags property
• #2510076 by DuaelFr: The [view:page-count] token should never return 0
• #2442721 by daffie, mgifford: Direct access to the variable $parent in Drupal\Core\Field\FieldItemBase::getLangcode()
• #2657734 by miteshmap, floydm: calculateDependencies() return value is double documented
• #2633308 by dawehner, mparker17, Wim Leers, Fabianx: Views cache contexts are lost (and thus do not bubble) when rendering a view's block display
• #2655700 by jhodgdon: ajaxRender() is referenced in documentation but no longer exists
• #2633644 by rlhawk, mondrake, r_sharma08: Correct empty text does not display when there are no image styles
• #2267039 by aerozeppelin, joachim: UnsupportedDataTypeConfigException doesn't say which config file the problem is
• #2643274 by swentel, Mac_Weber, amateescu: EntityAutocomplete does not recognize URLs ending with a parenthesis
• #2616816 by dawehner, Jaesin: Views aggregation: Grouping a field that doesn't exist on all bundles causes an error
• #2642362 by alexpott, chrisfree, Manjit.Singh: Animation of throbber-active.gif image is broken
• #2656202 by Gábor Hojtsy: Add Simple English to Drupal core
• #376391 by mimran, snehi: Document that module_invoke_all / ModuleHandlerInterface::invokeAll reindexes arrays
• #2508145 by jibran, s.reichert: Grouping level is always zero in Views
• #2656260 by swentel: Cannot edit system mail "Admin (user awaiting approval)"
• #2653692 by TravisCarden: Table form element usage example refers to non-existent "#title" element
• #2656442 by swentel: Argument missing the 'context' key for 'decimal places' context
• #2604484 by quietone, dobe, drclaw, skyredwang, mikeryan, grahl: Migrate Drupal 7 image and file fields
• #2650212 by felribeiro: FieldItemListInterface @see tags are circular
• #2641430 by googletorp, sudhanshug, priya.chat: Typo/spelling error in LoggerChannelFactoryInterface
• #2646962 by walangitan, klidifia: AjaxPageStateTest typo and test cleanup
• #2639796 by swentel: file widget duplicate code
• Revert "Issue #2650964 by yongt9412: Fix the execution of regular expression"
• #2655102 by edurenye: Run test --browser missing CSS and images
• #2651610 by DeanRae, TR: Tableselect documentation lists wrong property name
• #2650994 by drunken monkey: Javascript states not working for boolean fields
• #2652970 by dagmar: Wrong @see doc on Plugin/rest/resource/EntityResource.php
• #2650964 by yongt9412: Fix the execution of regular expression
• #2649748 by alexpott, danielnv18: Replace instances of "that is can" with "that it can"
• #2643942 by Lendude, no_angel, dawehner: Entityreference autocomplete with search fields uses wrong column name
• #2579471 by walangitan, droplet, biguzis, thorandre, swentel: Allow more chars in "Limit allowed HTML tags" filter
• #2637720 by dawehner, tim.plunkett: Ajax exposed filters + destination query don't work together
• #2567561 by Sagar Ramgade, mbaynton, Cottser, gnuget, Wim Leers: Captioned elements and their children are removed when theme debugging on
• #2479487 by claudiu.cristea, legolasbo, mondrake, yched, alexpott, jhedstrom, dawehner, Wim Leers: ImageStyles can be deleted while having dependent configuration
• #2464055 by davidwbarratt, Mile23: Installation Failure on case insensitive file systems
• #2655580 by claudiu.cristea: Dead code: hook_system_theme_info() removed but is still implemented
• #2463113 by pwolanin, Berdir, alexpott, keith.smith, swentel: Plain text passwords can be accidentally dumped to the database by code that doesn't intend to do that
• #2617586 by Wim Leers, zuuperman: Minor refinements to CKEditor module API docs
• #2650072 by naveenvalecha, martin107: MessageAction::__construct has duplicate @param definition
• #2639352 by tduong, swentel, Berdir: File records, files themselves lost in translation
• #2652556 by Pol: Remove duplicate lines in MenuForm.php
• #1494670 by Liam Morland, jhedstrom, Wim Leers, mfb: References to CSS, JS, and similar files should be root-relative URLs: avoids mixed content warnings & fewer bytes to send
• #2580717 by tduong, Berdir, dawehner: Url::fromUri('base:2015/10/06') throws an exception
• #2510150 by tduong, Berdir: AccountProxy is not calling date_set_default_timezone() for anonymous users
• #2409789 by mglaman, clemens.tolboom: Double slashes in canonicals while calling resourcePluginManager->getDefinitions()
• #2646766 by neclimdul: TwigSandboxTest::testExtendedClass() doen't test anything
• #2526064 by Mile23, naveenvalecha: Remove usage of comment_view() & comment_view_multiple()
• #2636774 by dawehner, jibran: Move some of the create* functionality into traits
• #2611064 by joshi.rohit100, Chi, dawehner: CronForm::submitForm - makes wrong redirect
• #2644216 by jordanpagewhite: Needless State::get call in \Drupal\config\Tests\ConfigEventsTest::testConfigEvents
• #2540568 by Lendude, mikeyk, geertvd, DuaelFr, pjonckiere, dawehner: ManyToOne 'not' operator throws InvalidArgumentException ("Is none of" choice in UI)
• #2637058 by claudiu.cristea, priya.chat, jhodgdon, dawehner: Fix HTTP proxy docs in default.settings.php
• #2645662 by dawehner: Don't pollute the global namespace with t() in tests
• #2392153 by mparker17, hussainweb, chris.smith, alexpott, dawehner: Disallow composer.json and composer.lock from being indexed
• #2488886 by colinafoley, mikeker, joelpittet, Wim Leers: Forum - "new replies" message is escaped
• #2614408 by amateescu: Add test coverage for multiple invalid + mixed existing/new entity reference validation
• #2643280 by googletorp, alexpott: Fix outdated documentation for ConfigEvents::COLLECTION_NAMES
• #2646100 by gapple: Exception on php7 + APCu without backwards compatibilty enabled
• #2642128 by GeduR: DBLog views data unused search property
• #2644734 by znerol: Replace confusing comment in PagerSelectExtender::execute()
• #2482857 by jhedstrom, lokapujya, pwolanin, lindzeng, swati_qa, Truptti, alexpott: Cannot delete a book parent
• #1559506 by finnydobson, JuliaKM, snehi, anil280988, priya.chat, jhodgdon, alexpott: Query alter docs need some clarification
• #2606548 by Lendude, dawehner, alexpott, catch, tim.plunkett, xjm, damiankloip: \Drupal\rest\Plugin\views\row\DataFieldRow::render should take into account the 'exclude' flag

Läs mer: http://drupal.org/drupal-8.0.3-release-notes

8.0.2

2 Februari 2016 - 115MBThis release only contains bug fixes, along with documentation and testing improvements.

Bug fixes

• #2625258: LocaleConfigManager::updateConfigTranslations() deletes translations if a config object's name happens to match that of a shipped configuration object. Note that no upgrade path is included for this fix (see known issues below).
• #2620176: Logo image settings form is broken, breaks per-theme overrides and can result in data loss

Known issues

• #2628004: Create an upgrade path to determine if default_config_hash should be added (2625258). This affects all sites created before 8.0.2 that have locale or an additional language installed (or that will install them in the future). Until this issue is fixed, sites will need to use the core Configuration Translation module to create their own translations for default configuration of currently installed modules, rather than automatically downloading them from localize.drupal.org.
• #2616164: /update.php/run URL is generated with language prefix and returns 404 error
• #2639352: File records, files themselves lost in translation
• #2635728: Uninstalling a module providing display extenders causes fatal errors
• Installs on php-fpm environments may see fatal errors on enabling modules, due to #2572293: Do not rebuild router in kernel.terminate.
• There is not yet per-commit testing for MySQL 5.7.9 or MariaDB 10.1.8 (both released October 2015), but there are no known issues with them. We intend to add per-commit testing on one of these databases soon.
• Particular Apache configurations may have issues with serving public file assets. Issue: #2619250: Disabling -MultiViews in .htaccess can cause 500 errors
• Installs running on PHP7 with the apcu extension, but with out the APC backwards compatibility extension will get fatal errors from Symfony's classloader[#2646100]

Changeling

• #2643570 by gnuget: Correct $lockBackend local variable use
• #2598178 by krknth, xjm: Remove unneeded settings in core/modules/file/src/Tests/FileFieldRSSContentTest.php
• #2628754 by cilefen, kristiaanvandeneynde, dawehner, Berdir: Link::toString() should not be deprecated
• #2642236 by TR: Various setUp() and tearDown() methods are not protected (the sequel)
• #2643636 by hass: dialog.css: ajax-progress-throbber URL is incorrect
• #2625512 by heykarthikwithu, Mac_Weber, Wim Leers: Add @param, @return in the code base for the editor module
• #2635238 by dsnopek, tim.plunkett: Contexts not mapped in time to use them in BlockInterface::access()
• #2637304 by legolasbo, Xano: Add missing typehints in EntityAutocomplete
• #2569893 by quicksketch, Wim Leers, DuaelFr: CKEditor alignment buttons can be used even when the align filter is disabled
• #2575387 by chrisfree, r_sharma08, hussainweb, sudhanshug, Cottser, anil280988, AjitS, rashid_786, drupal.ninja03, Prashant.c, snehi, jordanpagewhite, anil.gangwal, brahmjeet789, jhodgdon, davidhernandez, Manjit.Singh: Add README.txt to Classy Base Theme?
• #2642824 by chx, jhodgdon: Document extension_discovery_scan_tests setting everywhere
• #2580423 by giancarlosotelo, s_leu, ameymudras, Berdir: Entity reference widgets don't display entity translations
• #2584869 by eyilmaz: States collapsed/open/closed doesn't work for
• #2605214 by Gábor Hojtsy, ChuChuNaKu, EclipseGc, dawehner: Views InOperator::getValueOptions() children do not return values like InOperator::getValueOptions()
• #2621486 by Lars Toomre: Fixes to migrate/tests/src/Unit/*.php files
• #2624660 by Lars Toomre: Some fixes to migrate/src/Plugin/*.php files
• #2302319 by geertvd, Lendude: Missing caption, if view (format table) is grouped by a field
• #339384 by lotyrin, cilefen, neuquen, marcingy: Default option not set in exposed filters when terms are selected
• #2604912 by stockholmz, pixelmord, sdstyles: Tableselect.js select all does not fire change event
• #2359037 by jhodgdon, chx: QueueWorker plugin id is the queue name
• #2371861 by DuaelFr, YesCT, Gábor Hojtsy, tucho: Strings including tokens in href or src attributes cannot be translated due to safeness check incompatibilities
• #2640086 by markcarver: Editor routes don't use the ajax_base_page theme negotiator
• #2604220 by yched, swentel, Cottser: PHP notice for single value image field configured with a default image (no image present) and a hidden label
• #2592325 by sasanikolic, dawehner, Wim Leers: Revision tab is not shown directly
• #2461671 by keopx, er.pushpinderrana, marieke_h, jhodgdon, alexpott, Berdir, joachim: Entity::load() docs has parameter that is not needed due to inheritdoc
• #2634294 by andypost: Fix doc-block of ConfigTranslationFormBase::buildForm()
• #2616784 by malcomio, shahinam, r_sharma08, kaushalkishorejaiswal, jhodgdon, cilefen, whatsupdan: Link to render API needs semicolon removed from URL
• #2636980 by Lars Toomre, jhodgdon: Type hint additions in batch.inc
• #2633686 by snehi, jordanpagewhite, jhodgdon: EntityInterface::urlInfo() deprecated notice does not link to preferred method
• #2624914 by Lars Toomre: Fixes to migrate/src/Tests/*.php files
• #2627534 by LewisNyman: Remove LewisNyman from maintainers.txt
• #2613252 by davidhernandez, Cottser: Add Stable maintainer to MAINTAINERS.txt
• #2589237 by chx, webflo, benjy, dmoore: Menu links parent migration is broken
• #2624888 by Lars Toomre: More fixes to migrate/src/Plugin/*.php files
• #2628418 by neclimdul, quietone: Test coverage for FieldTypeDefaults process plugin
• #2605684 by chx, dawehner: Routing silently fails in kernel tests
• #2624890 by Lendude: Views Messages area handler gives broken/missing handler when added to a view
• #2636424 by eiriksm: Avoid testing for relative link starting with // in shortcut module
• #2572789 by attiks, andriyun: Fix 'Drupal.WhiteSpace.Comma' coding standard
• #2631958 by mpdonadio: Remove unnecessary query method in \Drupal\datetime\Plugin\views\sort\Date
• #2633664 by jordanpagewhite, heddn: Wrong Annotation in MigrateExecutableTest
• #2568439 by anchal29, hussainweb, priya.chat, r_sharma08, drupal.ninja03, anil280988, snehi, tedbow, joyceg, amit.drupal, jhodgdon: profiles/README.txt incorrectly states that installation profiles do not 'have any effect on' already running sites
• #2634662 by David Hernández: Typo on \Drupal\taxonomy\Plugin\migrate\source\d7\Vocabulary
• #2637254 by tvlooy: Form API using $this when not in object context
• #2630592 by anil280988, hussainweb, drupal.ninja03, Cottser, davidhernandez, jhodgdon: Tweak Stable's README.txt to be more understandable by new users
• #2629712 by leolando.tan: Typo in node argument default plugin
• #2509390 by nathanlawson91, Maninders, herom, munzirtaha, Anansi_boy: tags has a wrong right padding in RTL
• #2400543 by Nitesh Pawar, abhishek.kumar, hugronaphor, jibran, dawehner, PieterJanPut, wuinfo, cilefen, alexpott, ameymudras, lauriii, pec, ashutoshsngh, Truptti, JmOkay: Breadcrumb should be term name instead of term id on term edit and delete page
• #2599454 by rakesh.gectcr, metzlerd, snehi, jhodgdon: Document Missing HTML Render Elements
• #2283703 by pjonckiere, jhodgdon: Document how optgroups work on 'select' form elements
• #2602448 by pjonckiere, heykarthikwithu, jhodgdon: In rdf.api,php, add @return value to the hook_rdf_namespaces()
• #2611024 by benjy: Migration process plugins are missing schema
• #2630988 by hussainweb, naveenvalecha: Update the test group name in ContainerAwareEventDispatcherTest.php Annotation to EventDispatcher
• #2637030 by klausi: Assertions with BrowserTestBase are reported in the wrong file and line number
• #2268941 by Wim Leers, thpoul, yched, mlewand: Removing caption from a previously captioned image fails to remove the caption-related classes
• #2401953 by Lendude, dawehner: Database exception for View with Combined field filter with fields with no query alias
• #2605290 by sanduhrs, Mile23: Improve docs, coding standards for run-tests.sh
• #2621874 by czigor, Lendude, dawehner: "Hide empty column" only hides the header
• #2503047 by svendecabooter, phenaproxima, quietone, mikeryan: Migrate the D6/D7 actions table to D8
• #2595169 by mikeker, claudiu.cristea: Operator 'Is not equal' of BooleanOperator doesn't work
• #2636228 by alexpott: BrowserTestBase and KernelTestBase tests break badly when they fail
• #2620442 by Lendude: Theme logo upload settings are shown even if the file module is not installed
• #2637458 by legolasbo: Remove !placeholder in FormValidator::performRequiredValidation()
• #2617590 by aspilicious, Berdir: ConfigEntityBundleBase needs to clear bundle cache when updating a bundle
• #2625782 by alexpott: Infinite loop in ConfigurableLanguageManager->getLanguages() on language config entities import
• #2574077 by damiankloip, dawehner: REST Export display cannot show any raw output for fields using the Field field handler
• #2609590 by Lars Toomre: Correct incorrect use of 'id' string in migration system
• #2634986 by TravisCarden: Render API caching section refers to non-existent "language" context
• #2598376 by quietone: d6_user_settings migration user_register constants don't seem to line up
• #2620176 by joelpittet, markcarver, hatuhay: Logo image settings form is broken, breaks per-theme overrides and can result in data loss
• #2494735 by hussainweb: add $runTestInSeparateProcess = TRUE for BrowserTestBase
• #2616196 by LOBsTerr, xjm, jordanpagewhite, balagan: Missing opening parentheses in UI text
• #2633388 by mparker17: Document why ViewsBlock::build() explicitly asks for an un-cached view
• #2480719 by Lendude, aerozeppelin, Xano, dawehner: Missing label and description for exposed numeric filter when using 'between' filter
• #2635324 by dawehner: kernel tests are unrunnabble because markTestSkipped message is not displayed
• #2618034 by Lendude: Adding tag to a View gives an error
• #2626476 by benjy: MigrationBuilder should have an interface
• #2404039 by Lendude, jhedstrom, fgm, zealfire, adci_contributor, dawehner: Views performance statistics do not properly display
• #2608656 by bserem, Mac_Weber, Gábor Hojtsy: Wrong english strings in book migration from D6->D8
• #2631478 by neclimdul: bootstrap.php loader can show as changed global state
• #2592213 by Chi, hussainweb: The documentation for TypedDataManagerInterface::createInstance() is wrong
• #2633534 by steveoliver: Fix small typo in config_api section of core.api.php
• #2629750 by mpp: Add link to settings page for automated cron on modules overview
• #2458775 by aerozeppelin, pjonckiere, dawehner: Diff UI is missing colors
• #2627852 by chx: hook_entity_create_access() is unusable
• #2625258 by alexpott: LocaleConfigManager::updateConfigTranslations() deletes translations if a config object's name happens to match that of a shipped configuration object
• #2629374 by benjy: $process should be initialised to empty array
• #2539222 by sasanikolic: Exception when deleting a translation when there is no canonical link template
• #2619332 by joelpittet, jmarkel, Wim Leers, Berdir, chintan.vyas, netsensei: Color scheme config changes aren't reflected in cached pages
• #2596345 by mbovan, Nitesh Pawar, Shreya Shetty, dawehner: Deleting a view should rebuild the routes
• #2626472 by benjy: MigrateTemplateStorage should have an interface
• #2596649 by legolasbo, rakesh.gectcr: Exposed form does not save state when it is placed in a block
• #2535220 by Berdir, droplet, mbaynton: Javascript error in Firefox in node edit form if uid field is not visible but author details is
• #2388247 by pguillard, snehi, joelpittet, sriharsha.uppuluri: Documentation refers to _theme() function, which has been removed
• #2586047 by willzyx: Fatal error: Call to a member function getFieldStorageDefinition()
• #2629772 by webflo: Update mink-phantomjs-driver to a tagged release
• #2623708 by lauriii, aspilicious, joelpittet: Whitelist instances instead of specific classes in Twig sandbox policy
• #2617568 by amateescu, cilefen, Fabianx: Rename apc_* functions with apcu_*
• #2505997 by olli, peterpoe, Lendude: User error: "preview" is an invalid render array key
• #2606258 by heykarthikwithu: Number::validStep, add @param values in the comment docblocks
• #2626518 by michaellenahan: Mention sites/default/settings.php in example.settings.local.php
• #2607870 by Lars Toomre: Some docblock fixes for PHP type 'integer'
• #2606058 by MattA, priya.chat, alexpott: Documentation for the ConfigEntityType annotation class does not reference the correct entity class
• #2614604 by rakesh.gectcr, dawehner: PHPdoc is missing for an overridden function in class ConditionManager
• #2605726 by edxxu, rakesh.gectcr: Wrong @return doc for \Drupal\Core\DrupalKernel::getModuleFileNames()
• #2610142 by rakesh.gectcr: Wrong @param documentation in folder core/lib/Drupal/Core/Field/
• #2610128 by rakesh.gectcr: Comment Typos in class FieldItemList
• #2564577 by snehi, borisson_, Wim Leers, r_sharma08, lauriii: Improve comments on PlaceholderGeneratorInterface::shouldAutomaticallyPlaceholder() and DynamicPageCacheSubscriber::shouldCacheResponse()
• #2421451 by cilefen, dawehner: Drupal needs comments in opcache
• #2612618 by anil280988, r_sharma08, Cottser, davidhernandez, kaushalkishorejaiswal: Add README.txt file to Stable explain its role as a backwards compatibility layer
• #2614862 by rakesh.gectcr: Missing @param doc for method access
• #2607332 by r_sharma08, ashhishhh, snehi, pjonckiere, dawehner: Missing @return tag in getActiveHelp(), denormalize(), createBookNode()
• #2628702 by zerolab, joachim: hook_entity_extra_field_info() @return references non-existent method
• #2616412 by Lendude: ViewResultAssertionTrait verbose Query argument output is empty
• #2612150 by LOBsTerr: You can no longer see the locks when locking colors together
• #2105583 by neclimdul, tim.plunkett, dawehner, Mile23: Add some sane strictness to phpunit tests to catch risky tests
• #2608890 by ashhishhh: Improve comment standards for tracker module
• #2623790 by roderik, priya.chat, stefan.r: Update SessionManager::migrateStoredSession() method comment
• #2610140 by pjonckiere: Pluginbase inheritdoc blocks
• #2608982 by rakesh.gectcr: Comment Typos in DefaultPluginManager class
• #2606344 by rakesh.gectcr, aneeshthankachan, dawehner, cilefen: Wrong @param doc for construct function in class CoreServiceProvider
• #2604018 by heykarthikwithu, snehi, kaushalkishorejaiswal, pjonckiere: Add @param documentation in __construct() of User module
• #2627018 by Lars Toomre: Some fixes for 'e.g.' in docblocks and code comments
• #2606724 by Lars Toomre, malavya: Few {@inheritdoc} formatting fixes
• #2614842 by rakesh.gectcr, dawehner: Wrong @param in core/lib/Drupal/Core/Asset
• #2603818 by jhodgdon, beejeebus, blackra: Add defgroups for listing page headers for api.drupal.org
• #2617822 by czigor: Comment fixes

Läs mer: http://drupal.org/drupal-8.0.2-release-notes

8.0.1

3 December 2015 - 115MBKnown issues

• LocaleConfigManager::updateConfigTranslations() deletes translations if a config object's name happens to match that of a shipped configuration object

Bug Fixes

• LocaleConfigManager::getTranslatableDefaultConfig() reads config from uninstalled modules
• Configuration of configurable language types reset after module install
• SQL::addWhere not defaulting to "IN" operator when using EntityReferenceView for multiple values
• LocalePluralFormatTest::testPluralEditDateFormatter() is failing randomly
• Installs on php-fpm environments may see fatal errors on enabling modules, due to #2572293: Do not rebuild router in kernel.terminate.
• While PHP 7 does not yet have a stable release, Drupal 8.0.x is now tested on every commit with PHP 5.5, 5.6 and 7 with a 100% pass rate, so should support PHP 7’s first stable release once it is available (expected tomorrow December 3rd).
• There is not yet per-commit testing for MySQL 5.7.9 or MariaDB 10.1.8 (both released October 2015), but a minor incompatibility issue was fixed since RC4, and there are no known issues with them otherwise. We intend to add per-commit testing on one of these databases soon.
• Particular Apache configurations may have issues with serving public file assets. Issue: #2619250: Disabling -MultiViews in .htaccess can cause 500 errors
• Drupal needs comments in opcache

Changelog

• #2616498 by neclimdul, dawehner, Mixologic: Drupal\Core\Routing\RouteProvider::getCandidateOutlines() does an illegal shift when config is empty
• #2625216 by alexpott: LocaleConfigManager::getTranslatableDefaultConfig() reads config from uninstalled modules
• #2621782 by amateescu: SQL::addWhere not defaulting to "IN" operator when using EntityReferenceView for multiple values
• #2572695 by marvin_B8, attiks, pfrenssen, xjm: Fix 'Drupal.ControlStructures.ElseIf' coding standard
• Revert "Issue #2617112 by zsofi.major: Missing "one" from translatable string"
• Revert "Issue #2623232 by xjm, plach, benjy, penyaskito: Improve messages when entity/field mismatch happens"
• Revert "Issue #2571521 by Maouna, dawehner, sdstyles: Make the logger available on the controllerBase"
• Revert "Issue #2503981 by eiriksm: Move checkEmptyRegions to named function and before first use (block.js)"
• #2611758 by swentel, webflo, zuuperman: Field UI table is broken for nested elements
• #2617112 by zsofi.major: Missing "one" from translatable string
• #2503981 by eiriksm: Move checkEmptyRegions to named function and before first use (block.js)
• #2623232 by xjm, plach, benjy, penyaskito: Improve messages when entity/field mismatch happens
• #2571521 by Maouna, dawehner, sdstyles: Make the logger available on the controllerBase
• #2618040 by Maouna, plach, catch, YesCT, steelsector, matsbla, SiliconMind, vodde83: Configuration of configurable language types reset after module install
• #2623680 by alexpott, pfrenssen: Fix phpcs.xml.dist to work with the latest rules and not have unnecessary lines
• #2604038 by heykarthikwithu: Views module's "base.js" function "Drupal.Views.parseViewArgs", Local variable 'args' is redundant
• #2619400 by JKerschner: Typo in Tabbing Manager comment
• #2623548 by rbmboogie: Remove obsolete views.argument_default.php config schema
• #2075889 by kgoel, pwolanin, catch, YesCT, dawehner, mpdonadio, johnshortess, Crell, mradcliffe, alexpott, webchick, ohthehugemanatee: Document that Drupal will handle incoming paths in a consistent and case-insensitive fashion for routing
• #2620260 by JKerschner: Typo in BulkForm class
• #2587149 by Dane Powell, claudiu.cristea: Single item config export names are ambiguous
• #2610236 by cilefen, aerozeppelin: Views - "No Results Behavior" for individual fields escapes HTML
• #2621216 by nirvana_u: Typo: "extension if" instead of "extension is"
• #2621518 by jeroen_drenth: Wrong label of timestamp data type plugin
• #2547639 by dcrocks, mgifford, Pravin Ajaaz, Gábor Hojtsy, Wim Leers: Rename ambiguous "Menu" toggle in Bartik for accessibility
• #2122087 by rakesh.gectcr, snehi, InternetDevels, Xano, alvar0hurtad0: Remove references to hook_init()
• #2622306 by JKerschner: Typos in comments
• #2581399 by YesCT, effulgentsia: views.style.table schema has incorrect label for 'description'
• #2579695 by willzyx: ViewsMenuLink should use parent contructor instead of set manually the member variables
• #2618048 by seppelM: Single quoted HTML attributes in Bartik and Classy template files
• #2620658 by bojanz: Remove entity_load_multiple() usage from DefaultSelection
• #2554911 by penyaskito, benjy, catch, ifrik, plach, Bojhan, Gábor Hojtsy, yoroy: Inform users/developers about entity/field mismatch details if it happens
• #2620266 by JKerschner, plach: Typo in LanguageNegotiationContentEntity class
• #2587685 by Antti J. Salminen, lauriii, jaakko, AjitS, Sagar Ramgade, rang501: Remove references to non existing preprocess functions
• #2556273 by Mile23: Fix @deprecation docs of Drupal\Core\DrupalKernelInterface::prepareLegacyRequest()
• #2617742 by xjm: Followup: fix Views post-update hook doc groups
• #2600078 by YesCT, koppie, kgoel: Correct syntax for data type documentation in TranslationManager.php
• #2608938 by rakesh.gectcr: Wrong @return comment block in StackedRouteMatchInterface interface
• #2607454 by Wim Leers, Devin Carlson: Remove allowedContent for drupalunlink command
• #2607676 by andypost: Remove useless assigning in template_preprocess_views_view_unformatted()
• #2603348 by rakesh.gectcr, jhodgdon: Comment block contains wrong argument in @param and typo in description
• #2614066 by webflo: Machine name element leaks to much data to drupalSetting
• #2621516 by TravisCarden: hook_page_attachments_alter() @see's itself instead of hook_page_attachments()
• #2608056 by rakesh.gectcr: Comment Typo in TranslatableMarkup class
• #2576881 by snehi, stefan.r: Deprecate theme functions for removal before Drupal 9 (docs only)
• #2619700 by tim.plunkett: \Drupal\Core\Path\PathValidator::getPathAttributes() does not catch MethodNotAllowedException
• #2611078 by felribeiro: Two spaces insted one in classy.libraries.yml
• #2612580 by hchonov: Remove unused service from WidgetBase::flagErrors
• #2567077 by dcrocks, joelpittet, xjm: Followup to Use a Branding Block docs - 2005546
• #2574719 by chegor, snehi, pguillard, Chi: Grammatical error in assertion message "Make sure that a broken handler of type: @type are created"
• #2506485 by justAChris, akalata, subhojit777: Test that Header label + customized label wrapper of a Views table display is not double escaped
• #2608072 by ameymudras: "Object of type "@class" cannot be printed." exception message should not be translated
• #2609928 by micropat, cilefen, Cottser, chx: Xss::attributes() mangles valid attribute names containing numbers
• #2321583 by Wim Leers, DuaelFr: Update CKEditor library to 4.5.5
• #2485761 by mondrake, c470ip, jhedstrom: Support for transparent GIFs broken
• #2587229 by Chi, claudiu.cristea: Cleanup AssertContentTrait::xpath()
• #2599080 by edurenye, Studiographene: Duplicated schema field.formatter.settings.boolean
• #2409547 by znerol: Remove config_export_test.module
• #2598300 by krknth: Improve field_help() by actually using $field_ui_url
• #2563803 by borisson_, DietrichM: Remove deprecated functions from core/modules/system/tests/modules/module_test/module_test.module
• #2392533 by cilefen, bircher, snehi, deepakaryan1988, Oleksiy, priya.chat, Shefarik, rpayanm, venkatadapa: Grammatical error in ModuleUninstallValidatorException message
• #2608054 by stefan.r: Give more context in invalid placeholder error message PlaceholderTrait::placeholderFormat()
• #2618418 by plach: Docs follow-up for "hook_entity_create() affects the data of new translations of existing entities in unexpected and undocumented ways"
• #2613976 by Oleksiy: Remove redundant "See..." that duplicates "@see..." in protected method documentation
• #2607508 by mangy.fox, joelpittet: Incorrect site branding documentation in page.html.twig
• #2620764 by andypost: Fix entity.api hook_entity_translation_* examples
• #2620826 by Lars Toomre: Fix @var directive misuse in interface method docblock
• #2614310 by moshe weitzman: Mention cache responsibilities of form alter implementations
• #2606376 by rakesh.gectcr, Himanshu5050, sdstyles, dawehner, nicrodgers: mark \Drupal::l() as deprecated
• #2606396 by sdstyles, dawehner: mark \Drupal\Core\Routing\LinkGeneratorTrait and \Drupal\Core\Routing\UrlGeneratorTrait as deprecated
• #2602644 by rakesh.gectcr, Chi: Update @file documentation block for views.module
• #2613998 by joshi.rohit100, Chi: Remove bartik_preprocess_page() reference from page.html.twig
• #2611162 by NickWilde: CssCollectionOptimizer comment typo fix
• #2618886 by alexpott: LocalePluralFormatTest::testPluralEditDateFormatter() is failing randomly

Läs mer: http://drupal.org/node/2627402

8.0.0

(större version)
19 November 2015 - 115MBThis is the biggest update ever to Drupal. Here are just a few of the hundreds of improvements in Drupal 8:

• In-context, what-you-see-is-what-you-get (WYSIWYG) editing and previews
• Comprehensive content modeling out of the box with entities, fields, and views
• Customization of content pages and even forms and administrative pages via the administrative interface
• Full translatability and localization out of the box
• Reliable configuration management for safe and straightforward deployment of changes between environments
• Mobile-first, responsive, HTML5 output
• REST-first native web services
• Enhanced accessibility and WAI-ARIA compliance
• Modern PHP standards and practices, with integration of popular libraries such as Composer, Symfony2, Guzzle, and Twig
• Significantly improved front-end performance out of the box
• Enhanced caching and best-of-class integration with CDNs and reverse proxies
• Full compatibility with PHP7, and the PostgreSQL and SQLite databases
• ...And much more!

Läs mer: http://drupal.org/news/drupal-8.0.0-released

8.0.0-rc3

(beta release)
5 November 2015 - 115MBThis release is a beta version. Betas are good testing targets for developers and site builders who are comfortable reporting (and where possible, fixing) their own bugs, and who are prepared to rebuild their test sites from scratch if necessary. Beta releases are not recommended for non-technical users, nor for production websites.

This release candidate includes numerous fixes to regressions in CKeditor since beta 15.

Known issues

• We are confident that our code is stable enough for wider testing by site owners, developers, and end users. However, there are currently 6 known critical issues with this release candidate. We expect to identify and resolve additional critical issues as the release candidate is tested more widely.

Full changes

• #2598070 by Wim Leers, jaxxed, DuaelFr, Haza, Reinmar, oleq: [regression] CKEditor Link button does not show if HTML filtering is enabled
• #2585173 by Wim Leers, Jelle_S, DuaelFr, nod_, Reinmar, attiks: [regression] "Allowed HTML tags" setting corrupted upon accessing Text Format configuration UI
• #2510380 by Wim Leers, DuaelFr, mlewand, quicksketch, Reinmar, oleq: Images cannot be linked in CKEditor
• Revert "Issue #2510380 by Wim Leers, DuaelFr, mlewand, quicksketch, Reinmar, oleq: Images cannot be linked in CKEditor"
• #2581291 by Wim Leers: Update CKEditor library to 4.5.4
• #2599190 by chegor, rakesh.gectcr, sdstyles, aneeshthankachan, anil280988, Himanshu5050, jhodgdon: Update upgrading procedure describing in UPGRADE.txt
• #2605546 by dawehner: Mark \Drupal::url() as deprecated
• #2516742 by DuaelFr, dawehner: Allow Views to be resolved by TitleResolver
• #2194155 by cosmicdreams, subhojit777, tatarbj, Cottser: Replace deprecated Twig_NodeInterface with recommended Twig_Node
• #2605408 by IRuslan: Invalid HTML markup in status-report.html.twig
• #2605280 by rakesh.gectcr: Missing return $this in Url::setUnrouted
• #2602872 by rakesh.gectcr: Wrong @param doc for construct function in class ContainerAwareEventDispatcher
• #2602464 by heykarthikwithu, anil280988, rakesh.gectcr: Remove unused local variable and add return value to docs in _search_find_match_with_simplify() of 'search.module'
• #2605388 by rakesh.gectcr, anil280988, mahavir003, aneeshthankachan: Comment Typos in DrupalKernel.php
• #2603372 by heykarthikwithu: Remove unused variable in LibraryDiscovery::getLibrariesByExtension()
• #2480333 by Wim Leers, Elijah Lynn: Document how to use an unminified CKEditor build (for developing/debugging)
• #2581817 by YesCT: Follow-up for #2505263: clean up comments
• #2606460 by Wim Leers, alexpott: Regression caused by #2557113: Enabling CKEditor for a text format that did not have it previously is broken
• #2600672 by alexpott, dawehner: Core MarkupInterface implementations used in Twig templates should implement \Countable
• #2601790 by Liam Morland: In AttachedAssetsTest.php, separate a 3-part test into 3 separate test assertions
• #2604324 by krknth, anil280988: block.html.twig variable docs are incorrect
• #2606470 by alexpott: Symfony prevents container cloning in 2.8 - let's fix this early
• #2597359 by Wim Leers: Require responses with attachments to contain the final attachment values
• #2324649 by phenaproxima, svendecabooter, benjy, Berdir: Migrate text fields correctly based on their text_processing setting
• #2596043 by mpdonadio, pjonckiere: DrupalDateTime constructor claims to support \DateTime object - it should not
• #2605264 by rakesh.gectcr: Fixing typos for core/lib/Drupal/Core/Entity
• #2603070 by rakesh.gectcr: Unused variable in file_url_transform_relative()
• #2602410 by xaiwant: Invalid @param name in core/modules/comment/src/CommentStorage.php
• #2601682 by krknth, rakesh.gectcr, anil280988, jhodgdon: Unnecessary @param tags & Missing variable names in block, block_content module
• #2536374 by DuaelFr: Generate placeholder content for ListItemBase Field types
• #2596083 by Wim Leers, lokapujya, jamin_melville: Allowed attribute 'class' not respected in CKEditor: ACF strips it
• #2549951 by Wim Leers: Document how to specify multiple CSS classes for CKEditor's styles dropdown
• #2604618 by andypost, xjm: Views operations dropbuttons do not work with Comment because it does not specify a list builder
• #2491875 by joachim, xjm, Xano, alexpott: EntityViewsData adds Operations links to all entities, which won't work if the entity type has no list builder, leading to WSOD on some views
• #2598488 by NickWilde: Views Page display menu expanded option is not included and gets destroyed by cache-rebuild
• #2590403 by Wim Leers: Remove "Open in new window" checkbox from EditorLinkDialog — Was: "Consider whitelisting 's target attribute in the Standard install profile"
• #2604092 by Wim Leers: BookNavigationBlock has the 'user.roles' cache context, is wrong
• #2594909 by rakesh.gectcr, krknth, jhodgdon: Missing @return tags in function/method comments in the core/modules folder
• #2603296 by heykarthikwithu: 'hook_shortcut_default_set' hook's docblock return can be improved
• #2453551 by mbovan, edurenye, Berdir, Saphyel, jhodgdon: TranslationLanguageRenderer tries to add langcode field to the view for entity types that have no langcode
• #2602380 by jonhattan: Innacurate exception message: The "%s" entity cannot have a URI as it does have an ID
• #2603786 by joelpittet, Wim Leers, Fabianx: Make Renderer(Interface)::renderPlaceholder() public
• #2575703 by borisson_, stefan.r, Berdir, joshi.rohit100: Remove default fall-through from PlaceholderTrait::placeholderFormat()
• #2602662 by mikeryan, phenaproxima: Feed ID should be required base field for aggregator items
• #2604722 by rakesh.gectcr: Comment typo in BaseFieldDefinition.php file
• #2597628 by plach, jhedstrom, alexpott, Gábor Hojtsy: Enabling translation for menu links / taxonomy terms results in "Entity/field definitions" -- "Mismatch detected" on reports/status page
• #2600152 by Cottser, dawehner: Make ThemeRegistryLoader only throw an error when $throw is true
• #2589829 by rakesh.gectcr, joshi.rohit100, yched, Arla: Missing return $this in FieldConfigBase::setSetting and setConstraints
• #2540870 by joelpittet, lauriii: Improve the |safe_join Twig to be inline with twig_join_filter()
• #2603152 by alexpott, Fabianx, neclimdul: Fix PHP 7 testbot failures
• #2541344 by Wim Leers, borisson_, DietrichM, Xano, tim.plunkett, alvar0hurtad0, joshi.rohit100: BlockBase subclasses should merge their cache tags/contexts with the parent's (BlockBase's)
• #2500931 by mikeker, jhedstrom, Berdir: Views feed doesn't encode embedded HTML anymore
• #2603798 by neclimdul, phenaproxima, mikeryan: dblog_settings tests prove nothing
• #2590105 by webflo, phenaproxima, snehi, alexpott: Fix undefined variable in d6_field migration
• #2574973 by mikeryan, phenaproxima: Option to tee idmap messages to message interface
• #2596793 by phenaproxima, penyaskito, svendecabooter: Migrate legacy languages to configurable language entites
• #2599246 by mcdruid, Gábor Hojtsy: data in bulk_form_key should not be separated by -
• #2337191 by tim.plunkett, dawehner, jibran, yched, Wim Leers, catch: Split up EntityManager into many services
• #2601610 by krknth: Fix comment standards for filter module
• #2599156 by nicrodgers, snehi, jhodgdon: Several methods in node.module are missing return type documenation
• #2599442 by jhodgdon, heykarthikwithu, Himanshu5050, eojthebrave, metzlerd: Document common form/render element properties
• #2599524 by blackra, krknth, jhodgdon, rhett.prichard: Fixing order of documentation sections for /core/lib/Drupal
• #2598696 by mikeryan, effulgentsia, quietone: Rollback should not delete uid 1
• #2600538 by rakesh.gectcr, anil280988, justAChris, jhodgdon: Incorrect @file description in core/ classes - wrong namespace or class name
• #2602442 by mcdruid: typo in \Drupal\tracker\Tests\TrackerNodeAccessTest - drupalCreateuser
• #2601244 by heykarthikwithu: Removal of unused variable in function config_translation_config_translation_info(&$info)
• #2601364 by rakesh.gectcr: Unused local variables in template_preprocess_table()
• #2599612 by rakesh.gectcr: Unused variable in drupal_get_filename()
• #2601220 by heykarthikwithu: ConfigTranslationOverviewAccess::__construct docblock parameters doesn't match actual parameters
• #2578377 by YesCT, jhodgdon, Gábor Hojtsy, alexpott, herom, xjm: Make translatable docs consolidated and better for developers
• #2600996 by heykarthikwithu: Removal of unused variable CommentController::getReplyForm
• #2600990 by heykarthikwithu: Removal of unused variable BookManager::getActiveTrailIds
• #2601162 by heykarthikwithu: ShortcutSetStorage::__construct documentation of @param StorageInterface is not required
• #2598232 by Berdir, alexpott, juanse254: ConfigFactory::get() pollutes ::loadMultiple() static cache with new config objects
• #2569223 by tim.plunkett: Add tim.plunkett to Ajax system in MAINTAINERS.txt
• #2400197 by pwolanin, fgm, znerol, neclimdul, mpdonadio, thekevinday, Fabianx: Harden the security where hash values are compared
• #2594845 by er.manojsharma, tarekdj, snehi, dpopdan, anil280988, jhodgdon, cilefen: Many database driver classes have no class doc blocks
• #2597860 by neclimdul: UpdateRegistryTest tests missing assertions
• #2597844 by neclimdul: EntityManagerTest doesn't assert everything it thinks it does
• #2591125 by Berdir, Jaesin: Only the last views argument token works
• #1443342 by joseph.olstad, mikeytown2, xjm, joelpittet, brianV, effulgentsia: Inline file_uri_scheme() in file_stream_wrapper_uri_normalize() and other file.inc functions
• #2600200 by alexpott, chx, swentel: PHP7 reveals inconsistent ordering in views_entity_field_label()
• #2600686 by jhodgdon: Broken views test config YAML
• #2530296 by googletorp, mondrake, snehi, andile2012, jhodgdon, mikeker: Fix up docs in core/includes/pager.inc
• #2600328 by aanschut, brandenlhamilton, dawehner, pjonckiere: Argument default plugin docblocks
• #2600304 by marvin_B8, anil280988, GoZ, justAChris: Bad @file description in core/ classes
• #2579427 by lauriii, ibullock, joelpittet, bigjim: Outputting markup from custom text field is not possible
• #2600282 by dawehner, alexpott: PHP7 fails on Drupal\system\Tests\Update\UpdatePostUpdateTest
• #2597303 by benjy: Kernel Tests should be allowed in profiles
• #2599250 by krknth: Fixing order of documentation sections
• #2600176 by alexpott, dawehner, tim.plunkett: Step 1.875: Include the PhantomJS Mink driver for real
• #2580049 by Cottser, Manjit.Singh, NickWilde, alexpott, Wim Leers: Removed CSS files not removed from library definitions
• #2588529 by David_Rothstein, cilefen, kikoalonsob: Code indentation is incorrect in simpletest_generate_file()
• #2549571 by borisson_, nicrodgers: method visiblity in NodeTranslationUITest
• #2042239 by tbradbury, pkiraly, lucaslg, pjonckiere, oriol_e9g, ivanchaer, jhodgdon, chx, cilefen, David_Rothstein: DeleteQuery::execute (Delete::execute() in D8) return value documentation is unusable
• #2595605 by snehi, kiamlaluno, cilefen: Wrong comment in User module in user.module file
• #2598500 by krknth, nicrodgers: Remove unused variables from core/modules/toolbar/src/Tests/ToolbarAdminMenuTest.php
• #2598840 by GoZ, DuaelFr: Bad @file description in Test files classes
• #2598620 by penyaskito: Wrong assertion on BulkFormTest
• #2513266 by mikeker, joelpittet, lauriii, Cottser, pwolanin, larowlan, Fabianx, stevector, catch, alexpott, dawehner: Twig templates can call delete() on entities and other objects
• #2597644 by Mile23: ComposerIntegrationTest::testAllModulesReplaced() doesn't test anything
• #2596801 by alexpott, dawehner: Step 1.75: Include the PhantomJS Mink driver
• #2502621 by Pravin Ajaaz, hussainweb, Peacog, jhodgdon, ivanjaros: Replace implement notes with inheritdoc tag
• #2599446 by alexpott: UncaughtExceptionTest fails on PHP7
• #2592665 by jhedstrom, alexpott: Create RC1 database dumps
• #2600004 by koppie, YesCT: Missing param type for getOption()
• #2484645 by giancarlosotelo, Arla: Assigning context mapping: allow empty selection for optional contexts
• #2544156 by joelpittet: Deprecate drupal_render_children()
• #2594441 by rakesh.gectcr, joshi.rohit100, Nitesh Pawar, cilefen, xjm: Comment Typos in bootstrap.inc file
• #2599172 by TravisCarden: Typo: "Provides a service to handler..."
• #2502867 by Peacog, trwad, jhodgdon: Document all drupal(Post|Get)(*) methods $path parameter
• #2547691 by snehi, er.pushpinderrana, edxxu, ipun.amin, visabhishek, jhodgdon, cilefen, ttkaminski: Typo with #theme_wrappers
• #2597814 by dawehner, Xano: Kerneltests are broken in phpstorm
• #2576431 by joyceg, YesCT: Improve t() docs "fully-translatable site" is overstating
• #2575735 by almaudoh: LibraryDiscoveryCollector::reset() does not properly reset its $cid, resulting in loading wrong library assets if the active theme changes
• #2584745 by mbovan, s_leu: Entity references should be displayed translated on non translatable entity types
• #2593481 by Wim Leers: PlaceholderGenerator::createPlaceholder() generates invalid markup; causes placeholders to not be replaced if processed by DOMDocument
• #1938900 by joelpittet, lokapujya, Cottser, lauriii, swentel, neochief, tstoeckler, andypost, duellj: Convert theme_field_ui_table into a template (DIE THEME FUNCTIONS DIE)
• #2512468 by bendev, munzirtaha, rudraram, chipway, emma.maria, cchanana, elchiconube, Manjit.Singh, jim005, trevorkjorlien, fil00dl, meenakshi.r, davidhernandez, rbrissaud, Knee-X, LewisNyman: Regression: Indented styles for indented comments are missing in Bartik
• #1938912 by Manuel Garcia, joelpittet, lokapujya, duellj, Cottser, akalata, pplantinga, mdrummond, rpayanm, Hydra, lauriii: Convert language content setting table theme to a twig template
• #2544176 by lauriii, joelpittet: Remove drupal_render_children() usage in Drupal\toolbar\Element\Toolbar
• #2582309 by neclimdul, joelpittet, YesCT, dawehner, tim.plunkett: Cookies get lost during RedirectResponse replacement
• #2597718 by googletorp, tstoeckler: Date library is missing dependency to jquery.once
• #2585781 by anil280988, Davinder.Snehi, sdstyles, lucian.gutoiu, Chi, jhodgdon, GoZ, YesCT: Wrong documentation of t()
• #2580569 by anavarre, Davinder.Snehi, Schnitzel, jhodgdon: Update documentation that mentions active CMI directory. active was removed
• #2597548 by jhodgdon, tim.plunkett: Useless message thrown by SqlContentEntityStorage::wrapSchemaException()
• #2583135 by Torenware, klausi: Context::getContextData() sometimes returns NULL which violates ContextInterface
• #2597137 by Dom., jhodgdon, dawehner: Missing schema error on 'sorts.score.expose' views configurations
• #2599152 by mikeryan, jhedstrom: ROLLBACK_PRESERVE is not respected
• #2587549 by herom, prestonso: Remaining RTL fixes for Drupal 8
• #2582577 by Shlyapkin Grigoriy, Liam Morland, stefan.r, mradcliffe, oriol_e9g, shazbot28: D8 install should check MySQL version (Syntax error or access violation: 1115 Unknown character set: 'utf8mb4')

Läs mer: http://drupal.org/node/2608078

8.0.0-rc1

(beta release)
12 Oktober 2015 - 115MBThis release is a beta version. Betas are good testing targets for developers and site builders who are comfortable reporting (and where possible, fixing) their own bugs, and who are prepared to rebuild their test sites from scratch if necessary. Beta releases are not recommended for non-technical users, nor for production websites.

We revamped Drupal's user interface; added WYSIWYG and in-place editing; significantly improved mobile support; added and improved key contributed modules including Views, Date, and Entity Reference; introduced a new object-oriented backend leveraging Symfony components; revamped configuration management; improved multilingual support; and added hundreds of other improvements. Drupal 8.0.0-rc1 is the collective work of over 3,200 core contributors.

Known issues

• We are confident that our code is stable enough for wider testing by site owners, developers, and end users. There are however still known issues with Drupal 8.0.x, including major bugs. Help resolve these issues by testing Drupal 8 and searching for existing bug reports and adding more information to help resolve those bugs. If your suspected bug hasn't been reported yet, submit a bug report.
• There is a known issue with response cache headers sometimes exceeding hosting configuration limits that may cause some pages to not be viewable on some hosting providers. If you run into this, see that issue and its related issues for details.

Full changes

• #2072945 by Berdir, plach, effulgentsia, Schnitzel, andypost, Wim Leers: Remove the $langcode parameter in EntityAccessControllerInterface::access() and friends
• #2570285 by mr.baileys, cpj, stefan.r, alexpott, nlisgo, joelpittet, Aki Tendo, borisson_, chx, dawehner, s_leu, Berdir: Make sure TranslatableMarkup accepts string values only
• #2581683 by alexpott, hussainweb: Update PHP dependencies pre RC using composer
• #2507031 by claudiu.cristea, dawehner, Wim Leers, mitrpaka, webflo, catch, piyuesh23, beejeebus, Berdir: Optimize automatic cron subscriber by moving automatic cron to a module
• Revert "Issue #2507031 by claudiu.cristea, dawehner, Wim Leers, mitrpaka, webflo, catch, piyuesh23, beejeebus: Optimize automatic cron subscriber by moving automatic cron to a module"
• #2507031 by claudiu.cristea, dawehner, Wim Leers, mitrpaka, webflo, catch, piyuesh23, beejeebus: Optimize automatic cron subscriber by moving automatic cron to a module
• #2520526 by alexpott, dawehner, pwolanin, nlisgo, Eli-T, claudiu.cristea, catch, cosmicdreams, Wim Leers, yched, jibran, Gábor Hojtsy, YesCT, swentel, heddn, xjm: Calculate configuration entity dependencies on install
• #2151113 by akalata, joelpittet, mdrummond, mfernea, martin107, mr.baileys, Cottser: Convert theme_system_modules_uninstall() to Twig
• #2575869 by pwolanin, Wim Leers, JeroenT, dawehner, YesCT: Remove all remaining usage of deprecated UrlGeneratorInterface::generateFromPath() and delete it
• #2516918 by mErilainen, vulcanr, pazhyn, LewisNyman, Wim Leers, Bojhan, eliza411, ivanstegic, lunk_rat, nickrosencrans, stpaultim, webchick: Prevent mobile browsers from zooming on all form inputs
• #2572689 by jhodgdon, rumburak, ifrik, yoroy, Bojhan, longwave, bendev: Update the UI text for the Search module
• Revert "Issue #2572689 by jhodgdon, rumburak, ifrik, yoroy, Bojhan, longwave: Update the UI text for the Search module"
• #2572689 by jhodgdon, rumburak, ifrik, yoroy, Bojhan, longwave: Update the UI text for the Search module
• #2572621 by rachel_norfolk, jhodgdon, ifrik, Bojhan, xjm: Update the menu descriptions provided by the System module
• #2580575 by alexpott, YesCT, Gábor Hojtsy: Installing a module can delete config translations
• #2575421 by Cottser, mdrummond, lauriii, davidhernandez, LewisNyman, catch, alexpott, joelpittet, webchick, Bojhan, emma.maria, mortendk: Add a Stable base theme to core and make it the default if a base theme is not specified
• #2483887 by Wim Leers, joshi.rohit100, Fabianx, dawehner: Mark RenderCache as internal
• #2581195 by jhodgdon, dawehner: Views UI help still talks about theme suggestions, which is gone
• #2571665 by jhodgdon, ifrik: Review the hook_help for the system module - should mention status report
• #2581243 by jhodgdon: Views UI help does not have standard headings
• #2575469 by hussainweb, borisson_: Require the composer/semver library to do version checking
• #2570359 by ekes, jhodgdon, ifrik, Wim Leers: Update the hook_help for the filter module again
• #2429191 by claudiu.cristea, amateescu, yched, nlisgo, Berdir, alexpott, klausi, Wim Leers, xjm, catch: Deprecate entity_reference.module and move its functionality to core
• #2151109 by akalata, Cottser, joelpittet, jcnventura, lauriii, derheap: Convert theme_system_modules_details() to Twig
• #2578561 by tim.plunkett, joelpittet, Bojhan, Fabianx, xjm, cilefen, David_Rothstein, DamienMcKenna: Move "Inline Form Errors" functionality to optional module and restore D7-style form errors by default
• #2557265 by claudiu.cristea, Wim Leers: Synchronize editor status with paired text format status
• #2578559 by yched: Have ViewsSelection no longer extend SelectionBase
• #2118663 by cdog, nod_: Remove the Drupal.checkWidthBreakpoint method from drupal.js; replace with window.matchMedia where appropriate
• #2458601 by Denchev, Berdir: statistics library is not loaded if node template doesn't print it
• #2531678 by mondrake, MattA: The 'create_new' and 'rotate' image operations do not release memory
• #2580697 by Wim Leers: UserLoginBlock has max-age=0, is not necessary
• #2560987 by tstoeckler: Active class (almost) always added to frontpage links for anonymous users, even on other pages
• #2488032 by jhodgdon, opdavies, ifrik, webchick, Berdir: Integrate help test into module uninstall test
• #2485425 by MathieuSpil, iro, saki007ster, Wim Leers, Manjit.Singh, wiifm, kostask, Studiographene, alvar0hurtad0, LewisNyman: Clean up editor CSS inline with our CSS standards
• #2416857 by cilefen, evgeny.chernyavskiy, lauriii, chr.fritsch, pjonckiere: Add an active_theme_path twig function
• #2577487 by martin107, jhodgdon, cilefen: \Drupal\Core\Database\Query\SelectExtender - Needs more @inheritdoc tags
• #2073217 by andypost, Berdir, plach: Remove the $langcode parameter from the entity view/render system
• #2487588 by YesCT, Leksat, Schnitzel, alexpott, anavarre, xjm: Move CMI import/export directory "staging" to "sync", as it is confused with staging environments
• #2579903 by mnfriend: Improve doumentation for decimal item field type
• #1832946 by Sutharsan, Jose Reyero, Gábor Hojtsy, Wim Leers, vijaycs85: Runtime translation download fallback works different from installer translation download fallback
• #2476407 by borisson_, hussainweb, znerol, Fabianx, Wim Leers, dawehner, Crell, Berdir: Use CacheableResponseInterface to determine which responses should be cached
• #1832862 by jerdavis, nlisgo, Zekvyrin, Maouna, nod_, royal121, tadityar, Lendude, dawehner, tim.plunkett, B_man, damiankloip, ohthehugemanatee, YesCT, Bojhan, xjm, dajjen, yoroy, lisarex, penyaskito, metzlerd, veronicanerak: Make views add field scannable
• #2504815 by neclimdul, phenaproxima, mikeryan: d6 to d8 migration throws integrity contraint warning with duplicate file paths
• #2579979 by Jelle_S, attiks, nod_, Wim Leers: Allow contrib to alter EditorImageDialog/EditorImageDialog and have custom attributes be stored
• #2503755 by Wim Leers, bobrov1989, webchick, dcrocks, andypost, emma.maria, catch, Bojhan, dawehner, Gábor Hojtsy, alexpott, tstoeckler, yoroy: Switch from user login block to login menu link and search block in standard profile
• #2488568 by Jose Reyero, alexpott, Gábor Hojtsy, tstoeckler: Add a TypedDataManagerInterface and use it for typed parameters
• #2571647 by mpdonadio, joelpittet, pjonckiere: Create DateFormatterInterface
• #2409639 by k4v, madhavvyas, katzilla, tstoeckler, hexabinaer, dawehner: Hide empty details containers
• #2578433 by longwave, hussainweb: \Drupal\views\Plugin\views\filter\FieldList uses undefined function
• #2578249 by yched: Some e_r fields get the wrong Selection handler
• #2578805 by hussainweb: Upgrade to Symfony 2.7.5
• #2580527 by webflo, hussainweb, neclimdul: Revert vendor/bin/phpunit
• Revert "Issue #2503755 by Wim Leers, bobrov1989, webchick, dcrocks, andypost, emma.maria, catch, dawehner, Bojhan, tstoeckler, alexpott, yoroy: Switch from user login block to login menu link and search block in standard profile"
• #827468 by paulmartin84, latikas, aburrows, alimac, fatfish, rocket_nova, Truptti, pektinasen, DuaelFr, YesCT, ifrik, John Cook, danylevskyi, dcam, anil.gangwal, gajendra sharma, danharper, mgriego, realityloop, bleen18, alvar0hurtad0, dddave, droplet, susanb, nlisgo, webchick, meeli: Fix the allowed punctuation wording in user_edit_form
• #2568595 by hussainweb, dawehner: Upgrade PHPUnit to latest 4.8.x
• #2579615 by longwave, dawehner, juxe, alexpott: Views only able to add Attachment display
• #2560049 by hass, chrisfree, cilefen, Wim Leers, Gábor Hojtsy: Incorrect capitalisation of translatable strings
• #2579399 by phenaproxima, mikeryan, neclimdul: db-tools.php import does not work
• #2572637 by ifrik, dubois, ndobromirov, jhodgdon, Gábor Hojtsy, lachezar.valchev, xjm: Update the hook_help for the Interface translation module again
• #2520540 by alexpott: Enforced configuration dependencies shouldn't have to be repeated in the calculated dependencies
• #2575741 by Berdir: Priority of serialialization EntityReferenceFieldItemNormalizer must be lower than the one from hal
• #1218814 by swentel, pixelmord, andypost, franz: PDOException because of incorrect validation of number fields
• #2454649 by Aki Tendo, dawehner: Cache Optimization and hardening -- [PP-1] Use assert() instead of exceptions in Cache::merge(Tags|Contexts)
• #2348729 by Manuel Garcia, joelpittet, akalata, subhojit777, Cottser, rpayanm: Convert theme_views_view_field to twig
• #2580255 by Wim Leers: Remove (classy|seven)_library_info_alter() in favor of libraries-extend
• #2568511 by Mile23, ianthomas_uk, Wim Leers: Fix broken test: KernelTestBase::render
• #2571337 by maxocub, rodrigoaguilera, tstoeckler: Node type title label cannot be translated in the UI
• #2578519 by phenaproxima, webchick: Node has invalid config schema for node_unpublish_by_keyword_action
• #2527546 by DuaelFr, larowlan, chx: ModulesListForm::buildRow() does not properly build the Request object for the TitleResolver
• #2550925 by PrineShazar, maijs, LewisNyman, opdavies, justAChris: Header style in seven theme with drupal set message
• #2579357 by pwolanin: Fix text for "Limit allowed HTML tags" filter to also indicate it restricts HTML attributes
• #2557367 by davidhernandez, joelpittet, madhavvyas, alexpott, nikkyR, Studiographene, emma.maria, xjm: Fix inline list CSS
• #2528988 by znerol: Remove the option to specify a base_url from within settings.php
• #2579095 by Aki Tendo: Create Inspector::assertStringable - a shorthand for (is_string($string) || (is_object($string) && method_exists($string, '__toString')
• #2571533 by damiankloip, yched: Allow setting custom storage on FieldStorageConfig
• #1978714 by amateescu, claudiu.cristea, pfrenssen, yched, jibran, filijonka, dawehner, alexpott, tstoeckler: Entity reference doesn't update its field settings when referenced entity bundles are deleted
• #2554065 by neclimdul, larowlan: Fix APC test for PHP 7
• #2497667 by almaudoh, Wim Leers, Cottser, Fabianx, jaxxed: Add libraries-extend to themes' *.info.yml
• #2555069 by ianthomas_uk, Mile23: Remove invocation of hook_html_head_alter()
• #2576945 by hchonov: PathProcessorLanguage::initProcessors is not sorting the methods by weight
• #2498137 by yas, dawehner, daffie, jhodgdon, sumitmadan: QueryBase::sort can only work with capital letter such as 'ASC' or 'DESC' as the second parameter
• #2578567 by Cottser: Remove theme_indentation() and use Twig template only
• #2505263 by maxocub, tstoeckler: Session language switch links are (sometimes) broken
• #2579411 by yched: Resolve @todo by adding test in EntityReferenceFieldTest
• #2578083 by claudiu.cristea: Followup: Clean docs after #2064191
• #2568099 by Wim Leers, mdrummond, mortendk: Follow-up for #2407739: Remove the js-quickedit-main-content class that was added in favor of relying on
• #2575853 by DuaelFr, Lendude: Fix \Drupal\views\Tests\Plugin\DisplayPageTest::testPageRouterItems so all assertions are called
• #2552799 by heddn, glenshewchuck, Xano, deepakaryan1988, swentel, jordanpagewhite, yched, tim.plunkett: FieldType with no available widget causes Fatal error
• #2570895 by alexpott: FieldPluginBase can duplicate a suffix
• #2579887 by StryKaizer, hussainweb, dawehner: EntityListBuilder requires cache tags
• #2503755 by Wim Leers, bobrov1989, webchick, dcrocks, andypost, emma.maria, catch, dawehner, Bojhan, tstoeckler, alexpott, yoroy: Switch from user login block to login menu link and search block in standard profile
• #2577895 by sdstyles, attiks: Update JS library picturefill to 3.0.1
• #2578991 by ifrik, jhodgdon, Bojhan, snehi: Update link descriptions on the Configuration page that are confusing
• #2578989 by ifrik, alvar0hurtad0, jhodgdon, Bojhan, snehi, mairi, rachel_norfolk: Update link descriptions on the Configuration page that are not correct for D8
• #2553909 by GoZ, deepakaryan1988, Pravin Ajaaz, DuaelFr, alexpott: Update ProjectInfo class to not use 'disabled'
• #2410497 by alvar0hurtad0, sdstyles, hussainweb, webchick, jhodgdon, mpdonadio: Update remaining url() and _l() calls in comments/documentation
• #2578815 by hussainweb: Upgrade behat/mink and behat/mink-goutte-driver
• #2342247 by martin107, Mile23: Within nested foreach loop you cannot use the same loop variable
• #2344831 by martin107, jhodgdon, tstoeckler, Mile23: Document behavior of Drupal/Core/Database/Query/SelectInterface::__toString()
• #2422481 by akalata, lokapujya, joelpittet: Convert language negotiation theme table to table #type
• #2574597 by Upchuk, jhedstrom, Berdir, klausi: Comment body doesn't show up in preview for Anonymous users
• #2349303 by PQ, Charles Belov, Wim Leers: Can't drag directly from Active Toolbar to Available Buttons 2nd row
• #2273671 by JeroenT, mgifford, Tim Bozeman, StryKaizer, catch: Allowed number of values more than 1 needs aria-describedby Support
• #2534066 by Jelle_S, Dom., attiks: Allow selecting the original image when creating a responsive image style
• #2396473 by herom, Aunion, pjbaert, Manjit.Singh, Dhorkiy, b0unty, prabhurajn654, Dom., Gábor Hojtsy, LewisNyman, idebr: Add missing RTL rules to System CSS
• #2549017 by pjonckiere: Add getGroup() and getGroupLabel() to an interface and add docs
• #2563505 by javivf, adooo, Wim Leers, Truptti, DuaelFr, Reinmar, quicksketch, FMB: "Enter caption here" text missing due to auto-created
• #2487025 by shellshocked59, harings_rob, rteijeiro, subhojit777, vijaycs85, ashutoshsngh, aburrows, swetashahi, mradcliffe, Wim Leers, lauriii, LewisNyman, Bojhan, DeeLay, B_man, davidhernandez, lizzjoy, lweinmeister, wizonesolutions, arh1, GenerUmali, tstoeckler: Remove contextual links in Seven
• #2471739 by RajeevK, martins.kajins, pektinasen, LewisNyman, jaxxed: Convert reusable layout classes to BEM standards
• #2468851 by Upchuk, geertvd, JinX-Be, dawehner, Lendude: Validation criteria of contextual filter stays active after unchecking 'Specify validation criteria'
• #478994 by valthebald, sushantpaste, LewisNyman, InternetDevels, Xano, lucastockmann, alansaviolobo, mgifford, emmajane: Please state the version you are installing
• #2576525 by joshi.rohit100, DuaelFr, MattA: Missing package property in *.info.yml files for some testing support modules
• #2570999 by RajeevK, Andrew Gleeson, ifrik, jhodgdon, Bojhan, yoroy: Update the module descriptions on the Structure page
• #2572577 by amfranco, ifrik, pguillard: Update the UI texts for the Database Logging module
• #2427889 by daffie, Mile23: ConfigurableLanguageTest not found by SimpleTest
• #2578539 by longwave: Remove obsolete forum_update_last_removed()
• #2577659 by mkalkbrenner, stefan.r: Documentation for property ContentEntityBase::entityKeys is wrong
• #2348325 by fago, pradeep.singh, Mile23, Berdir: EntityManagerInterface::getHandler() documentation still refers to controllers
• #2567835 by lussoluca, alvar0hurtad0, valthebald: Typo in SessionHandler::read() method
• #2579625 by laurencemercer: Typo in file_validate_image_resolution() doc
• #2572513 by ifrik, MattA, mdoedens, yoroy, jhodgdon: Update the hook_help for the block module again
• #2572525 by mdoedens, ifrik, jhodgdon: Update the hook_help for the comment module again
• #2579847 by marcvangend, hussainweb, YesCT, dawehner, chx, Wim Leers: /node/add is lacking cacheability metadata, causes problems when cached by Dynamic Page Cache and "Use admin theme when editing or creating content" is turned off
• #2579965 by claudiu.cristea: AssertContentTrait "use"d twice in AjaxPageStateTest
• #2558885 by Cottser, jhedstrom, david_garcia, alexpott: TwigEnvironment is unable to cache inline templates because it sends invalid filenames to MTimeProtectedFastFileStorage
• #2497115 by melvinlouwerse: ajax_page_state is not taken into account for normal GET requests
• #2559955 by Wim Leers, swentel, mdrummond: Ensure that Quick Edit relies less on the structure of the HTML
• #2451411 by almaudoh, Shamsher_Alam, lauriii, borisson_, cilefen, davidhernandez, Cottser, Wim Leers, joelpittet: Add libraries-override to themes' *.info.yml
• #2571655 by jan.stoeckler, maxocub, tstoeckler: ConfigNamesMapper::hasTranslatable has flawed logic
• #2281533 by claudiu.cristea, amateescu, tim.plunkett, yched, jibran, catch: Entity Reference default selection plugin ignores matches if an entity type has no label key
• #2562811 by Jaesin, dawehner, jibran: Make \Drupal\views\Plugin\views\display\DisplayPluginBase::getType() public and add it to the interface
• #2464409 by borisson_, Wim Leers, jhodgdon, Fabianx, catch, swentel: Search results should bubble rendered entity cache tags and set list cache tags
• #2562107 by claudiu.cristea, jibran, yched, Berdir: EntityDisplayBase should react on removal of its components dependencies
• #2463567 by borisson_, Wim Leers, Xano: Push CSRF tokens for forms to placeholders + #lazy_builder
• Revert "Issue #2563843 by heddn, jhodgdon, mradcliffe, swentel: MapItem FieldType isn't used, documented, or tested: remove it"
• #2568203 by phenaproxima, mikeryan: Remove migrate-db.sh in favor of core tools
• #2465907 by mkalkbrenner, cedric_a, plach, Gábor Hojtsy, matsbla: Node revision UI reverts multiple languages when only one language should be reverted
• #2575615 by alexpott, pwolanin, stefan.r, catch, dawehner, effulgentsia, xjm, David_Rothstein, iMiksu, lauriii, joelpittet: Introduce HtmlEscapedText and remove SafeMarkup::setMultiple() and SafeMarkup::getAll() and remove the static safeStrings list
• #2579187 by plach, mkalkbrenner: Revert to an older entity revision with less translations leads to fatal error caused by EntityStorageException
• #2576037 by unqunq, er.manojsharma, sdstyles, martins.kajins, Devaraj johnson, cilefen, Bojhan, Wim Leers: "Sorry" in user-facing errors violates the User Interface Standards
• #812810 by Kuldip Gohil, kiamlaluno, akozma, cilefen, rocket_nova, JulienD: Replace "copying and pasting it to" with "copying and pasting it into"
• #2554003 by mikeryan, benjy, phenaproxima: isComplete() should not rely on RESULT_COMPLETED
• #2579021 by Wim Leers, Berdir, sasanikolic, Fabianx: Prevent comment forms from marking rendered nodes as uncacheable
• #2563843 by heddn, jhodgdon, mradcliffe, swentel: MapItem FieldType isn't used, documented, or tested: remove it
• #2574893 by heddn: Configure parameter in migrate.info.yml malformed
• #2452217 by mikeryan, sdstyles, benjy: Rename SourcePluginBase::getIterator() and try make protected
• #2550291 by neclimdul, phenaproxima: Improve and generalize database dump tools
• #2569245 by quietone, phenaproxima: [D7] Migrate search pages
• #2562695 by phenaproxima, neclimdul, mikeryan, benjy: migrate-db.sh skips uid 1 but shouldn't
• #2522008 by pwolanin, nlisgo, Wim Leers, jplopezy: Provide a setting to override base url when creating links to public files
• #2547125 by phenaproxima, mikeryan: D7 file migration should allow selecting public/private/all files
• #2561697 by phenaproxima, anavarre, Jeremy: Migration should not choke when the content_node_field table isn't available
• #2382703 by phenaproxima, quietone, miguelc303, benjy: Migration Files for Drupal 7 Contact
• #2577155 follow-up: Remove assert() call.
• #2577155 by mikeryan, benjy: Some source plugins produce duplicate rows
• #2474075 by mkalkbrenner, hchonov, plach, catch: Fix Node::preSave() and document that preSave() and postSave() are not working with ContentEntity translations
• #2554771 by Mile23, Wim Leers: Remove deprecated drupal_process_attached()
• #2090983 by plach, Berdir, yched: ContentEntityInterface::getTranslation() should throw an exception when an invalid language is specified
• #2480921 by hchonov, maxocub, plach, RavindraSingh, Gábor Hojtsy: Make the node entity's revision_log untranslatable
• #2476563 by Gábor Hojtsy, penyaskito, amateescu: Entity operations links tied to original entity language, ignore everything else
• #2464427 by jibran, Wim Leers, Berdir, borisson_: Replace CacheablePluginInterface with CacheableDependencyInterface

Läs mer: http://drupal.org/drupal-8.0.0-rc1

8.0.0-beta14

(beta release)
4 Augusti 2015 - 95MBThis release is a beta version. Betas are good testing targets for developers and site builders who are comfortable reporting (and where possible, fixing) their own bugs, and who are prepared to rebuild their test sites from scratch if necessary. Beta releases are not recommended for non-technical users, nor for production websites.

Known issues

• Obvious user facing bugs: If you are testing the beta, be aware that there are obvious site visitor and site builder-facing bug.
• There are still over 20 critical issues with this beta release that need to be resolved before we will create a release candidate.

Changes since 8.0.0-beta13

• #2474903 by Mile23: Add composer.json to \Drupal\Component\Gettext\ component
• #2503453 by mgifford, bobrov1989, rikki_iki, kattekrab, LewisNyman: Increase contrast on inline form error text
• #2398465 by DickJohnson, emma.maria, jp.stacey, idebr: Clean up the "contextual" component in Bartik
• Revert "Issue #2527126 by dawehner, Wim Leers, hass: Only send cache context/tags if frontend proxy exists"
• #2516842 by er.pushpinderrana, jhodgdon: Fix indentation in UPGRADE.txt
• #2404253 by wuinfo, mermentau: Undefined index: css in color_library_info_alter()
• #2541340 by dawehner: Remove dead code from user module
• #2534022 by phenaproxima: Move module-specific migration support into the node module
• #2541384 by mikeryan: Move module-specific migration support into the menu_ui module
• #2474151 by JeroenT, dcmul, naveenvalecha, sorabh.v6, trwad, Nitesh Sethia, sushilkr, disasm, dylanf, Mile23, xjm, dawehner, tim.plunkett, andypost: Mark procedural wrappers in entity.inc as deprecated
• #2398467 by lduerig, tresti88, Eski, LewisNyman, emma.maria: Clean up "dropbutton" component in Bartik
• #2119997 by Sharique, ursula, vijaycs85, dimaro, quietone, dawehner, mpdonadio, Bojhan: Change UI to remove display machine name for date formats
• #2539246 by brandon.holtsclaw, cilefen, pwolanin: Search page local task label was an XSS vector—add tests
• #2031883 by mortendk, rachel_norfolk, andypost, zestagio, epari.siva, nguerrier, Manjit.Singh, rteijeiro, MathieuSpil, pablo.guerino, HOG, lauriii, LewisNyman, joelpittet, Wim Leers, Cottser, minneapolisdan: Markup for: comment.html.twig
• #2532476 by dawehner, pwolanin, pfrenssen, Gábor Hojtsy, effulgentsia: Menu links should use a TranslationWrapper to encapsulate safe translatable strings from YAML files
• #2542632 by joshi.rohit100: system.install has redundant code

Changes since 8.0.0-beta12

• #2538228 by alexpott, amateescu: Document that Config save/delete/rename events may be dispatched during hook_update_N(), what that means for subscribers, and fix core subscribers accordingly
• #2429659 by chx, Berdir, mpdonadio, geerlingguy, Cottser, rteijeiro, Fabianx, catch, dawehner: Race conditions in the twig template cache
• #2535118 by longwave, Wim Leers, borisson_, effulgentsia: Toolbar subtrees not working on admin pages due to lack of theme negotiation on Toolbar's custom JSONP route
• #2540954 by mikeryan: Move module-specific migration support into the dblog module
• #2538158 by joyceg: Clarification to where hook_modules_installed should be implemented
• #2541420 by amateescu, chx: Introduce QueryConditionTrait
• #2533994 by phenaproxima: Move module-specific migration support into the block_content module
• #2534034 followup by mikeryan: Move module-specific migration support into the taxonomy module
• #2534032 by mikeryan: Move module-specific migration support into the system module
• #2534030 by mikeryan: Move module-specific migration support into the syslog module
• #2534016 by phenaproxima: Move module-specific migration support into the forum module
• #2534018 by phenaproxima: Move module-specific migration support into the locale module
• #2534020 by phenaproxima: Move module-specific migration support into the menu_link_content module
• #2540538 by znerol: Behavior of testErrorContainer() and testExceptionContainer() is unpredictable
• #2514044 by dawehner, stefan.r, alexpott: Do not use SafeMarkup::format in exceptions
• #2534024 by mikeryan: Move module-specific migration support into the search module
• #2534014 by phenaproxima: Move module-specific migration support into the filter module
• #2534002 by phenaproxima: Move module-specific migration support into the book module
• #2533986 by phenaproxima: Move module-specific migration support into the block module
• #2533984 by phenaproxima: Move module-specific migration support into the aggregator module
• #2533980 by phenaproxima: Move module-specific migration support into the action module
• #2534026 by mikeryan: Move module-specific migration support into the simpletest module
• #2534034 by mikeryan: Move module-specific migration support into the taxonomy module
• #2534036 by mikeryan: Move module-specific migration support into the text module
• #2534038 by mikeryan: Move module-specific migration support into the update module
• #2490228 by damiankloip, almaudoh, martin107, clemens.tolboom, -enzo-, znerol, dawehner: Add Authentication Collector
• #2534156 by mikeryan: Move module-specific migration support into the path module
• #2498785 by damiankloip, dawehner: Remove ViewExecutable::getMenuLinks(), its just wrong
• #2534028 by mikeryan: Move module-specific migration support into the statistics module
• #2539258 by cilefen: Inject the cache bin into TwigEnvironment
• #2541094 by dawehner: Get rid of strtr in Html::getId()
• #2541318 by dawehner: Get rid of strtr in Crypt
• #2078803 by Wim Leers, aspilicious, wmortada, Sumit kumar, mrjmd, John Cook: Change contextual links background color to match the styleguide
• #2501481 by Cottser, davidhernandez, kfriend, alimac, YesCT, lauriii, tim.plunkett, cilefen, lbainbridge, porchlight: form_select_options() is a theme function in disguise and should not use SafeMarkup::set
• #1894396 by Mile23, Crell, catch: Mark db_*() wrappers in database.inc as @deprecated for 9.x
• #2541084 by martin107, dawehner: ViewPageController does not need $storage nor $executableFactory
• #2507093 by claudiu.cristea, catch, timmillwood, dawehner: Don't calculate the theme_token for ajaxPageState unless necessary
• #2521946 by eiriksm: JSDoc field_ui module
• #2498163 by Arla, jeni_dc, nathanlawson91, MrPaulDriver, LewisNyman: Legend overlap with radios/checkboxes inside fieldset/fieldgroup
• #2539860 by jeni_dc, LewisNyman: Add a class to field that contain user-generated formatted text
• #2499793 by mikeryan, phenaproxima: Several migrate_drupal migrations fatal error on count()
• #2516842 by er.pushpinderrana, thejacer87, jhodgdon: UPGRADE.txt should explain where to find release notes
• #2382513 by mikeker, chris_hall_hu_cheng, joachim, joelpittet, alexpott, YesCT, quietone, mikeker, Jeroen, joris_lucius, katy5289, sivaji@knackforge.com: Regression fix: allow Drupal 8 to work without Apache mod_rewrite
• #2538982 by dawehner, pwolanin, Fabianx: Get rid of strtr in UrlGenerator, it is not needed
• #2535364 by mikeryan: Missing dependency in d6_vocabulary_field_instance
• #2529514 by dawehner, Fabianx, Wim Leers: Replace system.filter::protocols with container parameters
• #2534006 by phenaproxima: Move module-specific migration support into the contact module
• #2539300 by cilefen, tim.plunkett: Remove SafeMarkup::set in \Drupal\Tests\Core\Form\FormCacheTest::testSetCacheWithSafeStrings()
• #2521832 by neclimdul, Crell, amateescu: Uncomment StatementInterface methods
• #2505965 by olli: Remove dead code related to old views ui modal
• #2540764 by borisson_: Fix error in documentation that was added in #2533768
• #2527126 by dawehner, Wim Leers, hass: Only send cache context/tags if frontend proxy exists
• #2537600 by DuaelFr: An empty path on search pages settings leads to an infinit redirection loop
• #972528 by mkalkbrenner, harijari, ryanissamson, mikeytown2, haripalrao, kasperg: dblog fails to log MAX_ALLOWED_PACKET errors because they're longer than MAX_ALLOWED_PACKET
• #2507727 by mikeker, olli: Adding an "All taxonomy terms" field results in "Invalid parameter number" error
• #2537602 by hchonov, dawehner: JQuery ajax GET requests result in "406 Not Acceptable"
• #2443679 followup by chx: PostgreSQL: Fix taxonomy\Tests\TermTest
• #2342521 by JacobSanford, ecrown, dylanf, martin107, bburg, donquixote, dcmul, jhodgdon, Crell, pcorbett: Docblock fixes for core/lib/Drupal/Core/Database/Connection.php
• #2528178 by dawehner, amateescu, larowlan, tim.plunkett, jibran, catch, jhodgdon, effulgentsia, Berdir: Provide an upgrade path for blocks context IDs #2354889 (context manager)
• #2426967 by mortendk, BarisW, joelpittet, akalata, jwilson3, Manjit.Singh, joginderpc, rteijeiro, mgifford, LewisNyman, Manuel Garcia, markconroy: Feed icon should be a CSS background image not a image file
• #2489578 by Manjit.Singh, saki007ster, pjbaert, Cottser, jhodgdon, epophoto: Move search.theme.css to classy
• #2538294 by Aki Tendo: Formally declare public scope in \Drupal\Core\Template\TwigNodeVisitor
• #2497693 by marvin_B8, joshi.rohit100, borisson_, Crell: Add PSR-7 to Symfony Response View listener
• #2534926 by chx, jhodgdon: EntityFormBuilderInterface doxygen needs a little love
• #2475231 by jcnventura, mgifford, xjm: Content translation header in content type edit form is not styled correctly
• #2501183 by borisson_, dileepmaurya, Gábor Hojtsy, Berdir: LocaleLookup cache ID is using numeric indexes of the roles field, not role ID's
• #2534780 by olli, dawehner: Fatal error rendering fields using an optional relationship
• #2532970 by Xano, tim.plunkett, jhodgdon: PluginFormInterface must document $form means the plugin's own elements
• #2535192 by chx, dawehner, jhodgdon: Security: LoggerChannelInterface doxygen needs a little love
• #2465751 by andypost, JeroenT, RavindraSingh, tim.plunkett, Berdir: Remove config_test_load() and replace with entity_load
• #2512062 by dsnopek, tim.plunkett, Wim Leers: VariantInterface extends ConfigurablePluginInterface so PageDisplayVariantSelectionEvent should allow passing configuration to the Variant (to enable Panels Everywhere)
• #2532148 by timmillwood, davidwbarratt: Modules cannot be put in ./modules/vendor
• #2536906 by aspilicious: Warning when saving third party settings while no settings available
• #2533768 by Wim Leers, lauriii: Add the user entity cache tag to user.* cache contexts that need it
• #2056089 by BarisW, TR, mgifford, rodvolpe, Dom., nambisolo, nod_, katewelling, Manjit.Singh, jhodgdon, Bojhan, Wim Leers: UI problems on the Modules/Extend page
• #2536508 by Aki Tendo: Content Negotiation Test showing up as a core module
• #2489830 by cilefen, davidhernandez, dcmul, Adam Clarey, joshi.rohit100, rpayanm, sqndr, Cottser, lauriii: Improve theme compatibility error message
• #2430397 by Wim Leers, Fabianx: When mapping cache contexts to cache keys, include the cache context ID for easier debugging
• #2513094 by hchonov, pfrenssen, mkalkbrenner, yched, Berdir: ContentEntityBase::getTranslatedField and ContentEntityBase::__clone break field reference to parent entity
• #2500499 by phenaproxima, bdimaggio: Migration path for dblog 7.x
• #2500529 by phenaproxima, bdimaggio: Migration path for Syslog 7.x configuration
• #2534158 by phenaproxima, mikeryan: MigrateFullDrupalTestBase must use dynamic test discovery
• #2536212 by chx: Link CronInterface to the handbook page
• #2401159 by kim.pepper, Jaesin: Convert instances of Guzzle getBody(TRUE)
• #2508830 by s_leu, pivica: Various UI problem with autocomplete select control
• #2533822 by alexpott: Duplicate array keys in CssOptimizerUnitTest resulting in missing test coverage
• #2539310 by neclimdul, alexpott: BackendCompilerPassTest::testProcess fails when sqlite not installed
• Revert "Issue #2492429 by mikeryan: Migration count caching broken"
• #2338081 by pwolanin, dawehner, effulgentsia, kgoel, vijaycs85, mpdonadio, chx, brandon.holtsclaw, alexpott, Gábor Hojtsy, Fabianx, catch, YesCT, JvE: Local Tasks, Actions, and Contextual links mark strings from derivatives (or alter hooks) as safe and translated
• #2524082 by pfrenssen, Gábor Hojtsy, Wim Leers, Berdir, Fabianx, dawehner, catch: Config overrides should provide cacheability metadata
• #2525884 by jesperjb, joshi.rohit100, Berdir: Avoid unecessary cache tag invalidations in ConfigEntityBase and aggregator Item entity
• #2536644 by tim.plunkett: generate-proxy-class.php should generate the same file regardless of a missing leading slash
• #2536448 by vbouchet: First param of ViewsUIController::edit() is documented wrong
• #2535586 by andypost: Clean-up "links" templates from removed "html" option
• #2535284 by jibran: Move block_install hook to block.install file
• #2492429 by mikeryan: Migration count caching broken
• #2529616 by andypost: Move CurrentLanguageContext to Core\Language\ContextProvider
• #2409701 by tstoeckler, Leksat, Schnitzel, _nolocation, Gábor Hojtsy, xjm: Field storage configuration is not exposed to config translation UI
• #2531408 by chx, dawehner: Default backend database driver
• #2527846 by dawehner, Wim Leers: Try to get rid of Url::fromRoute() in system_js_settings_alter()
• #2497275 by borisson_, alexpott, dawehner, Gábor Hojtsy: ~50 calls to t() for two strings in LanguageManager() on every request
• Revert "Issue #2497275 by borisson_, alexpott: ~50 calls to t() for two strings in LanguageManager() on every request"
• #2497275 by borisson_, alexpott: ~50 calls to t() for two strings in LanguageManager() on every request
• #2536456 by mbovan, Berdir, Wim Leers, dawehner: Autocomplete is broken (its JS it not loaded)
• Revert "Issue #2510104 by pwolanin, nod_, Fabianx, Wim Leers, droplet, Pere Orga: Convert drupalSettings from JavaScript to JSON, to allow for CSP in the future"
• #2535302 by mbaynton, Berdir, kgoel, claudiu.cristea, tim.plunkett, RavindraSingh, cilefen, dawehner: Selecting too many files with JS off causes WSOD with data loss
• #2498599 by Cottser, naveenvalecha, webchick, karolus, cilefen: Remove sdboyer/gliph since it is unused by core
• #2505315 by stefan.r, dawehner, tim.plunkett, Berdir: Catch PHP7 Throwable objects instead of BaseExceptions in the error handler
• #2024695 by olli, SpadXIII: The "Reset" button ignores the "Use AJAX" setting (always behaves in a non-AJAX way)
• #2525910 by dawehner, effulgentsia, Berdir, lauriii, larowlan, timmillwood, Wim Leers, chx, arlinsandbulte, Fabianx, Gábor Hojtsy, Dave Reid, alexpott, catch: Ensure token replacements have cacheability + attachments metadata and that it is bubbled in any case
• #2535082 by alexpott, jhedstrom, xjm, plach, Fabianx, effulgentsia, Berdir: Allow hook_update_N() implementations to run before the automated entity updates
• #2493911 by dawehner, larowlan, damiankloip, hussainweb, jibran, cilefen, benjy, iMiksu, mtdowling: Update guzzle, goutte and mink-goutte-driver to the latest release
• #2408013 by Aki Tendo, alexpott, Fabianx, dawehner, Crell, jhodgdon, Wim Leers, aspilicious: Adding Assertions to Drupal - Test Tools
• #2531972 by dawehner: Move ThemeManager::theme() to ThemeManager::render()
• #2536678 by alexpott: SimpletestTestForm broken
• #2536880 by alexpott: CKEditor admin form broken
• #2506581 by alexpott, Wim Leers, Fabianx, xjm, joelpittet, Cottser, dawehner: Remove SafeMarkup::set() from Renderer::doRender
• #2082315 by Wim Leers, realityloop, mrjmd: Tracker history markers ("new" and "updated" markers, "x new replies" links) forces render caching to be per user
• #2533946 by alexpott: UncaughtExceptionTest is a monkey in the control room
• #2471232 by borisson_, JeroenT, sorressean, rbmboogie, ruha, mariancalinro: Optimize Cache::merge*(), by only accepting 2 instead of N arguments
• #2512106 by cilefen, droplet, alexpott: Inline templates are XSS filtered incorrectly
• #2507831 by dawehner, tim.plunkett, effulgentsia: Harden redirect responses to make external URIs opt in (was SA-CORE-2015-002 foward-port)
• Revert "Issue #2228217 by pwolanin, ecrown, neclimdul, Fabianx, dawehner, klausi: Further optimize RouteProvider and add web test for large number of path parts"
• #2228217 by pwolanin, ecrown, neclimdul, Fabianx, dawehner, klausi: Further optimize RouteProvider and add web test for large number of path parts
• #2532490 by tim.plunkett, dawehner, Wim Leers, Crell, mtift: Unrouted URLs break toolbar but are hidden by caching
• #2462907 by tstoeckler, penyaskito, Gábor Hojtsy, miro_dietiker: Entity operations to field UI shown in config overview
• #2496897 by sasanikolic, Arla, dawehner, miro_dietiker, Berdir: Throw helpful exception if link templates are missing leading /
• #2504141 by alexpott, tim.plunkett, larowlan, David_Rothstein, dawehner: Information disclosure/open redirect vulnerability via blocks that contain a form
• #2534830 by Wim Leers: Toolbar subtrees not working
• #2534856 by Dave Reid: Remove unused _toolbar_get_user_cid()
• #2529144 by phenaproxima: Create cckfield plugin for text fields
• #2506151 by joelpittet, Cottser, lauriii, Lukas von Blarer, tim.plunkett: Make the Twig extension link() accept Attribute objects
• #2382859 by rpayanm, mondrake, ianthomas_uk: Remove file_stream_wrapper_get_*() and file_get_stream_wrappers()
• #2498691 by cilefen, mesch, deepakaryan1988, RavindraSingh, honzakuchar, darol100, kattekrab, Cottser, David_Rothstein: "Install and set as default" link on the Appearance page doesn't work
• #2299361 by trgreen17, wadmiraal, naveenvalecha, er.pushpinderrana, neetu morwani, jhodgdon, joachim: description of drupalGetTestFiles() is vague and has a typo; simpletest_generate_file() needs help too
• #2534516 by webflo: Fix NodeAccessControlHandlerInterface doxygen
• #2351015 by plach, effulgentsia, Wim Leers, dawehner, martin107, damiankloip, cilefen, Fabianx, catch, pwolanin, Damien Tournoud, znerol, YesCT, larowlan: URL generation does not bubble cache contexts
• #2151103 by twistor, kerby70, ParisLiakos, cilefen: Zend feed plugins are incorrectly registered
• #2454829 by maxocub, eiriksm, rvilar, Gábor Hojtsy, penyaskito, tstoeckler, Jose Reyero: Configuration translation UI does not support plural sources/targets
• #2533222 by neclimdul, Berdir: Fix ConfigEntityBaseUnitTest
• #2424805 by mdrummond, YesCT, vijaycs85, xjm, marcoscano, ifrik, joelpittet, Jelle_S, attiks, lauriii: Toolbar can no longer switch horizontal and vertical -- expects breakpoints ordered from smallest to largest; responsive images need largest to smallest
• #2466931 by mikeker, Fabianx, dawehner, joelpittet: Valid Twig syntax is incorrectly escaped in Views rewrites
• #2528242 by timmillwood: Add color-* classes to all rows on the status page
• #2522652 by neclimdul, phenaproxima, prajaankit, benjy: Add getTemplateByName method to TemplateStorage
• #2526412 by neclimdul, hussainweb, Fabianx: Remove Singleton hack in registerWithSymfonyGuesser
• #2532604 by alexpott: Fix reference to "var drupalSettings" in NoJavaScriptAnonymousTest
• #2488960 by cilefen, joshi.rohit100, naveenvalecha: Upgrade egulias/EmailValidator to 1.2.9
• #2512132 by Wim Leers, effulgentsia, Fabianx: Make CSRF links cacheable
• #2482625 by mbovan, Berdir, dawehner: Views entity reference selection with autocomplete widget broken
• #2522002 by pwolanin, fgm, znerol: Do not strip www. from cookie domain by default because that leaks session cookies to subdomains
• #2392109 by jacob.embree, dcmul, ByronNorris, jhedstrom: Filter: Allow plus sign in email addresses
• #2533168 by neclimdul, Berdir: Fix BlockRepositoryTest
• #2509650 by willzyx: Faulty dependency to Renderer in Drupal\comment\CommentLazyBuilders
• #2532616 by TR: "return" used instead of "@return" in RoleInterface::isAdmin() docblock
• #2532944 by chx, dawehner: AliasManagerInterface lacks doxygen
• #2533034 by chx, webflo: AliasWhitelistInterface doxygen missing
• #2527708 by joshi.rohit100, chx, jhodgdon, alexpott: Improve documentation for TypedConfigManagerInterface
• #2486983 by metzlerd, jhodgdon, tim.plunkett: Document Text Input Form Elements
• #2533360 by hussainweb: Upgrade to Symfony 2.7.2
• #2532618 by TR: "return" used instead of "@return" in documentation
• #2532646 by TR: "@return boolean" is wrong, use "@return bool"
• #2531636 by Lucasljj, olli: Remove unnecessary extra space in dialogs
• #2533218 by mpdonadio: Resolve todo for Symfony #12349
• #2514168 by phenaproxima, mikeryan, benjy: Streamline migrate_drupal integration tests
• #2527064 by jboxberger, tstoeckler: Nested condition groups in entity queries are broken
• Revert "Issue #2527064 by tstoeckler: Nested condition groups in entity queries are broken"
• #2493033 by Berdir, Wim Leers, lauriii, Fabianx, effulgentsia, dawehner, catch, msonnabaum, Crell, webchick: Make 'user.permissions' a required cache context
• #2217985 by Berdir, Wim Leers: Replace the custom menu caching strategy in Toolbar with Core's standard caching
• #2532434 by alexpott: UncaughtException test doesn't quite uncatch everything
• #2531258 by neclimdul: Improve \Drupal\Tests\user\Unit\PermissionHandlerTest::testBuildPermissionsSortPerModule
• #2530936 by webflo: Ensure that the classloader prefix is really unique
• #1838242 by jhedstrom, pivica, tim.plunkett, bojanz, GaëlG, mpdonadio, dawehner, olli, Lendude: Provide Views integration for datetime field
• #2526004 by andypost: UnpublishByKeywordComment should inject needed services properly
• #2531568 by willzyx: Remove obsolete hook_menu() from responsive_image module
• #2531622 by colbol: The description for the responsive image module admin link should end with a period.
• #2530908 by olli: Caching problem in PageTitleTest
• #278958 by jhodgdon, pwolanin, mgifford: Advanced search form has usability issues
• #2409415 by phenaproxima, hosef: Variable to config: aggregator.settings [d7]
• #2531028 by Berdir, neclimdul: Null migrate destination is a reserved keyword in PHP 7
• #2513586 by kfitz, cilefen, jhodgdon, Bojhan, eliza411, ivanstegic, LewisNyman, lunk_rat, nickrosencrans, stpaultim, webchick: Remove the word "positive" from the "Must include a positive keyword with three characters or more." error message
• #2525068 by daffie, googletorp: Document the class variable Node::in_preview as will stay public
• #2528688 by phenaproxima: Create cckfield plugin for file fields
• #2521774 by naveenvalecha: Add new line at the EOF in system_test.permissions.yml file
• #2392559 by mondrake, mitrpaka, JeroenT, rpayanm, adci_contributor, ianthomas_uk: Remove all uses of file_stream_wrapper_get_* and file_get_stream_wrappers
• #2472431 by davidhernandez, yannickoo, cilefen, LewisNyman: Do not load normalize.css in all themes, load it in Classy
• #2502009 by joelpittet, Cottser, Wim Leers: Remove SafeMarkup::set in SearchExtraTypeSearch::execute()
• #2500013 by Berdir, Wim Leers, plach: Add cacheability metadata information to translation overview
• #2527064 by tstoeckler: Nested condition groups in entity queries are broken
• #2504967 by hussainweb, joshtaylor, jibran, Berdir: Upgrade to Symfony 2.7.1
• #2502785 by dawehner, effulgentsia, tim.plunkett, amateescu, Fabianx, Wim Leers, catch, dsnopek, EclipseGc, yched, Berdir, larowlan, mondrake, olli: Remove support for $form_state->setCached() for GET requests
• #2532082 by mbovan: Replace SafeMarkup::filterXss() with SafeMarkup::xssFilter() in method documentation
• #2321969 by rpayanm, subhojit777, prics, LinL, JeroenT, Temoor, prashantgoel, Mile23, pcambra, Sumi: Replace all instances of file_load(), file_load_multiple(), entity_load('file') and entity_load_multiple('file') with static method calls
• #1963978 by joelpittet, NickWilde, jmolivas, dimaro, lauriii, Manuel Garcia, 2ndmile, Cottser, tim.plunkett: Convert theme_views_ui_build_group_filter_form() to Twig
• #2510104 by pwolanin, nod_, Fabianx, Wim Leers, droplet, Pere Orga: Convert drupalSettings from JavaScript to JSON, to allow for CSP in the future
• #2506195 by alexpott, joelpittet, xjm, David_Rothstein, Fabianx, pwolanin: Remove SafeMarkup::set() from Xss::filter()
• #2261669 by Berdir, timmillwood, jhedstrom: Slow query in NodeRevisionAccessCheck
• #2512456 by tim.plunkett, legolasbo, MattA, dawehner, googletorp, darol100, Bojhan, webchick, andypost, ivanstegic, larowlan, lauriii, LewisNyman, tkoleary, rickvug, eliza411, lunk_rat, nickrosencrans, stpaultim, Mark LaCroix: Implement the new block layout design to emphasize the primary interaction of placing a block
• #2505989 by alexpott, dawehner, olli: Controllers render caching at the top level and setting a custom page title lose the title on render cache hits
• #2507967 by tim.plunkett: \Drupal\Core\Entity\Controller\EntityViewController::buildTitle() assumes the is in the render array
• #2508231 by timmillwood, amateescu, hussainweb, catch, dawehner, David_Rothstein, Mixologic, effulgentsia: Raise minimum required version of PHP to 5.5.9
• #2529442 by neclimdul: Random phpunit failures in EntityUnitTest
• #2509600 by andypost: AggregatorFeedBlock should return render array
• #2529082 by timmillwood: Set better version for mikey179/vfsStream
• #2508623 by xjm: Remove Frando from MAINTAINERS.txt
• #2513692 by pameeela, naveenvalecha, andypost: Remove tim-e from Maintainers.txt for contact module. Add jibran and andypost
• #2354889 by larowlan, dawehner, lauriii, Berdir, catch, martin107, pfrenssen, EclipseGc, Fabianx, Wim Leers, dsnopek, jibran, tim.plunkett, andypost: Make block context faster by removing onBlock event and replace it with loading from a ContextManager
• #2512866 by lauriii, Berdir, Wim Leers, Fabianx, effulgentsia, catch, dawehner: CacheContextsManager::optimizeTokens() optimizes ['user', 'user.permissions'] to ['user'] without adding cache tags to invalidate that when the user's roles are modified
• #2528292 by Fabianx, dawehner: Decouple Error testing from relying on a cached on disk-container that is created by a different Kernel
• #2477413 by daffie, Crell, bzrudi71, stefan.r, catch, mradcliffe, chx: Increase minimum version requirement for Postgres to 9.1.2
• #2527816 by jhedstrom, pfrenssen, chx, catch: Logic error in SqlContentEntityStorage::countFieldData() attempts to drop `name` column
• #2526458 by cilefen, googletorp, alexpott: Test XSS filtering of slogan in SystemBrandingBlock
• #2527406 by Gábor Hojtsy, Berdir: CommentForm::init() and MessageForm::init() are useless/broken
• #2525002 by daffie, benjy: Make the class variables protected for Migration
• #2528414 by jhedstrom: Block visibility by path docs are missing leading slash
• #2525870 by pwolanin, willzyx, Fabianx: Regression: machine name inputs no longer work properly after #2508735
• #2527638 followup by xjm: Fix duplicated setUp() method in MigrateDrupal7TestBase
• #2514998 by tim.plunkett: Reduce fragility in the monolithic BlockListBuilder
• #2527606 by dawehner, plach, catch, mpdonadio, Wim Leers, xjm, Fabianx: Uncaught PHP Exception LogicException when editing Views
• Revert "Issue #2527606 by dawehner, plach, mpdonadio, xjm, Wim Leers, Fabianx: Uncaught PHP Exception LogicException when editing Views"
• #2493665 by Fabianx, dawehner, msonnabaum, catch: Add centralized container invalidation method
• #2527606 by dawehner, plach, mpdonadio, xjm, Wim Leers, Fabianx: Uncaught PHP Exception LogicException when editing Views
• #2512718 by Berdir, pfrenssen, Wim Leers, Fabianx, dawehner, catch, effulgentsia, plach, Gábor Hojtsy: EntityManager::getTranslationFromContext() should add the content language cache context to the entity
• #2527638 by phenaproxima: MigrateDrupal7TestBase never installs Drupal 7 migrations
• #2428861 by tbradbury, Nitesh Sethia, neetu morwani, deepakaryan1988, Sagar Ramgade, yogen.prasad, Daniel_Rose, Cottser, jhodgdon, Sutharsan, leeotzu: user.html.twig documentation refers to a nonexistent 'account' variable
• #2491259 by Chernous_dn, rudraram, jhodgdon, LewisNyman, mortendk: move search.admin.css into seven
• #2527076 by daffie: Make the class variables protected for Drupal\Core\Datetime\Entity\DateFormat
• #2527710 by Fabianx: Decouple Error testing from running with container builder
• #2516866 by willzyx: Faulty dependency to RedirectDestination in Drupal\menu_ui\Plugin\Menu\LocalAction\LocalActionDefault
• #2513612 by davidhernandez, ivanstegic, Bojhan, eliza411, LewisNyman, lunk_rat, nickrosencrans, stpaultim, webchick: Make the autocomplete form option text for an entity reference not be all caps
• #2522600 by neclimdul, phenaproxima: Remove CMI dependency from Migration Templates
• #2527486 by alexpott: --browser in run-tests.sh broken
• #2512210 by trgreen17, jhodgdon, liberatr: SimpleTest - WebTestBase method creates binary-text files when the intention was to create text files, and text file creation is broken
• #2328883 by andypost, dawehner: menu ui route used in menu link content
• #2516802 by Dave Reid: FilterProcessResult->merge() results in PHP warning: Missing argument 1 for FilterProcessResult::__construct()
• #2522120 by jhedstrom: DbDumpCommand should add collation information to the generated script
• #1835016 by googletorp, nod_, KarenS, Sharique, Nitesh Sethia, mpdonadio: Polyfill date input type
• #2497691 by Crell, cilefen, marvin_B8, dawehner: Include Symfony PSR-7 bridge library
• #2453175 by tim.plunkett, plach, rteijeiro, effulgentsia, eshta, dawehner, fago, Berdir, alexpott: Remove EntityFormInterface::validate() and stop using button-level validation by default in entity forms
• #2492585 by pguillard, yarik.lutsiuk, andypost, Mile23: Deprecate comment_view() & comment_view_multiple()
• #2501701 by akalata, pwolanin, lauriii, GreenSkunk, cdulude, joelpittet, Cottser: Remove SafeMarkup::set in template_preprocess_color_scheme_form()
• #2526462 by Mile23: Mark entity_get_bundles() as @deprecated for 9.x
• #2513646 by pwolanin, alexpott: Role name is unescaped on block admin via JS
• #2450993 by Wim Leers, Fabianx, Crell, dawehner, effulgentsia: Rendered Cache Metadata created during the main controller request gets lost
• #2509898 by dawehner, znerol, larowlan, lauriii, Aki Tendo, Wim Leers: Additional uncaught exception thrown while handling exception after service changes
• #2478459 by plach, mkalkbrenner, chx, yched, Berdir, dawehner, benjy: FieldItemInterface methods are only invoked for SQL storage and are inconsistent with hooks
• #2508547 by tim.plunkett, tannerjfco, neclimdul: Placing a block with same machine name of region causes region to disappear in admin UI
• #2526084 by andypost, yarik.lutsiuk: Fix comment in Comment entity
• #2513568 by cilefen, ivanstegic, Bojhan, webchick, eliza411, LewisNyman, lunk_rat, nickrosencrans, stpaultim: Relabel "Configuration Management"
• #911352 followup: Fix comment wrapping.
• #911352 by Liam Morland, Crell: Document that foreign keys may not be used by all DB drivers
• #2511806 by claudiu.cristea, sumitmadan, znerol, neetu morwani, jhodgdon: Fix documentation in password hashing class
• #2516690 by mlevasseur, joshi.rohit100: Missing test for "Help" links per module on "Extend" admin page
• #2505721 by eiriksm, nod_, jhodgdon: JSDoc color module
• #2505669 by pwolanin, jcloys, joshi.rohit100, dawehner, Wim Leers, kgoel, larowlan: Inject render service into LinkGenerator instead of calling drupal_render
• Revert "Issue #2505669 by pwolanin, jcloys, joshi.rohit100: Inject render service into LinkGenerator instead of calling drupal_render"
• #2505669 by pwolanin, jcloys, joshi.rohit100: Inject render service into LinkGenerator instead of calling drupal_render
• #2511584 by jhedstrom, rpayanm: Move NodeFormButtonsTest::assertButtons() to a trait
• #2507911 by mikebell_, dylanf, naveenvalecha, deepakaryan1988, kfitz, jhodgdon, webchick, Charles Belov: Mention location of settings.php in UPGRADE.txt
• #2514092 by neclimdul: Fix typo in drupal_attach_tabledrag
• #2314825 by kay_v, jhedstrom: incomplete instructions in INSTALL.txt
• #2501903 by pguillard, Manjit.Singh: inline form errors classnames to follow namestandard
• #2512734 by Wim Leers, dawehner, Berdir: session_test routes/controllers don't specify the appropriate cacheability metadata
• #2474363 by Aki Tendo, alexpott, Dom., MattA, dawehner, TR, hass, Wim Leers, cburschka, Berdir: Stuck in failed module install process
• #2514052 by phenaproxima: Remove migrate_drupal's MigratePluginManager implementation
• #2513132 by klausi: Remove duplicated getDataDefinition() method in EntityAdapter
• #2509628 by andypost: TranslationStatusForm::buildForm() should not use drupal_render()
• #2512820 by JvE, pwolanin: 'administer actions' permission can be abused - needs to be flagged as restricted
• #2512580 by Wim Leers: NodeEntityViewModeAlterTest uses State to dynamically affect hook_entity_view_mode_alter()
• #2443323 by Wim Leers, Nitesh Sethia, yched, Fabianx, jhodgdon: New convention: CacheContextInterface implementations should mention their ID in their class-level docblock
• #2502021 by willzyx, Saphyel, dawehner, DuaelFr, b0unty, cilefen, larowlan, lauriii: Unhandled exception when trying to register a duplicate user
• #2421503 by lauriii, larowlan, Wim Leers, dawehner, tim.plunkett: SA-CORE-2014-002 forward port only checks internal cache
• #2508679 by tim.plunkett, Fabianx: Fix empty redirects and redirects with options in \Drupal\field_ui\FieldUI::getNextDestination()
• #2502571 by pjonckiere, mpdonadio, catch, jhodgdon: Date format granularity should only render adjacent units
• #2498919 by stefan.r, Berdir, catch: Node::isPublished() and Node::getOwnerId() are expensive
• #2508627 by rvtraveller, pwolanin: Changing email address should invalidate one-time login links
• #2375695 by Berdir, EclipseGc, tim.plunkett, Wim Leers, Fabianx, dawehner: Condition plugins should provide cache contexts AND cacheability metadata needs to be exposed
• #2513244 by Berdir, Wim Leers, EclipseGc, Fabianx: ContextHandler incorrectly checks required/optional contexts of plugins
• #2463909 by phenaproxima, mikeryan: Migrations should support non-installed default configurations (templates)
• #2513264 by moshe weitzman, webflo: Fix bad class reference
• #2309215 by googletorp, subhojit777, lokeoke, tadityar, crowdcg, aneek, joelpittet, jhedstrom, alexpott, lauriii, amankanoria: HTML double-escaping in revision messages
• #1831798 by darol100, pjonckiere, rhuffstedtler, ifrik, paul.linney, rajneeshb, batigolix, jhodgdon: Update hook_help() for config manager module
• #2448681 by jeqq: Remove obsolete todo from MenuTreeParameters class
• #2512444 by MattA: Unused namespaces in EntityDeriver.php
• #2509512 by chx: Redundant code in StaticMapTest::setUp
• #2514136 by pwolanin, Fabianx: Add default clickjacking defense to core
• #2188165 by tim.plunkett, dww: [Regression] View term filter 'is/not empty' and 'not one of' operators do not work
• #2516078 by cilefen, naveenvalecha: Upgrade doctrine/lexer to v1.0.1
• #2494063 by tohesi, trwad, dcmul, droplet, nod_, naveenvalecha: Update Backbone to 1.2.1
• #2513396 by Cottser, larowlan, HelloNewman, webchick, crowdg, Bojhan, eliza411, ivanstegic, LewisNyman, lunk_rat, nickrosencrans, stpaultim: There is no link, anywhere, to a contact form once a user creates it
• #2517114 by joshi.rohit100, cilefen: Remove needless, wrongly-placed system_test.permissions.yml file
• #2513626 by cilefen, akalata, Les Lim: [Regression] Module permission links missing from module list page
• #2477853 by ingaro, daffie, bzrudi71, mradcliffe, alexpott: PostgreSQL: Add support for reserved field/column names
• #2508735 by darol100, dawehner, pwolanin, Chi, Fabianx, tim.plunkett: Code injection via preg_replace()
• #2487498 by Cristian.Andrei, Scott Weston, iMiksu: Make randomString always return a > to avoid random test fails
• #2463581 by Wim Leers, swentel: #cache_redirect cache items should have an 'expire' timestamp that matches the merged max-age
• #2487600 by dawehner, Wim Leers, fgm: #access should support AccessResultInterface objects or better has to always use it
• #2443679 by bzrudi71, daffie, mradcliffe, alexpott: PostgreSQL: Fix taxonomy\Tests\TermTest
• #2511854 by NickWilde, cilefen: Datetime select list uses PHP non-OOP datetime functions
• #2408371 by dawehner, Fabianx, alexpott, bforchhammer: Proxies of module interfaces don't work

Läs mer: http://drupal.org/node/2544542

8.0.0-beta12

(beta release)
30 Juni 2015 - 95MBThis release is a beta version. Betas are good testing targets for developers and site builders who are comfortable reporting (and where possible, fixing) their own bugs, and who are prepared to rebuild their test sites from scratch if necessary. Beta releases are not recommended for non-technical users, nor for production websites.

Known issues

• Obvious user facing bugs: If you are testing the beta, be aware that there are obvious site visitor and site builder-facing bug.
• There are still over 20 critical issues with this beta release that need to be resolved before we will create a release candidate.

Changes since 8.0.0-beta11

• #2512452 by dawehner, pwolanin, alexpott, fnqgpc: Confirm form cancel button can lead to external domain
• #2509300 by dawehner, catch, larowlan: Path alias UI allows node/1 and /node/1 as system path then fatals
• #2453153 by mkalkbrenner, plach: Node revisions cannot be reverted per translation
• Revert "Issue #2512452 by dawehner, pwolanin, fnqgpc: Confirm form cancel button can lead to external domain"
• #2512478 by googletorp, pwolanin, G1N1: XSS on field edit form via label field via ckeditor
• #2512452 by dawehner, pwolanin, fnqgpc: Confirm form cancel button can lead to external domain
• #2512382 by Wim Leers: Follow-up for #2407195: #attached['http_header'] being added to Response in two places
• #2511024 by lahoosascoots, jibran, kattekrab: Can't add multiple content types to shortcuts
• #1392754 by tss, justAChris, jhodgdon: Comply with new documentation standards for @file for namespaced class files
• #2509694 by kfitz, joshi.rohit100, cilefen: The $name parameter for UrlGenerator::getRoute() is documented incorrectly
• #2500523 by tim.plunkett, effulgentsia, dawehner: Rewrite views_ui_add_ajax_trigger() to not rely on /system/ajax
• #2512460 by pwolanin, Gábor Hojtsy, grisendo, JvE: "Translate user edited configuration" permission needs to be marked as restricted.
• #2489024 by lauriii, Fabianx, Gábor Hojtsy, Cottser, dawehner, zeropx: Arbitrary code execution via 'trans' extension for dynamic twig templates (when debug output is on)
• #2491987 by alexpott: Config import validation needs to take into account install profiles
• #2497455 by Manuel Garcia, davidhernandez, Cottser, dawehner: Remove unnecessary markup from views templates, a.k.a. divitis
• #2509630 by andypost: Update doc-block for _node_mass_update_batch_finished
• #2511472 by Wim Leers, Fabianx, dawehner: Refactor all usages of drupal_render()/Renderer::render() that break #2450993
• #2505201 by munzirtaha: Quick Edit toolbar's arrow should be reversed in RTL
• #2511348 by kfitz, dylanf, cilefen: HtaccessTest::testFileAccess() has a documentation typo
• #2509890 by Dom., saki007ster, emma.maria: Fix footer menus in Bartik being vertically misaligned if you have +1 items
• #2507509 by catch, dawehner: Service changes should not result in fatal errors between patch or minor releases
• #2511354 by tim.plunkett: Remove StringTranslationTrait from FormBuilder
• #2465053 by larowlan, dawehner, Arla, fago, cilefen, lauriii, Wim Leers: Drupal 8 only allows one user every 6 hours to register when page caching is enabled — caused by entity UUID in form state
• #2506539 by mikeryan: d6_contact_settings not specifying source provider
• #2399211 by mpdonadio, legolasbo, vijaycs85, pjonckiere, rteijeiro, jhodgdon, dawehner, yched: Support all options from views fields in DateTime formatters
• #2505941 by JeroenT, joshi.rohit100: Remove deprecated methods on BubbleableMetadata class
• #2500527 by dawehner, tim.plunkett, effulgentsia: Rewrite \Drupal\file\Controller\FileWidgetAjaxController::upload() to not rely on form cache
• #2508666 by alexpott, pwolanin, benjy: Drupal 8 .htaccess rule to prevent php file access can be easily bypassed
• #2278965 by jhedstrom: Add a warning to the installer for MySQL if an InnoDB-compatible engine is not selected
• #2500443 by jhodgdon, Wim Leers: Cache API topic says nothing about cache context, add something
• #2505841 by andypost: Make CommentAdminOverview use link templates
• #2422353 by andypost: Comment module should check that comment body field exists
• #2470233 by wadmiraal, emma.maria, sxnc, idebr, googletorp, LewisNyman: Fix the visual bugs in the Bartik footer
• #2507459 by Wim Leers: CachePluginBase and subclasses no longer need Renderer/RenderCache services injected
• #2505649 by tohesi: Update jquery.once to 2.0.2
• #2504995 by Xano: Component DefaultFactory relies on core's concept of plugin providers
• #2506793 by Gábor Hojtsy: Config translation shows search field below table
• #2510072 by phenaproxima: UTF-8 support in MySQL driver breaks migrate dump files
• #2509434 by willzyx: Faulty dependency to ThemeInitialization in Drupal\Core\Theme\ThemeManager
• #2203779 by ivanstegic, pguillard, Xano, Prashant.c, jhodgdon: Improve wording of the configuration import form
• #2417895 followup by David_Rothstein: AccountPermissionsCacheContext/PermissionsHashGenerator must special case user 1, since permissions don't apply to it
• #2505197 by Arskiainen, jaimeguzman, tstoeckler: Add a @see + docs about language_element_info_alter() to LanguageSelect
• #2417895 by David_Rothstein, Berdir, Wim Leers, willzyx, catch: AccountPermissionsCacheContext/PermissionsHashGenerator must special case user 1, since permissions don't apply to it
• #2407195 by Wim Leers, Fabianx, joelpittet, lauriii, Crell: Move attachment processing to services and per-type response subclasses
• #2506655 by pguillard, joshi.rohit100: Database Schema class has no doc block
• #2509496 by chx, benjy, phenaproxima: Make migrate process plugins more flexible/less boilerplate
• #2503083 by pwolanin, neclimdul: Simplify PasswordInterface so it's not coupled to UserInterface
• #2480811 by catch, dawehner, Crell, Berdir, amateescu: Cache incoming path processing and route matching
• #2506349 by alexpott: Unnecessary looping in Xss::filter when processing attributes
• #1305882 by dawehner, nod_, Fabianx, Steven Jones, sun, nlisgo: drupal_html_id() considered harmful; remove ajax_html_ids to use GET (not POST) AJAX requests
• #2508591 by timmillwood, alexpott, chx, pwolanin: vendor/ is web accessible
• #2505171 by neclimdul: Follow-up for follow-up for #2483433 (phpunit tests broken)
• #2422815 by Xano, fgm, tim.plunkett, dawehner: Don't initialize the discovery object in plugin managers, unless needed
• #2505171 by Wim Leers: Follow-up for #2483433
• #2505521 by benjy: Clean-up un-need test classes in migrate_drupal
• Revert "Issue #2505521 by benjy: Clean-up un-need test classes in migrate_drupal"
• #2502617 by droplet, darol100: When changing from a text format with an editor to one without, any user-entered changes are ignored: the original text is saved
• #2504993 by Xano: HookDiscovery sets "module" instead of "provider" in plugin definitions
• #2509448 by xjm: Further refactor use of SafeMarkup in HWLDFWordAccumulator
• #2462221 by emma.maria, Dom., rudraram, jp.stacey, Manjit.Singh, sxnc, Cottser, idebr: Highlighted region has not fixed width layout on Bartik theme
• #2505835 by andypost: Optimize CommentAdminOverview
• #2505937 by JeroenT: Remove usage of @deprecated methods on BubbleableMetadata class
• #2502913 by jibran, larowlan: Link field default options values should be array
• #298768 by mkalkbrenner, stefan.r: Ensure that entries are written to watchdog table
• #2506369 by catch, dawehner, Wim Leers: Cache CSS/JS asset resolving
• #2499943 by mikey_p, Berdir, catch: system.active_theme.THEMENAME state should not cache theme data
• #2508654 by chx, dawehner, Chi: File inclusion in transliteration service
• #2501823 by peezy, joelpittet, davidhernandez: Document SafeMarkup::set in FormCache::loadCachedFormState
• #2506133 by alexpott, joelpittet, dawehner, pwolanin: Replace SafeMarkup::set() in \Drupal\Core\Template\Attribute
• #2508777 by dawehner: Database Connection test fails on PHP-5.5
• #2349711 by lauriii, mortendk, sqndr, akalata, yannickoo, Manjit.Singh, Jolidog, b0unty, aliyakhan, LewisNyman: Remove all visual from stark
• #1314214 by stefan.r, phayes, ergophobe, YesCT, damienwhaley, kbasarab, Tor Arne Thune, basic, pfrenssen, yannickoo, simolokid, fietserwin, bzrudi71: MySQL driver does not support full UTF-8 (emojis, asian symbols, mathematical symbols)
• #2496367 by jibran, nod_, zniki.ru, ashutoshsngh: Add dawehner and pwolanin as Menu subsystem maintainer
• #2496789 by lauriii: Add davidhernandez and mortendk as maintainers for Classy theme
• #2504893 by mpdonadio: Add mpdonadio as maintainer for DateTime module
• #2503109 by Cottser: Remove Cottser from the Core mentoring leads in MAINTAINERS.txt
• #2501685 by Dave Reid: Batch::claimItem() contains wrong class in documentation
• #2505193 by googletorp: MockFileFinder has empty contruct method
• #2358409 by tien.xuan.vo, Haza: image_image field element is processed 2 times
• #2499823 by ryanissamson, dylanf: Minor CHANGELOG.txt formatting
• #2505851 by JeroenT: Remove deprecated function taxonomy_*
• #2483781 by borisson_, rbayliss, cilefen, mitalimehta, joshi.rohit100: Move cache contexts classes from \Drupal\Core\Cache to \Drupal\Core\Cache\Context
• #2484619 by borisson_, Wim Leers, lauriii, larowlan, dawehner: Forum responses don't set cache tags
• #2505149 by Dom.: Remove empty Personalization panel in AccountSettingsForm
• #2501639 by crowdcg, Cottser, cwells, YesCT, Gábor Hojtsy: Remove SafeMarkup::set in drupal_check_module()
• #2495179 by dawehner, Gábor Hojtsy, lauriii, Fabianx, chx, effulgentsia: Twig placeholder filter should not map to raw filter
• #2504417 followup by dawehner, daffie: Fix Drupal\Tests\migrate\Unit\MigrateSqlIdMapTest::testGetQualifiedMapTablePrefix()
• #2501441 by mlncn, joelpittet, cilefen: Document SafeMarkup::set in AllowedTagsXssTrait::fieldFilterXss
• #2452577 by JeroenT, AjitS, tadityar, arpitr, dpopdan, Mile23, andypost: Remove Usage of deprecated function taxonomy_*
• #2504781 by neclimdul: Skip instead of fail migration tests if pdo_sqlite is missing
• #2505701 by pwolanin, YesCT, akalata: Document SafeMarkup::set and Use htmlspecialchars() directly in Attribute() so we don't bloat the list of safe strings
• #2505655 by martin107: Remove stale todo in AuthenticationManager
• #2473955 by Cottser: Prefix form-wrapper classes with js-
• #2501827 by cwells, kgoel, jcloys, YesCT, crowdcg, Bojhan: Remove SafeMarkup::set() in file_save_upload() and allow render/template code to control a single-item list
• #2501705 by tetranz, pwolanin, Cottser, joelpittet, akalata: Remove SafeMarkup::set() in LinkGenerator and document SafeMarkup::set() in LinkGeneratorTest
• #2263569 by tim.plunkett, effulgentsia, Fabianx, dawehner, Wim Leers, larowlan: Bypass form caching by default for forms using #ajax.
• #2451395 by dawehner, catch, fgm, David_Rothstein: drupal_get_schema()/drupal_get_complete_schema() no longer work as expected; remove them
• #2501947 by kgoel, leslieg, crowdcg, dawehner: Remove SafeMarkup::set in ViewUI::renderPreview()
• #2501933 by leslieg, ashutoshsngh, YesCT, joelpittet, Cottser, dawehner: Remove dead code in ViewUI::getDefaultAJAXMessage()
• #2505469 by pwolanin, joelpittet: Remove drupal_render() calls from template_preprocess_table()
• #2494177 by nod_: Enable ESLint warning for missing JSDoc
• #2495073 by dawehner, catch: Views feed display plugin has to get all views data on init
• #2408463 by thomasfava, MathieuSpil, Manjit.Singh, Vidushi Mehta, LewisNyman: Rewrite entity-meta component inline with our CSS standards
• #2408525 by MathieuSpil, cosmicdreams, Manjit.Singh, njbarrett, kamalpreetkaur, LewisNyman, axe312, dawehner: Rewrite Views UI CSS inline with our CSS standards - Part 1
• #2504633 by eiriksm: Fix comments with more than 80 characters per line in BookManager
• #1811858 by Mile23, deepakaryan1988: Add missing type hinting to File module docblocks
• #2484611 by jhedstrom, fgm, Berdir, borisson_, Wim Leers: Tracker responses don't set cache tags & contexts
• #1493324 by tim.plunkett, dmsmidt, mgifford, bleen18, davidhernandez, crasx, mparker17, stefan.r, YesCT, joelpittet, tstoeckler, larowlan, vijaycs85, swentel, rpayanm, Bojhan, LewisNyman, emma.maria, BarisW, njbarrett, rteijeiro, nod_, sun, joshtaylor, mrjmd, webchick, marcvangend, kattekrab, SKAUGHT, bowersox, andrewmacpherson, Manjit.Singh, RavindraSingh, Wim Leers, BLadwin, aspilicious, mortendk, mausolos, jessebeach, Gábor Hojtsy, anandps, falcon03, franz, andypost, rooby, rootwork, Cottser, Xano: Inline form errors for accessibility and UX
• #2501749 by joelpittet: Remove SafeMarkup::set in SimpletestResultsForm.php
• #2472621 by hchonov, plach: Translatable entity 'created' and 'uid' fields not initialized properly during content translation 'Add'
• #2456009 by davidwbarratt: Add a "replace" section to core/composer.json
• #2498625 by jhedstrom, larowlan: Write tests that ensure hook_update_N is properly run
• #2502095 by joelpittet, cwells: Remove SafeMarkup::set in template_preprocess_views_ui_view_info()
• #2501819 by leslieg, edysmp, Cottser, joelpittet: Remove SafeMarkup::set in search_embedded_form_preprocess_search_result()
• #2504211 by mpdonadio: DateFormatter::formatDiff() ignore granularity in some circumstances
• #2493557 by pfrenssen: Fatal error when creating a translatable vocabulary type
• #2107249 by Jelle_S, tstoeckler, amateescu, Xano, jibran, yched: Don't assume that content entities have numeric IDs in EntityReferenceItem
• #2504147 by mikeryan: Copypasta error with FileInterface::getCreatedTime() doc
• #2503737 by googletorp: Wrong @file documentation for \Drupal\Core\Datetime\DateFormatter
• #2471609 by jcnventura, pguillard: FilterTest testFilterQuery wrong assert message
• #2496501 by olli, NickWilde: Grouped Filters Javascript Improvements
• #2501655 by tim.plunkett, hchonov, willzyx: ConfirmFormHelper::buildCancelLink() incorrectly handles ?destination URLs with a leading slash
• #2401843 by lahoosascoots, jhodgdon: Move all *.api.php files except system.api.php out of system module directory
• #2401519 by davidwbarratt, derhasi: [policy] Decide on Composer Package Names
• #2485409 by rudraram, Manjit.Singh, LewisNyman: Clean up content translation CSS inline with our CSS standards
• #2496039 by yched: Formatter's #attached assets are not carried over by Views
• #2254235 by AohRveTPV, mahtoranjeet, er.pushpinderrana, yogen.prasad, ashutoshsngh, Manjit.Singh, Charles Belov, nod_: Don't include leading and trailing spaces in password strength
• #2504417 by alexpott: Fix Drupal\Tests\migrate\Unit\MigrateSqlIdMapTest::testGetQualifiedMapTablePrefix()
• #2503017 by joshi.rohit100: Rename the migration setting conf_path to site_path
• #2499035 by droplet: When in CKEditor maximized mode, Insert Image dialog is not working
• #2195083 by Les Lim, ParisLiakos, Xano, gaurav_varshney, ravi.khetri, fago, jain_deepak: Add a dedicated @Constraint annotation class
• #2504109 by EvanSchisler, cilefen: A bunch of old update test dump scripts are still hanging out
• #2497323 by jhedstrom, dawehner, alexpott, larowlan: Create a php script that can dump a database for testing update hooks
• #2484037 by plach, Gábor Hojtsy, YesCT, dawehner: Make Views bulk operations entity translation aware
• #2280963 by cwells, mlncn, peezy, joelpittet: Refactor use of SafeMarkup in HWLDFWordAccumulator
• #2499835 by phenaproxima, chx, benjy: Remove broken Fake DB driver
• #2502255 by dawehner, larowlan: Enable tags cache plugin by default for Views
• #2494415 by bzrudi71: PostgreSQL: Fix migrate_drupal\Tests\d6\MigrateTaxonomyTermTest
• #2410019 by alexpott, dstelljes: DrupalKernel::findSitePath() incorrectly reports directories for sites on nonstandard ports
• #2475221 by alexpott: Remove some unused varaibles from views
• #2451359 by alexpott: Remove the ability of collections other than the default to support configuration entities
• #2497259 by catch, tim.plunkett, alexpott: system_region_list() unnecessarily translates region names
• #2456521 by pjonckiere, mpdonadio, jhodgdon, rteijeiro, David_Rothstein, xjm: Add DateFormatter::formatDiff() as a non-buggy alternative to DateFormatter::formatInterval() when the start and end of the interval are known
• #2490936 by cbanman, joshi.rohit100, ashutoshsngh, andypost, Cottser: hook_library_info_alter() docs and function signature are slightly out of date
• #2385429 by tim.plunkett: setExecutableManager() is implemented on the wrong class
• #2384675 by sidharrell, cilefen, Mile23, damiankloip, dawehner, Wim Leers, alexpott, neclimdul: Deprecate conf_path()
• #2497847 by yched, amateescu: Simplify EntityDisplayEditFormBase ajax rebuild flow to work only with $this->entity
• #2494313 by Pere Orga, sumitmadan: Follow up to Spellchecking Drupal - PHP
• #2485397 by Manjit.Singh, MathieuSpil, gajendra sharma, saki007ster, LewisNyman: Clean up config translation CSS inline with our CSS standards
• #2489400 by Bojhan, manauwarsheikh, yogen.prasad, Manjit.Singh, hylid: Reduce duplication/unnecessary text from Exposed forms
• #2495209 by yogen.prasad, Manjit.Singh: 'Blocks administration page' link offered to users with no access
• #2501577 by willzyx: Faulty dependency to ModuleHandler
• #2501355 by willzyx: Remove unused router.builder service from Drupal\Core\Menu\LocalTaskManager
• #2485293 by MathieuSpil, Manjit.Singh, rudraram, prajaankit, LewisNyman, DeeLay, sqndr: Clean up tour.module.css
• #2392293 by bircher, tim.plunkett, alexpott, cilefen, gobinathm: Refactor hook_system_info_alter implementations to use ModuleUninstallValidatorInterface
• #2494989 by catch, alexpott, vijaycs85: Don't render main help pages on modules page just to generate help links - can lead to high memory usage on form submit
• #2443361 by joelpittet, Cottser, sqndr, lauriii, Manuel Garcia, Wim Leers: Remove theme_book_link, make book tree align with MenuLinkTree build
• #2500723 by olli: Ajax dialog triggers click before mouseup
• #2499605 by davidum, hchonov: tabledrag is adding tabledrag-handle twice for nested tables
• #2385243 by aneek, subhojit777, iMiksu, spesic, deepakaryan1988, tohesi, Petr Illek, Cottser, lauriii: Make core user fields available for twig templates
• #2499673 by droplet: Add back tabledrag row indication
• #2346261 by DuaelFr, kmoll, Berdir: Deprecate entity_create() in favor of a ::create($values) or \Drupal::entityManager()->getStorage($entity_type)->create($values)
• #2279105 by mgifford, nidaismailshah, thedavidmeister, amitgoyal, rpayanm, ameenkhan07, rakhimandhania, jhodgdon: Remove as many "..." and ellipsis characters from the codebase as possible without altering the meaning of text
• #2350683 by rjacobs, Berdir: File field "Enable Description field" setting cannot be saved via instance settings in UI
• #2486979 by metzlerd, ashutoshsngh, deepakaryan1988: Document Select/list elements
• #2473943 by Manjit.Singh, Cottser, mu5a5hi, LewisNyman, mortendk, rteijeiro, rachel_norfolk: Prefix form-file and form-managed-file classes with js-
• #2502477 by alexpott: Running all the PHPUnit tests using PHPUnit results in failure
• #2492191 by droplet: Remove "Crawl-delay" in robots.txt
• #2381277 by dawehner, plach, damiankloip, alexpott, olli, fgm, Wim Leers, Fabianx: Make Views use render caching and remove Views' own "output caching"
• #2497017 by damiankloip, jmolivas: Views::getApplicableViews() initializes displays during route rebuilding etc
• #2493677 by nod_, dawehner, Wim Leers: JSDoc for misc/ files
• Revert "Issue #1838242 by jhedstrom, pivica, tim.plunkett, GaëlG, dawehner, olli, Lendude: Provide Views integration for datetime field"
• #2481453 by dawehner, pwolanin, rteijeiro, neclimdul, znerol: Implement query parameter based content negotiation as alternative to extensions
• #2494293 by umarzaffer, pguillard, ashutoshsngh, xjm, RavindraSingh, joelpittet: Document the #noscript property
• #2273925 by larowlan, aneek, lauriii, mikey_p, joelpittet, dimaro, Fabianx, xjm, jaredsmith, effulgentsia, lokapujya, iMiksu, chx, YesCT, googletorp, dawehner, Wim Leers, Cottser: Ensure #markup is XSS escaped in Renderer::doRender()
• #2501447 by Cottser: Document SafeMarkup::setMultiple in _batch_page()
• #2500747 by joelpittet, effulgentsia: Remove 'html' option from theme('time')
• #2501747 by cwells, joelpittet, peezy: Remove SafeMarkup::set in search_excerpt
• #2472177 by Dom., nod_, drubb, mgifford: Collapsible fieldset have duplicated and wrong aria-expanded
• #2501451 by Cottser, joelpittet: Document SafeMarkup::set in drupal_get_messages()
• #2493683 by nod_, dawehner, eiriksm, Wim Leers: JSDoc for JS using Backbone
• #2501403 by Cottser, xjm, pwolanin, joelpittet: Document SafeMarkup::set in Xss::filter
• #2500977 by olli: History module triggers a post request for anonymous users on all node pages
• #2500031 by cilefen: Killing the entire Testing list page if any test anywhere is missing a summary is not nice; add robustness
• #1838242 by jhedstrom, pivica, tim.plunkett, GaëlG, dawehner, olli, Lendude: Provide Views integration for datetime field
• #2478119 by znerol, andypost: Replace references to Session Manager with references to Session
• #2483433 by damiankloip, Wim Leers, catch, dawehner: Optimize CacheableMetadata::merge() + BubbleableMetadata::merge()
• #2395831 by dawehner, fago, martin107, cafuego, YesCT, plach, jibran, larowlan, Wim Leers, effulgentsia, klausi: Entity forms skip validation of fields that are not in the EntityFormDisplay
• #2494319 by Pere Orga: Follow up to Spellchecking Drupal - Comments
• #2493691 by nod_, eiriksm, dawehner: Add JSDoc for core modules JS
• #2498849 by catch, dawehner: Entity view controller title rendering is expensive
• #2195573 by Xano, eiriksm, heddn, ParisLiakos, Les Lim, Pere Orga, dinarcon, xjm, alexpott: Add a dedicated @LanguageNegotiation annotation class
• #2460529 by alexpott, chx, phenaproxima: Migrations need to use the configuration entity dependency system
• #2478483 by Wim Leers, Fabianx: Introduce placeholders (#lazy_builder) to replace #post_render_cache
• #2498293 by cilefen, Fabianx: Only allow lowercase service and parameter names
• #2478413 by typhonius: Remove an extra comment space in the MySQL Connection class
• #2473729 by FMB, darol100, ifrik, ivarlaks, jhodgdon: Review the hook_help for Internal page cache module
• #2499615 by honzakuchar: Docblock interface Drupal\Core\Extension\ThemeHandlerInterface::uninstall typo
• #2389811 by znerol, mpdonadio, alexpott, hussainweb, neclimdul: Move all the logic out of index.php (again)
• #2218145 by mglaman, fran seva, Alumei, dawehner: Change EntityRouteEnhancer::enhance() to use protected methods instead of one giant method
• #2476059 by willzyx, tadityar, yarik.lutsiuk, Berdir: Remove EntityInterface->getSystemPath(), all its implementations and related usage
• #2475715 by stefan.r, tstoeckler: Module uninstall form does not validate correctly and breaks the confirmation form after 60 seconds
• #2496801 by cilefen, Cottser: Change setGenerators to setUrlGenerator on TwigExtension
• #2495419 by Cottser: Move the 'search-results' class from the render array and into a Classy template
• #2477461 by borisson_, googletorp, Wim Leers, Crell: Move X-Generator header to its own listener
• #2498689 by lauriii, Wim Leers, David_Rothstein: "Back to site" link no longer appears in the toolbar
• #2115737 by darol100, rhuffstedtler, andythomnz, jemandy, ijf8090, zealfire, er.pushpinderrana, jhodgdon: Make the text in modules, themes, and profiles README.txt files more user-friendly
• #1810002 by Mile23, piyuesh23: Add missing type hinting to Config module docblocks
• #2488844 by markie, jhodgdon: Write tests for raw time span and time span formatters in Views
• #2494679 by Xano: Fix LanguageNegotiatorInterface type hints in docblocks
• #2497447 by mpdonadio, stefan.r, jhodgdon: DrupalDateTime::format() and DateTimePlus::format() ignore the timezone setting
• #2489664 by sumitmadan, davidhernandez, Manjit.Singh, Cottser: Remove unnecessary markup from core templates, a.k.a. divitis
• #2485375 by marieke_h, Manjit.Singh, MathieuSpil, LewisNyman, geertvd: Clean up shortcut CSS inline with our CSS standards
• Revert "Issue #1314214 by stefan.r, phayes, ergophobe, YesCT, damienwhaley, Tor Arne Thune, kbasarab, pfrenssen, basic, yannickoo, simolokid: MySQL driver does not support full UTF-8 (emojis, asian symbols, mathematical symbols)"
• #2139185 by penyaskito, YesCT: Notify users when landing on config translation page with only one language listed
• #2489560 by Manjit.Singh, Cottser, mortendk, LewisNyman: move comment.theme.css to classy
• #2498269 by willzyx: Syslog is incompatible with Webprofiler - Faulty dependency to ConfigFactory
• #2498515 by Berdir, neclimdul: Update additional Symfony Components to 2.7.0
• #1314214 by stefan.r, phayes, ergophobe, YesCT, damienwhaley, Tor Arne Thune, kbasarab, pfrenssen, basic, yannickoo, simolokid: MySQL driver does not support full UTF-8 (emojis, asian symbols, mathematical symbols)
• Revert "Issue #2498515 by neclimdul: Update additional Symfony Components to 2.7.0"
• #2497113 by catch, dawehner: views_theme() gets 19 types of plugin definition, only needs five
• #2498515 by neclimdul: Update additional Symfony Components to 2.7.0
• #2254865 by Wim Leers, lauriii, borisson_, JeroenT, alexpott, Fabianx: toolbar_pre_render() runs on every page and is responsible for ~15ms/17000 function calls
• #2429443 by vijaycs85, rteijeiro, penyaskito, gloob, xjm, nod_, geertvd, pjonckiere, alexpott, Wim Leers, Gábor Hojtsy, Fabianx, tim.plunkett: Date format form is unusable
• #2497307 by Wim Leers: Search block marks itself uncacheable for no reason
• #2486433 by damiankloip, Gábor Hojtsy, Wim Leers, dawehner, plach: Make ViewsForm stop marking itself as needing to be cached
• #2489826 by droplet: tabledrag is broken
• #2470693 by dawehner, Berdir, jibran, hussainweb, pwolanin, znerol: Upgrade to Symfony 2.7.0
• #2451749 by amateescu, bzrudi71, jaredsmith: PostgreSQL: Fix views\src\Tests\GlossaryTest.php
• #2491333 by Mac_Weber, opdavies: Update MAINTAINERS.txt to use human URLs
• #2496943 by sasanikolic, stefan.r: Add condition to ignore PHP 7 on rest requirements check
• #2456225 by nod_, drupaldrop, droplet: Improve formUpdated event
• #2495353 by phenaproxima, benjy: migrate-db.sh should ignore volatile variables
• #2488936 by lauriii, emma.maria: Bartik CSS library reordering
• #2496261 by Berdir: Field Purging invalidates views_data caches as it uses the wrong hook
• #2416831 by cilefen, vasi, tadityar, Noe_, lauriii, akalata, JeroenT, Cottser, davidhernandez: Add an active_theme twig function
• #2482231 by alexpott: Deleting configuration entities is super slow once you have a few
• #2493807 by jhedstrom, cilefen: Add symfony/console component to core
• #2493047 by Wim Leers: Cache redirects should be stored in the same cache bin
• #2489474 by mortendk, LewisNyman, Manjit.Singh, davidhernandez: Move book.theme.css to Classy
• #2495657 by alexpott, jhodgdon: Admin links are missing from a module's help page
• #2495833 by alexpott, tim.plunkett, dawehner: Drupal\node\NodePermissions::contentPermissions() is duplicate and dead code
• #2494915 by Gábor Hojtsy: Fix comment in ViewEditTest.php
• #2495755 by phenaproxima: Create MigrateDrupal7TestBase
• #2495407 by jhedstrom, Noe_, cilefen: Regression: Editing a node with a disabled menu link re-enables that menu link
• #1533366 follow-up by nod_, LewisNyman: Fix broken fullscreen AJAX throbber
• #2466797 by mikeryan, benjy: Rename migration_groups key to avoid confusion with MigrationGroup support
• Revert "Issue #1838242 by jhedstrom, pivica, tim.plunkett, GaëlG, dawehner, Lendude: Provide Views integration for datetime field"
• #1838242 by jhedstrom, pivica, tim.plunkett, GaëlG, dawehner, Lendude: Provide Views integration for datetime field

Läs mer: http://drupal.org/node/2514176

8.0.0-beta11

(beta release)
28 Maj 2015 - 95MBThis release is a beta version. Betas are good testing targets for developers and site builders who are comfortable reporting (and where possible, fixing) their own bugs, and who are prepared to rebuild their test sites from scratch if necessary. Beta releases are not recommended for non-technical users, nor for production websites.

Known issues

• Obvious user facing bugs: If you are testing the beta, be aware that there are obvious site visitor and site builder-facing bug.
• There are still over 20 critical issues with this beta release that need to be resolved before we will create a release candidate.

Changes since 8.0.0-beta10

• #2493091 by Wim Leers: Installing block module should invalidate the 'rendered' cache tag
• #1805054 by Wim Leers, Gábor Hojtsy, effulgentsia, jibran, jessebeach, catch, dawehner, Fabianx, sun, larowlan: Cache localized, access filtered, URL resolved, and rendered menu trees
• #2494561 by googletorp: double newline in the end of quickedit.module
• #1994292 by David_Rothstein, Gábor Hojtsy: LanguageInterface::TYPE_URL (D8) and LANGUAGE_TYPE_URL (D7) have no name or description
• #2030191 by andypost, j2r, forbesgraham, henk, InternetDevels, IshaDakota, millerbennett: Clean-up api examples of node module
• #2494767 by plach: Rename MenuLinkContentUITest to MenuLinkContentTranslationUITest
• #2473215 by smccabe, joshi.rohit100, googletorp, drubb, sumitmadan, m4olivei, jmolivas, darol100, meramo: Wrong text if no content types are available
• #2470769 by wadmiraal, droplet, Manjit.Singh: Color module lock hooks don't show up correctly
• #2449813 by JeroenT: Remove update_get_projects()
• #2168893 by marthinal, euphoric_mv, lauriii, Elijah Lynn, nod_, blueminds, jhedstrom, joelpittet, dawehner, tim.plunkett, YesCT: Views filters groups adding and removing is broken
• #2475483 by Arla, alexpott, Berdir, jeroen.b: Cannot quickedit an image or date field
• #2432911 by pfrenssen, znerol: Provide test coverage to prove that a third party authentication provider does not automatically start a session
• #2492835 by fago: Documented type for WidgetBaseInterface::flagErrors() parameter $violations is wrong
• #2481383 by jmolivas, willzyx, cilefen: Remove unused entity.manager service from Drupal\system\Form\ModulesListForm
• #2493021 by Wim Leers, Fabianx, dawehner: Remove unused & useless services from HtmlRenderer
• #2417975 by phenaproxima, benjy, chx, neclimdul: EntityFile destination incorrectly assumes temporary files are absolute paths
• #2349775 by Manuel Garcia, saki007ster, mortendk, Manjit.Singh, brahmjeet789, tombo, davidhernandez: Remove classes from Views templates
• #980144 by DuaelFr, yched, ACF, poedan, tim.plunkett, mgifford, swentel, asgorobets, SamH, sun, Everett Zufelt: Issues with "required, multiple" fields in forms
• #2342745 by Cottser, chr.fritsch, epari.siva, lauriii, wesruv, joelpittet, dawehner: Allow Twig link function to pass in HTML attributes
• #2491353 by pfrenssen, znerol: Cookies from previous tests are still present when a new test starts
• #2491691 by marcoscano, cilefen, jhodgdon, joachim: Entity API docs incorrectly state hook_schema() is needed
• #2494069 by tohesi: Update normalize.css to v3.0.3
• #2488884 by pixelmord, tim.plunkett, droplet: Machine name HTML5 validation fails when field is hidden
• #2493913 by iMiksu: Update mikey179/vfsstream to the latest stable release
• #2486943 by lostkangaroo, Crell, neclimdul: Standardize error message property name
• #2489394 by cr0ss, jhodgdon, Cottser: Refactor the Search module markup to be inline with our standards
• #753898 by corbacho, weri, opdavies, dscl, idebr, willzyx, manauwarsheikh, dansologuren, yoroy, alexpott: Wrong message for blocked users who request password reset
• #2357997 by mpdonadio, martin107, lauriii, cilefen, alexpott, cdanik, connorwk: Add test coverage for tablesort header link titles
• #2491687 by joachim: Make EntityViewsData::getViewsTableForEntityType() public rather than protected
• #2487704 by AlexB-appnovation, Bojhan, rudraram, zetagraph: Use underline as the focused state (not border left/bottom)
• Revert "Issue #2487704 by AlexB-appnovation, Bojhan, rudraram, zetagraph: Use underline as the focused state (not border left/bottom)"
• #2410625 by hosef, benjy, phenaproxima: Update D7 dumps to match the D6 dumps
• #2477845 by ingaro, bzrudi71: PostgreSQL: Fix broken migrate table creation
• #2420737 by rodrigoaguilera, Pere Orga, Gábor Hojtsy, maxocub, jhodgdon, penyaskito, plach, danigrrl: Differences in dynamic language names are confusing in views, content, etc
• #1944572 by hass, Cottser, idebr: Remove "ul.menu" dependency to prevent theme clashes
• #2383871 by mgifford, rpayanm, a_thakur, maximpodorov, AohRveTPV, jhodgdon: Spellchecking Drupal - PHP
• #2491155 by mikeburrelljr, Mac_Weber, opdavies: Update drupal.org and kernel.org URLs in core modules (Follow-up to 2489912)
• #2486475 by Eli-T, alexpott, xjm: Notifying user of config changes when config has never been synched still makes no sense
• #2477641 by opdavies, pguillard, kaypro4, gyuhyon, edutrul, yoroy: One-time login link failure messages are misleading because they are not marked as errors
• #1818692 by mbrett5062, lokapujya, David_Rothstein, blacklight4: Improve the maintenance page error message (rollback)
• #2485579 by ram4nd, droplet, nod_, MustangGB, evilfurryone, iMiksu: Update JS library picturefill to 2.3.1
• #2486177 by disasm, amateescu, plach, Pere Orga, piyuesh23, webchick, Saphyel, dawehner, jibran, YesCT, yched, xjm, Gábor Hojtsy, Bojhan: Deleting an entity translation from the UI deletes the whole entity
• #2489834 by droplet: Add droplet as maintainer for JavaScript
• #2474677 by Mac_Weber: Add Mac_Weber to MAINTAINERS.txt for the link.module
• #2457875 by webchick: reorganized MAINTAINERS.txt for new governance policy
• #1833356 by grendzy: CSS files encoded in UTF-8 with BOM break the design when enabling CSS aggregation
• #2470807 by LewisNyman, Dom., davidhernandez, emma.maria, lauriii, jp.stacey: Rename the default "Messages" region for all themes to "Highlighted"
• #2490420 by amateescu, larowlan, Berdir, dpi: EntityAutocomplete element settings allows sql injection and for arbitrary user-supplied data to be passed into unserialize()
• #2491915 by Berdir, miro_dietiker: Test @group detection fails for test classes with non-standard indendation
• #2475187 by amateescu: Add a user-space implementation for LIKE BINARY in SQLite
• #2465887 by dawehner, amateescu, tim.plunkett: Extract the install/uninstall functionality to a ThemeInstaller
• #2469623 by phenaproxima, ultimike, amateescu, mrjmd, douggreen, chx, benjy: Process for creating migration source DBs for automated tests
• #2468565 by eiriksm: Entity type view should provide a context for its label
• Revert "Issue #2486453 by LewisNyman, sqndr, heatherwoz, hylid, yoroy, Bojhan: Set maximum width on Seven"
• #2483617 by vasi, phenaproxima: The d6_file migration forgot to mention the uid column
• #2112895 by willzyx, swentel, drunken monkey: Wrong redirection in admin/modules/uninstall/confirm if drupal is installed in a subdirectory
• #2191115 by cs_shadow, alexrayu, JacobSanford, jhodgdon, Cottser: Clean up stale references to theme('foo') in documentation
• #2473105 by ifrik, jhodgdon, lostkangaroo, opratr, LinL: Update hook_help texts that link to modules that can be uninstalled
• #2486453 by LewisNyman, sqndr, heatherwoz, hylid, yoroy, Bojhan: Set maximum width on Seven
• #2361423 by alexpott, larowlan, dixon_, swentel: Add a step to config import to allow contrib to create content based on config dependencies
• #2489884 by mikeburrelljr, yoroy: Give the views modal window a larger width
• #2473953 by mortendk, rteijeiro, rachel_norfolk, Cottser, aburrows, LewisNyman: Prefix form-submit classes with js-
• #2488610 by catch, kim.pepper, Berdir: Use ModuleHander::getName() instead of rebuilding module data on permissions page
• #2208585 by googletorp, quicksketch: Make #wrapper_attributes official and document it
• #1533366 by nod_, valthebald, Jelle_S, Wim Leers: Simplify and optimize Drupal.ajax() instantiation and implementation
• #2446859 by frob, jcnventura, mducharme, ge, mikeburrelljr: Installer warning: date_default_timezone_get(): It is not safe to rely on the system's timezone settings
• #2337753 by alexpott: ContentEntityNullStorage does not implement a query service
• #2413695 by joelpittet: Modules getting installed in the theme directory if they don't have a *.module file
• #2491009 by trwad: Replace deprecated usage of entity_create with a direct call to the entity type class in Field UI module
• #2433591 by dawehner, plach, YesCT, Wim Leers: Views using pagers should specify a cache context
• #2475263 by LKS90, Berdir: Remove Role::postSave() method
• #2456025 by stefan.r, alexpott, klausi: Rest tests fail on PHP 5.6 because of always_populate_raw_post_data ini setting
• #2473805 by PieterJanPut, alieffring: Unused use statement in RearrangeFilter
• #2251861 by olli, jibran: Add the feed icon back to taxonomy/term/% pages
• #2489420 by Bojhan: Simply AJAX use form
• #2452995 by JacobSanford, ashutoshsngh, jhodgdon: link_path should be url in the menu API documentation
• #1751434 by droplet, oxyc, pguillard, lauriii, nod_: Selectors clean-up: user module
• #2490974 by jstoller: seven_library_info_alter() is missing $extension parameter and condition
• #1328014 by eiriksm, superspring: PDOException when saving a node on non-English languages
• Revert "Issue #2433591 by dawehner, plach, YesCT, Wim Leers: Views using pagers should specify a cache context"
• Revert "Revert "Issue #2489922 by anavarre, RavindraSingh: Fix minor typos""
• Revert "Issue #2489922 by anavarre, RavindraSingh: Fix minor typos"
• #2489922 by anavarre, RavindraSingh: Fix minor typos
• #2490382 by mfarineau, cilefen, mradcliffe: Fix typo in EntityQueryTest doc block for figures var
• #2476745 by joshi.rohit100, znerol, andile2012, webchick, Daniel Kanchev: Fix case of SuperNovaGenerator in HelpEmptyPageTest
• #2447365 by JacobSanford, klausi, dawehner, jhodgdon, webchick: Let's explain in DestructableInterface why it is useful
• #2490074 by chx, dawehner: hook_entity_access documentation is useless
• #2469929 by mondrake, Bojan Živkov, LewisNyman, tim.plunkett, Bojhan, roderik: The confirmation forms' cancel link should be styled as a button
• #2472147 by googletorp, anavarre, jaredsmith, bojanz: Standardize getter docblocks in node module
• #2489402 by Bojhan: Remove "if any" from pager title
• #2489912 by mikeburrelljr, opdavies, larowlan: Update Drupal.org URL in core modules
• #889772 by stefan.r, tuutti, opdavies, Sutharsan, joachim, das-peter, YesCT, Zerdiox, hussainweb, mgifford: following a password reset link while logged in leaves users unable to change their password
• #2488940 by plach: Contextual links are broken on multilingual sites
• #2490146 by droplet: Prevent empty request on machine name transliterate
• #2488866 by googletorp: Missing * in docblock for StatusMessages::generatePlaceholder
• #2487808 by JesseSturgis, Scott Weston: autocorrect="off" and autocapitalize="off" in login form are deprecated and may be not enough
• #2478167 by andypost, znerol: Generate proper value for sessionName property in BrowserTestBase
• #2445497 by Mile23, dawehner: Decouple ContainerBuilderTest from Symfony's tests
• #2422399 by aliyakhan, JCL324, mortendk, skippednote, rpayanm, tadityar, LewisNyman, joelpittet, idebr: Rewrite block.admin.css inline with our CSS standards
• #2484131 by phenaproxima, neclimdul, mikeryan: Migration process plugin should log exceptions encountered during stubbing
• #2486911 by mark.labrecque, joshi.rohit100: Garbled documentation in AssertBreadcrumbTrait.php
• #2060553 by jhodgdon, manningpete: Search result snippet displayes HTML entities
• #2478535 by phillamb168, sasanikolic, jhodgdon: Rewrite the documentation of content_translation_entity_type_alter()
• #2473907 by alexpott, maijs: Tests not being run by testbot due to missing summary line
• #2489966 by plach: The Views table style plugin does not specify cache contexts for click sorting
• #2156295 by vegantriathlete, Rajendar Reddy: ajax_views.js has some extraneous code?
• #2470307 by Mark_L6n, eiriksm, Gábor Hojtsy: Modifying path prefix for URL language detection causes error message for default language
• #2488126 by phenaproxima: MachineName process plugin should use injected transliteration service
• #2475001 by chris_hall_hu_cheng, jcnventura: Cache DateTime exception when Timezone not set
• #2474537 by Noe_, tstoeckler, michaellenahan, cilefen: Installing in a non-English language fails for command-line installations (Drush, ...)
• #2283637 by pfrenssen, dawehner, shivanshuag, znerol: Provide test coverage to prove that an AuthenticationProvider can initiate a session
• #2489362 by shellshocked59, devupable, bpleduc, LewisNyman: Change views listing drop button to standard size
• #2488632 by rpayanm, jhodgdon: Help test module should be in the Testing package
• #2489376 by Bojhan: Remove "should" to more actionable
• #2488954 by alexpott, webflo: Set simpletest memory limit to 128M
• #2479819 by jhedstrom, grendzy: Menu hierarchy tests are not being run
• #2485431 by bjmac, saki007ster, LewisNyman, rudraram: Clean up file CSS inline with our CSS standards
• #2474047 by arturogarrido, ejabrown, mikeburrelljr, acrosman, lauriii, pwolanin, dawehner: Remove Timer from DrupalKernel
• #2416109 by alexpott, bircher, xjm, dawehner: Validate configuration dependencies before importing configuration
• #2461845 by Fabianx, Berdir, larowlan, David_Rothstein, Gábor Hojtsy: Private files that are no longer attached to an entity should not suddenly become accessible to people who couldn't see them before
• #2486441 by jibla, richgilbert, entendu, emma.maria, amyvs, mradcliffe, heatherwoz, mu5a5hi, lnicks, hzakaryan: Clean up the "Search results" component in Bartik
• #2480799 by mradcliffe, bzrudi71, dawehner, ingaro, jaredsmith: PostgreSQL: Fix views\Tests\Handler\FieldGroupRowsTest (again)
• #2487099 by dawehner, plach, Wim Leers: Set cache contexts for exposed sorts / items_per_page / offset
• #2485575 by ram4nd, willzyx, iMiksu, nod_: Update jQuery to 2.1.4
• Revert "Issue #2470807 by LewisNyman, Dom., davidhernandez, emma.maria, jp.stacey, lauriii: Rename the default "Messages" region for all themes to "Highlighted""
• #2468767 by eiriksm, Gábor Hojtsy: English config source strings are saved as custom translations in locale in foreign install
• #2428795 by mkalkbrenner, plach, yched, catch, hchonov, webchick, tstoeckler, pjonckiere, miro_dietiker, Schnitzel, klausi: Translatable entity 'changed' timestamps are not working at all
• #2480307 by camoa: DefaultPluginManager doesn't allow Plugin definitions from Themes
• #2470807 by LewisNyman, Dom., davidhernandez, emma.maria, jp.stacey, lauriii: Rename the default "Messages" region for all themes to "Highlighted"
• #2478855 by xjm, JacobSanford, jhodgdon: Improve documentation for hook_entity_type_build() and hook_entity_type_alter()
• #2478319 by NickWilde: DBLog module config link
• #2296885 by mikeker, dawehner: Remove format_xml_elements()
• #2473949 by mortendk, rteijeiro, rachel_norfolk, Cottser, LewisNyman: Prefix form-type-* classes with js-
• #2489100 by alexpott: Random fail in Drupal\views\Tests\Plugin\RowRenderCacheTest
• #2473941 by mortendk, rteijeiro, rachel_norfolk, Cottser, LewisNyman: Prefix field-parent classes with js-
• #2483903 by mradcliffe, dawehner: Fix tests broken by leverage entityDisplay to provide fast rendering for fields
• #2258177 by amateescu, sun, mikeryan, bdone, dawehner, Berdir: Convert migrate_drupal tests to KernelTestBase
• #2480959 by mradcliffe, dawehner, jaredsmith, bzrudi71: PostgreSQL: Fix views\Tests\Handler\FieldGroupRowsWebTest (again)
• #2473709 by nicoloye, marcvangend, pjbaert, yoroy, webchick: Do not use SERVER_NAME as default value for the site name
• #2317975 by Martin Mayer, jhodgdon, ifrik: Update Views help to explain multilingual
• #2488156 by andile2012: Fix typos in @inheritdoc
• #2289201 by mariano.barcia, webchick: [Meta] Make drupal install and run within reasonable php memory limits so we can reset the memory requirements to lower levels
• #2472323 by dawehner, neclimdul, Crell, kim.pepper, nod_, Wim Leers, larowlan, jibran, pwolanin, catch: Move modal / dialog to query parameters
• #2484539 by amateescu, dawehner, bzrudi71: PostgreSQL: Fix views\Tests\Handler\FieldFieldTest
• #2486413 by Manjit.Singh, vinmassaro, LewisNyman: Seven's primary tabs have incorrect spacing on narrow screens
• #2369987 by aneek, alexpott, joelpittet, rteijeiro, pgautam, jain_deepak, idebr: Remove SafeMarkup::set() from 'head' title on template_preprocess_html
• #2486831 by amateescu: The $dbh and $connection members are mixed up in Drupal\Core\Database\StatementPrefetch
• #2450897 by plach, epari.siva, dawehner, jibran, Fabianx: Cache Field views row output
• #2339447 by lauriii, joseph.olstad, Fabianx, joelpittet, jcnventura, amateescu, Antti J. Salminen: Improve theme registry build performance by 85%
• #2383865 by mgifford, pguillard, rpayanm, alexpott, jhodgdon: Spellchecking Drupal - Javascript
• #2487261 by nod_, alanburke: Eslint config update for function spacing style
• #2457427 by Crell: Bad error handling of invalid Entity definition
• #2459777 by jibran, Jaesin, tstoeckler, TR: {taxonomy_index} and {taxonomy_term_hierarchy} doesn't join taxonomy data table in views
• #2486431 by vilepickle, vinmassaro: Progress bar starts at 100%
• #1862250 by amanire, Ivan Zugec, joates, yoroy, joshi.rohit100, acabouet, rpayanm: The "Trim length" format description is confusing/not clear to Drupal newcomers
• #2487464 by mark.labrecque: Internationalization topic code section is not showing up as code
• #2473123 by sander.devos, JacobSanford, xjm, jhodgdon: Add node grant classes and interfaces to the node access topic
• #2473089 by boris sondagh, jhodgdon, drubb, ifrik: Book settings page has wrong settings label
• #2448691 by joshi.rohit100, rpayanm, ameymudras, lakshminp: comment at top of comment_hacks.css references removed function
• #2482295 by Berdir: Rebuilding field map with many bundles/fields is very slow
• #2247379 by yched, alexpott, Berdir: Optimize config entity query conditions on ID
• #2471793 by drubb, tadityar, ifrik, jhodgdon: Update hook_help text for Forum module
• #2482215 by alexpott: Improve config_prefix documentation
• Revert "Issue #2369987 by aneek, joelpittet, rteijeiro, jain_deepak, pgautam, idebr: Remove SafeMarkup::set() from 'head' title on template_preprocess_html"
• #2485505 by Manjit.Singh, LewisNyman: Remove CSSlint errors from node module css
• #2485573 by alanburke, ragnarkurm: Update JS library domready to version 1.0.8
• #2369987 by aneek, joelpittet, rteijeiro, jain_deepak, pgautam, idebr: Remove SafeMarkup::set() from 'head' title on template_preprocess_html
• #2473957 by sqndr, Cottser, LewisNyman: Prefix text-* classes with js-
• #2251121 by olli, dawehner: Support to add a feed icon on pages with parameters
• #2449445 by Cottser, emma.maria: Add "indentation" class back to indentation theme hook, use it for styling
• #2485983 by willzyx: Rename the remaining {Form}::getFormID to {Form}::getFormId
• #2471653 by bojanz, Kazanir: Standardize getter docblocks in Drupal\Core\Entity
• #2417921 by jibran: Change Tour module tests & Block test views package to testing
• #452244 by jhedstrom: Help text for Language domain needs to specify "no trailing slash"
• #2393531 by jcnventura, mrjmd, simonrjones, rpayanm, Cottser, akalata, eiriksm, David_Rothstein, dawehner, xjm: Maximum function nesting level of '100' reached
• #2485403 by mmatsoo, gaurav_varshney: DependencyTrait documentation still mentions 'entity'
• #2475247 by amateescu, dawehner: SQLite: Fix views\Tests\Handler\FilterStringTest
• #2485605 by ram4nd, iMiksu: Update jquery.once to 2.0.1
• #2411689 followup by alexpott: Use a MemoryBackend in StorageComparer so that configuration import validators don't have to reread data from disk or the db
• #2375589 by larowlan, pameeela, jibran, kim.pepper, Wim Leers, Bojhan: Convert custom block library page to views
• #2471571 by bojanz, Dom.: Standardize getter docblocks in Drupal\Component
• #2486083 by stefan.r: The following module is missing from the file system: standard
• #2160643 by jhedstrom, dawehener: Add status report "requirement" for Twig C extension for PHP
• #2335661 by Wim Leers, pwolanin, dawehner, Fabianx, larowlan, catch, Berdir: Outbound path & route processors must specify cacheability metadata
• #2485171 by mikeryan: Fix spelling of MigrateExecutableMemoryExceededTest
• #2472421 by geertvd, bircher, dawehner, jibran: Entity reference, views filter reference method is broken
• #2396253 by geertvd, pcambra, dawehner, klausi, pjonckiere: Respect format configuration on REST views display
• #2204509 by klausi, Xano, fago: Allow context definitions to specify default values
• #2105797 by dawehner, fago, larowlan, effulgentsia, jibran, amateescu, yched: Add CompositeConstraintBase so that constraints involving multiple fields, such as CommentNameConstraint, can be discovered
• #2471809 by Dom., skippednote, nod_, jessebeach: Toolbar module does not follow W3C
• #2485611 by Jelle_S: Add Jelle Sebreghts (Jelle_S) as co-maintainer of Responsive Image module
• #2483005 by rootwork: Minor typo in INSTALL.txt
• #2336247 by larowlan, andythorne: Make Relation and Type domain configurable based on context
• #2428103 by dawehner, amateescu, Berdir, AjitS: String formatter should link to its translation
• #1081266 by stefan.r, mikeytown2, jeroen.b, tsphethean, mfb, joseph.olstad, marcelovani: Avoid re-scanning module directory when a filename or a module is missing
• #2430219 by alexpott: Implement a key value store to optimise config entity lookups
• #2484667 by joshi.rohit100, Berdir: Do not run query in node_cron() if search.module is not enabled
• #2484247 by tim.plunkett: Documentation and coding standards fixes for \Drupal\system\Controller\FormAjaxController
• #2462893 by anavarre, benjy: MigrateBlockContentTest assumes auto-increment increment of 1
• #2187113 by Cottser, joelpittet: Incorrect usage of attributes in twig templates resulting in possible duplicate attributes
• #2483479 by phenaproxima: d6_user_role migration depends on d6_filter_format
• #2462889 by tim.plunkett: Remove TypedConfigManagerInterface::getDefinition()'s $is_config_name before Drupal 8.0.0
• #2208811 by Pol, ivanjaros, dawehner, wizonesolutions: views_embed_view() cannot handle arguments
• #2477157 by dawehner, Wim Leers, Fabianx, aneek, catch: rest_export Views display plugin does not set necessary cache metadata
• #2481729 by larowlan: Cannot inject DatabaseQueue instances into forms - The database connection is not serializable
• #2481731 by larowlan: Cannot inject DBLog instances into forms - The database connection is not serializable
• #2467449 by googletorp, b0unty, LewisNyman: jQuery UI datepicker styles broken in Seven
• #2343035 by fago, dawehner, larowlan, ianthomas_uk, cilefen, hussainweb, Miroling, jibran, beejeebus, dashaforbes, webmozart, klausi: Upgrade validator integration for Symfony versions 2.5+
• #1923406 by stefan.r, yannickoo, catch, Crell, amateescu, pwolanin, morgantocker, Damien Tournoud, sun: Use ASCII character set on alphanumeric fields so we can index all 255 characters
• #2448501 by ultimike, phenaproxima, benjy: Use the migrate cckfield plugin type for the link field
• Revert "Issue #1923406 by stefan.r, yannickoo: Use ASCII character set on alphanumeric fields so we can index all 255 characters"
• #2322949 by plach, kgoel, Berdir, fgm, damiankloip, dawehner: Implement generic entity link view field handlers
• #2432791 by alexpott, vijaycs85, tim.plunkett, joshtaylor, Fabianx, Berdir, yched, bojanz: Skip Config::save schema validation of config data for trusted data.
• #2030637 by yched, Mile23, daffie, Alumei, tidrif, chertzog, Berdir, swentel, ofry: Expand FieldConfig/BaseFieldOverride/FieldConfigBase with methods
• #2469563 by marthinal, lauriii, dawehner, Fabianx, xjm, pjonckiere: Double-escape on Views filters
• #2478091 by willzyx: Pager is shown twice in admin/people if views module is disabled
• #2464283 by jeqq: Restore Simpletest's batch after modules installation in WebTestBase::setUp()
• #2478151 by willzyx: Shortcuts to pages generated by views are not recognized as added to the shortcutset and are being added multiple times
• #2479767 by Wim Leers: Fix MenuLinkInterface::isCacheable(): remove it in favor of implementing CacheableDependencyInterface
• #2452491 by arpitr, Mile23: @deprecate drupal_pre_render_link() for Drupal 9
• #2454751 by amateescu, dawehner, tstoeckler: SQLite: Fix user\Tests\Views\RelationshipRepresentativeNodeTest
• #2449809 by JeroenT, tadityar: Remove usage of update_get_projects()
• #1923406 by stefan.r, yannickoo: Use ASCII character set on alphanumeric fields so we can index all 255 characters
• #2479363 by Wim Leers, dawehner: Cache MenuActiveTrail::getActiveIds() for *all* menus per route match: 1 cache get instead of N DB queries, saves 1 ms/response
• #1867518 by plach, dawehner, yched, iMiksu, epari.siva, marcvangend, Fabianx, Wim Leers, effulgentsia: Leverage entityDisplay to provide fast rendering for fields
• #2453931 by pjonckiere: ContextualDynamicContextTest follow up
• #2475237 by mkalkbrenner: Method FieldItemList::equals() uses type safe comparison limiting usefulness.
• #2456701 by kgoel, Cottser, dawehner, jhodgdon: Replace aggregator_title_link Views formatter with Field API formatter
• #2375773 by olli, dawehner: Remove pager from default taxonomy term feed
• #2481183 by davidhernandez: Quote tokens in theme .info.yml files
• #1800174 by Mile23, Lars Toomre, rishikant05, YesCT, idebr, Jalandhar, jhodgdon, dawehner: Add missing type hinting to User module docblocks
• #1811334 by Mile23, deepakaryan1988, Lars Toomre, yogen.prasad: Add missing type hinting to Forum module docblocks
• #1811882 by Mile23, deepakaryan1988, Lars Toomre, yogen.prasad: Add missing type hinting to Search module docblocks
• #2481751 by yogen.prasad, deepakaryan1988, Cottser, andypost, joelpittet, willzyx: Don't use full namespace for \Drupal\views\ViewExecutable in views.module
• #2476225 by pixel5, cilefen, disasm, jhodgdon, TravisCarden: Doxygen on SuspendQueueException mentions non-existent callback_queue_worker()
• #1811874 by Mile23, Lars Toomre: Add missing type hinting to Path module docblocks
• #1811892 by Mile23: Add missing type hinting to Statistics module docblocks
• #1800774 by Mile23, Lars Toomre: Add missing type hinting to menu_ui module docblocks
• #2204697 by alexpott, tstoeckler, mauzeh, Berdir: Move getConfigPrefix() to ConfigEntityTypeInterface
• #2473813 by FMB, joshi.rohit100, darol100, ifrik, jhodgdon, xjm: Update hook_help text for Custom Menu Link module
• #2470069 by wadmiraal, Manjit.Singh, pjbaert, zakxxi, LewisNyman: Refactor color module CSS inline with our CSS standards
• #2443651 by alexpott, mradcliffe, bzrudi71: PostgreSQL: Fix system\Tests\Cache\DatabaseBackendUnitTest
• #2424533 by davidhernandez, mortendk: Copy views templates to Classy
• #2471405 by tompagabor: When not logged Drupal\Core\EventSubscriber\FinishResponseSubscriber->setExpiresNoCache() causes a PHP warning because of an invalid timezone.
• Revert "Issue #2470069 by wadmiraal, Manjit.Singh, pjbaert, zakxxi, LewisNyman: Refactor color module CSS inline with our CSS standards"
• #2473113 by znerol, dpovshed, Wim Leers, Fabianx, dawehner, effulgentsia: All stack middlewares are constructed at the same time even for cached pages
• #2395143 by amateescu, Fabianx, Berdir, beejeebus, dashaforbes, alexpott, larowlan, znerol, dawehner, catch, neclimdul, yched, fgm, effulgentsia: YAML parsing is very slow, cache it with FileCache
• #2458387 by stefan.r, anksy, andypost, alexpott, hussainweb: Remove Utility\String class
• #2461863 by stefan.r: Upgrade PHPUnit to the latest stable release
• #2471751 by boris sondagh, oceankrish76, keopx: Update hook_help text for Book module
• #2479515 by znerol: Use BasicAuthTestTrait in BasicAuthTest
• #2480233 by xjm: Incorect docblocks in route processor tests
• #2479815 by plach: Remove obsolete ContentEntityInterface::initTranslation() method
• #2474909 by alexpott, mpdonadio, znerol, catch, Wim Leers, Berdir: Allow Simpletest to use the same APC user cache prefix so that tests can share the classmap and other cache objects

Läs mer: http://drupal.org/node/2459341

8.0.0-beta10

(beta release)
8 Maj 2015 - 95MBThis release is a beta version. Betas are good testing targets for developers and site builders who are comfortable reporting (and where possible, fixing) their own bugs, and who are prepared to rebuild their test sites from scratch if necessary. Beta releases are not recommended for non-technical users, nor for production websites.

Known issues

• Obvious user facing bugs: If you are testing the beta, be aware that there are obvious site visitor and site builder-facing bug.
• There are still over 40 critical issues with this beta release that need to be resolved before we will create a release candidate.

Changes since 8.0.0-beta9:

• #2479593 by jhedstrom, zaporylie: Use User::getAnonymousUser() in DblogController::eventDetails()
• #1942682 by zaporylie, deadbeef, jhedstrom, dawehner: Blank detail view in dblog for deleted users
• #2478443 by Wim Leers: Set the 'is-active' class for anonymous users in a Response Filter instead of a #post_render_cache callback
• #2468873 by pfrenssen, Dom., dawehner, znerol, xjm: Test that the authentication provider doesn't leak authentication credentials from the previous request
• #2449457 by Anushka-mp, sasanikolic, Berdir, plach: inconsistent checks in content_translation
• #2450251 by alexpott, xjm, sasanikolic, Berdir: Bundle cache is not invalidated after changing translation settings
• #2405165 by yched, alexpott, xjm: Entity::setOriginalId() does enforceIsNew(FALSE), that is wrong for ConfigEntities
• #2478667 by mdrummond: Remove link_path from responsive_image theme
• #2123251 by Jelle_S, marcvangend, attiks, Sutharsan: Improve DX of responsive images; convert theme functions to new #type element
• #567148: remove stray line added by previous commit to this issue.
• #567148: remove stray file added by previous commit to this issue.
• #2408513 by MathieuSpil, Manjit.Singh, Vidushi Mehta, svendecabooter, LewisNyman, emma.maria: Refactor forum module CSS files inline with our CSS standards
• #2478543 by Wim Leers: Follow-up for #2463009: remove unused use statements
• #2408481 by kyuubi, Karmen: Rewrite help.module component's inline with our CSS standards
• #2463009 by Wim Leers: Introduce CacheableResponseInterface: consolidate ways of setting X-Drupal-Cache-Tags/Contexts headers
• #567148 by jcnventura, Damien Tournoud, greenrover33: Use ONLY_FULL_GROUP_BY for MySQL
• #2478247 by Mile23: SIMPLETEST_BASE_URL is an environmental requirement which should not fail tests
• Revert "Issue #2429443 by vijaycs85, rteijeiro, penyaskito, gloob, xjm, nod_, geertvd, Wim Leers, Gábor Hojtsy, Fabianx, pjonckiere, tim.plunkett: Date format form is unusable"
• #2466585 by Wim Leers, Fabianx: Decouple cache implementation from the renderer and expose as renderCache service
• #2400143 by geertvd, pcambra, koence, pjonckiere: Bulk form actions display action message in the confirmation form
• #2429443 by vijaycs85, rteijeiro, penyaskito, gloob, xjm, nod_, geertvd, Wim Leers, Gábor Hojtsy, Fabianx, pjonckiere, tim.plunkett: Date format form is unusable
• #2432585 by almaudoh, znerol, dawehner, cpj: Improve authentication manager service construction to support custom global service providers
• #2475177 by amateescu: SQLite: Fix system\Tests\Database\FetchTest
• #2322195 by rpayanm, nlisgo, cilefen, balagan, LinL, akashjain132, filijonka, epari.siva, Tebro, Temoor, pcambra, unstatu, Poornima3, Shivam Agarwal, abhi170893, Dom., PieterJanPut, Mile23, JeroenT, disasm: Replace all instances of user_load(), user_load_multiple(), entity_load('user') and entity_load_multiple('user') with static method calls
• #2475805 by tstoeckler, googletorp, webwarrior: menu_ui_form_node_form_submit() is called when the Preview button is pressed which fatals
• #2425535 by lucaslg, balagan, tim.plunkett, lucaschain, nicoloye, pjonckiere, akalata, mondrake: No pager shows on taxonomy overview pages
• #2350569 by webflo, alexpott, tim.plunkett: Allow external update of ConfigEntity properties that are associated with a PluginCollection
• #2137849 by MartiMcFlight, m4olivei, jmuzz: No scrollbar in views style option popup
• #2475749 by mbovan: Allow to set #cache metadata in hook_page_attachments()
• #2275377 by martin107, mikeryan, chx, benjy, YesCT: Rename Row::stub to Row::isStub
• #2474431 by droplet, nod_, Manjit.Singh: Better way to handle responsive navigation tabs
• #2472269 by martin107, Xano, derhasi: Fix syntax errors in Drupal\Component\Plugin's composer.json, Add test
• #2087103 by Mile23, rickwelch, jhodgdon, Crell, joachim: ParamConverterInterface one-line description doesn't explain what the class does
• #2347799 by andypost, almaudoh, znerol: Remove bugged session-related methods from AccountInterface
• #70722 by David Lesieur, bircher, rocket_nova, paranojik, Pasqualle, jhodgdon, robertDouglass, douggreen, petar.gnjidic, pfournier: Search results should respect the content type's "Display author and date information." option
• #2472371 by Dom., pfrenssen: Exception shown on 401 Unauthorized
• #2471611 by MathieuSpil, yannickoo, maijs: Create HiDPI ready version of theme screenshots
• #2477251 by amateescu: PostgreSQL: Fix Connection::getFullQualifiedTableName()
• #2121863 by googletorp, drubb, jhodgdon: There is no FileTransferInterface
• #2472453 by googletorp, jhodgdon: Use full namespace for @return documentation
• #2443805 by a_thakur, JeroenT: Remove element_* from common.inc
• #2475397 by Wim Leers: Tiny follow-up for #2474121 + unit test coverage for (Bubbleable|Cacheable)Metadata::merge()
• #2476247 by alexpott, mpdonadio: rebuild.php clears APU user cache w/o access check
• #2473301 by stefan.r, jcnventura, David_Rothstein, yannickoo: Raise MySQL requirement to 5.5.3
• #2473759 by tim.plunkett, Berdir, effulgentsia: Form caches should be deleted after submission
• #2446783 by mpdonadio, dawehner, koence: Views preview not working without saving new display
• Revert "Issue #2395143 by amateescu, Fabianx, Berdir, beejeebus, dashaforbes, larowlan, dawehner, catch, alexpott, neclimdul, yched, znerol, fgm, effulgentsia: YAML parsing is very slow, cache it with FileCache"
• Revert "Issue #2395143 followup by amateescu: YAML parsing is very slow, cache it with FileCache"
• Revert "Issue #2470145 by rbmboogie: Update manager displays checkbox for disabled extensions"
• #2472669 by keopx, rpayanm, rteijeiro, jhodgdon: Complete documentation for every implementation of hook_ENTITY_TYPE_*
• #2462393 by stefan.r, joelpittet: Upgrade Twig to 1.18.1 from 1.18.0
• #2473687 by Dom.: Fix @todo in BasicAuthTest
• #2462459 by Cinnead, Bojan Živkov, haasontwerp, emma.maria: Active trail menu items should be distinct from other items
• #2398445 by jp.stacey, LewisNyman, Manjit.Singh, pjbaert, emma.maria, ti2m: Clean up the "elements" component in Bartik
• #2346209 by keopx, Zekvyrin, subhojit777, cburschka, pguillard, dimaro, realityloop, m4olivei, joelpittet, rteijeiro, idebr: /filter/tips improperly escaped
• #2369675 by FMB, pstewart: Document that SearchQuery does not support orderBy in queries outside of addScore
• #2473075 by amateescu, alexpott: SQLite: Fix system\Tests\Installer\* test
• #2362637 by yched, slashrsm, rpayanm: Editor.js attach/detach doesn't pass context all the way down
• #2422679 by mortendk, davidhernandez, akalata: copy text template to classy
• #1882788 by jabberwooki, keopx, joshi.rohit100, jhodgdon: assertText/assertNoText doesn't really show what you could see in the browser (bad docs)
• #2474567 by alexpott: Remove unneeded code in hook_help implementations and standardise them
• #2474121 by Wim Leers: CacheableMetadata should get BubbleableMetadata's merge/applyTo/createFromRenderArray/createFromObject methods
• #2474107 by Cottser: Make OptionsWidgetsTest::testEmptyValue() care less about markup
• #2349461 by Jelle_S, mdrummond, attiks, Wim Leers: Move fallback image style into the responsive image style entity
• #2454669 by amateescu: SQLite: Fix tests in migrate_drupal test group
• #2470924 by Xano: Entity manager allows entity type derivers, but should not
• #2474817 by znerol: DrupalKernel::classLoader not updated when switching to apcu either through settings.php or automatically
• #2409885 by nlisgo, tstoeckler, crasx, dmsmidt: Switch shortcut set form has accessibility issues
• #2474439 by droplet: Missing Drupal.debounce wait time in responsive tabs
• #2453711 by rbmboogie: Use public: false for request and response policy services
• #2474761 by tim.plunkett: Remove TestFormBuilder completely
• #2474835 by alexpott, znerol: Random test fail in PageCacheTest::testPageCacheAnonymous403404
• #2389735 by lauriii, iMiksu, davidhernandez, larowlan, loopduplicate, LewisNyman, Wim Leers, dawehner, Cottser: Core and base theme CSS files in libraries override theme CSS files with the same name
• #2349503 by targoo, guntervs, tadityar, meramo, piyuesh23, janne.valtakari: Incorrect documentation about dates in node template
• #2455149 by k4v, jhodgdon, dawehner, Berdir: Aggregator xss fields should be using Field/Entity formatters
• #2465633 by amateescu: Bring back the custom Statement class for the SQLite driver
• #2473903 by mradcliffe: PostgreSQL: Fix entity_reference\Tests\Views\EntityReferenceRelationshipTest
• #2474055 by dawehner, pwolanin: Performance regression in contact_help()
• #2073075 by vanilla-bear, joshi.rohit100, swentel, marcingy, er.pushpinderrana, ACF, roderik: Don't call the t() function in OO code in the field_ui module
• #2381505 by dawehner, pwolanin, aspilicious, rteijeiro: Unserialize preloaded routes on the fly
• #2471228 by jcnventura, Wim Leers, Hjarnmastara: Optimize merging of attachments
• #2472043 by drumm, jcnventura: Canceling a user account, assigning content to Anonymous, should clear the comment name
• #2474011 by pwolanin: Incorrect class name in rest class documentation
• #2474071 by lauriii: hook_library_alter() clean up
• #2461531 by nod_, lauriii, pguillard: ESlint 0.18.0 compatibility and new rule
• #2463263 by amateescu: SQLite: Fix system\Tests\Entity\EntityDefinitionUpdateTest
• #2146045 by D Szkiba, joshi.rohit100, tyler.frankenstein, er.pushpinderrana, dajjen, jhodgdon, joachim: Document Field API allowed_values_function callback
• Revert "Issue #2146045 by D Szkiba, joshi.rohit100, tyler.frankenstein, er.pushpinderrana, dajjen, jhodgdon, joachim: Document Field API allowed_values_function callback"
• #2468499 by webflo: Add vendor libs to classmap through composer script event
• #2473343 by floretan, Martin Mayer, LewisNyman: Seven Theme is dependent on system.admin.css
• #2459873 by borisson_, swentel: FieldStorageConfig::__sleep() should unset ->original
• #2471136 by eiriksm, nod_: Improve user interface for translating strings
• #2471619 by jeanfei: Remove tags from all core theme.info.yml files
• #2395143 followup by amateescu: YAML parsing is very slow, cache it with FileCache
• #2472187 by Cinnead, jhodgdon: t() docs should not use @code inline
• #2099137 by Wim Leers, amateescu, rteijeiro, larowlan, effulgentsia: Entity/field access and node grants not taken into account with core cache contexts
• #2470137 by tadityar, zaporylie, pec, LewisNyman, ry5n, Bojhan, yoroy: Style Seven's fieldset elements
• #2407565 by epari.siva, davidhernandez, akalata, pakmanlh, lauriii, vedpareek, Cottser, brianperry: Consensus Banana Phase 1, cleanup
• #2161793 by boris sondagh, arrrgh, jhodgdon, catch, benjy: Create hook_help for migrate module
• #2161797 by boris sondagh, mfernea, arrrgh, amitgoyal: Create hook_help for migrate drupal module
• #2471218 by amateescu, Wim Leers: Dummy comment entity necessary for building comment form is expensive to build
• #2471737 by klausi: PageCache::get() should return FALSE on a cache miss as promised by the docs
• #2457551 by Gábor Hojtsy, rteijeiro, keopx, eiriksm, alexpott: Regression: optional default configuration is not translatable anymore in locale
• #2400287 by hass, cutesquirrel, borisson_, rteijeiro, pfrenssen, cilefen: Remove all occurences of sourceMappingURL and sourceURL when JS files are aggregated
• #2461049 by Arla, agentrickard, webflo, rteijeiro, xjm, Berdir: Node module permissions are broken if hook_node_grants is implemented
• #2473837 by nod_, aspilicious: Use minified jQuery once
• #2393713 by droplet, nod_: Update JS lib: jquery.form to 3.5.1
• #2472865 by chx: PageEditTest presumes STRINGIFY_FETCHES
• #2472547 by lauriii, dawehner: Remove deprecated hook_library_alter()
• #2331783 by rpayanm, gerzenstl, keopx, rgristroph, nlisgo, er.pushpinderrana, andypost, rteijeiro, alexpott, BFox, omessaoudi: hook_ENTITY_TYPE_prepare_form() is not documented
• #1663206 by mortendk, aliyakhan, LewisNyman, Manuel Garcia, pakmanlh, rteijeiro, jwilson3: Update update.admin.css inline with our CSS standards
• #2395143 by amateescu, Fabianx, Berdir, beejeebus, dashaforbes, larowlan, dawehner, catch, alexpott, neclimdul, yched, znerol, fgm, effulgentsia: YAML parsing is very slow, cache it with FileCache
• #2036195 by rteijeiro, m1r1k, _nolocation, andypost, joelpittet, akalata, haasontwerp: Remove views-more.html.twig and replace with #type link render arrays
• #2228393 by almaudoh, andypost, pfrenssen, znerol, cpj, Dom.: Decouple session from cookie based user authentication
• #2281989 by stefan.r: Add a fast and simple way to get module name from the module handler
• #2469277 by Fabianx, effulgentsia, marcvangend, Wim Leers, YesCT: Changing #cache keys during #pre_render or anywhere else leads to cache redirect corruption
• #2470946 by boris sondagh, ifrik: Update hook_help text for Filter module
• #2471557 by Reno Greenleaf, boris sondagh, joshi.rohit100, JinX-Be, ifrik, jhodgdon: Update hook_help text for Text module
• #2470976 by jeanfei, dimaro, jhodgdon: Move token hooks into new api.php file
• #2091431 by ifrik, wzoom, batigolix, InternetDevels, jhodgdon: Update hook_help for Update Manager module
• #2472329 by joshi.rohit100, ifrik, Reno Greenleaf: Update hook_help text for Statistics module
• #2470936 by googletorp, meramo, Xano: Add proper @return tags to functions' PHPDoc comments
• #2368987 by Wim Leers, Berdir, Schnitzel, epari.siva, bircher, vijaycs85, likin: Move internal page caching to a module to avoid relying on config get on runtime
• #2467411 by klausi, fago: Context class does not use typed data trait correctly, leading to fatal errors
• #2472961 by lussoluca: Update Twig to latest stable
• #2472413 by geertvd: Unused variable in \Drupal\views\Plugin\views\argument_validator\Entity::calculateDependencies()
• #2469667 by willzyx, m4olivei: Wrong message on shortcut insert/update
• #2464657 by amateescu: Remove unnecessary cache clear in Views tests
• #2470617 by trboslav, MathieuSpil, Manjit.Singh, _nolocation, LewisNyman, YesCT: Clean up css in ckeditor module
• #2470952 by D Szkiba: Path deletion should be removed in path module after content translation removal.
• #2428837 by swentel, borisson_: Adding/updating interface translations should invalidate page & render caches
• #2467101 by neclimdul: Fix DialogTest outside apache/mod_php: don't send multiple Accept request headers
• #2470093 by keopx, jhodgdon, dawehner: Views plugin 'user' needs to be replaced with entity-aware 'field' plugin
• #2452381 follow-up by Lendude: Fixed progress bar not showing up
• #2472281 by pwolanin: 404/403 responses for non-existing nodes are cached in Page Cache/reverse proxy, are not invalidated when the node is created
• #2375689 by Arla, Wim Leers, dawehner, tim.plunkett, Berdir: BlockBase::blockAccess() should return AccessResult instead of a bool
• #2297817 by alexpott, pounard, Berdir, yched, Fabianx, plach, mkalkbrenner: Do not attempt field storage write when field content did not change
• #2400675 by hass, pguillard: Missing .map files causing 404 file not found errors
• #2050269 by lauriii: hook_library_info_alter() is not called for themes
• #2031641 by aburrows, lauriii, nlisgo, Pol, redsquid, tuutti, LewisNyman, akalata, agviu, kallehauge, _nolocation, rpayanm, saki007ster, mdrummond, RavindraSingh, brahmjeet789: Change active class to is-active
• #2452381 by lanchez, googletorp, PieterJanPut: Use Drupal.theme for progress.js
• #2296009 by fgm, Fabianx, AjitS: Use APC Classloader by default (when available)
• #2442769 by keyral, jcnventura, dimaro, pec: Views result cache ignores query arguments
• #2468151 by lhangea, rpayanm, Palashvijay4O: Rename the CacheContexts service to CacheContextsManager
• #2471633 by AjitS, JeroenT: Spelling fixes in UserDeleteTest
• #2388023 by GoZ: File/Image field formatters don't add a cache tag for the file they display
• #2456599 by k4v, dawehner, larowlan, rteijeiro, cutesquirrel, yched, jhodgdon: Field node_field_revision.title needs to use an entity-aware formatter in Views
• #2471743 by pwolanin: Create a more generic superclass of \Drupal\Core\Render\BubbleableMetadata
• #2447555 by Cinnead: Unnecessary index on langcode and deleted column in dedicated field tables
• #2470980 by PieterJanPut: Use $this->redirect() instead of ResponseRedirect in LocaleController::checkTranslation
• #2469663 by eiriksm: Rename the Norwegian translation of the Norwegian languages
• Revert "Issue #2459753 follow-up by tim.plunkett, alexpott: EntityForm::validate() should be able to modify the form structure"
• #2459753 follow-up by tim.plunkett, alexpott: EntityForm::validate() should be able to modify the form structure
• Revert "Issue #2459753 by tim.plunkett: EntityForm::validate() should be able to modify the form structure"
• #2464045 by fgm: Move twig_render_var/twig_drupal_escape_filter to TwigExtension, inject the renderer in Twig extension and inline render() / show() function instead of calling it
• #2422369 by mortendk, LewisNyman, akalata, katzilla: Remove Seven's block-recent-content.css
• #2471707 by xjm: Provide an issue link in the @todo in EntityHandlerBase
• #2470910 by PieterJanPut, ifrik: Update hook_help text for Entity Reference module
• #2471729 by drubb, ifrik: Tracker module refers to replies instead of comments
• #2471547 by drubb, ifrik: Update hook_help text for Shortcut module
• #2470960 by Igor Kandyba, Reno Greenleaf, ifrik, jhodgdon: Update hook_help text for Link module
• #2470994 by drubb, ifrik: Update hook_help text for Node module
• #2469937 by ifrik, PieterJanPut, anavarre: Update hook_help text for Custom Block module
• #2471216 by joshi.rohit100, PieterJanPut, Wim Leers: render() should call the renderer service directly
• #2390241 by wadmiraal, jhodgdon, nod_: No documentation on how to define a library
• #2427649 by hampercm, nod_: Update to jQuery UI 1.11.4
• #2459753 by tim.plunkett: EntityForm::validate() should be able to modify the form structure
• #2470833 by dpovshed: Tuning of the AssetResolver class
• #2470928 by andrewsuth: Versions in core.libraries.yml are not always parsed as strings
• #2471473 by klausi, pwolanin: REST responses should have proper cache tags
• #2467887 by joshi.rohit100: Rename drupalGetAJAX to drupalGetAjax for parity with drupalPostAjaxForm
• #2467895 by jhedstrom, lgalanter: taxonomy filter with depth completely broken
• #2471024 by pjbaert, ifrik: Update hook_help text for RDF module
• #2467041 by mr.baileys, jan.stoeckler: max-age on HTML responses wrongly set to `max-age=0, private` instead of `max-age=N, public` (breaks reverse proxies and client-side caching)
• #2417549 by alexpott, znerol, benjy, Berdir: Drupal\migrate_drupal\Tests\d6\MigrateFileTest fail in MigrateTestBase
• #2470155 by D Szkiba: Custom block types page has bad page title
• #2469965 by tadityar, jeanfei: Bad @file doc blocks in core/modules/system/*.api.php
• #2470145 by rbmboogie: Update manager displays checkbox for disabled extensions
• #2105841 by mr.baileys, Wim Leers, cs_shadow, sanduhrs, chx, webflo: Xss::filter() ignores malicious content in data-attributes and mangles image captions
• #2470569 by pwolanin: Mark \Drupal\Core\Template\TwigExtension::getUrlFromPath() as deprecated
• #2154475 by tarekdj, neelam.chaudhary, droplet, nod_, lanchez, Poornima3, jamin_melville: Convert position selectors to be compatible with with jQuery native-API selector
• #2469731 by xjm, larowlan, pfrenssen, hussainweb, chx: Document when to use BrowserTestBase
• Revert "Issue #2469929 by Bojan Živkov: The entity delete confirmation form's cancel link should be styled as a button"
• #2409653 by MathieuSpil: The color module lock/unlock link is not accessible
• #2469929 by Bojan Živkov: The entity delete confirmation form's cancel link should be styled as a button
• #2469911 by joshi.rohit100: The edit image styles form's cancel link should be styled a a button
• #2414413 by joelpittet: Make sure we are building CSS classes as arrays
• #2396483 by Karmen, balagan, SoumyaDas, saki007ster, lauriii, joginderpc: Add missing RTL rules to Seven theme CSS
• #2470559 by vpeltot: Move some more core hooks out of system.api.php
• #2470685 by czigor: MailManagerInterface->mail() documentation is wrong
• #2469921 by joshi.rohit100: The appearance page doesn't have a primary button
• #2469917 by tadityar: The install new theme page doesn't have a primary button
• #2469889 by joshi.rohit100: The modules page doesn't have a primary button
• #2462265 by jeqq: Return saving status when saving user entities
• #2437761 by Dom., znerol: CSRF token seed and possibly other session data lost when set after a session regenerate
• #2408265 by wadmiraal: Update hook_theme_registry_alter to not reference removed user.pages.inc
• #2321901 by JeroenT, epari.siva, unstatu, Temoor, lokapujya, LinL, pcambra, piyuesh23: Replace all instances of entity_load('image_style') and entity_load_multiple('image_style') with static method calls
• #2368373 by rafuel92, BrightBold, b0unty, rpayanm, pjbaert, Maninders, sushyl, jedihe: Focus effect on vertical tabs conflicts with tab affordance
• #2345779 by subhojit777, singularo, idebr, Noe_, Yaron Tal, aneek, gngn, zaporylie, m.ioannidis, Sachini, clemens.tolboom, scor, ravi.khetri, rpayanm, SebCorbin: Fix double-escaping due to Twig autoescape in dblog event "operations"
• #2469933 by Cauliflower: The view field edit form's remove should be styled as a danger button
• #2469939 by joshi.rohit100: The permissions page doesn't have a primary button
• #2454145 by kgoel, dawehner, adamwhite, rteijeiro, wwhurley: Replace user_name handler with Field API formatter
• #2349907 by jhodgdon, susanb: Review and fix block hook_help text
• #2079427 by Berdir, andypost, yched: Core/Entity depends on classes / functions from field.module
• #2091395 by jhodgdon, amitgoyal, paboden, berkas1: Update hook_help for Contact module
• #1833012 by rbmboogie: Move admin language negotiation up to first option
• #2461773 by stefan.r, martin107: SortArrayTest has hardcoded string comparison result values, but these can differ between PHP versions
• #2469941 by wadmiraal, jhodgdon: Move database-related hook docs from system.api.php to a new database.api.php file
• #2296445 by Palashvijay4O, pjonckiere, er.pushpinderrana, roderik, blazey: Batch API: Overriding the queue class and name is not documented
• #2074297 by pwolanin, hussainweb, larowlan: Optimize the code in doGenerate() in the UrlGenerator to take advantage of Drupal path restrictions.
• #2318579 by roderik, andypost, rteijeiro, ashutoshsngh, AjitS, vedpareek: Remove comment_prepare_thread()
• #2430909 by anwar_max, wadmiraal, harshil.maradiya, joshi.rohit100, ClientGuy: hook_theme_suggestions() hook_theme_suggestions_HOOK() documentation is incorrect about how the hook is invoked
• #2467657 by wadmiraal: Typo in typedDataManager::createInstance() description
• #2467429 by pfrenssen: Remove obsolete documentation from ActionInterface
• #2468901 by Xano: Improve \Drupal\Component\Annotation\Plugin\Discovery\AnnotatedClassDiscovery documentation
• #2448339 by a_thakur, gaurav_varshney, Mile23: Remove drupal_form_submit() from form.inc
• #2463285 by stefan.r: Support PHP7 EngineExceptions in the error handler
• #2265099 by znerol, neclimdul, rpayanm: Cleanup SessionHttpsTest and fix redirect to non-existing URL after POST requests
• #2232861 by grom358, daffie, alexpott, larowlan, pfrenssen, hussainweb, pcambra, jibran, phenaproxima, moshe weitzman, nick_schuch: Create BrowserTestBase for web-testing on top of Mink
• #2456713 by larowlan, dawehner, jibran: Custom taxonomy field views handler needs to be replaced with generic Field API handler
• #2418559 by Palashvijay4O, chintan4u, rteijeiro: Fix comment formatting in /core/modules/rest/src/Tests/CreateTest.php
• #2045473 by njbarrett, dcrocks, chippper, jjcarrion, lauriii, InternetDevels: Improve visibility of Seven's smallest font elements
• #2463419 by Mile23, rpayanm, hussainweb: Clean-up Test members in core/tests - ensure property definition and use of camelCase naming convention
• #2469507 by chx: EntityRevisionsTest output makes it hard to discern what is causing the error
• #2331407 by Xano, tstoeckler, damiankloip: YamlDiscovery does not handle empty files
• #2467559 by jmonkfish: "Summary" wrappers around links are not clickable on node form's edit entity meta panels
• #2469269 by Berdir: Don't use a form submission to check the password in MigrateUserTest
• #2469169 by Berdir: SchemaCheckTraitTest should use assertEqual(), not assertIdentical()
• #2467627 by Wim Leers: Field(Storage)DefinitionInterface should implement CacheableDependencyInterface
• #2463579 by tstoeckler: Add an ellipsis to truncated comment titles
• #2466917 by jhedstrom: DatabaseCacheTagsChecksum::calculateChecksum() has incorrect documentation
• Revert "Issue #2451395 by dawehner: drupal_get_schema()/drupal_get_complete_schema() no longer work as expected; remove them"
• #2340993 by Berdir: SqlContentEntityStorageSchema::requiresEntityDataMigration() returns TRUE for cases where it should return FALSE
• #2426781 by jibran: Custom OptionWidget have no empty option label
• #2468079 by dawehner: Try to speed up InstallUninstallTest / ConfigImportAllTest
• #2456705 by dawehner, adamwhite, larowlan, YesCT: Comment views field handlers need to be replaced with field/entity aware handlers
• #2465221 by amateescu: Raise the minimun version requirement for SQLite to 3.6.8
• #2463417 by rpayanm, cilefen, hussainweb: Clean-up remaining test members in module tests - ensure property definition and use of camelCase naming convention
• #2396649 by Mile23, rpayanm: Clean-up forum module test members - ensure property definition and use of camelCase naming convention
• #2457273 by pjonckiere: Number lists are not supported in docs - use bullet lists
• #2448605 by martin107, willzyx, tim.plunkett, klausi, dpopdan: Replace usages of drupal_get_destination() with the redirect destination service
• #2226621 by JeroenT, ianthomas_uk, lokapujya, pjonckiere, marcingy, LinL, Xano, rpayanm, piyuesh23: Remove usage of element_info(), element_child() and element_children(). Deprecate element_info_property()
• #2464097 by joshi.rohit100: Add leading backslash to the test classes on the simpletest UI
• #2466647 by joshi.rohit100: Misspelt key in render array in DbUpdateController
• #2458543 by mbovan, Anushka-mp, jhedstrom: Entity query age(EntityStorageInterface::FIELD_LOAD_REVISION) only gets current revision ID
• #2467775 by mondrake: Contrib toolkits are not picked up after module install
• #2450153 by josephleon, damiankloip, joshi.rohit100, anksy: Add a default_formatter to UUIDs fields
• #2451395 by dawehner: drupal_get_schema()/drupal_get_complete_schema() no longer work as expected; remove them
• #2460695 by mitrpaka, rpayanm: No methods on RendererInterface should be static
• #2456709 by dawehner, rteijeiro: File views handlers need to be replaced with entity-aware formatters
• #2464877 by Wim Leers: Update RendererInterface::addDependency() to accept *any* object, not only CachableDependencyInterface objects
• #2464605 by willzyx, Dom.: Regression: no link to admin/reports/status/php
• #2451603 by nlisgo: Minor PHPDoc issue with LocalTasksTest::assertLocalTasks
• #2432939 by neclimdul, Mile23: Optimize DrupalComponentTest
• #2397225 by Chi, ufku: Drupal.formatPlural does not work
• #2459819 by Wim Leers, rteijeiro: Remove CacheableInterface (and no longer let block plugins implement it)
• #2422101 by andypost, pcambra, penyaskito: CommentItem should override the generateSampleValue method and provide sample values
• #606840 by Wim Leers, cilefen, Fabianx, markpavlitski: Enable internal page cache by default
• #2429501 by ParisLiakos, EclipseGc, mitrpaka: AggregatorFeedBlock does not output item links
• #2454163 by larowlan, geertvd, rteijeiro: Replace comment_username handler with generic views handler
• #2463321 by amateescu: Serializing the database connection is dangerous and error-prone, make it unserializable again
• #2464659 by Wim Leers, rteijeiro: Routes that are varied by the 'user.permissions' cache context for anonymous users must also get the anonymous Role's cache tag
• #2455739 by maxocub: formatPlural() is not fully tested for SafeMarkup
• #2458817 by Berdir, dawehner: Creating new user entities for anonymous users is very slow
• #2461857 by stefan.r: Update Zend Feed to latest stable
• #2463103 by amateescu: SQLite: Fix system\Tests\Entity\FieldSqlStorageTest
• #2448069 by a_thakur, JeroenT, Mile23: Remove usage and function update_project_storage() from update.compare.inc
• #2465425 by jibran, pjonckiere, idebr: Vocabulary listing missing add taxonomy term link
• #2465467 by willzyx, Dom., andypost: SystemInfoController::php() should check if function phpinfo() exists
• #2466119 by marthinal: Remove duplicated word in the ControllerBase class doc
• #2459155 by alexpott, pfrenssen, hussainweb, neclimdul: Remove REQUEST_TIME from bootstrap.php
• #2463887 by pjbaert, er.pushpinderrana, Wim Leers, jhodgdon: Cache API topic - do not use @code inline
• #2462259 by stefan.r, nicrodgers, nod_: Update underscore to 1.8.3
• #2463817 by alexpott: Drupal\Core\FileTransfer\Local should use a leading \ when using PHP built-in classes
• #2462589 by dawehner, jhodgdon: Provide test coverage for access checking of all views fields
• #2452317 by dawehner: Let views result cache use cache contexts
• #2448765 by nlisgo, Damien Tournoud, vlad.n, rteijeiro, Berdir, Fabianx, dawehner: Element::children sort order undefined and slower than it could be - This makes tests fail in PHP7
• #2465917 by stefan.r, Damien Tournoud: CKEditor test fails in PHP7
• #2465611 by alexpott: Fix --xml option in run-tests.sh
• #2465031 by damiankloip: Do not allow UUID field to be click sortable
• #2465005 by Berdir: PHP Strict Standards in NodeAccessGrantsCacheContextTest
• #2464369 by neclimdul, joshtaylor: Upgrade to Symfony 2.6.6
• #2465301 by klausi: Remove entity module from MAINTAINERS.txt, it does not exist
• Revert "Issue #2458817 by Berdir, dawehner: Creating new user entities for anonymous users is very slow"
• #2457405 by stefan.r, andypost: DateTimePlus violates substitution principle of DateTime. Make it support PHP 7
• #2462261 by nicrodgers, stefan.r, attiks: Update picturefill to 2.3.0
• #2463363 by rpayanm: ConditionInterface::condition docmentation contains wrong information
• #2459949 by amateescu: Remove field_ui_entity_type_alter() and move the content to field_ui_entity_type_build()
• #2464817 by amateescu: A few PHPUnit tests are not in the correct namespace
• #2465009 by Berdir: Fix fatal errors in rest and views with PHP 7
• Revert "Issue #2449445 by mortendk, alexpott, Cottser: Add "indentation" class back to indentation theme hook, use it for styling"
• #2451363 by alexpott, Berdir, pjcdawkins: Ensure install_profile is exists in settings.php after installation
• #2462851 by rpayanm, Wim Leers: Improve Views entity row renderer plugins' cache contexts
• #2460847 by alexpott: Allow optional configuration to be installed when its dependencies are met
• #2460911 by Wim Leers, jhodgdon: Search reindexing should invalidate cache tags
• #2463029 by Wim Leers: EntityFormDisplay should update $form with cache tags of FieldConfig, FieldStorageConfig, EntityFormDisplay config entities
• #2383863 by rpayanm, mgifford, maximpodorov, Valentine94: Spellchecking Drupal - Comments
• #2389455 by hussainweb, AjitS, Mile23, subhojit777, tibbsa, Ayesh: Clean-up system module test members - ensure property definition and use of camelCase naming convention
• #2452691 by prics, valthebald: Missing button type property on "Add language" button
• #2412949 by kyuubi: Rewrite the system status report component inline with our CSS standards
• #2462641 by jhedstrom: Incomplete documentation in Schema::addIndex() for $fields parameter
• #2142997 by stefan.r: Test for ValidReferenceConstraintValidator
• #2392221 by joegraduate, er.pushpinderrana, zealfire, ClientGuy: install_run_task() and install_tasks() don't document the task structure
• #2460823 by jhodgdon: Document that locale + config translation integration treats string uniqueness the same way as locale itself
• #2463807 by nod_: Remove seutje from MAINTAINERS.txt
• #2428399 by SkidNCrashwell, Sagar Ramgade: Default empty option label text different in documentation
• #2453341 by Wim Leers: Contact forms don't have necessary cache contexts & tags; flood control should work on validate, not on view
• #2451789 by olli, jibran: Entity reference joins to the wrong base table in views
• #2429037 by fago, larowlan: Allow adding entity level constraints
• #2456691 by YesCT, andypost, dawehner, rteijeiro: User email field need to use Field-Entity-aware formatters in Views
• #2463879 by fago: PHP unit tests fail if intl extension is missing
• #2463821 by alexpott: Fix Drupal\Core\Config\ConfigManagerInterface::diff return documentation
• #2461097 by Wim Leers: Make TwigThemeTestController:::registryLoaderRender()'s response uncacheable
• #2454171 by damiankloip: Replace node_type Views handler with Field API formatter
• #2392669 by hussainweb, Mile23, rteijeiro, subhojit777, AjitS: Clean-up field module test members - ensure property definition and use of camelCase naming convention
• #2448503 by amateescu: Convert the "Field edit" form to an actual entity form
• #2462681 by jessebeach, Manjit.Singh: Remove jessebeach from the maintainers.txt
• #2453311 by David_Rothstein, TravisCarden, Dom., rpayanm: Issue #2417983 follow-up: a few more "the the"s
• #2383015 by AjitS, jacob.embree: Revert back is redundant
• #2461047 by chx: Simplify SourcePluginBase a tiny bit
• #2460677 by Wim Leers: Tests testing config_test routes should use an authenticated user
• #2462481 by amateescu: SQLite: Fix views\Tests\Handler\ArgumentDateTest
• #2454731 by amateescu: SQLite: Fix search\Tests\SearchRankingTest
• #2461087 by Wim Leers, dawehner: Add 'no_cache' route option to mark a route's responses as uncacheable (was: Cron run response should not be cacheable)
• #2444231 by Wim Leers, nlisgo: Fix CacheableInterface so it makes sense (was: "Make Config objects & Entities implement CacheableInterface + add BubbleableMetadata::createFromCacheableObject()")
• #2461523 by chx: UniqueFieldValueValidator condition is invalid EntityQuery
• #2388255 by dawehner, hussainweb, pwolanin: Limit PDO MySQL to executing single statements if PHP supports it
• #2418119 by Berdir, jhedstrom, larowlan, martin107, nlisgo, klausi, fago, Gábor Hojtsy: REST user updates bypass tightened user account change validation
• #2461985 by stefan.r: Update Guzzle to latest release
• #2456951 by chx: Impossible to enable views if entities are not in SQL: part 2
• #2458487 by martin107: Alter php.xml.dist to remove test classes from code coverage reports
• #2398471 by DickJohnson, crazyrohila, rpayanm, lauriii, idebr, LewisNyman, saki007ster, piyuesh23, lanchez, davidhernandez: Clean up the "footer" component in Bartik
• #1897058 by disasm, rteijeiro: Replace "boolean" with "bool" when used as param/return/var type
• #2398331 by cilefen, davidhernandez, Wim Leers, nod_: Add the ability to attach asset libraries directly from a template file
• #2446869 by amateescu: Convert the "Field storage edit" form to an actual entity form
• #2321599 by Temoor, rpayanm, subhojit777, vineeth@nair, LinL, pcambra: Replace all instances of comment_load(), entity_load('comment') and entity_load_multiple('comment') with static method calls
• #2462175 by amateescu: SQLite: Fix case sensitivity in Views' string argument plugin
• #2452363 by joekers: Classy's @file docblocks shouldn't say "Default theme implementation…"
• #2457703 by Gábor Hojtsy: Default translatable site name is "Drupal" (incorrectly)
• #2454733 followup by amateescu: Add a user-space case-insensitive collation to the SQLite driver
• #2453399 by neclimdul: Use VFS for FileStorage tests
• #2462289 by TravisCarden: Grammar error in config single import prompt
• #2460731 by Wim Leers: Strict warning in ViewUnitTestBase
• #2459975 by fgm: RouteCacheContext / RouteNameCacheContext implement CacheContextInterface
• #2461081 by Wim Leers: Lock test pages are uncacheable but aren't marked as such
• #1559116 by omega8cc, mva.name, droplet, Xano, mgifford: Make core aware of Nginx and PHP-FPM to avoid confusing alerts
• #2296261 by GemVinny, lokapujya, lduerig, herom, rteijeiro: Misalligned Type field in Drupal 8.x views
• #2460027 by epari.siva, vijaycs85: Update the documentation of Drupal\language\LanguageServiceProvider::getDefaultLanguageValues()
• #2460479 by pjonckiere: CommentController::getReplyForm() docblock has a copy paste error
• #2392221 by er.pushpinderrana, ClientGuy, zealfire: install_run_task() and install_tasks() don't document the task structure
• #2459325 by jhodgdon: Document that language is not set on search keyword preprocessing
• #2458723 by Xano: Incomplete documentation for DiscoveryInterface::getDefinitions()
• #2459607 by idebr: Seven vertical tabs have underlined links in hover/focus state
• #2453761 by Gábor Hojtsy: Views numeric formatter's plural formatting setting incompatible with many languages
• #2460259 by sasanikolic, ameenkhan07: Multiple calls to LocaleConfigManager::getStringTranslation can return multiple new translation objects for the same source
• #2443693 by mradcliffe, daffie: PostgreSQL: Fix views\Tests\Handler\ArgumentDateTest
• #2458349 by Wim Leers: Route's access result's cacheability not applied to the response's cacheability
• #2346373 by fago, sidharrell, rteijeiro, arlinsandbulte: Data reference validation constraints are applied wrong
• Revert "Issue #2457345 by vijaycs85: Remove unnecessary format lookup in \Drupal\Core\Datetime\DateFormatter::dateFormat for 'custom' format"
• #2455099 by kunalgrover05: Views overview topic page has some typos and omissions
• #2461105 by cilefen, Wim Leers: One-time password reset page should never be cached
• Revert "+ '.sparkleshare'"
• #2459971 by Gábor Hojtsy: The langcode key on configuration files is not explicit in configuration schema
• #2461063 by Wim Leers, effulgentsia: AJAX forms using #ajax broken when page caching is enabled
• + '.sparkleshare' + 'SparkleShare.txt'
• #2457345 by vijaycs85: Remove unnecessary format lookup in \Drupal\Core\Datetime\DateFormatter::dateFormat for 'custom' format
• #2459407 by jhodgdon, jhedstrom: SQL syntax error when using the search_keywords filter or argument
• #2453059 by Wim Leers: Set default render cache contexts: 'theme' + 'languages:' . LanguageInterface::TYPE_INTERFACE
• #2462151 by hussainweb, benjy: Remove unused Utility\String use statements
• #2457781 by prateekMehta, stefan.r, AjitS, hussainweb: Use Utility\Html class instead of Utility\String for decodeEntities() function
• #2457271 by rteijeiro, Palashvijay4O, Cottser: More cleanup of the 'themeable' documentation group
• #2457695 by alexpott: Make app.root.factory private
• #2457887 by prateekMehta, stefan.r, rpayanm, alexpott: Use Utility\SafeMarkup class instead of Utility\String for placeholder(), checkPlain(),format() functions
• #2454733 by amateescu: Add a user-space case-insensitive collation to the SQLite driver
• #2401191 by jhedstrom, a_thakur, nlisgo, mohrerao: Activity Tracker shows 'Last updated' status as '45 years 1 week ago'
• #2454625 by amateescu: SQLite: Fix SQLITE_SCHEMA errors in web tests
• #2443699 by bzrudi71, daffie: PostgreSQL: Fix views\Tests\Plugin\CacheTest
• #2455153 by damiankloip: Switch revision log views fields to use 'field' formatter
• #1847596 by amateescu, amitaibu, YesCT, Berdir, David_Rothstein, xjm, rteijeiro, ParisLiakos, webchick, Wim Leers, yched, jhodgdon, Bojhan: Remove Taxonomy term reference field in favor of Entity reference
• #2451679 by Wim Leers, dawehner: Validate cache contexts (+ cache contexts in some views plugins wrong)
• #2212069 by Gábor Hojtsy, pjonckiere, rteijeiro, cilefen: Non-English Drupal sites get default configuration in English, edited in English, originals not actually used if translated
• #2451665 by dawehner: Don't rebuild the route on ModuleInstaller::install() (30% installer speedup)
• #2428703 by Wim Leers: Add a 'user.permissions' cache context (was: "Should cache contexts be able to associate a cache tag?")
• #2455131 by andypost, larowlan: Field comment_field_data.field_name should be using Field API formatter
• #2459003 by Wim Leers: #cache[cid] breaks bubbling
• #2428805 by Wim Leers: Remove the ability to configure a block's cache contexts
• Revert "Revert "Issue #2457653 by Gábor Hojtsy: System.site langcode is both used as a file language code and a site language code""

Läs mer: http://drupal.org/node/2459341

8.0.0-beta9

(beta release)
27 Mars 2015 - 95MBThis release is a beta version. Betas are good testing targets for developers and site builders who are comfortable reporting (and where possible, fixing) their own bugs, and who are prepared to rebuild their test sites from scratch if necessary. Beta releases are not recommended for non-technical users, nor for production websites.

Known issues

• Obvious user facing bugs: If you are testing the beta, be aware that there are obvious site visitor and site builder-facing bug.
• There are still over 50 critical issues with this beta release that need to be resolved before we will create a release candidate.

Changes since 8.0.0-beta8

• Revert "Issue #2457653 by Gábor Hojtsy: System.site langcode is both used as a file language code and a site language code"
• #2458925 by alexpott: Screen is black and completely unreadable in Configure page after install on standard profile
• #2457653 by Gábor Hojtsy: System.site langcode is both used as a file language code and a site language code
• #2411689 by alexpott: Use a MemoryBackend in StorageComparer so that configuration import validators don't have to reread data from disk or the db
• #2454859 by Gábor Hojtsy, alexpott, mrjmd: Not possible to format plural an already translated string
• #2458993 by Wim Leers: #cache[expire] is undocumented, unused, untested: remove it, use #cache[max-age] instead

Changes since 8.0.0-beta7

• #2458413 by Wim Leers: BlockViewBuilder should specify cache contexts even for uncacheable blocks
• #2456707 by dawehner, larowlan: Block Content views field handlers need to be replaced with entity-aware handlers
• #2428695 by amateescu, daffie: SQLite date handling is wrongly implemented and arguments handling needs override
• #1548204 by andypost, sun, typhonius, amateescu: Remove user signature and move it to contrib
• #2458289 by Wim Leers: CronRunTest::testAutomaticCron() should test with an authenticated user
• #2450637 by tim.plunkett, jasonawant: Block page visibility option "Show for the listed pages" does not appear to save
• #2458045 by webflo: Remove calls to core/vendor/autoload.php
• #2456983 by cilefen: Five methods in class TestFormBuilder are dead code. Remove them
• #2372011 by richardcanoe, Noe_: NotFoundHttpException handler should take into account it's parameters
• #2457251 by vijaycs85: Remove unnecessary call to drupal_get_user_timezone() in Drupal/Core/Datetime/DrupalDateTime::prepareTimezone() method
• #2408511 by joaogarin, pjbaert, rpayanm, bobrov1989: Rewrite vertical-tabs component inline with our CSS standards
• #2454441 by rteijeiro, hussainweb, 17thColossus, nullkernel: Rename Typed Data classes to support PHP 7
• #2432837 by Wim Leers, Fabianx: Make cache contexts hierarchical (e.g. 'user' is more specific than 'user.roles')
• #2412553 by amateescu: Taxonomy terms in an Entity Reference field are not sorted
• #2443697 by mradcliffe: PostgreSQL: Fix views\Tests\Handler\HandlerAllTest
• #1844198 by mgifford: wording of unimportant columns doesn't describe functionality
• #2348321 by RobLoach, nod_: Upgrade to jQuery Once 2.x
• #1598924 by david_garcia, omegamonk: Query with duplicate placeholders throws PDO Exception
• #2454447 by andypost, dawehner, rteijeiro: Split Utility\String class to support PHP 7 (String is a reserved word)
• #2090115 by alexpott, xjm: Don't install a module when its default configuration has unmet dependencies
• #2457155 by chx: VocabularyCrudTest is needlessly SQL bound
• #2394419 by hussainweb, cilefen, sachinwable: Clean-up file module test members - ensure property definition and use of camelCase naming convention
• #2373741 by Wim Leers, hussainweb: Move bulk of render pipeline documentation to d.o handbooks
• #2448357 by amateescu: Config entity forms need to have access to an updated entity object at all times
• #2451607 by aneek: Remove call to SafeMarkup::set() from node_requirements()
• #2303765 by davidhernandez, larowlan, mgifford: Make the default 'alt' attribute for Image fields required
• #2455415 by rteijeiro, hussainweb, rpayanm, baisong: Rename Views plugin classes to support PHP 7
• #2442999 by idebr: Views dialog filter does not restripe
• #2444211 by Wim Leers, jhodgdon: Document cacheability of render arrays, and the considerations to use when generating render arrays
• #2388349 by almaudoh: FormState::cleanValues() doesn't conform with the FormStateInterface documentation
• #2443847 by cilefen: Remove dead HTML ID-tracking code from ViewPreviewForm
• #2456459 by andypost: CommentInterface::getCommentedEntity() should return FieldableEntityInterface
• #2148319 by crazyrohila, juankvillegas, Manjit.Singh, poojakural, Chloe Chen, joshtaylor: h2 on footer blocks must be hidden by default but must show when its enable
• #2337509 by amateescu: Remove "@todo In theory we should use the data table as base table, as this would" from EntityViewsData
• #2445723 by dawehner, neclimdul: Use the $request format instead of the ContentNegotation
• #2442041 by Berdir: Remove CachedStorage::listAll() caching
• #731298 by pjonckiere, jhodgdon: Searches for words with diacritics/accents: word not highlighted in results
• #2452247 by rteijeiro, joshi.rohit100: Incorrect constructor docblock for RequestCloseSubscriber
• #2452371 by Palashvijay4O: Remove @addtogroup themeable from theme.inc, only theme_indentation() needs it
• #2449147 by Island Usurper: Backwards logic in a comment in a test
• #2453891 by Dragooon, Wim Leers: Renderer::getCacheableRenderArray() does not include max-age
• #2348773 by geertvd, IT-Cru: Aggregator item counts are formatted as date intervals
• #2448915 by martin107, joshi.rohit100: FieldStorageAddForm constructor annotation bug
• #2331907 by LewisNyman, alvar0hurtad0, tim-diels, tstoeckler, jOksanen, lduerig, psebborn, Outi: Seven theme's uppercasing of details summaries fails on the Simpletest results form
• #2454393 by hussainweb: Upgrade to Symfony 2.6.5
• #2455083 by dawehner, larowlan, klausi, David_Rothstein, hefox, tsphethean, dstol, DamienMcKenna, Pere Orga, benjy: Open redirect fixes from SA-CORE-2015-001 need to be ported to Drupal 8
• #2424171 by vijaycs85, likin, Gábor Hojtsy, Wim Leers: Language module vs. content translation module interaction exposes content translation bug
• #2346435 by fago: Improve interface-related instructins for providing an entity type to be accurate
• #2451085 by dawehner, Arla: _drupal_log_error() passes NULL to ThemeManager::setActiveTheme(), violating its typehint
• #1919930 by tim.plunkett, nlisgo: Bundle entity form IDs violate module namespaces (both on server-side + front-end CSS)
• #2403743 by quietone, rpayanm: assertion style in migration
• #2408461 by psebborn: Clean up 'page-title' component
• #2405445 by crazyrohila: Refactor book module CSS files inline with our CSS standards
• #2453627 by neclimdul, drunken monkey: Fix DrupalStandardsListener for non-TestCase objects
• #2452943 by bzrudi71: PostgreSQL: Fix views\Tests\Handler\FieldGroupRowsWebTest
• #2443683 by bzrudi71: PostgreSQL: Fix user\Tests\Views\HandlerFieldRoleTest
• #2137801 by Berdir: Refactor entity storage to load field values before instantiating entity objects
• #2443695 by bzrudi71: PostgreSQL: Fix views\Tests\Handler\FieldGroupRowsTest
• #1668644 by Island Usurper, phayes, daffie, Brandonian, gease: PostgreSQL: Impossible to change a field to serial, bigserial, or numeric
• #2454287 by dawehner: Make a couple of services lazy
• #2443663 by daffie, vlad.n: PostgreSQL: Fix system\Tests\Entity\EntityDefinitionUpdateTest
• #2455079 by klausi, David_Rothstein, pwolanin, benjy, Berdir: Password reset URL access bypass fixes from SA-CORE-2015-001 need to be ported to Drupal 8
• #2286971 by znerol, Berdir, almaudoh, cilefen: Remove dependency of current_user on request and authentication manager
• #11883 by samwilson, garym@teledyn.com: Add test coverage for auto-comment title functionality and word-breaking
• #2423435 by benjy, chx: Add CckField Plugin type to migrate_drupal
• #2452619 by vasike, amateescu, joshtaylor: Move entity_reference_create_field function to EntityReferenceTestTrait
• #2446511 by amateescu, Wim Leers, yched, Bojhan: Add a "preconfigured field options" concept in Field UI
• #2269033 by zaporylie, rpayanm, lieb, swentel, charginghawk, lorique, YesCT: ManageFieldsTest should not care about order of operations all the time
• #2452347 by alexpott: "Make sure that the $test_class..." text appearing in whilst running Drupal\simpletest\Tests\KernelTestBaseTest
• #2398451 by idebr, Dragan Eror, thamas, DickJohnson, emma.maria, saki007ster, LewisNyman: Clean up "layout" CSS in Bartik
• #2449445 by mortendk, alexpott, Cottser: Add "indentation" class back to indentation theme hook, use it for styling
• #2443681 by daffie, mradcliffe, bzrudi71: PostgreSQL: Fix user\Tests\UserAccountLinksTest
• #2452361 by sushyl, Cottser: Remove "@ingroup themeable" from all Classy templates
• #2421021 by YesCT, lhuacho, martin107, shashikant_chauhan, amateescu, tremix: Missing help text for external url only for link widget
• #2418155 by jhedstrom, Berdir: options_field_views_data() excludes fields with an allowed_values_function for no reason
• #2413709 by geertvd, Lendude: Javascript error after using jQuery UI Dialog close button in Views UI
• #2446657 by rpayanm: Dead link on robots.txt
• #2426495 by dawehner, alexpott: Remove the global $script_path
• #2443885 by Xano: DrupalStandardsListener causes errors when it cannot retrieve test results. Missing abstract keyword
• #2429671 by Berdir, Wim Leers: "The website has encountered an error. Please try again later." page is cached
• #2436835 by amateescu, alexpott: Unable to create config schema for entity type specific entity reference selection plugin
• #2451885 by Gábor Hojtsy: Config entities need to ship with language or are assumed undefined
• #2453351 by effulgentsia, Wim Leers: Maintenance mode message ends up in page cache, served endlessly
• #2449743 by root_brute, tstoeckler: SwitchShortcutSet has an unnecessary dependency on the route match
• #2452499 by arpitr: Remove deprecated function definition for entity_load_by_uuid() and its references
• #2452957 by claudiu.cristea: Remove node & taxonomy term hardcoding of bundle names in SelectionBase
• #2452637 by a_thakur: Remove function system_rebuild_theme_data() from system.module
• #2452995 by Jeroen: link_path should be url in the menu API documentation
• #2453143 by Wim Leers: CommentForm depends on configured field, but doesn't associate that cache tag
• #2443659 by daffie, mradcliffe, bzrudi71: PostgreSQL: Fix system\Tests\Entity\FieldSqlStorageTest
• #2385443 by larowlan, dawehner: Test that base entity fields on views respect field level access
• #2452659 by cilefen: Taxonomy term View preview is broken
• #2443073 by Wim Leers, joshtaylor: Add #cache[max-age] to disable caching and bubble the max-age
• #2429157 by root_brute, joshi.rohit100, rpayanm, rteijeiro, hussainweb, sidharthap: Remove TypedConfigInterface::set()
• #2429481 by larowlan: Not able to create new tour tip plugin
• #2449633 by joshi.rohit100, pjonckiere, willzyx, andypost: ShortcutsBlock does not respect the 'access shortcuts' permission
• #2450205 by Gábor Hojtsy, mrjmd, plach: Translation settings don't appear for node in standard
• #356399 by dawehner, beejeebus, catch, sidharrell, klausi, nlisgo, Josh Waihi, Berdir, martin107: Optimize the route rebuilding process to rebuild on write
• #2427335 by benjy, chx, dawehner: Combine legacy Source class into SourcePluginBase
• #2448847 by dawehner, arlinsandbulte: [regression] Themes unable to implement hook_theme_registry_alter()
• #2342045 by dawehner, Gábor Hojtsy, larowlan, joshtaylor: Standard views base fields need to use same rendering as Field UI fields, for formatting, access checking, and translation consistency
• Revert "Issue #2345779 by subhojit777, idebr, singularo, Yaron Tal, aneek, gngn, m.ioannidis, scor, clemens.tolboom, Sachini, ravi.khetri, SebCorbin, rpayanm: Fix double-escaping due to Twig autoescape in dblog event "operations""
• #2345779 by subhojit777, idebr, singularo, Yaron Tal, aneek, gngn, m.ioannidis, scor, clemens.tolboom, Sachini, ravi.khetri, SebCorbin, rpayanm: Fix double-escaping due to Twig autoescape in dblog event "operations"
• #2433281 by neclimdul, mrjmd: Move Role Constants on to a Class/Interface
• #2386903 by pfrenssen: Warning: DOMDocument::importNode() ID already defined
• #2447139 by Gábor Hojtsy: Config entities should be created in the negotiated language unless otherwise specified
• #2443119 by geertvd: Views preview not working for REST display
• #2259501 by anksy: Forward-port tests for taxonomy terms being retained after node edit
• #2450383 by joshi.rohit100, martin107: Two incorrectly titled Subscriber constructor functions
• #2370593 by daffie, nathanweeks, bzrudi71: Database::tableExists optimization for PostgreSQL
• #2315015 by alexpott, gauravkhambhala, longwave: Remove progress-disabled class and associated CSS
• #2451655 by klausi: Cache database schema description for expire is wrong
• #2092245 by jbrown, rpayanm: SVGZ isn't served with correct encoding
• #2415937 by Xano: Add a formatter for ChangedItem
• #2367747 by Palashvijay4O, andypost, Alienpruts, Cottser, er.pushpinderrana, gaurav.pahuja, pfrenssen, rpayanm, vadim.hirbu: Remove usage of system_rebuild_theme_data()
• #2449709 by banviktor: ContentEntityBase::set() does not respect its interface
• #2432657 by Berdir, znerol: BasicAuth challenge never sent to browser
• #2449079 by martin107, damiankloip: ViewsUI executable cleanup
• #2417727 by Berdir: Notice: Undefined offset: 1 in core/scripts/run-tests.sh on line 952
• #2448077 by a_thakur: Clean views.module with remaining deprecated functions: views_get_disabled_views, views_get_enabled_views and views_get_views_as_options
• #2445175 by Arla: Exception message in setNewRevision() is missing @entity_type context
• #2427095 by likin, idebr, prateekMehta: Formatting guidelines are not shown for textareas without WYSIWYG
• #2076321 by yched, Mac_Weber, pcambra: Link "title" validation should use a static method
• #2399939 by DickJohnson, LewisNyman, mherchel, idebr, brahmjeet789: Refactor 'admin-panel' CSS component
• #2447049 by Cottser, joelpittet: Add a render filter to twig
• #2332029 by Eric115: Add test coverage for .htaccess rules
• #2433595 by chx, Berdir: WebTestBase::refreshVariables only resets cache_tags.invalidator.checksum
• #2409417 by cafuego, jibran, larowlan: Disabling feed view display does not remove feed header from display it is attached to
• #2447819 by pameeela: 'Custom Block' labels should use sentence case, not title case
• #2443657 by daffie, bzrudi71: PostgreSQL: Fix system\Tests\Entity\EntityQueryTest
• #2384863 by Gábor Hojtsy, vijaycs85, rodrigoaguilera: Translation language base field handler should use views field handler, provide unified options
• #2443701 by bzrudi71, daffie: PostgreSQL: Fix views\Tests\ViewExecutableTest
• #2289917 by Wim Leers, mdrummond, lauriii, Manuel Garcia, emma.maria, Scionar, davidhernandez: Convert "messages" page element into blocks
• #2428643 by Upchuk: Always display the more link causes exception: cannot create a URL to a display without routes
• #2445743 by dawehner, Wim Leers: Allow views base tables and entity types to define additional cache contexts
• Revert "Issue #2445743 by dawehner, Wim Leers: Allow views base tables and entity types to define additional cache contexts"
• #2433599 by Wim Leers: Ensure every (non-views) pager automatically associates a matching cache context
• #2381217 by Wim Leers, dawehner, Fabianx: Views should set cache tags on its render arrays, and bubble the output's cache tags to the cache items written to the Views output cache
• #2450151 by yched: Don't try to render all fields (including hidden ones) for single entity display
• #2443691 by bzrudi71, xjm: PostgreSQL: Fix views\Tests\Handler\AreaTitleWebTest
• #2443655 by daffie, bzrudi71: PostgreSQL: Fix system\Tests\Entity\EntityReferenceFieldTest
• #2441583 by daffie: Upgrade Drupal\views\Tests\Plugin\StyleTestBase to HTML5
• #2448843 by dawehner: [regression] Themes unable to implement hook_element_info_alter()
• #2406681 by tstoeckler, hussainweb, alexpott, ParisLiakos, almaudoh, tadityar: Add an autoload.php in the repo root to control the autoloader of front controllers
• #2448213 by alexpott: Remove admin templates from Classy
• #1273052 by Chloe Chen: Footer container contents are wider than other page elements in Bartik
• #2447831 by gordon: "The content access permissions need to be rebuilt" message not being escaped correctly
• #2431329 by plach: Make (content) translation language available as a field definition
• #2443665 by grom358, bzrudi71: PostgreSQL: Fix node\Tests\NodeCreationTest
• #2417327 by cilefen: Remove usages of the deprecated valid_email_address()
• #2408491 by joaogarin, mrjmd, vermario, jOksanen: Rewrite button components inline with our CSS standards
• #2408475 by joaogarin, pjbaert: Rewrite skip-link component inline with our CSS standards
• #2448023 by anksy: Fix or remove dead CSS in toolbar.module.css
• #2446483 by Anushka-mp: Viewing fields requires a view builder
• #2428297 by tvlooy: Duplicate index on entity_id column in dedicated field tables
• #2426805 by dawehner, martin107: Modernize drupal_get_destination()
• #2442221 by devpreview: Recursion calculate dependencies in area plugin
• #2434697 by amateescu, pcambra: Remove UserAutocompleteController
• #1811242 by Katiemouse, mrjmd: Add missing type hinting to Dblog module docblocks
• #2394693 by mikeker: "Add another item" button in the wrong place for grouped filters
• #2426489 by dawehner: Remove request_uri()
• #2443381 by pjbaert: Make all test functions public
• #2449069 by Berdir: Remove default block_plugin cache tags, because they're useless
• #2447829 by Cottser: Add "menu" classes back to menu.html.twig for toolbar functionality
• #2278073 by cbr, garphy, jonathan_hunt, Berdir: Files with spaces in URIs fail entity TypedData validation
• #2429363 by babruix, twistor, filijonka, sun, Mile23, daffie, Wim Leers, chx: Add HTML5-lib to Drupal 8 core for the filter system and for the testing system
• #2448373 by jbrown: X-Generator has incorrect drupal.org URL
• #2273923 by mpdonadio, pfrenssen, effulgentsia, pcambra, xjm, tim.plunkett, martin107, cilefen: Remove html => TRUE option from l() and link generator
• #2252763 by damiankloip, skipyT, martin107, dawehner, dashaforbes: Views exposed filter form causes enormous form state cache entries
• #2442339 followup by mrjmd: ViewsLocalTask param annotation bug
• #2445761 by Wim Leers: Add a X-Drupal-Cache-Contexts header to aid in debugging and testing
• #2414539 by webflo, vijaycs85: Simplify schema definition for sequence
• #2431379 by tim.plunkett, Upchuk, dawehner: LazyPluginCollection should not implement \Iterator
• #2448223 by alexpott: Cannot run all PHPUnit tests using PHPUnit
• #2443667 by grom358: PostgreSQL: Fix node\Tests\NodeTypeRenameConfigImportTest
• #2443635 by mradcliffe, grom358: PostgreSQL: Fix config\Tests\ConfigEntityListTest
• #2349559 by mortendk, jstoller: [meta] Discuss the organization of subfolders in Classy
• #2443469 by martin107: ThemeController constructor documentation bug
• #2322639 by hussainweb, LinL, Temoor, oenie, MKorostoff, mglaman, kyuubi, unstatu, omers, pcambra, legolasbo, benjy, JeroenT: Replace all instances of node_type_load(), node_type_get_types(), entity_load('node_type') and entity_load_multiple('node_type') with static method calls from DRUPAL SOUTH WOOOO!
• #2424787 by toin0u, dawehner, Crell: Unit tests for content type negotiation
• #2315791 by alexpott, cilefen, dawehner: Add functionality to open results in browser window to run-tests.sh
• #2398461 by DickJohnson, jp.stacey, idebr, rachel_norfolk, lauriii, Mukeysh, emma.maria: Clean up the "comments" component in Bartik
• #2447313 by dawehner: Views UI misses entity row plugins
• #146278 by jhodgdon, pwolanin, douggreen: The "No results" text is not correct for UserSearch -- search help needs to be per-plugin, not global
• #2443615 by benjy: Add an interface to MigrateExecutable
• #2422227 by benjy, chx, dawehner: Add setProcessOfProperty to Migration entity
• #2417075 by tstoeckler, David4514, dawehner, sachbearbeiter, mpdonadio: Trusted host verification is incompatible with URIs with the "internal" scheme
• #2443653 by bzrudi71, tstoeckler, daffie: PostgreSQL: Fix system\Tests\Condition\ConditionFormTest
• #2396333 by larowlan, effulgentsia, Wim Leers, tim.plunkett: BlockContentBlock ignores cache contexts required by the block_content entity
• #2373491 by amateescu, jibran: Categorize field type plugins
• #2424445 by geertvd, dobrzyns, rpayanm, Gábor Hojtsy, Cottser, alexpott, jmauro8ac: Views default options such as pager options are not translated
• #2443817 by andypost, a_thakur: Remove usage and the function drupal_theme_access()
• #2407397 by JeroenT, mrjmd: remove drupal_html_id()
• #2388941 by vijaycs85, mrjmd, abhishek-anand, dawehner, alexpott: Correction needed for hook_views_query_alter in views.api.php
• #2444897 by claudiu.cristea: Code cleanup in Views Sql query plugin
• #2446995 by tim.plunkett, Berdir: Block content titles are not escaped on new block form (Port SA-CONTRIB-2013-082)
• #2443669 by bzrudi71: PostgreSQL: Fix node\Tests\NodeTranslationUITest
• #2446127 by mikey_p: Fix misnamed page_cache_response_policy services
• #2429447 by dawehner, jhodgdon, xjm, jibran: Use data table as views base table, if available
• #2407361 by cilefen, JeroenT, hussainweb, neclimdul, ircmaxell, tim.plunkett, nlisgo, Crell: Move usages of drupal_html_id() to Html::getUniqueId()
• Revert "Issue #2407361 by JeroenT, cilefen, hussainweb: Move usages of drupal_html_id() to Html::getUniqueId()"
• #2407361 by JeroenT, cilefen, hussainweb: Move usages of drupal_html_id() to Html::getUniqueId()
• #2384049 by suntog, mikemiles86, lokapujya, arpitr: Remove deprecated function _update_fetch_data and its usage
• #2443783 by gaurav_varshney, fotuzlab: Remove language_load(), language_list() and language_default() from bootstrap.inc
• #2444775 by neclimdul: Remove dead ContentFormControllerSubscriber class
• #2347625 by alexpott, idebr: Remove drupal_bootstrap and drupal_get_bootstrap_phase
• #1052854 by aaaristo, mrjmd: double db_drop_field in schema.test
• #2443485 by Berdir, dawehner: Remove extension:views cache tag and other views related cache improvements
• #2434745 by geertvd: Boolean field: On/Off labels are in the "storage" settings but shouldn't be
• #2362403 by tstoeckler: Fatal error during multilingual installation when network goes away
• #2407765 by Wim Leers, borisson_: Wherever simple config is used to render output to end user, associate their cache tags
• #2443571 by larowlan, Berdir: Port SA-CONTRIB-2015-052
• #2443409 by Berdir: Add a way to entity manager to get fresh entity and field definitions without invalidating all caches
• #2252033 by olli, dawehner: Don't serialize database connection info
• #2435075 by dawehner: Implement admin role as a flag on the role storage, simplify permissions page, remove user_modules_installed
• #2378815 by damiankloip, dawehner: DisplayPluginBase::elementPreRender() and View::preRenderViewElement() are called even when the Views output cache is being used, causing notice
• #2429257 by Wim Leers, Fabianx, effulgentsia: Bubble cache contexts
• #2430813 by geertvd: Selecting the 'views' selection handler on an entity_reference field causes a fatal error
• #2442411 by jhedstrom: Update react/promise to 2.2.0
• #2341455 by swentel, cosmicdreams: Creating a new view mode should clear cache, so the new view mode can be displayed
• #2430981 by Cottser: Unnecessary notices when twig_render_template() catches \Twig_Error_Loader exceptions
• #2017471 by rodrigoaguilera, balagan, clemens.tolboom, Kristen Pol, Outi, rpayanm, danylevskyi, mon_franco, Antti J. Salminen, aloyr, thlafon, Marc Hannaford, kreatIL, oussema, David Hernández: Multilingual tour for language section
• #2431477 by martin107: make TermUnitTest a KernelTestBase by moving createTerm and createVocabulary to a trait
• #2223435 by Sutharsan, Xano, tim.plunkett: Do not use t() in block plugins anymore
• #2382561 by Sabreena, DickJohnson, aliyakhan, Tom Verhaeghe, emma.maria: In narrow viewports (<320px), the toolbar menu tray should be 100% width
• #2410031 by rocketeerbkw, BiigNiick: Simpletest install requirements double escaped
• #2416971 by dawehner, pwolanin: Remove Url::__toString()
• #2407725 by mortendk, sivaji@knackforge.com, rteijeiro, Manjit.Singh: Remove classes from system templates d*.html.twig
• #2442887 by LewisNyman, eshta: Remove toolbar-specific print styles
• #2369981 by Cottser: Not found templates are displayed literally instead of throwing an Exception due to string loader
• #2428087 by jhodgdon, foxtrotcharlie: Boolean field formatter - default choice appears in list twice
• #2227227 by mpdonadio, amateescu, yched, larowlan, swentel, tstoeckler, fago: FieldTypePluginManager cannot instantiate FieldType plugins, good thing TypedDataManager can instantiate just about anything
• #2426735 by dawehner: Small docs improvements of WebTestBase::rebuildContainer
• #2395901 by chx, dawehner, tstoeckler: Allow the same test-specific overrides in KernelTestBase as in WebTestBase
• #2409623 by hexabinaer, pjonckiere, tstoeckler: Amend misleading Views UI labels/descriptions
• #2206485 by pjonckiere, sandipmkhairnar: StylePluginBase::getFieldValue shouldn't be protected
• #2442749 by idebr: Bartik maintenance css referenced incorrectly in libraries.yml
• #2431283 by willzyx, David_Rothstein: Cron CSRF vulnerability
• #2431525 by chx: UserSaveTest hardwires SQL
• #2442173 by mpdonadio: Drop the unused class RouteBuilderStatic
• #2442339 by martin107: ViewsLocalTask param annotation bug
• #1768526 by swentel, Berdir: NodeFormController::validate() calls buildEntity() twice
• #2427713 by dashaforbes, mbovan: Contact module doesn't implement AccessControlHandler
• #1600670 by mradcliffe, bendiy, bzrudi71, andypost, daffie, stefan.r, devpreview: Cannot query Postgres database that has column names with capital letters
• #2249115 by pjonckiere: Tab order is illogical in Views UI
• #2343483 by andypost, yched: Doc cleanup after FieldConfig
• #2441685 by Arla: Incorrect documentation for EntityAccessControlHandler::checkAccess()
• #2437785 by amateescu: FieldConfigStorageBase::mapToStorageRecord() calls the wrong field type method
• #2350041 by cafuego, swentel: Remove node title field description
• #2030467 by krlucas, pjbaert: Remove mentions of hook_rdf_mapping
• #2084455 by Mile23: Drupal\Component\Datetime\DateTimePlus::checkArray() compares wrong value
• #2407407 by JeroenT, vedpareek: Remove drupal_clean_id_identifier
• #2432257 by alvar0hurtad0, pjbaert: Cleanup FileViewsData
• #2433001 by neclimdul: Zend Bridge Tests
• #2435493 by effulgentsia: Change String::format()'s '@' and '%' placeholders to be auto-escaped rather than always-escaped
• #2442255 by swentel, larowlan, rteijeiro, Wim Leers: Changing text formats on a field makes it impossible to edit
• #2428891 by kgoel: Remove unnecessary unique label validation for shortcut sets
• #2403639 by eshta, hass, LewisNyman: Remove toolbar from print view
• #2425637 by pcambra, swentel: ConfigEntityInterface should extend ThirdPartySettingsInterface
• #2425581 by greg.1.anderson: !message in t() can lead to double-escaping when used in drupal_set_message()
• #2430341 by Wim Leers: Comment pager-dependent cache key should be a cache context
• #2144669 by Mile23, daffie, Nitesh Sethia: Improve/Refactor TestBase Through Expanded Unit Testing
• #2297185 by alimac, cepinos, mhazy, adci_contributor, YesCT, RavindraSingh, jeet09: 'Reset password' should be 'Set password' when no password given yet
• #2398073 by mohit_aghera, geertvd, sidharrell, Swarnendu-Dutta, piggito, jesperjb, larowlan, pingers, larsmw: Admin should not be able to edit email of authenticated commenters
• #2418181 by dawehner, Wim Leers, effulgentsia: Remove 404 validation from link creation
• #2431281 by dawehner: Drop support for _access_mode routes and always assume ALL
• #2312647 by iMiksu, olli, longwave, Jalandhar: views_ajax_render() has been removed
• #2441867 by Berdir: Don't require settings.php to be writeable in update.php
• #2388067 by david_garcia: getQualifiedMapTableName is database specific logic out of the database driver
• #2400261 by benjy, dawehner, tobiasb: Service Container should not store absolute paths
• #2428035 by amateescu: Bring some sanity into Field UI routes and forms
• #2405469 by yched, googletorp, amateescu, larowlan, Berdir: FileFormatterBase should extend EntityReferenceFormatterBase
• #2339491 by corbacho, dawehner, larowlan, effulgentsia, webflo: Ajax requests on forms with files fail on IE 9
• #2440937 by hussainweb: Update release for Goutte driver
• #2431053 by zealfire, epari.siva, dawehner: RouteProviderTest::testRouteByName should be public
• #2428041 by nod_: Update eslint config for 0.14.1
• #2420967 by JeroenT, Wim Leers, neclimdul: Write test to ensure that the active class is added on links when on the front page
• #2421531 by lokapujya: Fix assertNoLinks() that should not have an index parameter
• #1847280 by YesCT, betoscopio: Simpletest web tests misnamed as "Unit"
• #2384035 by arpitr, mikemiles86, lokapujya: Remove deprecated function _update_refresh and its usage
• #2437359 by pcambra: Fix nowdoc space in Unicode.php
• #2430999 by idebr: Visual regression in dropbutton
• #2426553 by dpi, idebr: Secondary tabs do not flow correctly in Bartik
• #2398469 by DickJohnson, LewisNyman, emma.maria, kandra, mherchel: Clean up the "Featured-top" component in Bartik
• #2409069 by andybroomfield, idebr, emma.maria, LewisNyman, zach.bimson, Schnitzel, theMusician: Clean up the "skip-link" component in Bartik
• #2430961 by idebr: Remove leftover CSS from theme_exposed_filters()
• #2426595 by mortendk, brahmjeet789, LewisNyman, DickJohnson: rename indentation class to js-indentation
• #2421345 by mortendk, idebr, ibonelli: file.formatter.generic.css rename to file.theme.css
• #2433009 by hussainweb, grom358, neclimdul, daffie, larowlan, alexpott, pcambra, benjy, jibran, phenaproxima, moshe weitzman, nick_schuch: Add Mink, with Goutte driver, to core
• Revert "Issue #2433009 by hussainweb, grom358, neclimdul, daffie, larowlan, alexpott, pcambra, benjy, jibran, phenaproxima, moshe weitzman, nick_schuch: Add Mink, with Goutte driver, to core"
• #2378883 by Wim Leers, dawehner: Convert existing drupal_render() KernelTestBase tests to PHPUnit tests

Läs mer: http://drupal.org/node/2459341

8.0.0-beta7

(beta release)
2 Mars 2015 - 95MBThis release is a beta version. Betas are good testing targets for developers and site builders who are comfortable reporting (and where possible, fixing) their own bugs, and who are prepared to rebuild their test sites from scratch if necessary. Beta releases are not recommended for non-technical users, nor for production websites.

Known issues

• Obvious user facing bugs: If you are testing the beta, be aware that there are obvious site visitor and site builder-facing bug.
• There are still over 50 critical issues with this beta release that need to be resolved before we will create a release candidate.

Changes since 8.0.0-beta6:

• #2424587 by attiks: Make the mobile breakpoint for Bartik empty
• Revert "Issue #2433009 by hussainweb, grom358, daffie, larowlan, alexpott, pcambra, benjy, jibran, phenaproxima, moshe weitzman, nick_schuch: Add Mink, with Goutte driver, to core"
• #2433009 by hussainweb, grom358, daffie, larowlan, alexpott, pcambra, benjy, jibran, phenaproxima, moshe weitzman, nick_schuch: Add Mink, with Goutte driver, to core
• #2428563 by Wim Leers: Introduce parameter-dependent cache contexts
• #2416409 by alexpott, bojanz: Delete dependent config entities that don't implement onDependencyRemoval() when a config entity is deleted
• #2429261 by Wim Leers: Replace the hardcoded cache key on the book navigation block with a 'book navigation' cache context
• #2388629 by kajalkiran, Canutza: remove drupal_is_front_page()
• #2253593 by neclimdul, damiankloip: Stop classloader searching filesystem for classes before drupal_classloader() is called
• #2417567 by xjm, effulgentsia, mpdonadio, hussainweb: Rename user-path: scheme to internal:
• #2363341 by tim.plunkett, donquixote, adci_contributor: Throw exception in Drupal::service() and friends, if container not initialized yet
• #2419059 by chx: Impossible to enable views if entities are not in SQL
• #2421263 by alexpott, formatC'vt, kim.pepper, andypost, larowlan, chx: Potential data loss: concurrent (i.e. by different users) node edits leak through preview
• #1013034 by bzrudi71, jaredsmith, andypost, alexpott, dbcollies, ncl, jhedstrom, kathyh: PostgreSQL constraints do not get renamed by db_rename_table()
• #1853856 by tim.plunkett, alexpott: Document that ConfigEntityBase and ConfigStorageController are tightly coupled
• #2332047 by xjm: Deprecate unneeded file_htaccess_lines() wrapper
• #2430927 by yched: Duplicate TranslationsStream class
• #2328645 by andypost, Berdir, almaudoh: Remove remaining global $user
• #2426181 by effulgentsia, mpdonadio, xjm: Add a Url::fromUserInput() wrapper method for generating URLs from user-entered paths
• #2408479 by joaogarin, LewisNyman: Rewrite breadcrumb component inline with our CSS standards
• #2346119 by marvil07, roderik: Fix call to undefined method Select::setCountQuery()
• #2420239 by andypost, pjonckiere: Default language setting form needs validation
• #2349591 by betovarg, Outi, LoMo, juho.lehmonen, droplet, amitgoyal, aliyakhan, jerrylow, klakegg: Dropdown action list shows up as a simple list without JavaScript
• #2430735 by idebr: Primary navigation toggle broken in Bartik
• #2426509 by yched, fago: ContentEntityBase::__set() messes with values that happen to be TypedData
• #2429103 by cpj: Remove deprecated methods SessionManager::enable(), SessionManager::disable() and SessionManager::isEnabled()
• #2425497 by bojanz: Stop injecting the config storage to the config query
• #2422113 by DickJohnson, emma.maria, mrjmd: Unpublished comments have lost their styles in D8
• #2425201 by jibran, dawehner: Small cleanup follow from #2414255.
• #2429925 by aliyakhan, mortendk: css lint system.diff.css
• #2329101 by Wim Leers: CacheableInterface only has a getCacheKeys() method, no getCacheContexts(), leads to awkward implementations
• #2419693 by Upchuk: Move URI access validation from widget to field constraint
• Revert "Issue #2144669 by Mile23, Nitesh Sethia: Improve/Refactor TestBase Through Expanded Unit Testing"
• #2144669 by Mile23, Nitesh Sethia: Improve/Refactor TestBase Through Expanded Unit Testing
• #2425013 by kandra, mortendk, aliyakhan, rteijeiro, LewisNyman: css lint on print.css
• #2429675 by Sachini: Spelling mistake in Views module
• #2413753 by alexpott, olli: Views recalculating the dependencies for non overridden handlers and plugins multiple times
• #2377113 by JeroenT, mglaman, LinL, pcambra: Replace all instances of entity_load('block_content') and entity_load_multiple('block_content') with static method calls
• #2424745 by martin107: aggregator module document tidy
• #2419897 by penyaskito, Wim Leers, webflo: Javascript translations are loaded in the wrong order due to missing dependencies
• #2422685 by balagan: Language negotiation configuration page titles inconsistent, should not even mention "negotiation"
• #2394951 by subhojit777, cilefen, Gábor Hojtsy, Kristen Pol, jhodgdon: Page title escaped with HTML markup when editing content translation
• #2428941 by amateescu: Update the Node views wizard to use 'entity_autocomplete' for the "tagged_with" field
• #2428881 by amateescu: Remove TermAutocompleteController::autocompletePerVid()
• #2426447 by mpdonadio, Berdir: Views no longer supports {{ something }} as twig placeholder for a path, only {{something}}
• #2413461 by geertvd: Views BulkForm should add destination to go back to current page
• #2422363 by mortendk, joelpittet, davidhernandez: Rewrite the menu CSS components inline with our CSS standards
• #2427323 by kgoel: Deprecate shortcut_set_assign_user and shortcut_set_unassign_user.
• #2298687 by tstoeckler, Jose Reyero, hussainweb, rpayanm: Sequence and Mapping implement interfaces incorrectly, make them honest about what they support
• Revert "Issue #2298687 by tstoeckler, Jose Reyero, hussainweb, rpayanm: Sequence and Mapping implement interfaces incorrectly, make them honest about what they support"
• #2423929 by effulgentsia, xjm: Convert views.module usage of base:$path to user-path:/$path when $path is from user input
• #2350933 by rodrigoaguilera, alexpott, Gábor Hojtsy, YesCT: Languages don't get weights by default, reordered when displayed translated
• #2388867 by alexpott, xjm, jhodgdon: Notifying user of config changes when config has never been synched makes no sense
• #2383165 by sidharrell, alexpott: ResponsiveImageStyle config entities should depend on the image styles they use
• #2426457 by alexpott: Remove request_path
• #2408227 by geertvd, gloob, amitsedaiz: When creating a float field, max and min value settings are forced to be integer
• #2414279 by Gábor Hojtsy, likin, askibinski: Interface translations directory: Can not set values on immutable configuration
• #2356983 by bzrudi71, jaredsmith: PostgreSQL: Fix tests in locale test group
• #2421713 by JeroenT: Remove deprecated functions in WebTestBase.php
• #2091363 by jhodgdon, surendramohan, ifrik, lostkangaroo: Update hook_help for System module
• #2417339 by amateescu, shashikant_chauhan: Fix @return documentation for EntityManagerInterface::loadEntityByConfigTarget()
• #2385209 by tadityar, cilefen, ardnet, hussainweb, AjitS, tibbsa: Clean-up views module test members - ensure property definition and use of camelCase naming convention
• #2424697 by jedihe, dalguete, yched: ResponsiveImageFormatter throws an exception on node preview
• Revert "Issue #2424697 by jedihe, yched: ResponsiveImageFormatter throws an exception on node preview"
• #2413217 by Mile23: ViewStorageTest::displayMethodTests() needs @todo love
• #1763964 by ParisLiakos, mrded: Use #type => link for theme_aggregator_block_item()
• #2428377 by sun, daffie, amateescu: SQLite Schema class is missing use Drupal\Component\Utility\Unicode
• #2427875 by sun, daffie: SQLite Insert query does not account for INSERT FROM ... SELECT
• Revert "Issue #2427875 by daffie: SQLite Insert query does not account for INSERT FROM ... SELECT"
• #2425691 by pjbaert, kepford, drupalninja99: Remove .leaf/.menu-item--leaf from menu CSS components
• #2427875 by daffie: SQLite Insert query does not account for INSERT FROM ... SELECT
• #2421699 by JeroenT: Remove usage of deprecated functions of WebTestBase
• #2428633 by pcambra: Remove unnecessary BlockContentFieldTest
• #2424697 by jedihe, yched: ResponsiveImageFormatter throws an exception on node preview
• #2424727 by Jelle_S: Do not output empty media attribute for source tags
• #2174507 by jessebeach, alansaviolobo, tim.plunkett: Make debug() use print_r() by default
• #2190895 by frankcarey, tim.plunkett: Revamp vertical tabs to not save form values
• #2317077 by csakiistvan, pjonckiere, longwave: Missing pictures in "Available updates" page
• #2419905 by Arla: Views field 'Operations links' fails to set destination
• #2426031 by almaudoh, cpj: Remove deprecated uses of SessionManager::isEnabled(), SessionManager::enable() and SessionManager::disable()
• #2426935 by jibran, tstoeckler: Make jibran and tstoeckler maintainers of Shortcut module
• #1946090 by pjonckiere, alex-mo, rpayanm: _drupal_wrap_mail_line() does not force-wrap too long words after 996 characters
• #2409655 by Mile23, zealfire: General Cleanup of AjaxCommandsTest
• #2426659 by chx: NodeCreationTest is not reusable
• #2423241 by Mile23: Merge ConfigurablePluginCollectionTest into DefaultLazyPluginCollectionTest
• #2407733 by mortendk, rteijeiro, sivaji@knackforge.com: Remove classes from system templates i*.html.twig
• #2420107 by alexpott: Determine which config entities can be fixed and which will be deleted when a dependency is removed
• #2383413 by larsmw, Cottser, alvar0hurtad0: Remove file_exists() when registering namespaces for Twig template paths
• #2318437 by Wim Leers, Gábor Hojtsy, geertvd: Replace the hardcoded langcode key on blocks with the 'language' cache context
• #2409345 by Sara.Smith: Update hook_help() text for the Color module
• #2415513 by eojthebrave: Add @Event documentation to all RoutingEvents
• #2426639 by mortendk: remove classes from comment modules templates
• #2091337 by genjohnson, no_angel, jhodgdon, ifrik, thijsvdanker, theMusician, amitgoyal: Update hook_help for Image module
• #2416111 by quietone, ultimike, chx: Migrate Dump export needs to have a consistent order
• #2427409 by ParisLiakos: Feed image doesnt display
• #2421385 by mortendk: shortcut cssfile cleanup
• #2425759 by andypost, jhodgdon: SearchQuery lacks preExecute(), making countQuery() run even when there are problems in prepare step
• #1807160 by Mile23, martin107, ParisLiakos, Lars Toomre: Add missing type hinting to Aggregator module docblocks
• #2427105 by andypost: Remove unused user_menu_breadcrumb_alter()
• #2415441 by Mile23: Automate finding @covers errors
• #2418031 by BassistJimmyJam, pwolanin, tadityar, Wim Leers: Remove MenuLinkContentForm::doValidate() since the logic was moved to LinkWidget::validateUriElement()
• #2427007 by chx: The persistent lock is not marked as backend_overridable
• #2427291 by Stalski: Remove node.pages.inc
• #2407745 by mortendk, rteijeiro, sivaji@knackforge.com: Remove classes from system templates t*.html.twig
• #2395627 by tstoeckler, Leksat, webflo, Gábor Hojtsy: Do not remove 0 from config translation data
• #2411343 by pcambra: Only allowing to have empty language path prefix for the default language is inappropriate
• #2427773 by sun, daffie: SQLite REGEXP user function exists, but is wrongly implemented
• #2407735 by mortendk, sivaji@knackforge.com, hussainweb: Remove classes from system templates m*.html.twig
• #2426389 by olli, mikey_p, idebr, amateescu: Port SA-CONTRIB-2015-039 to D8 (views)
• #2372507 by dawehner, mavimo, RavindraSingh: Remove _system_path from $request->attributes
• #2427311 by sun, daffie: SQLite does not natively support CONCAT_WS()
• #2350273 by larowlan, andypost: Move CommentViewBuilder::renderLinks post_render_cache callback to CommentPostRenderCache
• #2369401 by quietone: User picture file could not be copied
• #2427349 by pcambra: Remove ThirdPartySettingsTrait leftover in ConfigEntityBase
• #2426973 by tstoeckler: shortcut.theme.css makes .edit-shortcuts display: block unnecessarily
• #2427001 by chx: field item presave is only called for SQL
• #2427161 by tstoeckler: shortcut.admin.js broken, replace with #states
• #2426979 by tstoeckler: Remove obsolete PNG images from Shortcut module
• #2426729 by chx: NodeSaveTest hardwires SQL
• #2407743 by mortendk, danquah, rteijeiro, davidhernandez, sivaji@knackforge.com: Remove classes from system templates s*.html.twig
• #2425325 by cleaver: Batch API example code has wrong finished callback
• #2426477 by Berdir: config schema views.field.bulk_form is defined in action.module, should be in views.module
• #2425761 by zealfire: DisplayPluginInterface needs separate dockblock
• #2426323 by betoscopio: Rename UserAccountLinksTests to UserAccountLinksTest.
• #2420037 by daffie: Remove EntityViewsDataInterface from some subclasses of EntityViewsData which implements EntityViewsDataInterface
• #2329781 by davidhernandez, sidharthap: Move CKEditor toolbar classes from preprocess to templates
• #2343127 by tadityar, harshil.maradiya, aphickey, bburg, ashutoshmishra: Docblock fixes for core/lib/Drupal/Core/Database/Query
• #2091367 by Shreya Shetty, mparker17, Sree, chintan4u, jhodgdon, ifrik, rteijeiro, rpayanm: Update hook_help for Taxonomy module
• #2411303 by zuuperman: Documentation of ViewsArgumentDefault plugins construct method mention 'Date instance' instead of the current class instance
• #2398075 by andypost, sarav.din33, larowlan, nemethf, hussainweb: Breadcrumbs for comment entity
• #2413759 by benjy, hosef: Move D6 dumps to avoid collisions with D7 dumps
• #2415505 by eojthebrave: Add @Event documentation to all ConfigEvents
• #2422257 by chx: Remove unnecessary query against the session table in WebTestBase.
• #2426901 by David_Rothstein: Add back various links (especially security-related links) to README.txt that were removed from INSTALL.txt
• #2418237 by Mile23, neclimdul, jyotisankar: Fix incorrect @covers in PHPUnit tests.
• #2425739 by jacob.embree: Incorrect regex in trusted_host_patterns example
• #2424761 by rodrigoaguilera: Update automated tests documentation to reflect the removal of getInfo
• #2407729 by sivaji@knackforge.com, mortendk: Remove classes from system templates h*.html.twig
• #2424733 by idebr: Node preview backlink RTL button :active styling is applied to LTR
• #2419649 by plach, David Latapie: Content translation schema updates are not triggered consistently
• #2419225 by mikeker: settings.local.php trusted_host_patterns are ignored due to incorrect location of the include statement
• #2332687 by jhodgdon: Lost help for field types from Core/Field
• #2422657 by Berdir: Skip fast chained cache backend in maintenance mode
• #2419923 by amateescu, jibran, dashaforbes: Port SA-CONTRIB-2013-096 to D8
• #2423213 by plach: Schema for newly defined entity types is never created
• Revert "Issue #2407735 by mortendk, sivaji@knackforge.com: Remove classes from system templates m*.html.twig"
• #2426533 by alexpott, Berdir: Random failures in tests that extend PhpStorageTestBase
• #2403301 by lokapujya, penyaskito, Wim Leers: Menu item "active" class is not correctly added when using a view as the frontpage
• #2407735 by mortendk, sivaji@knackforge.com: Remove classes from system templates m*.html.twig
• #2422365 by mortendk, LewisNyman: Remove redundant comments styling
• #2371587 by fullerja, shrijata, Prashant.c: Review install.txt
• #2417515 by idebr: TestBase::prepareDatabasePrefix() refers to DrupalWebTestCase that has been renamed
• #2407715 by crowdcg, davidhernandez, mortendk, sivaji@knackforge.com, Manjit.Singh, dernetzjaeger: Remove classes from system templates b*.html.twig
• #2380071 by geertvd, pcambra, andypost, larowlan: No way to add comment field to any entity
• #2422221 by benjy, chx: LoadEntity needs to fire load hooks for dynamic migrations
• #2417733 by joelpittet, martin107: Drupal 8 breaks Twig's round filter
• #2372389 by znerol, almaudoh: Expose session handler in container
• Revert "Issue #1986330 by subhojit777, marcelodornelas, wheatpenny, kasperg, timaholt, stefank, AkshayKalose, develCuy, valthebald, moymilo, YesCT, dawehner, tstoeckler: When Batch ID doesn't exist, Drupal should emit a 404"
• #2226189 by alvar0hurtad0, sivaji@knackforge.com, mherchel, emma.maria, LewisNyman, tmjoseantonio: Style the modal in Bartik
• #2425379 by eojthebrave: Add @Event documentation to all EntityTypeEvents
• #2401919 by icampana, alexpott, jibran, ParisLiakos, Samshel, xavier.cabrera, alejandrovaras: Fix various file permissions to be 644
• #2415519 by eojthebrave, nitvirus, jhodgdon: Add @Event documentation to all LanguageConfigOverrideEvents
• #1986330 by subhojit777, marcelodornelas, wheatpenny, kasperg, timaholt, stefank, AkshayKalose, develCuy, valthebald, moymilo, YesCT, dawehner, tstoeckler: When Batch ID doesn't exist, Drupal should emit a 404
• #2195183 by cleaver, sandykadam, elgordogrande, jhodgdon, joachim, Eda, hussainweb: document Batch API callbacks as callback implementations
• #2421681 by JeroenT, develCuy, developermitesh: Remove drupal_pre_render_html
• #2349565 by tengoku, jhodgdon, jribeiro, susanb, batigolix, no_angel, megansanicki: Review/update block_content hook_help text
• #2423579 by mpdonadio, xjm, heilop, Wim Leers, webchick: Url::fromUrl('user-path:/') should throw an exception when a path component without a slash is given
• #2388627 by JeroenT, filijonka, ultimateAnkit, tadityar, rpayanm, adci_contributor: Remove usages of drupal_is_front_page
• #2424927 by Wim Leers: Docs typo in LinkWidget
• #2356991 by bzrudi71, andypost: PostgreSQL: Fix tests in search test group
• #1906264 by mgifford, mitsuroseba, blueminds, johanv, claudiu.cristea, kattekrab, amitgoyal, sivaji@knackforge.com: Required alt tag missing on image alt tag input
• #2422039 by idebr: Double escaping in search result info
• #2229145 by znerol, neclimdul, larowlan, alexpott, joelpittet, almaudoh, tadityar: Register symfony session components in the DIC and inject the session service into the request object
• #2338559 by larowlan, damiankloip, hampercm, mradcliffe, jibran, Berdir, Fabianx, catch: Never serialize password fields by default
• #2409515 by joelpittet: Updater::findInfoFile() was never updated for .info -> .info.yml change.
• Revert "Issue #2409515 by joelpittet: Updater::findInfoFile() lacks test coverage"
• #2409515 by joelpittet: Updater::findInfoFile() lacks test coverage
• #2400863 by alex-arriaga, MacMladen, emma.maria, oriol_e9g, idebr, betovarg: Add the correct classes and styles for disabled buttons in Bartik
• #2061879 by Palashvijay4O, chx: Remove Schema::copyTable
• #2424951 by bzrudi71: PostgreSQL: Fix tests in block_content test group
• #2423935 by effulgentsia: Convert path.module usage of base:$path to user-path:/$path when $path is from user input
• #2413841 by yched: EntityDisplayBase::__wakeup() should avoid calling toArray()
• #2422745 by alexpott: Reduce simpletest memory limit
• #2414255 by lauriii, Jeff Burnz, dawehner, davidhernandez: Subtheme template inheritance working in reverse order
• #2307869 by dawehner, Berdir, RavindraSingh, effulgentsia: Remove Drupal's Container::get()
• Revert "Issue #2369987 by aneek, joelpittet, idebr, pgautam: Remove SafeMarkup::set() from title on template_preprocess_html"
• #2423577 by LewisNyman, joelpittet: Remove Seven's appearance-page.css
• #2423153 by idebr, dawehner, Frankencio: Add menu from the editing page doesn't save the changes
• #2415507 by eojthebrave: Add @Event documentation to all FieldStorageDefinitionEvents
• #2419943 by martin107: Add inheritdoc to FieldPluginBase extending classes
• #2422409 by mortendk, joelpittet: search.admin.css css lint cleanup
• #2422377 by mortendk: elements.css css lint fix
• #2421373 by mortendk, Wim Leers: rename *.icons.css files to *.icons.theme.css
• #2422359 by mortendk: seven module-page.css css lint fix
• #2400883 by oriol_e9g: Remove zoom: 1 CSS property
• #2422975 by emma.maria, mherchel, idebr: Bartik footer has CSS regressions
• #1663210 by mortendk, rootwork, idebr, vks7056, ishmael-sanchez, LewisNyman, joelpittet, Manjit.Singh, Manuel Garcia, b0unty, prajaankit, alansaviolobo, atu: Clean up css in the User module
• #2422381 by mortendk, joelpittet, LewisNyman: elements.css css lint fix bartik
• #2423781 by alexpott, dawehner, cosmicdreams, davidhernandez, LewisNyman: Firefox crash using a modal
• #2329917 by lauriii, Manuel Garcia, davidhernandez, akalata, nathandao, LewisNyman: Move views classes from preprocess to templates
• #2343669 by mpdonadio: Remove _l() and _url()
• #2391217 by Berdir: Support base fields with multiple columns in entity queries
• #2260061 by Jelle_S, attiks, Wim Leers, mdrummond, mgifford, holist: Responsive image module does not support sizes/picture polyfill 2.2
• #2369987 by aneek, joelpittet, idebr, pgautam: Remove SafeMarkup::set() from title on template_preprocess_html
• #2404603 by mpdonadio, dawehner, larowlan, RavindraSingh: Add proper support for Url objects in FieldPluginBase::renderAsLink(), so we can remove EntityInterface::getSystemPath()
• #2418017 by Wim Leers, YesCT, dawehner, webchick, jibran, amateescu, hussainweb: Implement autocomplete UI for the link widget
• #2423953 by mpdonadio: Properly comment use of Url::fromUri('base:core/authorize.php')
• #2409209 by dawehner, xjm, mpdonadio, Wim Leers, hussainweb, RavindraSingh, prashantgoel: Replace all _url() calls beside the one in _l()
• #2423555 by vijaycs85: Fix a leftover comment to reflect "immutable" config objects change
• #2192877 by mradcliffe, jhedstrom: File content list includes ambiguous column fid in Group By statement
• #2014955 by YesCT, penyaskito, kfritsche, balintcsaba: Deleted bundles do not have their language configuration deleted
• #2421133 by penyaskito: Undefined variables in core/modules/locale/src/StringBase.php
• #2422243 by chx: WebTestBase breaks settings
• #2422301 by benjy: Fix D6 user migration dependencies
• #2422351 by mortendk: Remove #page-title id from sevens CSS
• #1189806 by mortendk, lauriii, jussil, Dragan Eror, cluke009, DickJohnson, rteijeiro, tlattimore: Convert aggregator-item.html.twig to HTML5
• #2422341 by mortendk: seven appearance-page.css css cleanup
• #2030633 by hussainweb, Mile23, carsonevans, czigor, Berdir, fernando_calsa, Geijutsuka, amitgoyal, Jānis Bebrītis, undertext: Expand FieldStorageConfig with methods
• #2356967 by bzrudi71: PostgreSQL: Fix tests in comment test group
• #2419065 by jhedstrom: Switching the entity storage class should not be considered a definition update that requires schema changes
• #2409635 by chris_h, Manjit.Singh, stutee, Nitesh Pawar: Improve authored by description
• #2380117 by monobasic, tadityar, moymilo, hussainweb, manvendrakot, er.pushpinderrana, joscartesar, markf3lton: Fix UI of filter on Views list page
• #2421099 by mortendk, LewisNyman: forum module css file follow MAT naming
• #2421391 by mortendk, LewisNyman, rteijeiro: taxonomy.modules.css should be taxonomy.theme.css
• #2349425 by John.K, jturman, PieterJanPut, thomasth, jamadar, kulcsi: JavaScript error on bottom left while editing a field
• #2357199 by andypost, naiduharish: Consider CommentManagerInterface::addDefaultField() as deprecated and remove in favour of CommentTestTrait
• #2408439 by zuuperman, askibinski: Language / Translation settings are not saved when adding a new bundle
• #2408467 by idebr, DickJohnson, LewisNyman, monobasic: Rewrite pager component inline with our CSS standards
• #2404963 by herom, idebr: Remove duplicate search results CSS in Bartik theme
• #2409427 by joelpittet, SteveK, sivaramakrishnan, skippednote, idebr: Toolbar vertical orientation link not expanding to fill the space
• #2051467 by jhedstrom, dawehner, amateescu, Berdir, herom, Mile23: Expand and convert to phpunit tests for \Drupal\Component\Transliteration
• #2066445 by mparker17, rpayanm, aspilicious, tkuldeep17, adci_contributor, Mile23, vijaycs85, alvar0hurtad0, rahulbile, andypost, valthebald: Convert a bunch of AjaxResponse callbacks in system.module's test's ajax_test.module to a new style controller
• #2391289 by penyaskito, sidharthap, RavindraSingh, lokapujya: Blocks are invisible while selecting content types
• #2417625 by geertvd, yannickoo: "Column not found" when adding file relationship
• #2422019 by alexpott, dawehner: Don't use reflection for parsing test annotations
• #2193623 by JeroenT, ianthomas_uk, shumer, LinL: Remove module_implements and module_list
• #2352917 by joshi.rohit100, chintan.vyas, JeroenT: Remove module_install() and module_uninstall() from module.inc
• #2420223 by idebr: Remove typography.css from Bartik libraries and info yml files
• #2421677 by JeroenT: Remove list_themes function
• #2349759 by davidhernandez, mortendk, rteijeiro, harish86, Sumit kumar, saki007ster, Mukeysh, brahmjeet789, nitishchopra, falkendk, Maninder, Vidushi Mehta, Ashish sandil, jitendra verma, crowdcg, sivaji@knackforge.com, dernetzjaeger: Copy system templates to Classy.
• #2338727 by znerol, almaudoh: Replace static SessionManager::$enabled property with WriteSafeSessionHandler class and resolve hidden circular dependency between SessionManager and SessionHandler
• #2414721 by jesperjb, plach: EntityAdapter should be instantiated per language
• Revert "Issue #2229145 by znerol, neclimdul, larowlan, joelpittet, almaudoh: Register symfony session components in the DIC and inject the session service into the request object"
• #2403105 by larowlan, idebr, mshaver: Add an empty text on "Add Custom Block" page when no custom block types are available
• #2421841 by neclimdul, tim.plunkett: Performance bug in ControllerResolver::getControllerFromDefinition()
• #2421849 by amateescu: Make SelectionBase::buildEntityQuery() protected
• #2330181 by esod, ashutoshsngh, gaurav_varshney, ranjeet.paliwal, joshi.rohit100, er.pushpinderrana, oriol_e9g: Remove bootstrap.inc module_invoke()
• #2229145 by znerol, neclimdul, larowlan, joelpittet, almaudoh: Register symfony session components in the DIC and inject the session service into the request object
• #2408977 by geertvd: Fatal error: Cannot access protected property Drupal\block\Entity\Block::$id
• Revert "Issue #1945262 by nod_: Replace custom weights with dependencies in library declarations"
• #2417647 by Wim Leers, effulgentsia: Add leading slash to paths within 'user-path:' URIs, to allow 'user-path:' URIs to point to the route
• #2420751 by Wim Leers, mondrake, attiks: ImageEffectBase::transformDimensions() should have a sane default implementation
• #2421581 by amateescu: Node preview causes stale values to be kept indefinitely for exisiting nodes
• #1945262 by nod_: Replace custom weights with dependencies in library declarations
• #2349677 by davidhernandez, Xen, emma.maria, runand, mortendk: Copy filter templates to Classy
• #2216271 by larowlan, dawehner, lokapujya, mariusz.slonina, Berdir: Regression: Shortcut links access is not checked
• #2421335 by alexpott: Using run-tests.sh with the --list option should not require a db (of any kind)
• #2410623 by ultimike, chx: D6-D8 Custom Block Migration not visible in region
• #2349687 by mortendk, LewisNyman, lauriii, runand: Copy image templates to Classy
• #2418481 by tstoeckler: Views more text cannot be translated
• #2349683 by davidhernandez, mortendk, Manuel Garcia, emma.maria, DickJohnson: Copy forum templates to Classy
• #2397729 by penyaskito, Gábor Hojtsy, plach, Kristen Pol: Content language settings cannot be configured for non-translatable types on the one page configuration form
• #2349767 by mortendk, kallehauge, saki007ster, lauriii: Copy toolbar templates to Classy
• #2281167 by jhedstrom, blueminds: AliasManager strange cacheClear logic
• #2405943 by fago, mikey_p, dashaforbes: User entity validation misses form validation logic
• #1164784 by emma.maria, kattekrab, tadityar, DickJohnson, vermario, luco, Jeff Burnz, davidhernandez, David_Rothstein, webchick, Bojhan, LewisNyman, alexpott: “Triptych” term is not widely understood; add "Featured top" and "Featured bottom"
• #2380457 by Gábor Hojtsy, vijaycs85, olli, dawehner: Some fixes of the views config schema
• #2421005 by tim.plunkett: Add \Drupal::hasContainer() instead of checking if \Drupal::getContainer() === NULL
• Revert "Issue #2418481 by tstoeckler: Views more text cannot be translated"
• #2406103 by Berdir, alexpott: Remove hook_node_validate() and hook_node_submit() because they bypass the entity API
• #2396553 by nripeshtrivedi, fullerja: field.html.twig documentation on template suggestions is incorrect
• #2420559 by klausi, dawehner: REST permissions are not working as expected
• #2419005 by dawehner, alexpott: Aggregator: Uncaught PHP Exception Drupal\Component\Plugin\Exception\PluginNotFoundException: "The "FeedTitle" plugin does not exist."
• #1987832 by aspilicious, disasm, webflo, vijaycs85, adci_contributor, vks7056: Convert system_test callbacks to a new style controller
• #2394883 by Gábor Hojtsy, plach, jhodgdon: Language setup for entity and field based rendering in views is independent, confusing UI, lacking test coverage
• #2420025 by Berdir: Token::resetInfo() uses invalid cache tag structure
• #2349071 by Upchuk, Cottser, pwolanin: EntityStorageException when trying to save a link over the maximum depth
• #2418179 by martin107: twig.engine needs some documentation fixes
• #2418209 by chintan.vyas, lucastockmann: Replace user facing strings that use drupal.org as example of an external url
• #2345833 by quietone, benjy: Convert assetEqual to assertIdentical in migrate_drupal
• #2417089 by davidhernandez: Add an active maintainer for CSS
• #2300101 by dpi, ivanjaros: Unrevisioned base fields are ignored during entity load
• #2164601 by yched, jibran, amateescu, pfrenssen: Stop auto-creating FieldItems on mere reading of $entity->field[N]
• #2420421 by larowlan: HEAD BROKEN: Fatal error: Cannot use Drupal\Component\Utility\Xss as Xss because the name is already in use in /var/lib/drupaltestbot/sites/default/files/checkout/core/modules/views/src/Plugin/views/field/Field.php on line 11
• #1959806 by amateescu, jibran, goldorak, Wim Leers, yched, dawehner: Provide a generic 'entity_autocomplete' Form API element
• #2419857 by Wim Leers, alexpott: Responsive image and View mode schemas should use the config_entity type, can then be simpler
• #2361775 by alexpott, swentel: Third party settings dependencies cause config entity deletion
• #2415645 by geertvd, alexpott: Shortcuts not sorted on display
• #2349625 by mortendk, alexpott, lauriii, Manuel Garcia, saki007ster, emma.maria, DickJohnson: Copy block templates to Classy
• #2410151 by alexpott: _system_rebuild_module_data_ensure_required does not parse dependencies
• #2414991 by alexpott: Prevent hook_config_schema_info_alter from adding or removing definitions
• #2363099 by Gábor Hojtsy, Berdir, swentel, plach: Using translated field definition descriptions in entity schema results in different schema definitions, resulting in update.php changes
• #2350013 by kattekrab, David_Rothstein: Descriptions for Promotion Options are too technical
• #2394417 by hussainweb, tibbsa, sivaji@knackforge.com: Clean-up field_ui module test members - ensure property definition and use of camelCase naming convention
• #2385211 by tadityar, subhojit777, hussainweb, cilefen, tibbsa: Clean-up user module test members - ensure property definition and use of camelCase naming convention
• #2409391 by Cogax, gulab.bisht: Fix the whitespace of inline_template declarations in Views UI
• #2396699 by hussainweb, sivaji@knackforge.com: Clean-up menu_ui module test members - ensure property definition and use of camelCase naming convention
• #2398447 by emma.maria, rootwork, Maninder, ramkrk, DickJohnson, idebr: Remove the "typography" CSS file in Bartik
• #2414235 by hussainweb, dawehner: Upgrade to Symfony 2.6.4
• #2415515 by eojthebrave: Add @Event documentation to all BlockEvents
• #2408581 by rachel_norfolk, zach.bimson, MarkoT91, Ieva Uzule, idebr, LewisNyman, sarav.din33: Clean up the "help" component in Bartik
• #2417071 by chintan.vyas: Remove file_get_mimetype
• #2153937 by Gábor Hojtsy, pcambra: Default language setting is hard to find
• #2412579 by idebr, geertvd: Tabledrag applies odd/even classes to tables with striping disabled
• #1987612 by valthebald, Mile23, aspilicious, Pinolo, InternetDevels: Convert ajax_test_dialog_contents() to a new style controller
• #2418567 by martin107: Missing IDE type hinting
• #1987738 by Mile23: Convert menu_test_callback() to a new style controller
• #2417983 by kattekrab: Change docs instances of "the the" to "the"
• #2418611 by martin107: Trivial fix to EditorXssFilterInterface::filterXss
• #2407125 by Cogax, vijaycs85, Gábor Hojtsy: LanguageInterface should not support setName
• #2397281 by fran seva, Gábor Hojtsy: Languages not translated when you add them
• #2414685 by xjm, mikeker: Improve references to Twig tokens in Views UI
• #2402061 by emma.maria, Katiemouse, er.pushpinderrana: Reusable heading classes should be "heading-*" not "header-*"
• #2417651 by TravisCarden: Grammar error in Views argument modal
• #2417817 by yched: Keep contrib modules out of ConfigImportAllTest
• #1984582 by jibran, kattekrab, dawehner, larowlan: Add views support for custom blocks
• #2419015 by pwolanin: Remove use of base: scheme in LocalTasksTest
• #2409661 by yched: Remove duplicate check for "FieldableEntity" in EntityDisplayBase
• #2227121 by emma.maria, Vally79, DickJohnson, Jill L, frankfarm, rootwork, jamesquinton, Rajendar Reddy, krueschi, ericxb, seiplax, bluegriff: The "Default country" dropdown element overflows the installer container at certain widths
• #2408613 by kpv: ViewExecutable::getHandlers() should restore display_id before return
• #2349721 by lauriii, preshetin, wheatpenny, mortendk: Copy node templates to Classy
• #2414365 by benjy: File migration fails when the files are at a remote URI
• #2410539 by cafuego, jibran, larowlan: Views schema prevents saving of view with disabled display through code
• #2415399 by lokapujya, ultimike: D6->D8 migration: User role based block visibility settings not migrated properly
• #2402639 by Katiemouse, nitvirus, lakshminp, dernetzjaeger, emma.maria, gippy, kporras07, john guant, Prashant.c: Rename the footer regions in Bartik
• #2349517 by emma.maria, b0unty, idebr, tarekdj, lauriii, Manjit.Singh, adci_contributor: Fix RTL for Bartik's vertical tabs
• #2415757 by chintan.vyas: Remove all uses of file_get_mimetype
• #2375997 by Mile23, hussainweb, tstoeckler, omers: Avoid tying Drupal 8's composer.json to specific package commits
• #2416099 by ultimike: Documentation issue in Migrate Drupal dump file instructions
• #2165989 by Xano, pcambra, damiankloip, dawehner: Add a Views field handler for multiple entity operations
• #2400233 by emma.maria, rpayanm, Katiemouse, LewisNyman: Add reusable heading classes to Bartik
• #2409587 by Cogax: Incorrect documentation for @covers
• #1331852 by droplet, franz: template_preprocess_menu_local_task localized_options is optional
• #2415415 by er.pushpinderrana: help.api.php missing <?php at top
• #2358079 by pwolanin, Berdir: Require a specific placeholder format in db_query() in order to trigger argument expansion, and require explicit 'IN' parameter for conditions
• #2360175 by zaporylie, gaurav.goyal, droplet, sivaji@knackforge.com, mcdruid, nod_, er.pushpinderrana, brahmjeet789: Change .append(' ') with CSS style in system.admin.css
• #2417645 by tim.plunkett, effulgentsia, pwolanin: Change destination query string handling to break dependence on system path
• #2418613 by pwolanin: Fix #0 bug in toUriString() method in Url class, clarify toString() vs toUriString()
• #2417705 by idebr: Autocomplete suggestions visual regression after modal and jQuery UI update
• #2418117 by yched: MenuLinkContent::baseFieldDefinitions() wrongly passes default values as a field setting
• #2416987 by YesCT, amateescu, webchick, Wim Leers, yched: Fix UI regression in the menu link form
• #2415511 by eojthebrave: Add @Event documentation to all RenderEvents
• #2414953 by alexpott: Element uses \Drupal::service() as a service locator and prevents injecting a custom typed config manager in config
• #2408189 by davidwbarratt: Remove repositories and extra from composer.json
• #2415855 by emma.maria: A forgotten reference to list.css in Bartik's info file is giving core a 404 error
• #552478 by markcarver, sun, effulgentsia, jhedstrom, ohnobinki: Restrict "self-closing" tags to only void elements in drupal_pre_render_html_tag
• #2405091 by marthinal, Berdir, RavindraSingh: Cannot create user entities - {"error":"Access denied on creating field pass"}
• #2133471 by lokapujya, Lendude, jhedstrom, tadityar, webflo, whitelikeman: Notice: Undefined index: uid in simple a user view
• #2346883 by andypost, amateescu: Standardize field_ui entity route names
• #2413941 by Mile23: BubbleableMetadataTest::testApply has wrong @covers
• #2349863 by tadityar, Mukeysh, ckrina: Overlapping elements in the titlebar in views modal window
• #2409723 by Prashant.c, JayKandari, shashikant_chauhan: Block tests refer to node incorrectly
• #1968982 by lauriii, a-fro, duellj, longwave, joelpittet, Temoor, Cottser, lokapujya, idebr, kgoel, Hydra, miraj9093, Brandonian: Convert book theme tables to table #type
• #2409579 by tstoeckler, katzilla, k4v: Allow to enter the machine name in the module filter
• #2411791 by yched, plach: Provide empty methods rather than abstract methods in EntityTypeEventSubscriberTrait / FieldStorageDefinitionEventSubscriberTrait
• #1520716 by lokapujya, cwells, David Lesieur: "Files displayed by default" not respected
• #2396489 by herom, rachel_norfolk, WigglyKoala, emma.maria, vijaycs85, jjcarrion: Add missing RTL rules to Bartik theme CSS
• #2395613 by dawehner: Make it possible to configure the output of a boolean field on the formatter level
• #2399709 by DickJohnson, idebr, LewisNyman: Remove media.css from Bartik, add it's current code directly to the components it references
• #2374019 by yched, jibran, amateescu: Cleanup the use of custom item properties in EntityReferenceFormatterBase
• #2411233 by benjy, chx: Stub in migration process plugin does not do complete process
• #2415111 by Wim Leers: Update CKEditor library to 4.4.7
• #2418169 by xjm: Expand and document test coverage in UnroutedUrlTest
• #2418139 by pwolanin, kgoel, dawehner, almaudoh, Wim Leers: Add a toUriString method to Url class and add a route: scheme
• #2417837 by pwolanin, larowlan, dawehner, kgoel: Update menu link definitions when aliases change
• #2417423 by dawehner, kgoel, pwolanin, larowlan: Re-process the user-entered-paths for custom menu links when there is a menu rebuild
• #2418163 by xjm, hussainweb: Recent content view "more" link configuration is malformed
• #2030607 by hussainweb, Mile23, Kingdutch, alexpott, balagan, amateescu, adci_contributor, Xano, mon_franco, cilefen: Expand EntityDisplayBase with methods
• #2412805 by mondrake: View preview does not attach assets provided by plugins
• #2418109 by yched: Misleading param name in LinkWidget::getUserEnteredStringAsUri()
• #2050759 by tim.plunkett, fietserwin: Move drupal_chmod and other code in file.inc to a Drupal\Core\File\FileSystem class
• #2411597 by idebr, davidhernandez, Gábor Hojtsy: Class 'path-frontpage' missing from
• #2411073 by Wim Leers: Fix documentation of hook_library_build_info()
• #2066557 by mparker17, valthebald, chakrapani: Convert system.module's test's database_test.module's JSON functions to a new-style controller
• #2417793 by effulgentsia, Wim Leers, YesCT, yched, dawehner: Allow entity: URIs to be entered in link fields
• #2417877 by pwolanin: Make getDefinition method on menu link content entity public so we can rebuild user paths
• #2417865 by xjm: Add a Views DisplayPluginInterface
• #2417809 by YesCT: link and shortcut have baseFieldDefinition settings that do not do anything: default_value max_length
• #2416955 by dawehner, YesCT, amateescu, jibran, yched, anavarre: Convert MenuLinkContent to use a link widget
• #2368653 by YesCT, pcambra, dawehner: Replace _l in all places (3) besides one
• #2417333 by Wim Leers, pwolanin, xjm, dawehner: Add support for user-path: scheme to Url class
• #2313263 by olli, kgoel: Page not found after adding, editing or deleting a menu link
• #2416563 by tim.plunkett: Follow-up to "HTTP_HOST header cannot be trusted"
• #2416763 by xjm, Wim Leers, effulgentsia: Convert Url::fromUri() base:// scheme to base:
• #2412509 by kgoel, pwolanin, Wim Leers, larowlan, effulgentsia, dawehner, xjm: Change LinkItem.uri to type 'uri' rather than 'string' and introduce user-path: scheme
• #2417445 by xjm, YesCT: Remove Url::toArray()
• #2406749 by dawehner, YesCT, amateescu, hussainweb, kim.pepper, RavindraSingh, pwolanin, Wim Leers, Gábor Hojtsy, yched, jibran: Use a link field for custom menu link
• #2398689 by jeqq: Follow-up: Applying entity schema updates still fails when both field and entity type definitions changes
• #2349715 by emma.maria, saki007ster, lauriii, Manuel Garcia: Copy link templates to Classy
• #2410123 by jeqq: Use mutable configuration to fix compatibility in update_fix_compatibility()
• #2409811 by lauriii, alexpott: Kernel tests should explicitly install themes
• #2306407 by lauriii, penyaskito, mortendk, pakmanlh, Wim Leers, ypogue: Remove breadcrumb from page template
• #1798332 by jhedstrom, dawehner, vedpareek, prajaankit: Add paging to the EntityListBuilder
• #818616 by idebr, Wim Leers, DjebbZ, mgifford: Allow in "Basic HTML" text format
• #2343043 by cilefen, hussainweb: valid_email_address() should use egulias/EmailValidator and become deprecated
• #2409581 by geertvd, balagan: Views UI generates translated HTML class names for handlers / buckets
• #2412241 by idebr, Wim Leers: Active menu links with identical paths get a duplicate "active" class for every active menu link
• #1728804 by Berdir: Introduce (Content)EntityDeleteForm and children to handle entity deletions
• #2341357 by xjm, dawehner, larowlan, Wim Leers: Views entity area config is not deployable and missing dependencies
• #2364157 by mpdonadio, dawehner, martin107, Berdir, pcambra, naveenvalecha, tim.plunkett: Replace most existing _url calls with Url objects
• #2411333 by almaudoh, hussainweb, Wim Leers, pwolanin, larowlan, dawehner, RavindraSingh, jibran: Create standard logic to handle a entity: URI scheme

Läs mer: http://drupal.org/node/2437851

8.0.0-beta6

(beta release)
30 Januari 2015 - 95MBThis release is a beta version. Betas are good testing targets for developers and site builders who are comfortable reporting (and where possible, fixing) their own bugs, and who are prepared to rebuild their test sites from scratch if necessary. Beta releases are not recommended for non-technical users, nor for production websites.

Known issues

• Shortcut now depend on link module: If you are attempting to upgrade from a previous beta release, and shortcut module is enabled, you should enable link module before attempting to update to beta6. Note that upgrades between beta releases are not officially supported yet, and this is why.
• Obvious user facing bugs: If you are testing the beta, be aware that there are obvious site visitor and site builder-facing bug.
• There are still over 70 critical issues with this beta release that need to be resolved before we will create a release candidate.

Changes since 8.0.0-beta5

• Revert "Issue #2388749 by alexpott, adci_contributor, ParisLiakos: Register symfony's mime guessers if they are supported"
• #2415129 by Wim Leers, Gábor Hojtsy: Small clean-up for Shortcut entity's usage of link field
• #2282035 by hussainweb, RavindraSingh, joachim: Title not shown during a batch operation
• #2235457 by dawehner, amateescu, hussainweb, Berdir, benjy, Wim Leers, lokapujya, RavindraSingh, Ryan Weal, jibran, Jalandhar: Use link field for shortcut entity
• #2414047 by dawehner, larowlan: MenuLinkContent calls getUrlInfo('content-translation-overview') when it should be 'drupal:content-translation-overview'
• #2388749 by alexpott, adci_contributor, ParisLiakos: Register symfony's mime guessers if they are supported
• #2228733 by ParisLiakos, chx, marcingy: Remove getFeedDuplicates - its unused and untested
• #2413587 by Wim Leers, willzyx: Aggregate JavaScript files no longer working
• #2012130 by smiletrl, dawehner, damiankloip, larowlan, webflo, pcambra, dashaforbes, mgifford, effulgentsia: Regression: Views integration for "list" field types is broken
• #2405023 by benjy: Cannot create base_field_override entity, ID already exists
• #687588 by tsphethean, mirie, Cottser, porchlight, cyborg_572, rgoodine, adci_contributor, joshi.rohit100: Remove access check from submit() in UserCancelForm
• #2342243 by martin107: Within a nested foreach loop you cannot re-use the index variable!
• #2408533 by markpavlitski: Installation Fatal error: Call to undefined function opcache_invalidate()
• #2412373 by alexpott: Remove node-type-list from block-content-add-list.html.twig
• #2405213 by alexpott: Remove admin-options component from Seven theme since it is not used
• #2224951 by ParisLiakos, Sumeet Jaggi: Aggregator delete local task uses tab_root_id instead of base_route
• #2410441 by idebr: 'People' icon missing from toolbar
• #2333719 by alvar0hurtad0, idebr, LewisNyman, msankhala: Abstract Views Exposed Form styling out into a reusable class
• #2381763 by chx, webflo: Adjust the order of container yamls to override settings per environment
• #2368767 by dawehner, Wim Leers, alexpott: Implement calculateDependencies() in ArgumentPluginBase to get dependencies from validator and default plugins
• #2408653 by DickJohnson, LewisNyman: Remove lists.css from Bartik, add it's current code directly to the components it references
• #1916790 by plach, YesCT, penyaskito, Gábor Hojtsy, das-peter, herom, larowlan: Convert translation metadata into regular entity fields
• Revert "Issue #1916790 by plach, YesCT, penyaskito, Gábor Hojtsy, das-peter, herom, larowlan: Convert translation metadata into regular entity fields"
• #2347469 by mondrake, Wim Leers, larowlan, kattekrab, mnico, tadityar: Rendering forms in AjaxResponses does not attach assets automatically
• #2341323 by dawehner, plach: Adapt the references field / table names in views, when corresponding entity schema changes
• #784626 by Wim Leers, Manuel Garcia, jcisio, joelpittet, Bevan, fcaspani, dcmouyard: Default all JS to the footer, allow asset libraries to force their JS to the header
• #2197029 by dawehner, larowlan, ParisLiakos: Allow to inject dependencies into validation constraints
• #2348679 by znerol, Wim Leers: Move the remaining procedural page cache code to the page cache stack middleware
• #2107243 by amateescu, jibran, larowlan, Xano: Decouple entity reference selection plugins from field definitions
• #2372893 by idebr, Wim Leers: Text editor configuration UI does not update correctly when switching editors
• #2291449 by Cottser: Add Twig template inheritance based on the theme registry, enable adding Twig loaders
• #2411323 by tadityar: FieldStorageConfig::isRequired should not exist
• #2409647 by zealfire: ContainerDerivativeDiscoveryDecoratorTest misses @covers and coversDefaultClass documentation
• #2336141 by lauriii, LewisNyman, rteijeiro, balagan, emma.maria, stefika: Create reusable color classes
• #2349659 by Maninder, lauriii, mortendk: Copy comment templates to Classy
• #2398925 by idebr: Editor Image dialog: alt text required_error does not close tag
• #2411143 by dawehner, effulgentsia, amateescu, larowlan: Change LinkItem schema to store URIs rather than URLs/paths/routes
• #2403485 by larowlan, kim.pepper, idebr, fago: Complete conversion of comment form validation to entity validation
• #2247085 by larowlan, Berdir: Constraints cannot be added to configurable fields
• #1811226 by Mile23: Add missing type hinting to Contact module docblocks
• #2408925 by eojthebrave: Add info about @Events to @Extending and Altering topic
• #2407933 by romina.nayak, adci_contributor, sidharrell, sinniger, arpit_nnd: Move all menu-related hooks and topic to new menu.api.php file
• #1987890 by Mile23, disasm, undertext, pwolanin: Convert update_test_mock_page() to a new style controller
• #2221699 by mpdonadio, mikey_p, alexpott, kim.pepper, arlinsandbulte: HTTP_HOST header cannot be trusted
• #2384529 by hussainweb, rpayanm: Make the class variables protected for Migration
• #2095787 by Sutharsan, Gábor Hojtsy, fran seva, adci_contributor, rpayanm: Configuration translations not updated when manually importing a .po file
• #2410427 by idebr: admin/structure/views/add shoud include the views_ui.admin library
• #2405337 by benjy: EntityFile destination doesn't handle temporary files when the source and destination are the same
• Revert "Issue #2407125 by Cogax: LanguageInterface should not support setName"
• #2407125 by Cogax: LanguageInterface should not support setName
• #2409545 by chris_h, dasjo: Custom block view mode should only display if there's more than one
• #2409577 by katzilla, pfaendler, k4v: Allow to enter the machine name in the views filter
• #2155245 by ChristianAdamski, scor, areke: Use proper methods instead of directly calling $file->filename and $file->uri
• #2405939 by Gábor Hojtsy, olli: use_current_language upcasting option is misleading, it toggles all overrides not just language
• #2225597 by tibbsa, larowlan, akozma: contact.module allows you to send emails to users with no email address - producing an error
• #2403815 by benjy: Test migration of signature_format with assertIdentical
• #2409247 by znerol: Generated proxy classes break DrupalKernelTest when running from the UI
• Revert "Issue #2405907 by MrHaroldA: Views combined filters add redundant separators in CONCAT_WS()"
• #2409339 by pbull: ViewExecutableTest::testPropertyMethods fails when randomly generated URL contains placeholders
• #2142653 by corbacho, sqndr, LewisNyman, floretan, BarisW, G-raph, JamesLefrère, lokapujya, LoMo, Outi: Change default logo filetype to .svg and add an SVG version of Druplicon
• #2390239 by apratt, larowlan, eojthebrave: No information about format of permissions.yml in permissions topic
• Revert "Issue #2403847 by larowlan, dawehner: Shortcut content entity validation misses form validation logic"
• #2371605 by plach, larowlan: SqlContentEntityStorage::countFieldData() fatals for revision metadata fields and the UUID field
• #2403847 by larowlan, dawehner: Shortcut content entity validation misses form validation logic
• #2407801 by dawehner, Gábor Hojtsy, yched, jibran: Views generic field handler does not work with base fields
• #2368797 by Wim Leers, dawehner, rteijeiro: Optimize ajaxPageState to keep Drupal 8 sites fast on high-latency networks, prevent CSS/JS aggregation from taking down sites and use HTTP GET for AJAX requests
• Revert "Issue #2221699 by mpdonadio, mikey_p, kim.pepper, arlinsandbulte: HTTP_HOST header cannot be trusted"
• #2221699 by mpdonadio, mikey_p, kim.pepper, arlinsandbulte: HTTP_HOST header cannot be trusted
• #2064379 by tadityar, bneil: Remove ckeditor-iframe.css and load relevant Bartik CSS files for CKEditor's iframe mode
• #2409325 by bneil, idebr: Remove draggable.png and grippie.png
• #2378729 by jibran: JoinPluginBase doesn't allow extra conditions on left table
• #2384583 by jibran: Remove taxonomy_select_nodes function
• #2406543 by alexpott: Remove ConfigFactory::setOverrideState and ConfigFactory::getOverrideState()
• #2404041 by pcambra: Replace _l() calls in file module
• #2387027 by kim.pepper, pfrenssen: Upgrade PHPUnit to the latest stable release
• #2372899 follow-up by amateescu: HEAD BROKEN: Fix names of things
• #2220559 by benjy, swentel, lokeoke, visabhishek, hampercm, joshi.rohit100, amitgoyal: Entity displays must have a settings array
• #2372899 by mpdonadio, Berdir: PageCacheTagsTestBase should use Url objects
• #2094499 by amateescu: Convert "Manage (form) display" forms to be the official entity edit forms for EntityView[Form]Display objects
• #2409197 by balagan, idebr, vacho: Add missing RTL css for the Tour dialog
• #2407489 by kim.pepper: Remove user.pages.inc
• #2350551 by Wim Leers, alexpott, damiankloip, arlinsandbulte: Views fields that have attached assets are lost when Views output caching is enabled
• #2401505 by Berdir, jibran, larowlan: Add an entity collection template for lists
• #2390467 by iPat, adamwhite: User role permission assignments are not deleted when a role is deleted
• #2407907 by YesCT, mr.york: Configuration translation entity listings displays items overriden
• #2383197 by queenvictoria, bforchhammer, webflo, jhedstrom: Entities not loaded for relationships on same entity type
• Revert "Issue #2383197 by queenvictoria, bforchhammer: Entities not loaded for relationships on same entity type"
• #2205271 by trobey, jhedstrom: Project namespace for dependencies
• #2350011 by rpayanm, Palashvijay4O, xq1003, zealfire, yoroy, arunkumark: Too small/large font sizes for body text in CKEditor
• #2406113 by fago: Clarify how ContentEntityForm::validate() should be overridden
• #2331685 by pfrenssen, jibran, larowlan, cilefen: PHPUnit deprecated assertTag(), assertNotTag() and assertSelectEquals()
• #2409817 by mark.labrecque, joelpittet: CKEditor toolbar configuration UI missing ending UL
• #2383197 by queenvictoria, bforchhammer: Entities not loaded for relationships on same entity type
• #2407107 by jan.stoeckler: Drupal\user\Plugin\views\filter\Roles should implement calculateDependencies()
• #2405903 by Berdir, gvso: Our charset metatag is not valid HTML according to W3C validator
• #2407749 by olmaga, sivaji@knackforge.com: Copy system templates l*.html.twig to Classy
• #2408357 by dawehner: The ProxyBuilder includes parent interfaces, which causes php errors
• #2225427 by ianthomas_uk, martin107, JeroenT, LoMo: Remove remaining uses of deprecated language functions (mostly in object oriented code)
• #2404929 by dileepmaurya, segi, Kristen Pol, prajaankit: Path class on may be language specific, results in CSS bugs
• #2293813 by joshi.rohit100, pcambra: Replace t() function with class method call in locale localsettingform
• #2407405 by JeroenT: Remove usage of drupal_clean_id_identifier
• #1588138 by mondrake: pager_query_add_page() overrides parameters passed programmatically
• #2404739 by pfrenssen, Berdir, plach: language_entity_field_access() doesn't work if $items isn't present
• #2403735 by benjy, markie, quietone: Migrate aggregator feed hash
• #2303391 by gvso, idebr, AkshayKalose, gaurav_varshney, dinarcon, kporras07, vaibhavjain, msound, alexpott: Tab 'Log in' shows on 'Request new password page for logged-in users and is missing for logged-out users
• #2334379 by yvesvanlaer: Hover state when clicked on add button adds box-shadow
• #2090969 by lokapujya, tstoeckler, mgifford, mikemiles86: Minor code-style issues in SessionTestController
• #2329599 by casey, stefan.r, hampercm, droplet: Update classList.js
• #2409395 by Cheet, DamienMcKenna, penyaskito, mglaman: Fix typo 'lama' => 'llama'
• #2409359 by kattekrab: Remove "posts per page" from Site Information description in admin/config
• #2406903 by gvso, wizonesolutions, penyaskito, holingpoon: HTML double-escaping in views debug messages
• #1821620 by andythomnz, larowlan, joshi.rohit100, nick_schuch, tadityar, richardcanoe: Indentation in /core/modules/comment/lib/Drupal/comment/Plugin/views/row/Rss.php is incorrect
• #2396537 by joachim, prajaankit, shackr, msound: page title for the 'Add comment type' form says only 'Add'
• #2403817 by larowlan: Feed entity validation misses form validation logic
• #2363677 by sumanthkumarc, davidhernandez: book template id follow up
• #2409121 by stefan.r: Update jQuery Touch Punch library to 0.2.3
• #2372023 by andybroomfield, BarisW, aspilicious, LewisNyman, Vally79, tompagabor: Description of display settings takes too much space
• #2409127 by csakiistvan: Fix typo in field.formatter.settings.number_integer config schema
• #2395777 by ishanmahajan: D6->D8: Nodes do not migrate unless D6 Content module is enabled
• #2406657 by neclimdul, Lendude: Fatal error visiting Views Plugin report
• #2091321 by er.pushpinderrana, jhodgdon, rootwork, ifrik, mparker17: Update hook_help for Field and Field UI module
• #2397711 by droplet: Update normalize.css to v3.0.2
• #2409315 by bleen18: Typo in comment in telephone module tests
• #2350837 by dawehner, Berdir, larowlan, Wim Leers: Convert most usages of EntityInterface::getSystemPath() to use routes
• #2140511 by alexpott, Gábor Hojtsy, swentel, babruix, ohthehugemanatee, jessebeach, Berdir: Configuration file name collisions silently ignored for default configuration
• #2392319 by alexpott, effulgentsia: Config objects (but not config entities) should by default be immutable
• #2399037 by effulgentsia: String::format() marks a resulting string as safe even when passed an unsafe passthrough argument
• #2407975 by neclimdul: Fatal error in Drupal\views\Plugin\views\argument\FieldList
• #2358369 by balagan, Katiemouse: getParameters() vs. getRawParameters() on RouteMatch should not be documented the same
• #2322457 by olli, adrian.ravis, andypost, pcambra: Error in Views Filter Nodes based on Current user that have term reference same in nodes
• #2396307 by droplet: Update JS lib: html5shiv to 3.7.2
• #2396687 by hussainweb: Clean-up image module test members - ensure property definition and use of camelCase naming convention
• #2405691 by larowlan: CommentAccessControlHandler checks for an invalid setting (anonymous_contact)
• #1982230 by andythomnz, holist, cilefen, herom, BarisW: Modernize markup for the locale module
• #2319233 by Sutharsan, subhojit777, sardara, lauriii, andythomnz: Double escaped string on Available translation update page
• #2407493 by dashaforbes, kim.pepper: Clean up use statements in user.module
• #2405675 by larowlan: Comment field settings don't save
• #2407481 by kim.pepper: Fix constructor docblock in UserController
• #2405061 by cilefen, ctraltdel: Remove the unused permissions.png
• #1872682 by Maxilver, rpayanm, jhodgdon, Ivan Zugec: Documentation fixes for DisplayPluginBase.php
• #2402047 by er.pushpinderrana, gvso: Move misc hooks to core.api.php
• #2402609 by andythomnz: Two classes lack class doc blocks
• #2373197 by davidwbarratt: Reference Composer Installers as a dependency of a Drupal project
• #2395993 by benjy: Clean up Loadentity a little
• #2379741 by Wim Leers, damiankloip: Add Renderer::getCacheableRenderArray() to encapsulate which data is needed for caching a render array and have views use it
• #2403269 by hampercm, idebr: Update to jQuery UI 1.11.2
• #2040135 by Wim Leers, Berdir: Caches dependent on simple config are only invalidated on form submissions
• #1973618 by dawehner, donquixote, plach, Mile23: DIC: Lazy instantiation of service dependencies (ProxyManager for "proxy services")
• #2136559 by Gábor Hojtsy: Config entity admin lists show configuration with overrides (eg. localized)
• #2406069 by martin107: Incorrect @file docs in file module
• #2401355 by zealfire: hook_page_attachments() and _alter() hooks have incorrect docs
• #2342057 by dawehner, hussainweb, Wim Leers: Expand BlockPluginInterface to take into account $return_as_object
• #2405907 by MrHaroldA: Views combined filters add redundant separators in CONCAT_WS()
• #2404021 by yched, amateescu: entity_reference formatters should be in Core
• #2406439 by dawehner: Cleanup EntityDerivative and RouteBuilderInterface
• #2406377 by benjy: Remove unnecessary $field_storage->status assertions from MigrateFieldTest
• #2394421 by hussainweb: Clean-up filter module test members - ensure property definition and use of camelCase naming convention
• #2396715 by hussainweb: Clean-up responsive_image module test members - ensure property definition and use of camelCase naming convention
• #2396717 by hussainweb: Clean-up taxonomy module test members - ensure property definition and use of camelCase naming convention
• #2405823 by zealfire: Comment fix in Twig tests for file_url
• #2404397 by mikeryan: Support injection of database configuration in SqlBase
• #2388169 by tadityar: Rename PHPTransliteration to PhpTransliteration
• #2385699 by znerol: Use upstream AbstractEventDispatcherTest as the base class of ContainerAwareEventDispatcherTest
• #2337317 by LewisNyman, idebr, ngocketit: Replace help page layout CSS with reuseable layout classes
• #2396983 by corbacho: Header Logo with Bartik won't change in settings preview
• #2137595 by olli, idebr, mitrpaka: 'Create @name' page title uses override-free configuration (eg. not localized) instead of the overridden configuration (eg. localized)
• #2281645 by dawehner, andypost: Make entity annotations use link templates instead of route names
• #2151469 by rpayanm, lokapujya, JeroenT, alansaviolobo, Richard Damon, pflame, ianthomas_uk: Clean-up usage of deprecated list_themes() and _system_rebuild_theme_data() in favor of theme_handler service.
• #2405911 by er.pushpinderrana: @throw instead of @throws in InfoParserInterface
• #2390245 by zealfire: Extending topic needs more information and better link
• #2404265 by jhedstrom: Follow-up: ApiTestData should be in the views module
• #2406131 by znerol: Remove stray merge conflict marker from DbUpdateController
• #2368769 by kgoel, dawehner: All route enhancers are run on every request
• #2256023 by olli, Gábor Hojtsy, estoyausente, adci_contributor: Content translation operation is only available for nodes, not other entity types such as custom blocks
• #2215473 by Lendude, speely, pjonckiere: Filter description not visible in exposed form
• #2348875 by benjy, chx, bdone: Improving our dump files
• #2384481 follow-up by larowlan: [HEAD BROKEN] Fix references to node type properties in Seven theme.
• #2033983 by balagan, YesCT: Improve code organization in LanguageNegotiator::updateConfiguration()
• #2401607 by bojanz: Refactor ExtensionDiscovery::scan()
• #2405465 by alexpott: Remove dead and unnecessary procedural wrappers in content_translation module
• #2030571 by calebtr, daffie, filijonka, YesCT, Thomas Brekelmans, alexpott, Mile23, tadityar, Sharique, tim.plunkett, boztek: Expand Block with methods
• #2392361 by emma.maria, ruscoe, vermario: Bartik theme: “triptych” and footer-columns classes added to body but never used in CSS
• #2023091 by djevans, badrange: Drupal does not allow W3C compliant language codes where you target a numeric region
• #2404489 by Mile23: CacheTagsInvalidatorTest::testInvalidateTags() has wrong @covers
• #2403117 by alexpott: Remove unnecessary function_exists in ModuleHandler::invokeAll
• #2172017 by dawehner, larowlan, MegaChriz, kim.pepper, Désiré, Sam Hermans, tim.plunkett, Antti J. Salminen: Bulk operations does not respect entity access
• #2405163 by chx: NodeRevisionAccessCheck is database dependent
• #2388125 by alexpott: testGetBaseTable is supposed to test that the storage falls back to the entity type ID
• #1907170 by pwolanin, jhedstrom, alexpott, Heine: Very simple config files can't be read
• #2377117 by mglaman, rpayanm, pcambra: Replace all instances of entity_load('field_storage_config') and entity_load_multiple('field_storage_config') with static method calls
• #2405367 by ashutoshsngh: Remove views_get_applicable_views()
• #2342287 by mikeker: Allow Twig in Views token replacement
• #1858486 by idebr, David_Rothstein, trawekp, MrHaroldA: Ajax call breaks Password Reset
• #2405127 by yched: Move EntityFormDisplay::_sleep() up to EntityDisplayBase
• #2396761 by chx: menu tree storage override requires too much copy-paste
• #2402827 by kgoel: Extract ViewUnitTestBase and ViewTestBase::assertIdenti* methods into a trait
• #2396465 by idebr, Vidushi Mehta: Views UI: Exposed Filter css is not applied
• #2399263 by SpadXIII: Table format combine fields into single column shows only one field
• #2403097 by sergei_brill: Update format_date docblock (incorrect @see)
• #2400153 by pcambra: Move bulk form data definition to their EntityViewsData
• #2317309 by larowlan, undertext: Document that Tests in ContactSitewideTest are run twice
• #2403729 by kim.pepper: Convert user_cancel_confirm() to a new-style Form object
• #2329753 by lauriii, davidhernandez, LewisNyman, nathandao: Move html classes from preprocess to templates
• #2303761 by tadityar, tim.plunkett, guntervs, jessi_pantheon, er.pushpinderrana, amitgoyal, rpayanm: Move views_ajax_form_wrapper() to ViewsFormBase
• #2318237 by Gábor Hojtsy, bserem, no_angel, Wim Leers: CKEditor translates its user interface even if interface translation is turned off
• #2395825 by emma.maria, jennyOlsen, DickJohnson: Remove closing tag comments in template files
• #2401959 by chx, Wim Leers: buildGrantsQueryCondition() does not have a scope
• #2384481 by rpayanm, daffie, tadityar, hussainweb, areke, claudiu.cristea: Make the class variables protected for NodeType
• #2405737 by chx: user.tempstore is unnecessary to be backend_overridable
• #2366539 by max-kuzomko, ianthomas_uk: Remove format_plural()
• #2400159 by pcambra: Use the container for current user on all ActionBase plugins
• #2403571 by xjm: ConfigDependencyManager docblock uses HTML instead of @code
• #2399307 by larowlan, SteffenR: comment_form_field_ui_field_storage_edit_form_alter() no longer working
• #2308187 by lauriii, iMiksu, joelpittet, dawehner, er.pushpinderrana: Provide a twig extension for file_create_url
• #2403669 by Berdir: FileSelection::buildEntityQuery() does not return $query
• #2347877 by znerol, Berdir: Move DrupalKernel::initializeCookieGlobals() into a SessionConfiguration service
• #2404831 by zealfire: self::$stack -> static::$stack in Renderer
• #2392787 by beejeebus, dawehner, alexpott: Move include statements from DrupalKernel::boot() into DrupalKernel::preHandle()
• #2372745 by Arla: KernelTestBase ignores extensions in site-specific directories
• #2401679 by jhodgdon: search.page.user_search.yml doesn't match schema
• #2404673 by vladan.me, Poornima3: Property format.name is now protected
• #2030667 by filijonka, tim.plunkett, adci_contributor, Thomas Brekelmans: Refactoring ViewStorageInterface to ViewEntityInterface
• #2030597 by adci_contributor, larowlan, daffie, Thomas Brekelmans, boztek, chakrapani, InternetDevels, robbertnl, basvanderheijden: Expand BlockContent and BlockContentType with methods
• #2267641 by olli, rpayanm: Cache\PhpBackend::removeBin() does not remove the bin
• #2395763 by jhedstrom: Fields are not 'click sortable' in views
• #2370251 by Lendude, jhedstrom: Removed fields in Views Combined Filter setting lead to Fatal error
• #2344691 by Wim Leers: Update core.api.php's Cache API documentation: cache tags are now set as strings
• #2328293 by keopx, JeroenT, ianthomas_uk, ashutoshsngh, rpayanm, hudo, a_thakur: Remove usage of language_list()
• #2226629 by damiankloip, rpayanm: Remove '_plugins' suffix from views plugin cache prefix
• #2330661 by jwilson3, Risse, amitgoyal: Node form layout bug when toolbar collapsed
• #2398457 by DickJohnson, idebr, rpayanm: Clean up the "breadcrumb" component in Bartik
• #2322105 follow-up by kim.pepper: Removed unused "use" statement.
• #2403873 by larowlan: FileFormatterBase does not retain unsaved entities (files)
• #2322105 by rpayanm, prics, Upchuk, Temoor, seanB, pcambra, jamesdixon: Replace all instances of taxonomy_vocabulary_load(), taxonomy_vocabulary_load_multiple(), entity_load('taxonomy_vocabulary') and entity_load_multiple('taxonomy_vocabulary') with static method calls
• #2398455 by SteffenR: Clean up "book" component in Bartik
• #2399035 by idebr: Retire Google Frame support
• #1027074 by blackdog, alansaviolobo, Sutharsan: Add string context to Enabled & Disabled in Shortcut module
• #2399221 by bojanz: Throw a friendly error when the #ajax callback can't be resolved
• #2394571 by benjy: Filter formats on cck text fields are not looked up in the idMap
• #2404955 by benjy: Field Formatter settings have incorrect mappings for number formats
• #2309737 by rpayanm, hussainweb, max-kuzomko, herom, millerbennett, ianthomas_uk, quietone, Sutharsan, sumitmadan, toddmbloom: Remove deprecated format_plural usage
• #2394157 by benjy: Update the EntityFile destination to handle temporary files
• #2389515 by nod_: Update ESLint rules
• #2281619 by dawehner, tim.plunkett: Convert most direct usages within module code of routing related request attributes to use RouteMatchInterface instead
• #2397495 by geertvd, jhedstrom: Disabling 'Display all values in the same row' shows all values in all rows
• #2404407 by effulgentsia: language_set_browser_drupal_langcode_mappings() is a useless wrapper, so remove it
• #2027623 by hampercm, larowlan, hussainweb, nick_schuch, droplet, sun, clemens.tolboom: De-fork jQuery Joyride and update to latest stable release
• #1340640 by tadityar, DickJohnson, emma.maria, Scionar: Remove "Highlighted" region from Bartik
• #2327935 by Arla, Anushka-mp: Allow empty entity IDs in EntityResolvers
• #2397807 by yched: EntityDisplay schema for third_party_settings is wrong
• #2394567 by benjy: File field need associated metadata during cck_field migration
• #1975220 by davidwbarratt, tstoeckler, mradcliffe, RobLoach, Mile23, hussainweb: Allow a Composer user to manage Drupal, modules, and PHP dependencies with a custom root composer.json
• #2314985 by idebr, dawehner: Always add contextual links to menu blocks
• #2363523 by donquixote, er.pushpinderrana: Docblock / cleanup in \Drupal
• #2398595 by mradcliffe: Fix documentation for BlockPluginInterface::access
• #2398847 by kattekrab: Remove reference to Breakpoint_UI module from Breakpoint module help text
• #2399323 by pcambra: Remove unused get_class call on MoreLink
• #2359371 by esod, idebr, LewisNyman: Why the 0.2em left margin for label in the seven theme?
• #2398805 by dawehner, chx: MenuTreeStorage::loadTreeData loses conditions
• #2368393 by tkoleary, DomoSapiens, lauriii: Fix focus effect on summary details
• #2397607 by Berdir: contact_mail() should use renderPlain()
• #2289555 by benjy, chx: Fix up doc in SqlBase mapJoinable() and add test coverage
• #2392805 by yched: Remove useless isset() checks in ItemList / FieldItemList
• Revert "Issue #2403793 by larowlan: EntityReferenceItem uses a static, but it was most likely supposed to be a constant"
• #2396519 by pcambra, willzyx: Fatal error rebuilding node access permissions
• #2131849 by rpayanm, jmarkel, Shyamala: User password reset form button text is wrong
• #2403169 by alexpott: Static menu link override configuration is incorrectly named
• #2344151 by larowlan: Comment field access doesn't work if $items isn't present
• #2403793 by larowlan: EntityReferenceItem uses a static, but it was most likely supposed to be a constant
• #2358981 by tadityar, tstoeckler, larowlan, mpdonadio, Devin Carlson: Provide a mechanism for dynamic library declarations
• #853800 by emma.maria, kattekrab, Jeff Burnz, eigentor, couturier, cafuego, dcrocks: Float image left in Bartik Articles
• #2392263 by Gábor Hojtsy: Sequence subtyping cannot override item type in config schema, views taxonomy term filter schema incorrect
• #2401497 by plach: Field UI creates fields that can never be translated
• #2403101 by alexpott: ContentLanguageSettingsForm is not a config form
• #2384653 by larowlan, swentel: Menu block - menu level and depth are not saved
• #2401253 by idebr: settings.php says it contains Twig debug settings while these are actually in services.yml
• #2370183 by Mile23, DuaelFr: Expand unit testing for Drupal\Component\Plugin\Discovery\DiscoveryTrait
• #2389745 by tadityar, LewisNyman, hussainweb: Update Seven's screenshot
• #2396739 by hussainweb, Mile23: Clean-up config_translation module test members - ensure property definition and use of camelCase naming convention
• #2396657 by Mile23: Clean-up history module test members - ensure property definition and use of camelCase naming convention
• #2396707 by hussainweb: Clean-up path module test members - ensure property definition and use of camelCase naming convention
• #2380773 by tibbsa, hussainweb, Mile23: Clean-up Node module test members - ensure property definition and use of camelCase naming convention
• #2381753 by tadityar, tibbsa, Mile23, cilefen: Clean-up Config module test members - ensure property definition and use of camelCase naming convention
• #2396691 by hussainweb: Clean-up language module test members - ensure property definition and use of camelCase naming convention
• #2382195 by tibbsa, subhojit777, tadityar, cilefen, Mile23: Clean-up simpletest module test members - ensure property definition and use of camelCase naming convention
• #2396709 by hussainweb: Clean-up quickedit module test members - ensure property definition and use of camelCase naming convention
• #2396701 by hussainweb: Clean-up options module test members - ensure property definition and use of camelCase naming convention
• #2396695 by hussainweb: Clean-up link module test members - ensure property definition and use of camelCase naming convention
• #2379419 by Mile23, DuaelFr: Expand unit testing for Drupal\Component\Plugin\Discovery\StaticDiscoveryDecorator
• #2371531 by Mile23, YesCT, daffie: Expand unit testing for Drupal\Component\Plugin\PluginManagerBase
• #2378311 by Mile23, daffie: Expand unit testing for Drupal\Component\Plugin\Context\Context
• #2375737 by Mile23: Expand unit testing for Drupal\Component\Plugin\Factory\ReflectionFactory
• #2388537 by Mile23: Expand unit testing for Drupal\Core\Entity\ContentEntityBase
• #2397681 by alexpott: field_ui.js fails eslint validation
• #2401573 by corbacho: Fix dropbutton color for IE9
• #2264049 by jhodgdon, dawehner, chx, catch: Create an Events topic
• #2399931 by dawehner, yched: Generic entity api field handler should live in views module not in field module
• Revert "Issue #2399931 by dawehner, yched: Generic entity api field handler should live in views module not in field module"
• #2357801 by dawehner, amitgoyal: File field default values are not deployable -- use UUIDs for the default file
• #918538 by Berdir, slashrsm, damiankloip, sun, tobiasb: Decouple cache tags from cache bins
• #2401429 by kattekrab, larowlan: Forum form & node display regression
• #2398531 by DickJohnson, rpayanm: Some images not showing up after SMACSS split
• #2263339 by damiankloip, mitrpaka, blueminds, almaudoh, mgifford, xjm, znerol, dawehner: Fix all current_user set calls
• #2378565 by aneek, rpayanm, adci_contributor: Add langcode token to comment
• #1993452 by Gábor Hojtsy, YesCT, bannorb, rvilar, Pancho, Sutharsan, Albert Volkman: Fix confusing UX by merging "Translate configuration" into "Finish translations" task
• #2376141 by chx, benjy, ultimike, eliza411: Fix node and node revision author ids
• #2294157 by tim.plunkett, dawehner: Switch getOptions() and getRouteParameters() within LocalActionInterface and LocalTaskInterface to use RouteMatch
• #2030669 by daffie, Sharique, rpayanm, Mile23, undertext, marcingy, martin107, filijonka, amitgoyal, msupko: Expand Vocabulary with methods
• #2311885 by drunken monkey: Methods in Select missing from SelectInterface
• #2401195 by idebr, corbacho: Vocabulary restriction not working in Entity reference fields
• #2399219 by amateescu: Allow entity form handlers to determine the entity object they need to work with
• #2380615 by dawehner, swentel, larowlan: Result of book_node_load() should not vary depending on user permissions
• #1799820 by jhedstrom, Floydm: Breadcrumb doesn't get localized when displaying parent terms
• #2377343 by tim.plunkett: Url alias system path cannot be edited without changing the alias
• #2397297 by Berdir, alexpott: EntityQueryTest::testCaseSensitivity() can fail randomly
• #462950 by pwolanin: Mitigate the security risks that come from IE and other browsers trying to sniff the mime type
• #2350503 by dawehner: Add route generation handlers for entities
• #2401113 by kim.pepper, larowlan: Update Zend Feed to latest stable
• #2387983 by Garrett Albright, larowlan: PluginNotFoundException when enabling module that provides text filter
• #1831894 by dead_arm, idebr, technicka, dawehner, Bojhan, damiankloip: Users miss "save" button and can't distinguish "editable" and "preview" areas
• #2213241 by fietserwin, sun: Fully conform to PHP5.4 streamwrapper class
• #2401395 by dawehner: does not work as expected with fragments
• #2397727 by jibran, dawehner: Remove the SafeMarkup::set() call in field/Field.php
• #2401109 by larowlan, kim.pepper: Update EasyRdf to latest stable
• #2401035 by alexpott: items_per_page in node.settings is no longer used
• #2400771 by larowlan: Duplicate entry for user views data schema
• #2348447 by quietone, benjy, grahl, Cristian.Andrei: Undefined index exclude
• #2385217 by rpayanm, hussainweb, areke: Clean-up tracker module test members - ensure property definition and use of camelCase naming convention
• #2380429 by tibbsa, hussainweb, jhodgdon, markat: Clean-up search module test members - ensure property definition and use of camelCase naming convention
• #2387973 by tibbsa, hussainweb: Clean-up toolbar module test members - ensure property definition and use of camelCase naming convention
• #2232477 by plach, yched, tstoeckler, amateescu: Fatal when adding new fields with NOT NULL constraints in a base table that contains existing entities
• #2400773 by larowlan: Remove empty text.data_types.schema.yml
• #2400769 by larowlan: Duplicate label key in views data schema
• #2196977 by tadityar, Eric_A, Poornima3, jhedstrom: Drupal/filter/Annotation/Filter uses public $module instead of $provider
• #2318081 by beejeebus: remove ' ' from Drupal/Core/Diff/DiffFormatter
• Revert "Issue #92944 by jhedstrom, SiliconMind: Drupal won't report file upload error when UPLOAD_ERR_NO_TMP_DIR occurs"
• #1719648 by joachim, ttkaminski, kshama_deshmukh: ModuleInstaller::install() silently fails if a module isn't in the file system
• #2264755 by mtift, adci_contributor: Clarify description of Drupal\config\Tests\ConfigImportAllTest
• #92944 by jhedstrom, SiliconMind: Drupal won't report file upload error when UPLOAD_ERR_NO_TMP_DIR occurs
• #2393455 by slashrsm, RavindraSingh: Wrong arguments sent to LoggerInterface::error() from file_unmanaged_move()
• #2347053 by andypost, swentel: "Field settings" local task from Field UI is missing
• #2352855 by slashrsm: TemporaryStream::getExternalUrl() is broken
• #2373017 by olli: No delete link when editing a menu, only reset links
• #2143729 by tstoeckler, plach, jsbalsera, Berdir, mauzeh, damiankloip, andypost: Entity definitions miss a language entity key
• #1903048 by DickJohnson, emma.maria, lauriii, mbrett5062, JamesLefrère, lilGemVinny: Revise Bartik template indentation inline with best practices
• Revert "Issue #2263339 by damiankloip, blueminds, mgifford, xjm, almaudoh, mitrpaka, znerol, dawehner: Fix all current_user set calls"
• #2263339 by damiankloip, blueminds, mgifford, xjm, almaudoh, mitrpaka, znerol, dawehner: Fix all current_user set calls
• #2214525 by Palashvijay4O: Remove unused Drupal\Core\Utility\Title
• #2397691 by alexpott: Random fail in Drupal\taxonomy\Tests\TermTest::testNodeTermCreationAndDeletion()
• #2370313 by olli: D8 - Exposed filter - "This webpage has a redirect loop" on Reset
• #2399195 by mondrake: Views setting 'Use Ajax' doesn't work
• #2392351 by alexpott, swentel: When an entity bundle config gets deleted, entities of that bundle break
• #2398259 by Berdir: Random test fail in AccessRoleTest
• #2396793 by xjm: Token API will match tokens with empty types or tokens, e.g. [:invalid]
• #2284917 by Wim Leers, larowlan, olli: In-place editing of custom blocks broken *again* (because attributes and contextual links of custom blocks are lost)
• #2395395 by alexpott, effulgentsia, Gábor Hojtsy: TestBase lacks a config method to be used consistently in tests
• #2381777 by yched: Unify setValue() implementations in ItemList & FieldItemList
• #2367743 by rpayanm, Miroling, YesCT, ianthomas_uk, shadik, gaurav.pahuja: Remove usages of drupal_form_submit() and update documentation
• #2393577 by vladan.me, Berdir: Access issue with default settings set to disabled
• #2393267 by herom: Add missing RTL rules to Views UI CSS
• #2358675 by LewisNyman, BarisW, mgifford, MarkoT91: Remove messages icons in misc
• #2113243 by rpayanm, Xano, tstoeckler: Rename BaseFormIdInterface::getBaseFormID() to BaseFormIdInterface::getBaseFormId()
• #2396301 by droplet: Update JS lib: Modernizr to 2.8.3
• #2392887 by droplet: Update JS lib: jQuery to 2.1.3
• #2011066 by Grimreaper, esbandeira, joshi.rohit100, the_contributor: example_author from hook_node_grants/hook_node_access_records grants all anon edit/delete to uid=0 nodes
• #2329649 by herom: Fix node create page RTL CSS
• #2392301 by yched, joelpittet: OptGroups::flattenOptions() should preserve labels
• #2388301 by Sam152: Use CSS escape sequence in breadcrumb styles to prevent erroneous delimiter output
• #2230637 by plach, fran seva, yched, swentel: Create a Language field widget and the related formatter
• #2392673 by Mile23: Move Drupal\Tests\Core\Utility\HtmlTest to the proper namespace
• #2375673 by DickJohnson, LewisNyman, lauriii, emma.maria, sqndr, Wim Leers, stephr: Split Bartik's CSS into SMACSS style components
• #2392717 by a_thakur, tadityar: Remove hook_library_alter() from theme.api.php
• #2316861 by cilefen, jhodgdon, dawehner: Write a @defgroup for service_tag
• #2312389 by er.pushpinderrana, Berdir, fago: Remove menu_link_content_uninstall()
• #2392487 by emma.maria, LewisNyman, DickJohnson: The email address field title moves up next to password fields at 768px to 1010 px - Firefox only
• #2393699 by hussainweb, droplet, nod_, Devin Carlson: Update JS lib: jquery.cookie to 1.4.1
• #1995058 by TravisCarden, acbramley, jhedstrom: Tableselect "select all" checkbox should be checked on page load if all checkboxes are ticked
• #2382799 by rpayanm: Remove drupal_html_class() and drupal_clean_css_identifier()
• #2280485 by SiliconMind, the_contributor: Documentation for file_save_upload() is wrong
• #2254319 by quicksketch, jhedstrom: jQuery UI Spinner CSS file not added in system_library_info()
• #2217731 by crowdcg, lauriii, davidhernandez, aczietlow, jjcarrion, mortendk, karolus, pakmanlh, LewisNyman, aboros, joshua.boltz: Move field classes out of preprocess and into templates
• #2258335 by rpayanm, ParisLiakos, mitrpaka: Move Drupal\Tests\Component\Image\ImageUtilityTest to Drupal\Tests\Component\Utility\ImageTest
• #2213941 by sun, swentel: install_no_profile_error() called but does not exist
• #2380023 by tibbsa, subhojit777, rpayanm: Clean-up Comment module Test members - ensure property definition and use of camelCase naming convention
• #2392429 by fago: ModuleHandlerInterface::getName() parameter name does not match its documentation
• #2391403 by Gábor Hojtsy: Statistics block not properly migrated, schema incorrect
• #2359457 by JeroenT: Remove drupal_mail()
• #2387965 by hussainweb, tadityar: Clean-up telephone module test members - ensure property definition and use of camelCase naming convention
• #2349991 by fago, Xano, amateescu: Provide a trait for categorizing plugin managers and use it for conditions and actions
• #2233883 by benjy, hussainweb, ultimike: Link migration needs to convert source url into the appropriate route format for storage
• #2394041 by Gábor Hojtsy: Row language settings from entity views should be on display level for all views
• #2157777 by damiankloip, dawehner: Views results cache has full entities in it
• #2395511 by alexpott, Gábor Hojtsy: Config static cache is not cleared properly on rename
• #2395515 by alexpott, Berdir: Config static cache is not cleared properly on delete
• #2344967 followup by Gábor Hojtsy, Sutharsan: Tests for localization update does not update configuration translations
• #2199795 by andypost, twistor, martin107, larowlan, andyceo: Make the Settings class prevent serialization of actual settings
• #2392427 by Arla: Too strict schema for system.mail:interface
• #2393765 by alexpott: Several forms should use ConfigFormBase and not FormBase
• #2390691 by Wim Leers, Berdir, arlinsandbulte: Expose node grants as cache context
• #2393125 by hussainweb, droplet, mitrpaka, tarekdj: Update underscore and backbone library to latest release
• #2368807 by yched: Remove special support for NULL values in FieldItemList
• #2207629 by droplet, tarekdj, Devin Carlson, rpayanm: Update matchMedia library to latest release
• #2386571 by dawehner, hussainweb: Large array structures (e.g. $form) in stack trace results in huge memory usage in FlattenException::flattenArgs()

Läs mer: http://drupal.org/node/2415675

8.0.0-beta4

(beta release)
2 Januari 2015 - 95MBThis release is a beta version. Betas are good testing targets for developers and site builders who are comfortable reporting (and where possible, fixing) their own bugs, and who are prepared to rebuild their test sites from scratch if necessary. Beta releases are not recommended for non-technical users, nor for production websites.

Known issues

• There are still over 85 critical issues with this beta release that need to be resolved before we will create a release candidate.

Changes since 8.0.0-beta3

• Revert "Issue #2196977 by Eric_A, tadityar, Poornima3, jhedstrom: Drupal/filter/Annotation/Filter uses public $module instead of $provider"
• #2196977 by Eric_A, tadityar, Poornima3, jhedstrom: Drupal/filter/Annotation/Filter uses public $module instead of $provider
• #2392235 by Berdir: ChainedFastBackend shouldn't write cache tags to the fast cache back-end
• #2394327 by jhedstrom: run-tests.sh throwing stream wrapper warnings
• #2372855 by Wim Leers, dawehner: Add content & config entity dependencies to views
• #2068655 by Berdir, chx, martin107, longwave, webflo, damiankloip, lokapujya, JacobSanford: Entity fields do not support case sensitive queries
• #2338873 by plach, fago, effulgentsia, swentel: Modules providing non-configurable field storage definitions can be uninstalled, leaving orphaned unpurged data
• #2392883 by droplet: Update JS lib: domready to 1.0.7
• #2354469 by swentel, Vj, R. Volk: Can't create node, if preview is required
• #2392433 by Berdir: Stream wrappers are registered before page cache
• #2382199 by corbacho: Encode COPYRIGHT.TXT with UTF-8
• #2393391 by nod_: JS clean-up for re-worked Field UI
• #2387627 by olli: Changing access plugins in views leaves invalid settings around
• #2116327 by martin107: Creating DrupalDateTime object, with a 'date' array as input will always fail with exception
• #2389275 by bforchhammer: Views render element #embed not working
• #2353357 by Berdir: hook_stream_wrappers_alter() is broken since modules are not loaded on demand, also change to an event since it's the last hook that forces this during bootstrap
• #1963340 by amateescu, dags, andypost, agentrickard, mgifford, yoroy, pguillard, jibran, YesCT, xjm, LewisNyman, swentel, Hydra, yched, tim.plunkett, rteijeiro, ainz, Xano, Bojhan, Berdir: Change field UI so that adding a field is a separate task
• #2350309 by droplet, larowlan: Forum index links head to taxonomy/term/{term} instead of forum/{term}
• Revert "git commit -m 'Issue #2350309 by droplet, larowlan: Forum index links head to taxonomy/term/{term} instead of forum/{term}'"
• git commit -m 'Issue #2350309 by droplet, larowlan: Forum index links head to taxonomy/term/{term} instead of forum/{term}'
• #2386559 by fago, yched, amateescu, jibran, plach: ERItem::setValue(array('entity' => $entity) produces broken Items
• #2393061 by yched: Adjust phpdoc for callback_allowed_values_function()
• #2238085 by dawehner, yched, damiankloip, xjm, effulgentsia, vijaycs85, fago, tim.plunkett, cilefen, pcambra: [regression] options_allowed_values() signature doesn't allow for Views filter configuration
• #2170235 by Berdir, penyaskito, larowlan, alexpott, sushyl: file_private_path should be in $settings, like file_public_path
• #2349553 by dawehner, pfrenssen, damiankloip: Store entity field information in the views data
• #2368323 by dawehner, swentel, martin107: Replace _l() in PathController::adminOverview()
• #2137309 by fago: Typed data does not handle set() and onChange() consistently
• #2389381 by swentel, daffie: Impossible to add images in WYSIWYG including in-place editing due to fatal error
• Revert "Issue #2273923 by mpdonadio, pfrenssen, dawehner, xjm, cilefen: Remove html => TRUE option from l() and link generator"
• #2382931 by larowlan, pfrenssen, Mile23: Drupal\field\Plugin\views\field\Field::access returns an object instead of the expected boolean
• #2273923 by mpdonadio, pfrenssen, dawehner, xjm, cilefen: Remove html => TRUE option from l() and link generator
• #2204363 by Berdir, Wim Leers, tim.plunkett, chx: [sechole] Returning TRUE from hook_entity_access()/hook_ENTITYTYPE_access() must not bypass EntityAccessController::checkAccess()
• #2392209 by plach: DefaultTableMapping::getFieldColumName is broken for base tables
• #2391295 by er.pushpinderrana, dawehner: Use @return $this instead of @return static in EntityInterface
• #2391317 by penyaskito: NodeTypeListBuilder typo
• #2386161 by Berdir, Wim Leers, beejeebus, olli: ChainedFastBackend doesn't set 'expires' and 'tags' when writing to fastBackend
• #2278017 by cilefen, bircher, effulgentsia: When a content entity type providing module is uninstalled, the entities are not fully deleted, leaving broken reference
• #2379811 by Lendude, dawehner: Views tries to render contextual links when Contextual Links module is disabled
• #2387019 by dawehner, larowlan: String field formatters cannot link to their parent entity
• #2342543 by fago, dixon_, jeqq: Applying entity schema updates fail when both entity type and base field definitions change at the same time
• #2354685 by amateescu, tstoeckler, derhasi: Fatal Error on re-saving required EntityReference field setting
• #2392281 by alexpott: system.module is included in our PHPUnit tests
• #2352081 by myforgedoteu, Devin Carlson, martin107: Prevent installation over an already installed database
• #2382543 by rpayanm, ianthomas_uk: Remove usage of drupal_html_class() and drupal_clean_css_identifier()
• #2390013 by andypost: Follow-up comment widget should properly detect default value input
• #1985406 by jhedstrom, alexpott, Dave Reid, olli: #states not supported for elements in formatter settings being displayed on Views field handler form
• #2390707 by Wim Leers: Remove hook_library_alter() implementations
• #2183983 by Gábor Hojtsy, vijaycs85, Berdir, Wim Leers, webflo, alexpott: Find hidden configuration schema issues
• #2391245 by Gábor Hojtsy, Wim Leers: Resolve remaining misc issues with configuration schema fails
• #2388863 by chx: Entity type is definition
• #2167379 by Elijah Lynn, filijonka: db_select docblock should list optional parameters as (optional)
• #2391381 by fago: $include_computed parameter from Map::getValue() is broken and unused
• #2358991 by JeroenT, ianthomas_uk, rpayanm, jamesdixon, er.pushpinderrana, Ashok Negi: Remove usage of drupal_mail()
• #2388925 by xjm, preshetin: British again invade config sync
• #2384527 by tadityar, areke, rpayanm, preshetin: Make the class variables protected for ShortcutSet
• #2384665 by benjy, penyaskito: Follow-up: FieldConfigBase::calculateDependencies() fatal error is unhelpful
• #2381299 by hussainweb: Clean-up block module test members - ensure property definition and use of camelCase naming convention
• #2389411 by chx: wrong backend_overrideable in book
• #2387857 by alvar0hurtad0: Have consistent names for bulk operations at admin/content
• #2388009 by hussainweb: Clean-up shortcut module test members - ensure property definition and use of camelCase naming convention
• #2388905 by chx: menu link storage override requires too much copy-paste
• #2388467 by zaporylie: Remove \Drupal\entity_test\EntityTestViewsData and update the annotation
• #1892006 by Outi, tompagabor, sqndr, BarisW, herom, skippednote, LewisNyman, vermario, frankbaele, criscom, kid_icarus, lauriii, jlyon, eporama: Include a print styling for Seven
• #2387981 by hussainweb: Clean-up statistics module test members - ensure property definition and use of camelCase naming convention
• #2381921 by tibbsa, hussainweb: Clean-up RDF module test members - ensure property definition and use of camelCase naming convention
• #2389407 by chx: System Manager Service is not database dependent
• #2391021 by Gábor Hojtsy: Config schema issues in config tests themselves
• #2384167 by tibbsa: Clean-up DateTime module test members — ensure property definition and use of camelCase naming convention
• #2226863 by cs_shadow, filijonka, joelpittet, pguillard: Update stale references to theme functions that have been converted to Twig
• #2272001 by dsnopek, Devin Carlson, tim.plunkett, xjm, martin107: Views display plugin's list of handlers is not filtered by access
• #2387157 by dawehner, Gábor Hojtsy: Cloning display into another display also stores options that are not supported by the new display type
• #2363155 by penyaskito: content_translation.settings config is not scalable
• #2359509 by Berdir: Incorrect type safe check in Entity::onUpdateBundleEntity() results too many cache clears
• #2358269 by Gábor Hojtsy: Migration bugs in block visibility, field overrides, cron, maintenance settings and form modes found by configuration schema checking
• #2248977 by Berdir: Complete support for multi-value base fields in ContentEntitySchemaHandler and use it for the user.roles field
• #2390445 by Gábor Hojtsy: System module tests don't pass config schema check
• #2389697 by Wim Leers, Gábor Hojtsy: Editor settings altering not needed (and not compatible with config schema assumptions)
• #2387149 by Gábor Hojtsy, dawehner: Display extenders are not possible to describe with config schema
• #2390749 by alexpott: run-tests.sh should allow single test methods to be run
• #2390615 by alexpott: Add method to determine config dependency key depending on entity type
• #2355245 by amateescu: ER's label formatter needs to take into account that $entity->urlInfo() might throw an exception
• #2387141 by Gábor Hojtsy: Missing field configuration schemas across core tests
• #2385111 by tadityar, Wim Leers: Bartik's CKEditor iframe stylesheet is not being loaded, hence image captions look broken
• Revert "Issue #2354705 by yannisc: Mark a couple of asset services as non public"
• #2386247 by tstoeckler: install.php should pass the class loader down into install_begin_request()
• #2388593 by JeroenT: Remove drupal_truncate_bytes()
• #2388765 by alexpott: Improve performance of SqlContentEntityStorage::countFieldData() for large datasets when getting the result as a boolean
• #2335879 by alexpott, dixon_, Wim Leers, chx, mauzeh, ygerasimov, jeqq: Change SqlContentEntityStorageSchema::requiresEntityDataMigration() to ask the old storage handler if it has data rather than assuming yes unless NULL storage
• #2382533 by Wim Leers: Attach assets only via the asset library system
• #2369225 by mpdonadio: Add $options['base_url'] to UrlGenerator::generateFromRoute()
• #2389287 by dawehner: Missing PhpExecutableFinder
• #2387669 by rpayanm, joachim, tadityar: ConfigInstallWebTest is broken
• #2388631 by JeroenT: Remove drupal_match_path()
• #2388707 by damiankloip: UserAccessControlHandler has wrong $explicit_check_fields name for the password field when checking field access
• #2355909 by penyaskito, alexpott, Gábor Hojtsy, DuaelFr: language.settings config is not scalable
• #2263359 by jhodgdon: hook_help(): Top of page help sections can't link to help pages without a fatal error or checking for help module
• #2084987 by andypost, Jalandhar: Remove usage of field_ui_default_value and recommend proper replacement
• #2388043 by daffie: Remove DrupalUnitTestBase
• #2380607 by Berdir, dawehner: Do not call ConfigBase::validateKeys() for data loaded from storage
• #2387443 by alexpott, dawehner: BinaryFileResponse can fail because the core MIME guessing is not added to the MimeType singleton
• #2385787 by a_thakur: Remove form_state_values_clean() from form.inc
• #2364381 by Wim Leers: Exception thrown in drupal_render() causes an exception during the rendering of exceptions
• #2386585 by hussainweb: Upgrade to Symfony 2.6.1
• #2388215 by freblasty, tim.plunkett: Drag and drop is broken.
• #2383573 by tibbsa: Clean-up Contact module Test members - ensure property definition and use of camelCase naming convention
• #2331793 by olli, Gábor Hojtsy: Changing pager settings for this display only also changes pager settings for other display
• #2017433 by BarisW: The documentation for hook_ranking() is wrong
• #2387781 by dixon_: Fix camel case for method in EntityStorageInterface
• #2347999 by Mile23, daffie, cs_shadow, cosmicdreams: DrupalUnitTestBase is deprecated, replace with KernelTestBase
• #2384487 by rpayanm, daffie, Sharique, areke: Make the class variables protected for FilterFormat
• #2364267 by yched: Clarify the logic in TypedDataManager::getPropertyInstance()
• #2385225 by tibbsa: Clean-up editor module test members - ensure property definition and use of camelCase naming convention
• #2381303 by tibbsa, rpayanm, hussainweb, mglaman: Clean-up CKEditor module test members — ensure property definition and use of camelCase naming convention
• #1055150 by rootwork, Devin Carlson, yoroy, brianV, JimmyAx: Time zone description is confusing on user register form
• #2365319 by damiankloip, larowlan: Entity normalization should check field access to avoid leaking data
• #2386255 by aneek, rpayanm: Remove explicit sha1() call in drupal_page_cache_get_cid()
• #2385805 by Gábor Hojtsy: Views tests don't pass strict schema checking
• #2290261 by webchick: Revert php_fileinfo requirement
• #2379595 by ricovandevin, tibbsa: node_help() broken for node add/edit form
• #2385545 by alexpott: Installer can generate unthemed pages
• #2386325 by Gábor Hojtsy: Recurring config schema problems with datetime and link field values in migrate tests
• #2386005 by jhodgdon: Views UI tour needs better label
• #2385227 by tibbsa: Clean-up entity_reference module test members - ensure property definition and use of camelCase naming convention
• #2384531 by daffie, rpayanm: Make the class variables protected for RdfMapping
• #2384357 by amateescu: Simplify Field UI testing
• #2186113 by Berdir: Avoid key value expire garbage collection on actual requests
• #2384539 by areke: Make the class variables protected for Action
• #2385391 by pwolanin: DistributionProfileTest does not need to create an empty .profile
• #2384541 by rpayanm: Make the class variables protected for ConfigurableLanguage
• #2384537 by rpayanm, areke: Make the class variables protected for SearchPage entity
• #2384535 by rpayanm, fernando_calsa, areke, Sharique: Make the class variables protected for ImageStyle
• #2384853 by alexpott: Both configuration directories have to be specified in settings.php
• #2349805 by balagan, clemens.tolboom, Cyberwolf: Rest classes should use StringTranslationTrait instead of t() function when possible
• #2382557 by Wim Leers: Change JS settings into a separate asset type
• #2380411 by areke, hussainweb, GPrince17: Clean-up Text module test members - ensure property definition and use of camelCase naming convention
• #2363077 by stefan.korn, eojthebrave: Max and min resolution not working
• #2384545 by Wim Leers, jbrown: $element['#ajax']['callback'] is broken, hence breaking e.g. inserting images in CKEditor
• #2384689 by tibbsa: Clean-up dblog module test members - ensure property definition and use of camelCase naming convention
• #1074108 by pwolanin, webchick, BlakeLawson, jayeshanandani, Devin Carlson, harijari, David_Rothstein, c_lehel, Haza, oriol_e9g: Profile selection form not skipped if there is only one visible profile
• #1942178 by ohthehugemanatee, vijaycs85, mtift, mortona2k, YesCT, lokapujya, ricardoamaro: Make User module active config save format match the default yml file
• #2275463 by SpadXIII: Path field does not respect settings in form display
• #2385803 by a_thakur: Remove form_execute_handlers() from form.inc
• #2385063 by rpayanm, Akshay2598: Remove drupal_process_form()
• #2382239 by chx: InstallerKernel is undocumented and hardwires bootstrap config storage
• #2250165 by neclimdul, cs_shadow, YesCT: Replace fake mocks with actual OpenDialogCommand stubs in AjaxCommandsTest
• #2335673 by ashutoshsngh, oenie, rudins, er.pushpinderrana: Remove usage of drupal_process_form()
• Revert "Issue #2382239 by chx: InstallerKernel is undocumented and hardwires bootstrap config storage"
• #2354705 by yannisc: Mark a couple of asset services as non public
• #2318755 by LinL, Devin Carlson, effulgentsia, catch: Block Module: Fix documentation that refers to enabling/disabling of modules
• #2382011 by Mile23: Expand unit testing for Drupal\Component\Utility\UserAgent
• #2325269 by Gábor Hojtsy, Arla: Test and fix views in test_views directories against their configuration schema
• #2381751 by hussainweb: Clean-up Book module test members - ensure property definition and use of camelCase naming convention
• #2379863 by mglaman: Clean-up color module test members - ensure property definition and use of camelCase naming convention
• #2345867 by olli, Gábor Hojtsy: Remove node_row_node_view_preprocess_node() and dead code in the comment views wizard
• #2359369 by mpdonadio, Berdir, bdurbin: Render cache is not cleared when module is uninstalled
• #2380377 by jhedstrom: Fix BatchStorageInterface::delete
• #2345343 by damiankloip, dawehner, olli, Bès: view TITLE appears all the time
• #1938920 by akalata, Jon Pugh, joelpittet, shanethehat, lauriii, martin107, nicholasruunu: Convert node_search_admin theme tables to table #type
• #2377281 followup by dawehner: Upgrade to Symfony 2.6 stable
• #2144505 by tstoeckler, YesCT, Gábor Hojtsy, vijaycs85, webflo: Views does not use the text format type for formatted text
• #2357145 by alexpott, olli, YesCT: Views can not be saved with a numeric (grouped) filter
• #2381909 by larowlan, alexpott: Basic block type provided by standard is missing a body field
• #2384165 by tibbsa: Clean-up Contextual module test members — ensure property definition and use of camelCase naming convention
• #2300817 by joshi.rohit100, er.pushpinderrana, tim.plunkett, ianthomas_uk, LinL, dawehner: Remove path_is_admin() as it is deprecated
• #2383307 by alexpott: Remove weird getInfo methods from fake database classes
• #2383727 by a_thakur: Remove form_options_flatten() as it is deprecated
• #2377685 by LewisNyman, herom: Fix outdated CSS rules in Views UI
• #2342593 by znerol, grendzy, David_Rothstein: Remove mixed SSL support from core
• #2369781 by larowlan: Ensure twig_debug output has needed sanitization
• #2384581 by cilefen, Wim Leers: Security: Update CKEditor library to 4.4.6
• #2384009 by arpitr: Remove deprecated function _update_create_fetch_task and its usage
• #2383079 by benjy: EntityDisplayBase::calculateDependencies() fatal error is unhelpful
• #2382493 by yched: Population of default field values in entity translation is incorrect
• #2383153 by aneek, corbacho: Unwanted list style position in Available updates page listing
• #2380349 by martin107: Fix one-line documentation for RouteProcessorCsrf
• #2384163 by yched: Entity render cache is needlessly cleared when an Entity*Fom*Display is modified
• #2368251 by emma.maria, vermario, tkoleary: No border around image upload widget when creating content in Bartik
• #2383667 by Gábor Hojtsy: pathField and pathFieldsSupplemental is not used in Views wizards
• #2382497 by er.pushpinderrana: The first parameter of the hook function hook_page_bottom is wrong in the documentation
• #2379697 by Gábor Hojtsy: Fix configuration schema issues in block content (indirectly link and field test) modules
• #2365585 by yched: FieldItemList::filterEmptyItems() renumbers deltas but does not update the Items
• #2383633 by Gábor Hojtsy: Clean up in-line colon code style in config schemas
• #2383277 by MrHaroldA: StringLongItem should not extend StringItem
• #2381491 by kattekrab: Change "and" to && in CKEditorPluginManager
• #2377281 by hussainweb: Upgrade to Symfony 2.6 stable
• #2378095 by Wim Leers, Devin Carlson: Convert all remaining attached individual CSS/JS assets to attached asset libraries
• #1759090 by andrewmacpherson, InternetDevels, jjcarrion: Remove redundant CSS from theme settings form
• #2374035 by dakku: Block module spelling corrections
• #2294503 by Mile23, neclimdul: Component Utilities unit test cleanups
• #2382667 by Wim Leers, Berdir: #post_render_callback's that result from other #post_render_calback are not processed
• #2368275 by martin107, dawehner, znerol, Crell, Wim Leers: EntityRouteEnhancer and ContentFormControllerSubscriber implicitly depend on too many services
• #2362227 by dawehner, mpdonadio, znerol, tim.plunkett, skipyT: Replace all instances of current_path()
• #2382503 by Wim Leers: Not possible to render self-contained render array while a render stack is active
• #1938916 by joelpittet, akalata, a-fro, duellj, InternetDevels, lauriii: Convert locale theme tables to table #type
• #2159347 by david_garcia, claudiu.cristea: Aggregation not working simple test case
• #2099259 by Berdir: Missing default access for all taxonomy term fields
• #2381973 by Gábor Hojtsy, vijaycs85, dawehner: View wizard creates 'invalid' views out of the box, missing plugin_ids, insecure permissions
• #2342023 by rpayanm, Matt V.: documentation references hook_disable and hook_modules_disabled, but they've been removed
• #2318813 by Devin Carlson, Lowell: Comment module: Fix documentation that refers to enabling/disabling of modules
• #2358037 by davidhernandez, jhodgdon, lauriii: Add search form block Twig template file
• #2309051 by martin107: Duplicate assertion text in LocaleUpdateTest
• #2365965 by er.pushpinderrana, larowlan, Cristian.Andrei, gaurav.pahuja: Various tests still have getInfo method
• #2355543 by ebeyrent, lhangea: TokenTest Language mock is not accurate
• #2349859 by R. Volk, naxoc: Responsive Image Mappings :: throws a fatal exception if no image style is set
• #2348459 by larowlan, alexarpen: Fields of type 'Text (formatted)' do NOT save values
• #2365653 by emma.maria, stefan.korn: CSS definition for one sidebar and 560 to 850 px not correct
• #2381079 by yched: Adjust storage_settings schema for string_long field type
• git commit -m 'Issue #2369035 by jhodgdon, Gábor Hojtsy, robertdbailey: Config entities should not always be untranslated in admin routes'
• #2235901 by alexpott, mdrummond, iMiksu, sun, Wim Leers: Remove custom theme settings from *.info.yml
• #2212335 by jhodgdon: Separate out NodeSearch::execute() into finding vs. processing results
• #2358603 by Berdir: ViewsAjaxController results in fatal error for empty optional arguments
• git commit -m 'Issue #2377397 by Wim Leers, alexpott: Themes should use libraries, not individual stylesheets'
• #2359453 by JeroenT: Remove drupal_mail_system()
• #1833932 by lauriii, lokapujya, cilefen, Cottser, joelpittet, jenlampton, iMiksu, lanchez, ericrdb, mikispeed, Eric_A, mikemiles86: Convert theme_system_compact_link() into a #type link
• #2157541 by dawehner, penyaskito, tim.plunkett, Désiré: Views sets access to ANY on routes - could result in information disclosure
• #2352207 by martin107, Berdir: Database cache backend does not treat cid as case sensitive
• #2381509 by er.pushpinderrana, dawehner: Fix docs for _content being _controller in routing.yml files
• #1002164 by alexpott, Carsten Müller, Devin Carlson, linclark, naxoc, vijaycs85: The Book module can be uninstalled with nodes with a book node type still existing
• #2349801 by BillyClackers: The local tab 'Blocks' should be first on the Custom block library
• #2358529 by Tom Verhaeghe, Wim Leers, brylie, brahmjeet789, effulgentsia: Right-aligned images in CKEditor appear to the right of other fields
• #2350723 by rjacobs: State toggles for Enable alt/title and Require alt/title not functioning
• #1224892 by iaine, lapistano, LinL, jonvk: Duplicate code in mysql/schema.inc (createKeySql = createKeysSqlHelper)
• #2030661 by lokeoke, lokapujya, larowlan, dinarcon, daffie, izus, Ivan Zugec: Expand Tour with methods
• #2380573 by tibbsa: Add @return $this to ConfigInstallerInterface::setSynching
• #2379683 by Gábor Hojtsy: Fix configuration schema issues in contact (indirectly user and system) modules
• #2348925 by alexpott, cilefen, Wim Leers: Uninstalling a filter plugin removes text formats
• #2350327 by PieterDC, Dave Reid: editor.module should use the same data- attributes as entity_embed.module uses
• #2317913 by jhedstrom: Early error handling can result in fatal error (Call to a member function get() on a non-object)
• #2374125 by alexpott: Create a persistent block_content body field storage
• #2370305 by Gábor Hojtsy, yched: Refactor field type configuration schemas for DX, easier to find errors
• #2316909 by Berdir, alexpott: Revisit all built-in test/default views configuration in core
• #2378703 by Berdir: Port denial of service fixes from SA-CORE-2014-006 to Drupal 8
• #2377967 by dawehner: Remove bc layer for _content _controller change
• #2346039 by ultimike, benjy: Add missing migrations to MigrateDrupal6Test and fix the result
• #2030613 by balagan, Mile23, scottrigby, alexpott: Expand EntityViewMode (really EntityDisplayModeBase) with methods
• #2211241 by jhodgdon, ianthomas_uk: Refactor search_reindex() into separate functions
• #2363647 by benjy: Cannot programatically update books
• #2144413 by tstoeckler, YesCT, robertdbailey, webflo, Schnitzel, Wim Leers, kfritsche, Jose Reyero, Gábor Hojtsy, prodosh: Config translation does not support text elements with a format
• #2349871 by borisson_, Wim Leers, Arjandew: Vertical toolbar menu is broken in narrow viewports
• #2371987 by sarav.din33, michaellenahan: Use e.g. instead of i.e. in Date field hover text
• #2341461 by ashutoshsngh, esod, quietone: Remove usage of form_options_flatten()
• #2232881 by danblack: pdo used to require comment escaping - doesn'\''t on supported versions
• #2372255 by amorsent: ckeditor.js variable name typo
• #2380605 by emma.maria, lauriii: Bartik layout broken
• #2350823 by lauriii, jhedstrom, Tim Bozeman, cilefen, davidhernandez, inqui, Cottser, xjm: Use the Classy theme in the Testing profile
• #2380391 by webflo: Fix storage settings for TextLongItem and StringLongItem
• #2324055 by dawehner, cilefen, znerol: Split up the module manager into runtime information and extension information
• #2353335 by Devin Carlson, Wim Leers, myforgedoteu: module install cannot save FTP settings
• #2374339 by benjy, chx: FieldConfigBase::calculateDependencies() fatal error is unhelpful
• #1663166 by LewisNyman, Manuel Garcia, JamesLefrère, BarisW, sqndr, tompagabor: Clean up system admin css
• #2377115 by mglaman: Replace all instances of entity_load('field_config') and entity_load_multiple('field_config') with static method calls
• #2378055 by Gábor Hojtsy: Reorganise config schema for entity_form_display / entity_view_display
• #1201452 by Heine, mgifford: Potential Vulnerability In DatabaseConnection_mysql
• #2368019 by Mile23: Expand unit testing for Drupal\Core\Plugin\Context\ContextDefinition
• #2378789 by Wim Leers: Views output cache is broken
• #2350821 by dawehner, webflo, alexpott, vijaycs85: Sort views displays by display name
• #977440 by andypost, amateescu: Clean-up comment links title attributes
• #2376013 by pwolanin: Drupal 8 installer initially fails if settings.php and services.yml are correct, but config directories are absent
• #2372909 by Tom Verhaeghe: Comments to check '$comment->getOwner->isAnonymous()' instead of assuming anonymous is ID 0
• #2379459 by larowlan: Add a test for forum action links for anon users
• #2099341 by geodaniel, borisson_: Align view name with other fields in views admin list
• #2027959 by andypost, aburrows: Remove dependency on datetime from comment
• #1433796 by hampercm, claudiu.cristea, joshi.rohit100, gitesh.koli, undertext, yoroy, larowlan, rpayanm, opratr, jaffaralia, webbykat, nmudgal: Link to images styles from image field display settings
• #2376689 by yched: IntegerItem 'size' setting should be a storage setting
• #2371853 by tim.plunkett, larowlan: Add more helper methods around temporary FAPI storage
• #2378583 by tim.plunkett, EclipseGc: Core ContextAware Plugins have inconsistent ContextDefinition return docs
• #2377449 by sqndr: Seven maintenance page theming incorrect
• #1855066 by Tom Verhaeghe, Wim Leers, benjifisher: In the "menu" toolbar tray, clicking/tapping white space should show the child level
• #2379083 by olli, Wim Leers: Regression (again): Menu contextual links no longer visible in menu blocks, when block caching is enabled
• #2378263 by Wim Leers: hook_library_alter() must be manually invoked by users of LibraryDiscovery, and has no test coverage
• #2346937 by dawehner, larowlan, Wim Leers, claudiu.cristea, msonnabaum: Implement a Renderer service; reduces drupal_render / _theme service container calls
• #2378699 by klausi, David_Rothstein, pwolanin: Port session hijacking fixes from SA-CORE-2014-006 to Drupal 8
• #2304949 by mpdonadio, cilefen, znerol, klausi, gaurav.goyal, regilero: Port HTTP Host header DoS fix from SA-CORE-2014-003
• #2174589 by Wim Leers, ikeigenwijs, el7cosmos, setvik, YesCT: Split up ckeditor.admin.js
• #2378585 by EclipseGc, tim.plunkett: Multiple context requirements cannot be satisfied by a single value
• #2374201 by YesCT: Docs and quote coding standard follow-up from: Incorrect logic in creating url to fetch information about project updates
• #2378329 by almaudoh: Update AccountProxyInterface::setAccount() documentation to point people to the account_switcher service
• #2376899 by Gábor Hojtsy: ImageFieldTestBase::createImageField() takes a description in field settings errorneously
• #2358993 by rpayanm, JeroenT: Remove usage of drupal_mail_system()
• #2343181 by herom, vermario, rpayanm: RTL issues on front page
• #2375879 by jibran, dawehner: Don't filter languages in case it is not needed
• #2375245 by ashutoshsngh: Remove form_set_value()
• #2141417 by babruix, Sam152, jessebeach: Trays without headings throw a JavaScript error when the non-existent heading text is accessed
• #2328919 by Mile23, YesCT, tim.plunkett: Remove () from a bunch of @covers definitions in PHPUnit
• #2376791 by dawehner, Wim Leers: Move all _content routing definitions to _controller
• #2373735 by joelpittet, dawehner: Simplify/clean up BareHtmlPageRenderer
• #2349633 by mortendk, runand, bradwade, emma.maria: Copy book templates to Classy
• #2318779 by Devin Carlson: [Meta] Aggregator Module: Fix documentation that refers to enabling/disabling of modules
• #2376039 by znerol, Wim Leers, alexpott: Undefined property ContainerAwareEventDispatcherTest::results in run-tests.sh
• Revert "Issue #2189345 by sanduhrs, jbekker, joshtaylor, benjy, sun: run-tests.sh should exit with a failure code if any tests failed"
• Revert "Issue #2376039 by znerol, Wim Leers, alexpott: Undefined property ContainerAwareEventDispatcherTest::results in run-tests.sh"
• #2339151 by EclipseGc, tim.plunkett, Gábor Hojtsy, effulgentsia: Conditions / context system does not allow for multiple configurable contexts, eg. language types
• #2377393 by alexpott: Seven seven_preprocess_html adds unused classes
• #2372323 by alexpott, amateescu: Static loaders on entity types don't return a properly typed object
• #2376581 by yched: Cleanup CommentManager::addDefaultField().
• #2322439 by subhojit777, akashjain132, znerol, jaimekristene, japo32, ThomWilhelm: Titles in a user's activity tab displays as just text and not a link
• #2376147 by alexpott, joelpittet, amateescu: Installer is missing all of the global Seven theme stylesheets
• #2368349 by Gábor Hojtsy, alexpott: Entity view and form display configuration schemas are too verbose / key ones missing
• #1853072 by stevepurkiss, larowlan, bjlewis2, mgifford, stefank: Remove forum_menu_local_tasks_alter() hack and instead add links in ForumController::build
• #2348007 by jibran, olli, marcus7777: Taxonomy term view needs status filter
• #2362987 by Wim Leers, Codenator, Pinolo: Remove hook_page_build() and hook_page_alter()
• #2288911 by znerol, effulgentsia: Use route name instead of system path in user maintenance mode subscriber
• #2354275 by slashrsm: There are functions in AliasStorage that are not in AliasStorageInterface
• #2318753 by greenhodge, amitgoyal, Devin Carlson: REST Module: Fix documentation that refers to enabling/disabling of modules
• #2318789 by Devin Carlson: Book Module: Fix documentation that refers to enabling/disabling of modules
• #2318783 by Devin Carlson: Ban Module: Fix documentation that refers to enabling/disabling of modules
• #2318761 by Devin Carlson: Action Module: Fix documentation that refers to enabling/disabling of modules
• #2318807 by Devin Carlson: Color Module: Fix documentation that refers to enabling/disabling of modules
• #2345725 by tim.plunkett: Query parameters are not decoded the same as the path portion of a URL
• #2359071 by JeroenT, rpayanm: Remove drupal_wrap_mail
• #2371229 by rpayanm, joshi.rohit100: Exceptions when adding and deleting shortcut are regular messages, should be error messages
• #2376403 by Tom Verhaeghe: Some full name space paths wrong in comments in WizardPluginBase
• #1077578 by mgifford, mjohnq3, sqndr, zniki.ru, pwieck, rpayanm, Risse, visabhishek: [Followup] Convert bartiks page.tpl.php to HTML5
• #1850164 by Tom Verhaeghe: Default state of toolbar should show menu tray in non-narrow viewports
• #2333053 by dsnopek, mradcliffe: JavaScript for #type => 'machine_name' registers key presses on 'source' slowly later, when label has spaces, special or international characters in it
• #2375107 by olli: Unable to allow multiple roles access views page
• #2189345 by sanduhrs, jbekker, joshtaylor, benjy, sun: run-tests.sh should exit with a failure code if any tests failed
• #2237625 by amateescu: Step 4: Remove amateescu from the maintainers of menu links
• #2374815 by alvar0hurtad0: Update file comment on TextWithsummaryItemTest to show correct name
• #2373549 by neclimdul: PHPUnit test testGetDoesntHitConsistentBackend failing when run with coverage reporting
• #2277739 by Palashvijay4O: Remove core/scripts/switch-psr4.sh
• #2364555 by Mile23: Add @covers annotation, fix some --strict for PHPUnit
• #2349773 by mirom, Zekvyrin, subhojit777, lauriii: Twig Double escaping on modules' available updates page
• #1847174 by TravisCarden, Jody Lynn, boromino, Mariano, iaine: Path alias validation should test for relative path, no trailing slash requirements
• #2103247 by Tom Verhaeghe | stpaultim: Fixed Clicking menu links in the administration menu tray should close the admin menu tray, while in a narrow viewport where the toolbar is positioned on top of the content.
• #2358995 by rpayanm, JeroenT, Alienpruts, gaurav.pahuja, er.pushpinderrana | Les Lim: Remove usage of drupal_wrap_mail().
• #2366043 by dawehner: Upgrade to Symfony 2.6
• #2374087 by alexpott, benjy: Fixed Create a persistent comment body field storage.
• #2375225 by LewisNyman, davidhernandez: Add emma.maria as Bartik maintainer.
• #2370147 by catch, davidhernandez, lauriii: Move is_front variable to template_preprocess_page()
• #287292 by almaudoh, mr.baileys, drewish, Berdir, znerol, boombatower, dawehner, jpetso, floretan: Add functionality to impersonate a user
• #2375923 by amateescu, olli: Fixed favicon missing.
• #2303777 by sun, jhedstrom: Fixed Allow drupal components to depend on other components outside Drupal.
• #2321385 by alexpott, bircher, amateescu, swentel, benjy: Fixed Creation of node body field in postSave() incompatible with default config and overrides.
• #1885788 by alimac, tim.plunkett | jenlampton: Fixed An AJAX HTTP error occurred during module installation via UI.
• #2328111 by dawehner, martin107, neclimdul: Replace most instances of the DRUPAL_ROOT constant with the app.root container parameter.
• #2370703 by amateescu, yched: Fixed ER's "autocreate" feature is mostly broken (and untested).
• #1877482 by bertramakers | benjifisher: Fixed Toolbar tabs should have ID attributes based on hook_toolbar() array keys rather than sequentially numbering.
• Revert "Issue #2232477 by tstoeckler, a 'fliptable' mateescu, plach: Fixed Fatal when adding new fields with NOT NULL constraints in a base table that contains existing entities."
• #2352155 by Wim Leers: Remove HtmlFragment/HtmlPage.
• #2342377 by david_garcia: Fixed Non database agnostic expression in SQLContentEntityStorage.
• #2364647 by chx, alexpott: Fixed [sechole] Remove blacklist mode from Filter:XSS.
• #2371141 by pfrenssen: Fixed XSS vulnerability when displaying exception backtrace.
• #2371671 by podarok | Chi: Fixed drupal_set_message repeat parameter does not work.
• #2371725 by dawehner: Fixed Don't use theme negotiation all over the place.
• #2232477 by tstoeckler, a 'fliptable' mateescu, plach: Fixed Fatal when adding new fields with NOT NULL constraints in a base table that contains existing entities.
• #2372477 by yched: Fixed Lots of tests still enable entity.module.
• #2031901 by andypost: Remove node tokens from comment.tokens.inc.
• #1426804 by alexpott, swentel: Fixed Allow field storages to be persisted when they have no fields.
• #2371843 by alexpott: Add event listener to check schema on config save.

Läs mer: http://drupal.org/node/2394813

8.0.0-beta3

(beta release)
13 November 2014 - 95MBThis release is a beta version. Betas are good testing targets for developers and site builders who are comfortable reporting (and where possible, fixing) their own bugs, and who are prepared to rebuild their test sites from scratch if necessary. Beta releases are not recommended for non-technical users, nor for production websites.

Known issues

• There are still over 100 critical issues with this beta release that need to be resolved before we will create a release candidate.

Changes since 8.0.0-beta2

• #2359161 by olli, damiankloip: Fixed Feed icons missing in views blocks and pages.
• #2267453 by alexpott, dawehner, damiankloip: Fixed Views plugins do not store additional dependencies.
• #2236855 by rachel_norfolk, stefank, ngocketit, lauriii, LewisNyman, alexpott, yuki77, rteijeiro | mortendk: Use CSS for file icons in file fields.
• #2346287 by bserem, rteijeiro, Zekvyrin, alexpott: Fixed Installer requirements errors escaped HTML in variables.
• #2322509 by prics, cilefen, gaurav.goyal, harijari, Temoor: Replace all instances of node_load(), node_load_multiple(), entity_load('node') and entity_load_multiple('node') with static method calls.
• #2178703 by ultimike, chx, penyaskito: Migrate D6 menu links.
• #2361761 by er.pushpinderrana, rpayanm: Remove mime_header_encode and mime_header_decode.
• #2372201 by chx: Fixed FakeDelete is missing.
• #2359703 by dawehner, michaellenahan: Remove public visibility from pager variables on the ViewExecutable.
• #2227401 by emma.maria, tompagabor, Aleksandar_P | LewisNyman: Apply the seven style guide to the status report.
• #2358657 by zaporylie, geerlingguy: Fixed Wrong @covers definitions in Drupal project.
• #2340785 by mpdonadio: Create proper test method for determining if text has been escaped properly.
• #2325517 by lauriii, Alienpruts, Tom Verhaeghe, joelpittet, rteijeiro | Cottser: Add methods for adding/removing attributes (not classes) on Attribute objects.
• #2371875 by chx: Fixed session_manager can't be reasonably overridden.
• #2354491 by olli, dawehner | penyaskito: Fixed Edit new user list view throws exception on saving.
• #2293875 by G-raph, ngocketit: Fixed Texts are not vertically aligned in Views list.
• #2367745 by Palashvijay4O | gumanist: Remove drupal_var_export().
• #2371457 by DuaelFr: Replace inappropriate translatatable string in core/modules/contextual/contextual.module.
• #2361845 by rpayanm: Remove drupal_substr.
• #2361727 by rpayanm: Remove drupal_convert_to_utf8.
• #2371759 by angel.angelio | cilefen: The docblock for user_help() should read "Implements hook_help().".
• #2371479 by DuaelFr: Replace inelegant string in core/lib/Drupal/Core/Database/Install/Tasks.php.
• #2353013 by bertramakers, oenie, crazyrohila: Remove taxonomy_term_load_parents_all from taxonomy/taxonomy.module.
• #2371841 by tim.plunkett | benjy: Fixed FullPageVariant::$mainContent must always be an array.
• #2358685 by BarisW, Aleksandar_P | LewisNyman: Remove edit and configure icons from misc.
• #2278415 by G-raph, Upchuk, Karmen, JamesLefrère, herom | emma.maria: Fixed Bartik dropbutton styling looks bad.
• #2371499 by er.pushpinderrana | Alex Bukach: Fixed Misprint in State API example.
• #920056 by Dave Reid, andypost, quietone, rkjha, Alumei: Fixed [comment:name] duplicates [comment:author], and the latter should use format_username().
• #2347787 by andrei.dincu | cosmicdreams: Fixed Content Type edit form always displays "Don't display post information".
• #2368975 by damiankloip: Fixed ElementInfoManager::buildInfo() processes info data on every request.
• #2367579 by tim.plunkett, chx: Fixed Move retrieval of visible blocks to a standalone service.
• #2105693 by cilefen | jhodgdon: Fixed ContainerInjectionInterface docs need update.
• #2370733 by chx: Fixed Contrib can not provide config storage.
• #2350507 by hussainweb, hctom, jbrown: Fixed \Drupal\Core\Url has no __toString() magic method.
• #2370801 by chx: Fixed Deleting nothing from K-V DB is broken.
• #2347511 by davidhernandez, lauriii, rpayanm, kasn: Add method to test if class attribute has class on Attribute object.
• #2370005 by olli: Fixed Remove link in views ui grouped filter and rearrange fields/sorts does not work.
• #2354597 by esod, YesCT, vadim.hirbu, ashutoshsngh: Remove usage of form_set_value().
• #2369733 by mcdruid: Fixed No End of "addtogroup hooks" in search.api.php.
• #2369933 by amateescu: Fixed Remove references to an exception class that doesn't exist (\Drupal\entity_reference\Exception\MissingDefaultValueException).
• #2321701 by Temoor, rpayanm: Replace all instances of contact_form_load(), entity_load('contact_form') and entity_load_multiple('contact_form') with static method calls.
• #2362205 by Devin Carlson | dawehner: Fixed admin/theme/install|update should point to admin/appearance/update|install.
• #2215507 by Devin Carlson, pfrenssen, SiliconMind: Fixed Downloads broken for translated private files.
• #365615 followup by attiks, YesCT, Gábor Hojtsy, mgifford, Albert Volkman, plach, webwarrior, David_Rothstein, penyaskito, smokris | yang_yi_cn: Fixed Followups: Language detection not working correctly for most Chinese readers (and add a user interface for all browser language mappings).
• #2369107 by lussoluca: Update Guzzle to 5.0.3.
• #2366877 by alexpott: Fixed Entity Reference field schema incorrect.
• #2267551 followup by jfhovinne: [meta] Deal with PHP requirement vs. Debian PHP version numbering.
• #2369639 by yched: EntityFieldTest helper methods makes debugging tests impossible .
• #2206571 by davidgrayston, znerol, amitgoyal: Add PHPUnit tests for Config class.
• #2369197 by tstoeckler: Fixed Remove obsolete PIFR-specific markup after installation.
• #2359069 by er.pushpinderrana, keso | JeroenT: Remove drupal_html_to_text().
• #2361799 by Palashvijay4O | rpayanm: Remove drupal_strlen.
• #2364171 by Gábor Hojtsy, penyaskito: Fixed Enabling and configuring content language negotiation does not work at once.
• #2368443 by amateescu: Use the new FallbackPluginManagerInterface in ER's selection plugin manager.
• #2268753 by amateescu, larowlan, mikemiles86: Fixed Cleanup EntityReferenceController's create() method.
• #2361797 by rpayanm, Palashvijay4O, er.pushpinderrana: Remove usage of drupal_strlen().
• #2358999 by rpayanm, JeroenT, er.pushpinderrana, javivf, Ec1ipsis, aczietlow | Les Lim: Remove usage of drupal_html_to_text().
• #2361795 by rpayanm: Remove decode_entities.
• #2364343 by ksenzee | corbacho: Fixed robots.txt to allow Google access to CSS and JavaScript files.
• #2363537 by dawehner, znerol: Update CMF routing to 1.3 and remove old code.
• Revert "Issue #2369107 by lussoluca: Update Guzzle to 5.0.3."
• #2368739 by Wim Leers: Fixed user_page_attachments() unnecessarily adds an individual CSS file on every page.
• #2368957 by mikispeed: Fixed Set class on MoreLink as array instead as string.
• #1938918 by joelpittet, lauriii, botanic_spark, mdrummond, nielsonm: Convert menu theme tables to table #type.
• #2368081 by Gábor Hojtsy | andypost: Fixed Remove outdated @todo in hook_user_install().
• #2367285 by cilefen: Fixed Function doc typo for hook_page_attachments_alter() in theme.api.php.
• #2368185 by Gábor Hojtsy: Fixed Content views shipped by node module have non-functional timestamp field.
• #2361825 by rpayanm: Remove drupal_strtolower.
• #2069619 by rpayanm, tstoeckler: Remove the module handler dependency from BlockContentBlock.
• #2364161 by dawehner, mpdonadio, Wim Leers: Replace nearly all existing _l calls.
• #2367557 by mpdonadio: Fixed Update TestKernel to match class loader changes in Drupal Kernel.
• #2361811 by rpayanm: Remove drupal_strtoupper.
• #2361837 by rpayanm: Remove drupal_ucfirst.
• #2361747 by rpayanm: Remove truncate_utf8.
• #2367835 by rpayanm, andypost: Fixed FormBuilderTest namespace.
• #2361823 by rpayanm, javivf: Remove usage of drupal_strtolower().
• #1879930 by fran seva, Gábor Hojtsy, martin107, markie, Schnitzel, alexpott, Sutharsan, mon_franco, YesCT, spearhead93, herom, Désiré: Fixed Language selectors are not showing localized to the page language.
• Revert "Issue #2358685 by Aleksandar_P | LewisNyman: Remove edit and configure icons from misc."
• #2282673 by stevepurkiss, ParisLiakos, mgifford: Add a PHPunit test for not using Drupal\Core code in Drupal\Component.
• #2361809 by rpayanm, nlisgo: Remove usage of drupal_strtoupper().
• #2361745 by rpayanm, javivf: Remove usage of truncate_utf8().
• #1833076 by herom, alansaviolobo, Pancho, pixelite, jessehs, YesCT: Expand translation settings when editing outdated translation so remember to uncheck "needs updating".
• #2367661 by swentel: Fixed Follow up: ThirdPartySettingsTraitInterface missing getThirdPartySettings() method.
• #2367665 by amateescu: Add primary actions on the 'Field storage settings' and 'Field settings' forms.
• #2349373 by stefika, skippednote: Fixed Menu label overlaps with the dropdown trigger on narrow screens on RTL.
• #2346763 by yched, msonnabaum: Improve views field rendering performance by caching entity display objects.
• #2361833 by rpayanm: Remove usage of drupal_ucfirst().
• #2361789 by rpayanm, jamesdixon, javivf: Remove usage of decode_entities().
• #2230121 by znerol, dawehner | sun: Fixed Remove exit() from FormBuilder.
• #2358685 by Aleksandar_P | LewisNyman: Remove edit and configure icons from misc.
• #2358683 by MarkoT91 | LewisNyman: Move forum icons into the forum module.
• #2278403 by Xano, JeroenT: Remove uses of form_execute_handlers().
• #2366645 by YesCT, Mile23: Drupal\Tests\Core\Controller\AjaxControllerTest has wrong @covers.
• #2329783 by lauriii, jamesquinton | davidhernandez: Move comment classes from preprocess to templates.
• #2363643 by ultimike | benjy: Fixed Nodes with format 0 are skipped.
• #2305869 by svendecabooter, ultimike | jhodgdon: Search migration - search logging (new setting).
• #2355977 by larowlan, dashaforbes: Fixed Code references RelationLinkManagerInterface::getRelationInternalIds but no such method.
• #2318341 by lauriii, ocastle, Jolidog, vollepeer, rteijeiro, Rade, mgifford: Views mini pager markup.
• #2135101 by Gábor Hojtsy, stefank, YesCT: Fixed Expand test coverage on configuration translation tabs.
• #2271419 by alexpott, larowlan: Fixed Allow field types, widgets, formatters to specify config dependencies.
• #2299215 by jhedstrom, torrance123: Fixed 'extra' join conditions leaking arguments.
• #2355187 by ashutoshsngh, rpayanm, skipyT, legolasbo: Remove form_get_cache().
• #2307853 by er.pushpinderrana, Palashvijay4: Move file-related hooks to new file.api.php file
• #2366589 by Palashvijay4: Move form-related hooks to form.api.php
• #2361615 by Gábor Hojtsy: Fixed Field type config schemas are not in the base schema.
• #2366583 by rpayanm: Move hooks from system.api.php to new module.api.php file
• #1953770 by amateescu: Move the field-specific settings form elements at the top of the form.
• #2365705 by mcdruid: Add end addtogroup hooks to entity.api.php
• #2351411 by chx, davidhernandez: Fixed [perf] Shortcut reruns routing.
• #2356297 by olli, alexpott: Fixed Double escaping in views ui grouped filters.
• #2364173 by alexpott: Fixed Remove dead code for session-test/set-not-started.
• #2365897 by lauriii: Fixed Move taxonomy-term.html.twig to templates folder in Classy.
• #2365891 by ultimike: Fixed Incorrect schema label.
• Revert "Issue #2208811 by Pol, ivanjaros, dawehner: Fixed Views with arguments stopped working on front-end."
• #2340123 followup by Mile23: Setting cache tags can be tricky: use strings instead of nested arrays to improve DX.
• #2312385 by estoyausente, svendecabooter, ultimike, benjy, Rade, andyceo: Fixed Move schemas for migrate_drupal sources to migrate_drupal module.
• #2302253 by ultimike | Ryan Weal: Fixed User profile "selection" type field type does not migrate from D6 if any of the available options contain a dot.
• #2052751 by tim.plunkett, oriol_e9g, yched | alexpott: Fixed WidgetFactory is not used anywhere so it should be removed.
• #2030645 by lokeoke, Mile23, tim.plunkett, miraj9093, slv_ | plopesc: Fixed Expand Menu with methods.
• #2276203 by webflo, lauriii, nlisgo, kallehauge, Snipon: Fixed CSS Aggregation breaks URLs with Query String.
• #2261465 by rpayanm, neclimdul: Fixed Missing visibility keywords on DrupalKernelTest.
• #2349765 by derheap | davidhernandez: Copy taxonomy templates to Classy.
• #197641 followup by herom, good_man, yhager: Fixed Drag and drop is not RTL aware.
• #2208811 by Pol, ivanjaros, dawehner: Fixed Views with arguments stopped working on front-end.
• #2361599 by stefan.korn: Fixed menu_ui css file is not loaded.
• #2357925 by zaporylie | R. Volk: Fixed Duplicate view copies the old view name and ignores the new one.
• #184010 followup by stefank, seanr: Add #anchors to modules administration page.
• #2315849 by Devin Carlson | Gábor Hojtsy: Update status does not have tests with (semantic) Drupal 8 versions.
• #2364127 by Wim Leers: Merge AjaxResponseRenderer into AjaxController.
• #2360683 by martin107: Fix docs for WebTestBase::loggedInUser member variable
• #2307859 by rpayanm, dankh, shumer: Move theme-render hooks from system.api.php to theme.api.php
• #2363025 by Wim Leers, dawehner, larowlan: Push usage of drupal_set_page_content() higher: out of blocks and page display variants.
• #2364337 by penyaskito: Fixed $typedConfigManager dinamically defined in FieldConfigEntityUnitTest.
• #2039709 by dawehner, swentel, MantasK | jurcello: Fixed Forward slash in filter aliases in url alias overview doesn't work.
• #2363741 by joelpittet: Upgrade Twig to 1.16.* from 1.15.*.
• #2359879 by penyaskito, Gábor Hojtsy: Fixed Session negotiation settings cannot actually be changed on the UI.
• #2221577 by andypost, alexpott, yched: Fix assumption that field settings is not a nested array.
• #2363139 by Wim Leers, dawehner, larowlan: _content controllers may only return render arrays, not strings.
• #2349675 by mortendk, emma.maria | davidhernandez: Copy file templates to Classy.
• #2355239 by kgoel | dawehner: Let AggregatorItemViewsData and AggregatorFeedViewsData use EntityViewsData.
• #2349727 by cilefen, Xen | davidhernandez: Copy rdf templates to Classy.
• #2349731 by lauriii | davidhernandez: Copy search templates to Classy.
• #2349771 by lauriii | davidhernandez: Copy user templates to Classy.
• #2349615 by mortendk | davidhernandez: Copy aggregator templates to Classy.
• #2362517 by Wim Leers: Improve default 403/404 exception HTML subscriber: don't duplicate the page render pipeline, use the routing system — add system.403 and system.404 routes.
• #2363589 by wizonesolutions: Fixed Wrong Contains specification in \Drupal\contact\MessageInterface.
• #2353667 by micnap | ultimike: D6->D8 Migration missing variable: forum_nav_vocabulary.
• #2353699 by jarsenx | ultimike: D6->D8 Migration missing variable: default_nodes_main.
• #2324371 by lauriii, aneek, chx, joelpittet, webflo, Fabianx, rteijeiro: Fix common HTML escaped render #key values due to Twig autoescape.
• #2351589 by ultimike, penyaskito: Fixed Exception when a source has no destId.
• #1948418 by webflo, martin107, galooph, cilefen, gaurav.goyal, amitgoyal, dawehner, dstol: Fixed Address SA-CONTRIB-2013-035 for views in D8.
• #2361711 by rpayanm: Remove usage of drupal_convert_to_utf8().
• #2361757 by rpayanm: Remove usage of mime_header_encode().
• #2350583 by oenie, mitrpaka: Replace extend of deprecated DrupalUnitTestBase with KernelTestBase in Filter.
• #2360069 by herom: Fixed Add missing RTL rules to Seven tabs.css.
• #2361843 by rpayanm: Remove usage of drupal_substr().
• #2239003 by Wim Leers, dawehner | effulgentsia: Remove the '_http_statuscode' request attribute.
• Revert "git commit -m Issue"
• #2343715 by herom: Fixed RTL issues in shortcut module.
• #2183075 by valderama, dinarcon, er.pushpinderrana, amitgoyal, umar-ahmad: Tidy up css.gzip and js.gzip configuration.
• #2361681 by Wim Leers: drupal_render(): invert second argument ($is_recursive_call -> $is_root_call) => more strict, better DX/TX.
• #2294571 by znerol, effulgentsia: Redirect anonymous users to login page from an exception listener instead of in MaintenanceModeSubscriber and restrict access to the my-account link to authenticated users.
• #2357937 by Wim Leers: Remove {{ feed_icons }} from page template (page.html.twig).
• #2220905 by droplet, herom, skippednote, sqndr: Fixed Misaligned messages status.
• #2359931 by dawehner: Ensure that empty title support does not break.
• #2227731 by webflo, mtift: Fixed Normalize configuration data during config writes.
• #2362519 by alexpott: Fixed Remove dead code from contact.install.
• #2282519 by alexpott, cilefen: Fixed Add content dependency information to configuration entities.
• git commit -m Issue
• #1956698 by Gábor Hojtsy, xjm, alexpott, damiankloip, mgifford: Prevent access to YAML files using .htaccess and web.config.
• #2349651 by larowlan, yannisc: Fixed Default contact form does not send email as email recipient is not set during the installation.
• #2361383 by pivica: Fixed Drupal modal dialog should use ui-front class.
• #2316561 by jmolivas | YesCT: Type hint hooks with interface: ConfigurableLanguageInterface instead of LanguageEntity/ConfigurableLanguage.
• #1186582 by Albert Volkman, chx: Fixed rollback and and pushTransaction is not consistent.
• #2359607 by wilsonw, rpayanm | jhodgdon: Fixed Minor problems on Theme topic .
• #2359449 by Jose Reyero: Fixed TypedData calls onChange() parent's method that is not part of the interface.
• #2361415 by tstoeckler: Fixed locale_translation_clear_cache_projects() does not work.
• #2278583 by nlisgo, Berdir, joshi.rohit100 | Fabianx: Fixed field_has_data looks at current data instead of revisioning data: this can lead to data loss.
• #2362123 by Wim Leers: Drupal_page_header() and drupal_send_headers() are dead code: already deprecated, zero uses remain: remove.
• #1419298 by ryanissamson, zaporylie, ohthehugemanatee, ramlev, droplet, Albert Volkman, NROTC_Webmaster, pmitchell, pillarsdotnet: Remove all trailing whitespace from Drupal core files.
• #2361693 by Wim Leers: Fixed AjaxEnhancer is dead code, remove it.
• #2360841 by tstoeckler: Fixed Overriding the translation path in the installer does not work.
• #2349829 by killerpoke, droplet, cjoy: Fixed #2293589 breaks table row buttons.
• #2360241 by martin107: Fixed MenuLinkManager uses PluginNotFoundException incorrectly.
• #2288793 by YesCT, jamesdixon, xq1003, fran seva, Les Lim: Add missing and fix some types in core docblocks and add some typehinting for locale module.
• #2224581 by alexpott, larowlan, jhodgdon, mgifford: Delete forum data on uninstall.
• #2326875 by tim.plunkett, iMiksu | almaudoh: Convert file_element_info() to Element classes.
• #2353695 by ultimike: D6->D8 Migration missing variable: feed_item_length.
• #2348793 by ACF, nlisgo | csakiistvan: Fixed I can not uninstall Classy theme .
• #1813488 by babruix, Ivan Zugec, quietone, ngwebs, legolasbo | amontero: Add descriptions to clarify "administer users" and "administer user settings" permissions.
• #2065485 by tim.plunkett, Xano: Document that PluginFormInterface should use #process to solve nesting issues.
• #2329763 by lauriii, Jens-0, Cottser, Sutharsan: Move links classes from preprocess to templates.
• #2329767 by lauriii, alexpott, Cottser, sqndr: Move table classes from preprocess to templates.
• #2358333 by mikey_p: Fixed ConfigManager should use interface for translation manager type hint.
• #2359005 by alexpott: Fixed LocalTaskManagerTest only works because we mock a non existing method.
• #2226533 by martin107, filijonka, YesCT, Xano, jmolivas, Chris Dart, alexpott, tstoeckler, visabhishek | csg: Changes to the Language class due to the LanguageInterface (followup).
• #1825466 by justafish, tstoeckler, alexpott, sun: [docs follow-up, then backport to D7] Allow NestedArray::mergeDeepArray() to preserve integer keys.
• #2351847 by damiankloip: Fixed Rename getCacheTag() to getCacheTags().
• #1856262 by chx, pwolanin: Raise MySQL requirement to 5.1.21 to support caching of prepared statements.
• #2267551 follow-up by jfhovinne: [meta] Deal with PHP requirement vs. Debian PHP version numbering.
• #1623574 by droplet, cilefen, cesarmiquel, patrickfgoddard, sun, zaporylie, er.pushpinderrana, stevecowie, mbroere: Fixed Remove trailing space from form element labels and field labels (HTML nbsp).
• #2359561 by metzlerd: Make #attached more prevalent in render api docs.
• #1971208 by calebtr, dsayswhat, metzlerd, agentrickard: Replace "utilize" with a proper verb.
• #2359035 by metzlerd: Add info to Routing topic about magic placeholder transformation to parameters in method
• #2356609 by tstoeckler | yched: Remove support for "reference a specific revision".
• #2353691 by micnap | ultimike: D6->D8 Migration missing variable: page_compression.
• #2356183 by michaellenahan | dawehner: Use array of type X in views.
• #2332935 followup by plach: Allow code to respond to entity/field schema changes.
• #2353683 by micnap | ultimike: D6->D8 Migration missing variable: allow_insecure_uploads.
• #2353711 by jarsenx | ultimike: D6->D8 Migration missing variable: update_check_frequency.
• #2358147 by DuttonMa: Fixed Code improvement in install.
• #2329919 by lauriii, Cottser, lanchez | davidhernandez: Move views_ui classes from preprocess to templates.
• #2215345 by jhodgdon, paulh | joachim: Fixed docs for MenuLinkTreeInterface unclear.
• #2357185 by penyaskito: Remove unnecessary setup in NodeCacheTagsTest.
• #2332935 by plach, alexpott, dawehner: Allow code to respond to entity/field schema changes.
• #2246647 by mpdonadio, cilefen, YesCT, tim.plunkett: Rename PluginBag to LazyPluginCollection.
• #2358911 by chx: Fix docs for ViewsArgumentValidator annotation class
• #2349851 by targoo: Remove uses of the deprecated drupalGetSettings.
• #2341341 by YesCT, martin107, vijaycs85, fran seva: Change public 'name' property access on languages to getName() and add back setName().
• #2350949 by Wim Leers: Add hook_page_attachments(_alter)() and deprecate hook_page_build/alter().
• #2351777 by chx, claudiu.cristea: Do not depend on event subscribers for security: Replace AccessRouteSubscriber with build-in checks.
• #2348365 by larowlan | mtdowling: Update to Guzzle 5.
• #2357311 by penyaskito: Fixed Follow-up to SA-CORE-2014-005 (tests don't work correctly on non-MySQL databases).

Läs mer: http://drupal.org/node/2373889

8.0.0-beta2

(större version) (beta release)
29 Oktober 2014 - 95MBThis release is a beta version. Betas are good testing targets for developers and site builders who are comfortable reporting (and where possible, fixing) their own bugs, and who are prepared to rebuild their test sites from scratch if necessary. Beta releases are not recommended for non-technical users, nor for production websites.

The main differences between the previous Drupal 8 alphas and the beta are:

• The fundamental APIs in Drupal 8 (like the entity, configuration, and menu APIs) are now stable enough so that contributed module and theme authors can start (or resume) their #D8CX pledges and port their projects to Drupal 8.
• We have locked down Drupal 8's data model enough that developers should generally not need to perform data migrations between beta releases of Drupal 8. We will start providing a beta-to-beta upgrade path in a later beta release.
• Limited API and data model changes will still happen, though core maintainers will try to isolate these changes to only non-fundamental APIs or critical bug fixes.

Läs mer: http://drupal.org/drupal-7.32-release-notes

7.103

4 December 2024 - 30MBMaintenance release of the Drupal 7 series. Includes bug fixes and small API/feature improvements only (no major, non-backwards-compatible new functionality).

Highlights

• PhpMail : broken mail headers in PHP 8.0+ because of LF characters
  
• Full path disclosure from errors on maintenance pages
  
• HTTP_HOST header cannot be trusted
  
• URL aliases can be used to override trusted urls
  

Bug Fixes and Changes

• PhpMail : broken mail headers in PHP 8.0+ because of LF characters
  
• Full path disclosure from errors on maintenance pages
  
• HTTP_HOST header cannot be trusted
  
• dirname(): Passing null to parameter #1 ($path) of type string is deprecated in drupal_get_path()
  
• URL aliases can be used to override trusted urls
  
• DefaultMailSystem implements MailSystemInterface::format() incorrectly
  
• preg_split in _filter_url breaks for long html tags
  
• TextSummaryTestCase::testLength() fails on some libxml versions
  
• Fix SessionHttpsTestCase->testEmptySessionId() failure
  
• CacheClearCase::testClearArray() sets a persistent variable that has no effect
  
• drupal_var_export() initializes a variable that is never used
  
• drupal_var_export() passes a third argument to itself, when it uses just two parameters
  
• Correct a comment in drupal_settings_initialize()
  
• Password hashing tests do not cover all options
  
• Wrong link to test results in settings form

Läs mer: https://www.drupal.org/project/drupal/releases/7.103

7.102

(säkerhetsutgåvan)
20 November 2024 - 30MBThis is a security release of the Drupal 7 series. Sites are urged to update immediately after reading the notes below and the security announcements:

Security

• Critical - Cross-Site Scripting - SA-CORE-2024-005
  
• Moderately critical - Gadget chain - SA-CORE-2024-008

Läs mer: https://www.drupal.org/project/drupal/releases/7.102

7.101

10 Juni 2024 - 30MBHighlights

• Missing or non-existent entity controller class now throws an EntityMalformedException in Drupal 7
  
• Archive_Tar now uses 775 permissions by default when creating directories in Drupal 7
  
• Added fix for duplicate X-Content-Type-Options headers with value nosniff to .htaccess in Drupal 7
  
• CLI tools that cause a fatal error now exit with an error status in Drupal 7
  

Bug Fixes and Changes

• drupal_random_key() documentation for length of returned string is wrong
  
• Sync D7's copy of Archive_Tar with new 1.5.0 release
  
• [D7] Improve cron logging
  
• Erroneous signature and documentation for user_login_finalize() and hook_user_login()
  
• _form_validate sends null to drupal_strlen triggering deprecation notice
  
• Core entity_get_controller gets a NULL controller class
  
• Notice: Undefined index: form_build_id in ajax_get_form()
  
• [D7] Do not trigger hook_file_download when no file is requested
  
• Allow users to update their settings regardless of duplicate email addresses in the users table
  
• Exceptions during the setUp() or tearDown() method of a test are not handled
  
• Remove a misleading comment from Updater::update()
  
• Remove dead code from node_filter_form()
  
• Duplicate X-Content-Type-Options headers both with the value nosniff [D7]
  
• [GitLab d.o infra] D7 Allow superuser to call composer on jobs
  
• [D7] Bring external template files into core
  
• [D7] Useless test in UserRegistrationTest.php
  
• _drupal_log_error() should return a non-zero exit code on errors in the cli

Läs mer: https://www.drupal.org/project/drupal/releases/7.101

7.100

7 Mars 2024 - 30MBMaintenance release of the Drupal 7 series.

Highlights

• Announcements module (enabled by default and added to the Standard profile in Drupal 7.100)
  
• user_pass_rehash() hash calculation now separates parameter values in Drupal 7
  

Bug Fixes and Changes

• Enable Announcements Feed by default, but allow opt-out
  
• Announcements module info file is missing the version property
  
• Backport the Announcements Feed core module to Drupal 7
  
• [D7] Make CI template compatible with private repositories
  
• [D7] Harden user_pass_rehash() against attack

Läs mer: https://www.drupal.org/project/drupal/releases/7.100

7.99

6 December 2023 - 30MBImportant

• Menu link 'Parent link' is limited to the current menu when creating new custom menu links through the UI in Drupal 7
  
• hook_field_schema_alter() was added in Drupal 7
  
• file_validate_image_resolution() now validates minimum dimensions against the resized image in Drupal 7
  
• Node translations table now contains a link to delete translation in Drupal 7
  
• ModuleUpdater::getSchemaUpdates() was removed in Drupal 7
  
• When a user fails login, the reset password link no longer pre-fills the username in Drupal 7
  
• Drupal 7's aggregator feed now displays up to 255 characters from description if no title is found
  
• Protection against abuse of DrupalCacheArray::__destruct() in Drupal 7
  

Bug Fixes and Changes

• #3405443 [D7] phpcs job fails when run on-commit
  
• #2180877 file_validate_image_resolution() doesn't recalculate the image dimensions after checking $maximum_dimensions
  
• #2847553 XSS attribute handling mangles valid attribute names containing numbers (D7 backport)
  
• #3384397 [D7] When adding a new menu link, restrict the available parents to the current menu
  
• #764408 [D7] Drupal.t() does not respect locale_custom_strings
  
• #691932 Add hook_field_schema_alter()
  
• #3396440 [D7 PHP 8.1] html_entity_decode(): Passing null to parameter #1 ($string) of type string is deprecated in decode_entities()
  
• #3026560 After upgrade to 7.63, 8.5.10, 8.6.7, 9.4.0 get TYPO3 phar error for drush
  
• #2345695 Users are able to upload 0-byte images
  
• #3386936 Remove unused/non-working function getSchemaUpdates()
  
• #3326994 Username enumeration via one time login route
  
• #3383556 Username disclosure in /user/password
  
• #1721506 In update.php instructions, move database backup after maintenance mode
  
• #2677118 Wrong usage of watchdog in system.api.php
  
• #2801329 Remove system.cron.js
  
• #808416 Document that clock drift will cause lock system to fail
  
• #2978218 Add "delete" link on node Translate tab Operations
  
• #3403989 [D7] GitLab CI tests for MariaDB currently not working
  
• #3402945 [D7] Test-only job shouldn't require constant rebases to detect which files were changed
  
• #3384545 Update the list of reserved keywords in DatabaseConnection_mysql
  
• #2880910 [D7] Nothing clears the "5 failed login attempts" security message when a user resets their own password
  
• #3362409 Vertical tabs result in jQuery error when overlay-context hashtag is added to URL
  
• #3195566 Add a note on MySQL 8 sql_mode override
  
• #3348669 system.mail.inc: strpos(): Passing null to parameter #1 ($haystack) of type string is deprecated
  
• #3372666 D7 Backport: Links with "@" are converted into email addresses even if there is no domain suffix present
  
• #2540830 Sanitize watchdog() link in dblog_event()
  
• #3397117 SQLite testing in GitlabCI - apache2(98)Address already in use
  
• #3397119 Allow failures in D7 GitlabCI PHPCS checks
  
• #3396515 GitlabCI test-only job - ambiguous argument in git diff
  
• #3387052 [D7] GitLab CI integration for core
  
• #3380876 [D7 PHP 8.3] unserialize(): Extra data starting at offset
  
• #3379524 Update PHP requirements for D7 according to the PSA-2023-06-07
  
• #3393147 Exceptions ignored in errorHandler for DrupalTestCase
  
• #3373222 Fallback to feed item description does not strip HTML, only takes 40 chars even though field allows 255
  
• #3386055 Cookie base path not check in the test but set in code
  
• #3381481 add tests for PHP Gadget Chain Drupal7/RCE1 protection
  
• #3378257 harden D7 against PHP Gadget Chain Drupal7/RCE1
  
• #3365407 Promote poker10 to full D7 maintainer

Läs mer: https://www.drupal.org/project/drupal/releases/7.99

7.98

13 Juni 2023 - 30MBImportant

• Session IDs are now hashed in the database in Drupal 7 - read this change record before running the database update: https://www.drupal.org/node/3364841
  
• Double click prevention introduced in Drupal 7
  
• Update info is fetched over https by default in Drupal 7
  
• Content of phpinfo() admin status page is now configurable in Drupal 7
  

Bug Fixes and Changes

• #1705618 Double click prevention on form submission
  
• #3007538 Cron.php does not check for maintenance mode correctly
  
• #2090185 Warning span background image on update.php makes update dependencies unreadable
  
• #2164025 Improve security of session ID against DB exposure or SQL injection
  
• #3293648 [D7 backport] Update status does not verify the identity or authenticity of the release history URL
  
• #2060235 Getting a PDOException when adding new image style named thumbnail, medium and large
  
• #3358515 Make phpinfo on the admin status report configurable [D7]
  
• #3214047 [D7] Add phtml files to the list of potentially malicious extensions
  
• #1470236 Array flip error when a taxonomy term field has a NULL value
  
• #1451072 Deleting a comment author while the Comment module is disabled leads to an EntityMalformedException error after it's reenabled
  
• #998632 drupal_write_record() throws PHP notices if any fields use DB-specific data types
  
• #3308471 [D7] Update CommonXssUnitTest::testBadProtocolStripping() to check other allowed / dangerous protocols
  
• #1821178 Performance tune text_field_load()
  
• #1621334 Notice: Undefined property: stdClass::$forum_tid in forum_node_view()
  
• #2177335 Selecting "None" does not move the block to the disabled region when there are no disabled blocks
  
• #2412151 taxonomy_overview_terms undefined index
  
• #2133309 Change link for language code identifier when creating custom languages
  
• #1777166 hook_comment_publish() docs are completely wrong
  
• #3019792 The description for the value returned from form_type_token_value() is wrong
  
• #2550519 drupal_random_bytes() should use random_bytes() if available
  
• #3345570 list_allowed_values_setting_validate dies with PHP Fatal error on PHP 8.1
  
• #3358536 Add test(s) for SA-CORE-2023-004
  
• #3325533 Undefined variables in system.tar.inc
  
• #2733299 Documentation and behavior mismatch in form_get_errors
  
• #3064227 Add close p tag at clean_url_description in system.admin.inc
  
• #2845290 Missing function comment doc for user_admin_account_validate
  
• #3004335 Wrong database table mentioned in the documentation of taxonomy_term_load_multiple
  
• #3068195 Documentation for _locale_import_one_string_db() is incorrect

Läs mer: https://www.drupal.org/project/drupal/releases/7.98

7.97

21 April 2023 - 30MB

• #3355216 by poker10: Fix PHP 5.x regression caused by ::class constant

Läs mer: https://www.drupal.org/project/drupal/releases/7.97

7.96

(säkerhetsutgåvan)
19 April 2023 - 30MBSecurity

• Drupal core - Moderately critical - Access bypass - SA-CORE-2023-005 - The file download facility doesn't sufficiently sanitize file paths in certain situations. This may result in users gaining access to private files that they should not have access to. Some sites may require configuration changes following this security release. Review the release notes for your Drupal version if you have issues accessing private files after updating.

Läs mer: https://www.drupal.org/project/drupal/releases/7.96

7.95

(säkerhetsutgåvan)
16 Mars 2023 - 30MBSecurity

• Drupal core - Moderately critical - Access bypass - SA-CORE-2023-004 - Drupal core provides a page that outputs the markup from phpinfo() to assist with diagnosing PHP configuration. If an attacker was able to achieve an XSS exploit against a privileged user, they may be able to use the phpinfo page to access sensitive information that could be used to escalate the attack. This vulnerability is mitigated by the fact that a successful XSS exploit is required in order to exploit it.

Läs mer: https://www.drupal.org/project/drupal/releases/7.95

7.94

14 December 2022 - 30MB

• Revert "book_node_load() ignores the 'book_allowed_types' and does excessive SQL queries #2070807"
  
• Make alterTags and alterMetadata public for Select query #3326249

Läs mer: https://www.drupal.org/project/drupal/releases/7.94

7.93

8 December 2022 - 30MB

• Drupal 7 now has a user action "unblock current user"
  
• Drupal 7's hook_comment_unpublished is now invoked
  
• New hook_valid_email_address_alter() in Drupal 7
  
• The time limit for cron locks in Drupal 7 has been increased to 15 minutes, and is configurable from settings.php
  
• SameSite attribute set to Lax on various Drupal 7 cookies
  
• Drupal 7's minimum PHP version is now PHP 5.3
  
• Permissions-Policy header is removed since Google has retired FLoC (D7)
  
• Drupal 7's EntityFieldQuery uses $ordered_results instead of the declared $orderedResults property
  
• Optional $mail parameter added in user_pass_rehash()

Läs mer: https://www.drupal.org/project/drupal/releases/7.93

7.92

21 September 2022 - 30MB

• Drupal 7's .htaccess protects .orig and .save files
  
• drupal_http_request() now strips Cookie and Authorization headers on HTTP downgrade or HTTP host change
  
• Image and file fields on taxonomy terms using private filesystem will no longer return 403 / access denied
  
• ID attribute changed on DIV wrappers in managed_file form element markup
  
• l() now strips dangerous protocols from the $path
  
• PagerSelectExtender::getElement() allows consuming code to know the pager id used by a query
  
• path_load() will now consistently load the newest alias

Läs mer: https://www.drupal.org/project/drupal/releases/7.92

7.91

(säkerhetsutgåvan)
21 Juli 2022 - 30MBSecurity

• Drupal core - Moderately critical - Information Disclosure - SA-CORE-2022-012 - In some situations, the Image module does not correctly check access to image files not stored in the standard public files directory when generating derivative images using the image styles system.

Läs mer: https://www.drupal.org/project/drupal/releases/7.91

7.90

2 Juni 2022 - 30MB

• Editing a comment in D7 no longer changes the creation date
  
• D7 adds a "X-Content-Type-Options: nosniff" header to cached page responses
  
• D7's Field API now supports entity ids that are strings (the entity system already did)
  
• D7 no longer accepts trailing dots in entity_ids which may affect some URLs
  
• CSRF token added to admin/reports/status/run-cron in Drupal 7
  
• Added PHP 8 support to .htaccess files in Drupal 7

Läs mer: https://www.drupal.org/project/drupal/releases/7.90

7.89

3 Mars 2022 - 30MB

• FileFieldWidgetTestCase::testMultiValuedWidget missing upload form causes fails on PostgreSQL
  
• FieldInfoTestCase::testFieldMap array order causes test fail on PostgreSQL
  
• BasicMinimalUpdatePath::testBasicMinimalUpdate checks wrong key name on PostgreSQL
  
• DatabaseUpdateTestCase::testExpressionUpdate assertion on number of affected rows fails in PostgreSQL
  
• Skip Upgrade tests for PostgreSQL
  
• DatabaseSelectTestCase::testUnion - inconsistent result order causing test failure on PostgreSQL
  
• AggregatorUpdatePathTestCase::testAggregatorUpdate - inconsistent array order causing test to fail on PostgreSQL
  
• PollCreateTestCase - invalid input syntax for integer on PostgreSQL
  
• NodeCreationTestCase fails on PostgreSQL
  
• DatabaseReservedKeywordTestCase and DatabaseTablePrefixTestCase using wrong fully qualified table name in PostgreSQL
  
• Database test table TEST_UPPERCASE causes PostgreSQL tests to fail
  
• Make sure that the identifiers are not more the 63 characters on PostgreSQL
  
• Tweak user_update_7020() for sites with an existing user.changed field and/or index"
  
• [PHP 8.1] strlen(): Passing null to parameter #1 ($string) of type string is deprecated in theme_file_upload_help()
  
• [PHP 8.1] fwrite(): Passing null to parameter #2 ($data) of type string is deprecated in InsertQuery_pgsql->execute()
  
• [PHP 8.1] Undefined array key "sequence_name" in pgsql driver
  
• [PHP 8.1] system_modules(): Deprecated function: str_replace(): Passing null to parameter #3 ($subject) of type array|string is deprecated
  
• [PHP 8.1] Passing null to parameter #1 check_plain()

Läs mer: https://www.drupal.org/project/drupal/releases/7.89

7.88

(säkerhetsutgåvan)
18 Februari 2022 - 30MBSecurity

• Drupal core - Moderately critical - Improper input validation - SA-CORE-2022-003 - Drupal core's form API has a vulnerability where certain contributed or custom modules' forms may be vulnerable to improper input validation. This could allow an attacker to inject disallowed values or overwrite data. Affected forms are uncommon, but in certain cases an attacker could alter critical or sensitive data.

Läs mer: https://www.drupal.org/project/drupal/releases/7.88

7.87

(säkerhetsutgåvan)
20 Januari 2022 - 30MB7.87

Bug Fixes

• Fix regression caused by jQuery UI position() backport
  

7.86

Security

• Drupal core - Moderately critical - Cross Site Scripting - SA-CORE-2022-001 - CVE-2021-41184: XSS in the `of` option of the `.position()` util
  
• Drupal core - Moderately critical - Cross Site Scripting - SA-CORE-2022-002 - CVE-2021-41182: XSS in the altField option of the Datepicker widget
  
• Drupal core - Moderately critical - Cross Site Scripting - SA-CORE-2022-002 - CVE-2021-41183: XSS in *Text options of the Datepicker widget
  
• Drupal core - Moderately critical - Cross Site Scripting - SA-CORE-2022-002 - CVE-2016-7103: XSS in closeText option of Dialog
  
• Drupal core - Moderately critical - Cross Site Scripting - SA-CORE-2022-002 - CVE-2010-5312: XSS in the title option of Dialog (applicable only to the jQuery UI version included in D7 core)

Läs mer: https://www.drupal.org/project/drupal/releases/7.87

7.85

13 Januari 2022 - 30MB

• Another fix for session cookies when different base_urls share the same domain

Läs mer: https://www.drupal.org/project/drupal/releases/7.85

7.84

15 December 2021 - 30MB

• Hotfix for session cookie domain when www subdomain is in use

Läs mer: https://www.drupal.org/project/drupal/releases/7.84

7.83

6 December 2021 - 30MB

• Drupal 7 now has a "changed" property on the user entity - database schema update required
  
• Drupal 7 now has a date-based default for the directory that file uploads are saved to
  
• Drupal 7 now has a skip_permissions_hardening setting
  
• The has_js cookie has been removed from Drupal 7
  
• Drupal 7 no longer strips leading www. from cookie domain by default because that leaks session cookies to subdomains - sites may want to set $cookie_domain in settings.php to opt out of this change
  
• Changes to password reset process in Drupal 7 to prevent email or username enumeration
  
• Link tags with duplicate href attributes and different hreflang attributes are now supported in Drupal 7

Läs mer: https://www.drupal.org/project/drupal/releases/7.83

7.82

(säkerhetsutgåvan)
26 Juli 2021 - 30MBSecurity

• Drupal core - Critical - Third-party library - SA-CORE-2021-004 - The Drupal project uses the pear Archive_Tar library, which has released a security update that impacts Drupal. The vulnerability is mitigated by the fact that Drupal core's use of the Archive_Tar library is not vulnerable, as it does not permit symlinks. Exploitation may be possible if contrib or custom code uses the library to extract tar archives (for example .tar, .tar.gz, .bz2, or .tlz) which come from a potentially untrusted source.

Läs mer: https://www.drupal.org/project/drupal/releases/7.82

7.81

7 Juni 2021 - 30MBThis is a maintenance release of the Drupal 7 series.

Highlights

• Permissions-Policy header is added by default to disable a method of browser-based user tracking *
  
• Drupal 7 testing improvements - new cache and fail-only options
  
• Backport server configuration code from SA-CORE-2016-003 to Drupal 7 *
  
• Disable brotli compression of pre-compressed CSS and JS *
  
• CSS/JS Aggregation is no longer used during automatic maintenance mode
  

Changes

• Fix typos in help text for run-tests script
  
• Deleting node type leaves orphan nodes
  
• Submit buttons for GET forms in search/views are not W3C valid due to empty "name" attribute
  
• Inaccessible menu items in navigation links cause "Notice: Undefined index: localized_options"
  
• Issues with "required, multiple" fields in forms
  
• Add aria-atomic to autocomplete
  
• Forward slash in filter aliases in url alias overview does not work
  
• Optimize node access query building
  
• Improve WebTestCase performance by 50%
  
• D7 ThemeRegistry array_key_exists() micro-optimization
  
• D7 drupal_array_get_nested_value() array_key_exists() micro-optimization
  
• Disable brotli compression of pre-compressed CSS and JS
  
• CSS aggregation strips some essential whitespace within strings
  
• Backport server configuration code from SA-CORE-2016-003 to Drupal 7
  
• Reordering fails with more than 100 items in a menu
  
• Cannot administer menu item/link if it points to an unpublished node
  
• Never use aggregation in maintenance mode
  
• Add option to only print failing tests
  
• hotfix FLoC block
  
• Add Permissions-Policy header to block Google FLoC

Läs mer: https://www.drupal.org/project/drupal/releases/7.81

7.80

(säkerhetsutgåvan)
22 April 2021 - 30MBSecurity

• Drupal core - Critical - Cross-site scripting - SA-CORE-2021-002 - Drupal core's sanitization API fails to properly filter cross-site scripting under certain circumstances. Not all sites and users are affected, but configuration changes to prevent the exploit might be impractical and will vary between sites. Therefore, we recommend all sites update to this release as soon as possible.

Läs mer: https://www.drupal.org/project/drupal/releases/7.80

7.79

9 April 2021 - 30MBHighlights

• Support for SameSite attribute on cookies
  
• Avoid field storage write when field content did not change - potentially significant performance improvement which is opt-in for existing sites
  
• Password reset confirmation form changes
  
• New PHP Warning emitted in PHP 8 when a database rollback is attempted with no active transaction in MySQL
  
• UI text change: Images must be smaller than !max pixels - n.b. translation impact
  
• Removed updateCallback and errorCallback parameters from the progress bar
  

Changes

• Call to undefined function drupal_get_path_alias() in url()
  
• Trying to access array offset on value of type bool in menu_get_active_breadcrumb()
  
• Remove all occurences of sourceMappingURL and sourceURL when JS files are aggregated
  
• Unnecessary looping in filter_xss() when processing attributes
  
• Trailing space in menu.inc
  
• [PHP 8] test failures in Drupal error handlers
  
• [PHP 8] deprecated functions in OpenID
  
• [PHP 8] test failures in User administration
  
• [PHP 8] test failures in Form element validation
  
• [PHP 8] Error: User-supplied statement does not accept constructor arguments in PDO->prepare()
  
• MySQL on [PHP 8] now errors when committing or rolling back when there is no active transaction
  
• Inaccurate text: Images must be smaller than !max pixels
  
• Remove dead code from ajax.js: progress.upload_callback, progress.error_callback
  
• [PHP 8] Fix DatabaseConnection::query signature mismatch with PDO::query
  
• [PHP 8] Parameter order fixes
  
• [PHP 8] ArgumentCountError: Too few arguments to function _drupal_error_handler() and friends
  
• A valid one-time login link may be leaked by the referer header to 3rd parties
  
• Set samesite cookie attribute for PHP sessions
  
• Do not attempt field storage write when field content did not change
  
• hardening of destructor in Archive_Tar

Läs mer: https://www.drupal.org/project/drupal/releases/7.79

7.78

(säkerhetsutgåvan)
21 Januari 2021 - 30MBSecurity

• Drupal core - Critical - Third-party library - SA-CORE-2021-001 - The Drupal project uses the pear Archive_Tar library, which has released a security update that impacts Drupal. Exploits may be possible if Drupal is configured to allow .tar, .tar.gz, .bz2, or .tlz file uploads and processes them.

Läs mer: https://www.drupal.org/project/drupal/releases/7.78

7.77

4 December 2020 - 30MBBug Fixes

• Table name quoting for MySQL 8 breaks sharing tables via prefixes containing dots

Läs mer: https://www.drupal.org/project/drupal/releases/7.77

7.75

30 November 2020 - 30MBSecurity

• Drupal core - Critical - Third-party library - SA-CORE-2020-013 - The PEAR Archive_Tar library has released a security update that impacts Drupal.

Läs mer: https://www.drupal.org/project/drupal/releases/7.75

7.74

(säkerhetsutgåvan)
20 November 2020 - 30MBSecurity

• Drupal core - Critical - Remote code execution - SA-CORE-2020-012 - Drupal core does not properly sanitize certain filenames on uploaded files, which can lead to files being interpreted as the incorrect extension and served as the wrong MIME type or executed as PHP for certain hosting configurations.

Läs mer: https://www.drupal.org/project/drupal/releases/7.74

7.73

(säkerhetsutgåvan)
22 September 2020 - 30MBSecurity

• Drupal core - Moderately critical - Cross-site scripting - SA-CORE-2020-007 - The Drupal AJAX API does not disable JSONP by default, which can lead to cross-site scripting.

Läs mer: https://www.drupal.org/project/drupal/releases/7.73

7.72

(säkerhetsutgåvan)
17 Juni 2020 - 30MBSecurity

• Drupal core - Critical - Cross-Site Request Forgery - SA-CORE-2020-004 - The Drupal core Form API does not properly handle certain form input from cross-site requests, which can lead to other vulnerabilities.

Läs mer: https://www.drupal.org/project/drupal/releases/7.72

7.71

4 Juni 2020 - 30MBMaintenance release of the Drupal 7 series. Includes bug fixes and small API/feature improvements only (no major, non-backwards-compatible new functionality). No security fixes are included in this release.

Bug fixes

• #3143016 by dsnopek, mcdruid, effulgentsia, philltran, Fabianx, lauriii: Chrome 83 cancels jquery.form ajax requests over https
  
• #3126312 by joseph.olstad, ravikk-drupal, mcdruid, mohangathala, jungle, Taran2L, Fabianx: Since PHP7 func_get_args() no longer reports the original value as passed to a parameter, so call it early
  
• #3085098 by longwave, Taran2L, sjerdo, Dinesh18, oliver.hader: PHP Phar Stream Wrapper should be updated (PHP7.4 support, drop fileinfo dependency)
  
• #2788565 by lhuria94, shashikant_chauhan, sjerdo, ravikk-drupal, joachim, longwave: sample code for callback_filter_process() and callback_filter_prepare() should not include deprecated regex option
  
• #3085148 by Taran2L, mcdruid, kiamlaluno: Fix field_test_field_attach_delete_bundle()
  
• #3087121 by Taran2L, kiamlaluno, mcdruid, klausi, Fabianx, Steven Jones, MustangGB: SystemValidTokenTest is failing on PHP 7.4 when drupal_hmac_base64() is called incorrectly
  
• #3085151 by Taran2L, amoebanath, kiamlaluno, Steven Jones, nishantghetiya, izmeez, mcdruid, Fabianx: field_ui_display_overview_form() expects to always get an array from field_info_formatter_types()
  
• #3125824 by Taran2L, mcdruid: Trying to access array offset on value of type null in forum_get_topics()
  
• #3126138 by Taran2L: taxonomy_update_7004() uses non-existent widget select
  
• #3126133 by Taran2L: NumberFieldTestCase uses non-existent formatter number_float
  
• #3085163 by mcdruid, Taran2L, Steven Jones: Comment module causes PHP 7.4 Notices on uninstall
  
• #3118301 by jacob.embree, joachim: Curly brace syntax for accessing array elements and string offsets has been deprecated in PHP 7.4
  
• #3126140 by joseph.olstad, Taran2L, longwave, mcdruid, Ayesh, Fabianx, MustangGB: PHP 7.4 notice in run-tests.sh
  
• #3084953 by Taran2L, kiamlaluno: Trying to access array offset on value of type null in _drupal_build_css_path()
  
• #3084945 by Taran2L, mcdruid, kiamlaluno: Trying to access array offset on value of type null in _batch_finished()
  
• #3084965 by mcdruid, Taran2L, Fabianx: Trying to access array offset on value of type bool in search_excerpt()
  
• #3085088 by mcdruid, Taran2L: menu_get_item() might return FALSE; calling code should take account of this
  
• #3084980 by mcdruid, Taran2L: Trying to access array offset on value of type null in path_delete()
  
• #3084935 by mcdruid, kiamlaluno, Taran2L, atheia, Liam Morland: Trying to access array offset on value of type int in element_children() and DrupalRequestSanitizer::stripDangerousValues()
  
• #3119875 by mcdruid, Pere Orga, Jasu_M, Heine, Fabianx, David_Rothstein, alexpott, cashwilliams, tim.plunkett, xjm, pwolanin, larowlan, drumm, dsnopek: Add tests for DrupalRequestSanitizer to Drupal 7
  
• Revert "Issue #3084935 by kiamlaluno, Taran2L, mcdruid, atheia, Liam Morland: element_children() and DrupalRequestSanitizer::stripDangerousValues() should not use integers as an array"
  
• #3084961 by mcdruid, Taran2L: Trying to access array offset on value of type null in multiple places in pager.inc
  
• #3084955 by kiamlaluno, mcdruid, Taran2L: Invalid characters passed for attempted conversion, these have been ignored in _color_unpack()
  
• #3084943 by longwave, Taran2L: Pass parameters as implode($glue, $pieces); reverse order is deprecated
  
• #3084935 by kiamlaluno, Taran2L, mcdruid, atheia, Liam Morland: element_children() and DrupalRequestSanitizer::stripDangerousValues() should not use integers as an array

Läs mer: https://www.drupal.org/project/drupal/releases/7.71

7.70

(säkerhetsutgåvan)
20 Maj 2020 - 30MBSecurity

• Drupal core - Moderately critical - Third-party libraries - SA-CORE-2020-002 - The jQuery project released version 3.5.0, and as part of that, disclosed two security vulnerabilities that affect all prior versions.

Läs mer: https://www.drupal.org/project/drupal/releases/7.70

7.69

(säkerhetsutgåvan)
20 December 2019 - 30MBThis release fixes security vulnerabilities. Sites are urged to upgrade immediately .

Security

• Critical - Multiple vulnerabilities - SA-CORE-2019-012

Läs mer: https://www.drupal.org/project/drupal/releases/7.69

7.68

5 December 2019 - 30MBMaintenance release of the Drupal 7 series. Includes bug fixes and small API/feature improvements only (no major, non-backwards-compatible new functionality).

New Features

• Fully support PHP 7.3
  
• drupal_http_request() accepts data as an array in Drupal 7
  
• Access to web.config is blocked in .htaccess (and vice-versa)
  
• New "scripts" element
  
• theme_table() takes an optional footer variable and produces <tfoot>
  

All Changes

• #3098664 by mcdruid: drupal_http_build_query() only accepts arrays (followup to #3059391)
  
• #3097342 by mcdruid, Fabianx: Prepare Drupal 7.68 (CHANGELOG.txt)
  
• #3088938 by DamienMcKenna, webchick, mcdruid: Update the D7 maintainers list
  
• #2902430 by stefanos.petrakis, joseph.olstad, SergFromSD, kiamlaluno, Ayesh, mcdruid, alexpott: [PHP 7.1] A non-numeric value encountered in theme_pager()
  
• #2472025 by stupiddingo, stefanos.petrakis: [D7] Hide toolbar when printing
  
• #2171113 by Pol, wiifm, mw4ll4c3, David_Rothstein, douggreen, Fabianx: Settings returned via ajax are not run through hook_js_alter()
  
• #3059391 by Liam Morland: Use drupal_http_build_query() in drupal_http_request()
  
• #2966335 by mcdruid, dvandijk, David_Rothstein: Avoid DrupalRequestSanitizer not found fatal error when bootstrap phase order is changed
  
• #3025335 by mcdruid, mfb, joseph.olstad, Fabianx, kiamlaluno, Pol: [PHP 7.3] Cannot change session id when session is active
  
• #3055805 by mcdruid, greggles, Ayesh, Darren Oh, David_Rothstein, sidharrell, pwolanin, mkalkbrenner, Sweetchuck, YesCT: file.inc generated .htaccess does not cover PHP 7
  
• #3047412 by mcdruid, Chi, beckydev, DKAN, alexpott, sammuell, rabbitlair, longwave, greggles, interX: Block web.config in .htaccess (and vice-versa)
  
• #3047844 by mfb, jordanwood, Taran2L: Fix test failures on PHP 5.3
  
• #3088557: Add mcdruid as provisional Drupal 7 branch maintainer
  
• #3051370 by Pol, markcarver, Fabianx: Create "scripts" element to align rendering workflow to how "styles" are handled
  
• #2814031 by Liam Morland: In drupal_http_request(), allow passing data as array
  
• #1861604 by hefox, joseph.olstad, Sivaji, mgifford, webchick: Skip module_invoke/module_hook in calling hook_watchdog (excessive function_exist)
  
• #2666908 by iamEAP, cilefen: HTTP status 200 returned for ”Additional uncaught exception thrown while handling exception”
  
• #1892654 by Pol, willvincent, Fabianx: D7 Backport: theme_table() should take an optional footer variable and produce
  
• #3009351 by Pol, mfb, BrianLP: [PHP ≥ 7.2] "session_id(): Cannot change session id"
  
• #2684337 by geoffray, Pol, jweowu, Fabianx: Warning: uasort() expects parameter 1 to be array, null given in node_view_multiple()
  
• #3035772 by Pol: [Regression] Fix default.settings.php permission

Läs mer: https://www.drupal.org/project/drupal/releases/7.68

7.67

(säkerhetsutgåvan)
9 Maj 2019 - 30MBSecurity

• Drupal core - Third Party Libraries - SA-CORE-2019-007 - This security release fixes third-party dependencies included in or required by Drupal core.

Läs mer: https://www.drupal.org/project/drupal/releases/7.67

7.66

(säkerhetsutgåvan)
19 April 2019 - 30MBThis release fixes security vulnerabilities. Sites are urged to upgrade immediately.

Security

• Drupal core - Third Party Libraries - SA-CORE-2019-006

Läs mer: https://www.drupal.org/project/drupal/releases/7.66

7.65

25 Mars 2019 - 30MBThis release fixes security vulnerabilities. Sites are urged to upgrade immediately.

Security

• Cross Site Scripting - SA-CORE-2019-004

Läs mer: http://drupal.org/project/drupal/releases/7.65

7.64

12 Februari 2019 - 30MBHighlights

• Issue #3018637 by emilymoi, das-peter: [regression] Unset the 'host' header in drupal_http_request() during redirect
  
• Compatibility fixes for PHP 7.3
  
• Compatibility fixes for MySQL 5.7
  

Bug Fixes

• Notice: Undefined index: display_field in file_field_widget_value() (line 582 of /module/file/file.field.inc)
  
• Registry rebuild should not parse the same file twice in the same request
  
• Update function _registry_update() and move module_implements() and _registry_check_code() calls out of the try/catch
  
• [regression] Unset the 'host' header in drupal_http_request() during redirect
  
• 7.x does not have Phar protection and Phar tests are failing on Drupal 7
  
• Fix up commit - convert short array styles to long.
  
• [PHP 7.3] Fix BootstrapMiscTestCase::testCheckMemoryLimit() notice
  
• Ignore node_module folder in core to use Drupal with npm/grunt/nodejs
  
• [PHP 7.3] strpos explicit string needle warnings
  
• MySQL 5.7 incompatibility in system upgrade 7061

Läs mer: http://drupal.org/project/drupal/releases/7.64

7.63

16 Januari 2019 - 30MBKnown Issues

• PHP 5.3.0-5.3.5 gives notice for debug_backtrace() call in PharWrapper
  

Important

• The .phar file extension has been added to Drupal's dangerous extensions list, which means that any such file uploaded to a Drupal file field will automatically be converted to a text file (with the .txt extension) to prevent it from being executed. This is similar to how Drupal handles file uploads with a .php extension.
  
• No changes have been made to the .htaccess, web.config, robots.txt or default settings.php files in this release, so upgrading custom versions of those files is not necessary.
  
• The replacement stream wrapper needed to resolve Drupal Core - Remote code execution - SA-CORE-2018-002 is not compatible with PHP versions lower than 5.3.3. For sites using lower PHP versions, the built-in phar stream wrapper has been disabled rather than replaced. Drupal 7 sites using PHP 5.2 (or PHP 5.3.0-5.3.2) that require phar support will need to re-enable the stream wrapper for it; however, note that re-enabling the stream wrapper will re-enable the insecure PHP behavior on those PHP versions.
  
• It is very uncommon to both be running a PHP version lower than 5.3.3 and to need phar support. If you're in that situation, consider upgrading your PHP version instead of restoring insecure phar support.
  

Bug Fixes

• fixes a regression affecting some Drush installations that was introduced by the fix for SA-CORE-2019-002

Läs mer: http://drupal.org/project/drupal/releases/7.63

7.62

16 Januari 2019 - 30MBSecurity

• Drupal core - Third Party Libraries - SA-CORE-2019-001 - Drupal core uses the third-party PEAR Archive_Tar library. This library has released a security update which impacts some Drupal configurations. Refer to CVE-2018-1000888 for details.
  
• Drupal core - Arbitrary PHP code execution - SA-CORE-2019-002 - Some Drupal code (core, contrib, and custom) may be performing file operations on insufficiently validated user input, thereby being exposed to a remote code execution vulnerability which exists in PHP's built-in phar stream wrapper when performing file operations on an untrusted phar:// URI. This vulnerability is mitigated by the fact that such code paths typically require access to an administrative permission or an atypical configuration.

Läs mer: http://drupal.org/project/drupal/releases/7.62

7.61

26 November 2018 - 30MB

• File upload validation functions and hook_file_validate() implementations are now always passed the correct file URI.
  
• The default form cache expiration of 6 hours is now configurable (API addition: https://www.drupal.org/node/2857751).
  
• Allowed callers of drupal_http_request() to optionally specify an explicit Host header.
  
• Allowed the + character to appear in usernames.
  
• PHP 7.2: Fixed Archive_Tar incompatibility.
  
• PHP 7.2: Removed deprecated function each().
  
• PHP 7.2: Avoid count() calls on uncountable variables.
  
• PHP 7.2: Removed deprecated create_function() call.
  
• PHP 7.2: Make sure variables are arrays in theme_links().
  
• Fixed theme-settings.php not being loaded on cached forms
  
• Fixed problem with IE11 & Chrome(PointerEvents enabled) & some Firefox scroll to the top of the page after dragging the bottom item with jquery 1.5 <-> 1.11

Läs mer: http://drupal.org/project/drupal/releases/7.61

7.60

18 Oktober 2018 - 24MBThis release fixes security vulnerabilities. Sites are urged to upgrade immediately after reading the notes below and the security announcement.

Security

• Drupal core - Multiple vulnerabilities - SA-CORE-2018-006 - In some conditions, content moderation fails to check a users access to use certain transitions, leading to an access bypass.
  

Known Issues

• When combined with particular configurations of the Domain Access module, this release can cause fatal errors on certain pages of the site. See https://www.drupal.org/project/drupal/issues/2966335 for more discussion and a possible patch.

Läs mer: http://drupal.org/project/drupal/releases/7.60

7.59

25 April 2018 - 24MBSecurity

• Drupal core - Critical - Remote Code Execution - SA-CORE-2018-004 - A remote code execution vulnerability exists within multiple subsystems of Drupal 7.x and 8.x. This potentially allows attackers to exploit multiple attack vectors on a Drupal site, which could result in the site being compromised. This vulnerability is related to Drupal core - Highly critical - Remote Code Execution - SA-CORE-2018-002. Both SA-CORE-2018-002 and this vulnerability are being exploited in the wild.

Läs mer: http://drupal.org/project/drupal/releases/7.59

7.58

(säkerhetsutgåvan)
28 Mars 2018 - 24MBSecurity

• Drupal core - Highly Critical - Remote Code Execution - SA-CORE-2018-002 - A remote code execution vulnerability exists within multiple subsystems of Drupal 7.x and 8.x. This potentially allows attackers to exploit multiple attack vectors on a Drupal site, which could result in the site being completely compromised.

Läs mer: http://drupal.org/project/drupal/releases/7.58

7.57

(säkerhetsutgåvan)
25 Februari 2018 - 24MBThis security release of the Drupal 7 series. It is highly recommended that you update.

Highlights

• Fixed multiple security vulnerabilities.
  

Changes

• The file_get_file_references() API function has a new $check_access parameter. This defaults to TRUE for backwards compatibility reasons, but it is recommended that most code which calls this function pass in FALSE in order to ensure that all references to the file are returned, regardless of the permissions of the current user.

Läs mer: http://drupal.org/project/drupal/releases/7.57

7.56

(säkerhetsutgåvan)
22 Juni 2017 - 24MBMaintenance and security release of the Drupal 7 series.

Major changes in 7.56:

• Drupal Core - Multiple Vulnerabilities - SA-CORE-2017-003
  

Major changes in 7.55:

• .htaccess change: A change to support services such as Let's Encrypt by making Drupal not block the .well-known directory defined by RFC 5785 (see #2847325).
  
• .htaccess change" A change to allow Drupal sites to work correctly on Apache 2.4 when the mod_access_compat Apache module is disabled (see #1599774).
  
• Fixed incompatibility with PHP versions 7.0.19 and 7.1.5 due to duplicate DATE_RFC7231 definition.
  
• Allowed services such as Let's Encrypt to work with Drupal on Apache, by making Drupal's .htaccess file allow access to the .well-known directory defined by RFC 5785.
  
• Made new Drupal sites work correctly on Apache 2.4 when the mod_access_compat Apache module is disabled.
  
• Fixed Drupal's URL-generating functions to always encode '[' and ']' so that the URLs will pass HTML5 validation.
  
• Made Drupal core pass all automated tests on PHP 7.1.

Läs mer: http://drupal.org/project/drupal/releases/7.56

7.54

27 Februari 2017 - 24MBMaintenance release of the Drupal 7 series. Includes a variety of improvements and bug fixes.

Major changes

• Modules are now able to define theme engines (https://www.drupal.org/node/2826480)
• Added menu tree render structure to (pre-)process hooks for theme_menu_tree() (https://www.drupal.org/node/2827134)
• A new drupal_is_https() API function has been added (https://www.drupal.org/node/2824590)
• Logging of searches can now be disabled (new option in the administrative interface, see https://www.drupal.org/node/2715113)
• The default value for short and medium date formats on the date type configuration page is now correct (https://www.drupal.org/node/1817748)
• The file validation error message is now removed after subsequent upload of a valid file (https://www.drupal.org/node/1792032)

All changes

• #878284 by jp.stacey: cache_set documentation should make lifetime clearer
• #2107287 by BR0kEN: PHP 5.4 calls a new stream_metadata() method on stream wrappers not implemented by Drupal
• #1792032 by aerozeppelin, bjorpe, lmeurs, ndobromirov, balsama: File validation error message not removed after subsequent upload of valid file
• #1884830 by pwolanin, dcam: Regression - replace md5 in Filter module calls with sha2 hashes
• #2637552 by vmachado, Fabianx: Use the drupal_static_fast pattern in drupal_html_id()
• #1817748 by markpavlitski, hgoto, wavesailor, Sophie.SK: /admin/config/regional/date-time does not show the correct default format for short and medium format
• #2494221 by david_garcia, dagmar: Slow Log/Watchdog clear when there are lots of data
• Updated: Issue #2042411 by aerozeppelin, generalredneck: Float field type not validating number with decimal point but no decimal numbers
• #2724773 by Stevel: Translation tests fail on site with english language prefix (global $language_url is not reset in tests)
• #2779379 by sandip27: Minor Coding Standard Issue in color.test file
• #2838650 by er.pushpinderrana: menu_cache_clear description contains duplicate word: cached cached
• #2042411 by aerozeppelin, generalredneck: Float field type not validating number with decimal point but no decimal numbers
• #767404 by das-peter, geru, Ketan Harit, nikhilsukul, Nitesh Sethia: theme_menu_tree() removes helpful data for theming custom menu trees
• #2821203 by plach: Factor out logic to detect HTTPS requests into an API function
• #2237329 by cs_shadow, amgoncalves: comments in OptionsWidgetsTest are in the wrong place
• #1569856 by wizonesolutions, faline, IvoryTierra, tstoeckler, sun, cebasqueira: Make CommentHelperCase support $modules like DrupalWebTestCase and make CommentNodeAccessTest use that
• #2715113 by anshuljain2k8, SwapS, dagmar, Fabianx, ndobromirov: Watchdog logging of all searches is performance hit; need ability to turn it off (7.x)
• #1617918 by pfrenssen, stefan.r, Ayesh, Fabianx, rfay, tea.time: $form['#token'] = FALSE in custom form always causes validation error for anonymous users
• #2825396 by pounard, Pol, Fabianx, David_Rothstein, SebCorbin: Enable modules to define theme engines

Läs mer: http://drupal.org/project/drupal/releases/7.54

7.53

28 December 2016 - 24MB

• Issue #2821441 by davic, droplet, David_Rothstein, Joe Keene, Fabianx, tory-w: Fixed that newer Chrome versions cannot drag and drop anymore on desktop after 7.51 update when jQuery is updated to 1.7-1.11.0

Läs mer: http://drupal.org/project/drupal/releases/7.53

7.52

17 November 2016 - 24MBSecurity

• Inconsistent name for term access query (Less critical - Drupal 7 and Drupal 8)
• Incorrect cache context on password reset page (Less critical - Drupal 8
• Confirmation forms allow external URLs to be injected (Moderately critical - Drupal 7)
• Denial of service via transliterate mechanism (Moderately critical - Drupal 8)

Läs mer: http://drupal.org/project/drupal/releases/7.52

7.51

24 Oktober 2016 - 24MBThis is a maintenance release of the Drupal 7 series. This release includes a variety of improvements and bug fixes (no major, non-backwards-compatible new functionality, and no security fixes).

Highlights

• The Update module now also checks for updates to a disabled theme that is used as an admin theme.
• Exceptions thrown in dblog_watchdog() are now caught and ignored.
• Clarified the warning that appears when modules are missing or have moved.
• Log messages are now XSS filtered on display.
• Draggable tables now work on touch screen devices.
• Added a setting for allowing double underscores in CSS identifiers (https://www.drupal.org/node/2810369).
• If a user navigates away from a page while an Ajax request is running they will no longer get an error message saying "An Ajax HTTP request terminated abnormally".
• The system_region_list() API function now takes an optional third parameter which allows region name translations to be skipped when they are not needed (API addition: https://www.drupal.org/node/2810365).

All changes

• #2497259 by David_Rothstein: Followup for system_region_list() unnecessarily translates region names
• #2762241 by David_Rothstein, wylbur: Missing default.profile from the file system
• #2808789 by hanoii, nod_, heddn, geerlingguy, lokapujya, David_Rothstein, mangy.fox, xurizaemon, timfernihough, jibran, effulgentsia, j0rd, joelpittet, temkin, slashrsm, maxi Todorov, leewillis77, droplet, showrx, orbiteleven, opdavies, rooby, yechuah, shabana.navas, nikunjkotecha, ehj-52n, jhedstrom, sah62, edutrul, rfay, seutje, drupalshrek: Drupal alerts "An AJAX HTTP request terminated abnormally" during normal site operation, confusing site visitors/editors
• #2379947 by ndobromirov, othermachines, hgoto, David_Rothstein: Prevent maximum execution time from being exceeded for large .po files in _locale_import_po()
• #1443342 by joseph.olstad, mikeytown2, LauraRocks, xjm, stefan.r, joelpittet, brianV, effulgentsia, Fabianx, Mac_Weber: Inline file_uri_scheme() in file_stream_wrapper_uri_normalize() and other file.inc functions
• #2009584 by hgoto, jtwalters, rteijeiro, ry5n, emattias, Fabianx: Allow double underscores to pass through drupal_clean_css_identifier as per new CSS standards
• #2720853 by joseph.olstad, donquixote, Fabianx, quicksketch: D7 Improve theme registry build performance by 85%
• #2459339 by hgoto, dagmar, klausi, kporras07, David_Rothstein, Fabianx: Log messages should be XSS filtered on display
• #1261002 by LewisNyman, Pere Orga, nod_, Trey, quicksketch, jessebeach, mglaman, blueshadow2911, sabsbrain, Fabianx: Draggable tables do not work on touch screen devices
• #2672088 by joelpittet, stefan.r, daffie, catch, mikeytown2, Fabianx, dawehner: Add static cache to DatabaseConnection ::escapeDatabase(), ::escapeTable(), ::escapeField() and ::escapeAlias()
• #2497259 by aerozeppelin, catch, tim.plunkett, alexpott: system_region_list() unnecessarily translates region names
• #2774725 by sandip27: Wrong hook is invoked (hook_aggregator_process() rather than hook_aggregator_process_info())
• #2794155 by kiamlaluno: user_save() documentation has a note for Drupal 8 that is not anymore valid
• #2794547: Remove xjm from MAINTAINERS.txt in D7
• #2201615 by hgoto: locale_translate_edit_form_submit() should check is_string(), instead of !empty() for string
• #2764221 by stefan.r, vensires, Fabianx, fietserwin: utf8mb4IsSupported() shouldn't guess that InnoDB is the default engine
• #2776439 by aerozeppelin, Novitsh, makbul_khan8: [D7] system_block_ip_action() adding empty IP record in blocked_ips table
• #1880224 by joelpittet, thedavidmeister, rooby, validoll, monta: Notice: Undefined index: value in theme_status_report() (line 2577 of modules/system/system.admin.inc)
• #2784561 by stefan.r, GoZ, Fabianx: [D7] IpAddressBlockingTest is failing on DrupalCI for PHP 7
• #2468537 by hgoto, cilefen: The update module does not check updates for the admin theme if it is disabled
• #2051453 by hgoto, joyceg, prabhurajn654, Fabianx: syntax error in update_manager_update_form()
• #2764131: Missing modules warning instructions don't make sense for certain situations (such as for old Drupal 6 module entries in the system table)
• #1784548 by btopro, Fabianx, Berdir, rbayliss, xaa: DB Log is missing watchdog table after enabling - Need to catch and ignore exceptions thrown in dblog_watchdog()
• #2738933 by id.medion, chishah92: Remove unused argument in the function call field_cache_clear()
• #2766537 by bhavikshah9, mforbes: Missing asterisk in one line of default.settings.php documentation block

Läs mer: http://drupal.org/project/drupal/releases/7.51

7.50

(större version)
11 Juli 2016 - 24MBWait... Drupal 7.50?

• Yes, there is a version jump compared to the previous 7.44 release; this is to indicate that this Drupal 7 point release is a bit larger than past ones and makes a few more changes and new features available than normal.
• Updating your existing Drupal 7 sites is recommended. Backwards compatibility is still being maintained, although read on to find out about a couple of changes that might need your attention during the update.

Highlights

• New "administer fields" permission added for trusted users
• Protection against clickjacking enabled by default
• Support for full UTF-8 (emojis, Asian symbols, mathematical symbols) is now possible on MySQ
• Improved support for recent PHP versions, including PHP 7
• Improved performance (and new PHP warnings) when Drupal is trying to find a file that does not exist
• Improvements to help search engines index your site's images/CSS/JavaScript

Läs mer: http://drupal.org/blog/drupal-7-50

7.44

(säkerhetsutgåvan)
17 Juni 2016 - 24MBSecurity

• Saving user accounts can sometimes grant the user all roles (User module - Drupal 7 - Moderately Critical)

Läs mer: http://drupal.org/blog/drupal-8-1-3-and-7-44

7.43

(säkerhetsutgåvan)
24 Februari 2016 - 24MBThis release contains security fixes.

Security

• File upload access bypass and denial of service (File module - Drupal 7 and 8 - Moderately Critical): A vulnerability exists in the File module that allows a malicious user to view, delete or substitute a link to a file that the victim has uploaded to a form while the form has not yet been submitted and processed. If an attacker carries out this attack continuously, all file uploads to a site could be blocked by deleting all temporary files before they can be saved. This vulnerability is mitigated by the fact that the attacker must have permission to create content or comment and upload files as part of that process.
• Brute force amplification attacks via XML-RPC (XML-RPC server - Drupal 6 and 7 - Moderately Critical): The XML-RPC system allows a large number of calls to the same method to be made at once, which can be used as an enabling factor in brute force attacks (for example, attempting to determine user passwords by submitting a large number of password variations at once). This vulnerability is mitigated by the fact that you must have enabled a module that provides an XML-RPC method that is vulnerable to brute-forcing. There are no such modules in Drupal 7 core, but Drupal 6 core is vulnerable via the Blog API module. It is additionally mitigated if flood control protection is in place for the method in question.
• Open redirect via path manipulation (Base system - Drupal 6, 7 and 8 - Moderately Critical): In Drupal 6 and 7, the current path can be populated with an external URL. This can lead to Open Redirect vulnerabilities. This vulnerability is mitigated by the fact that it would only occur in combination with custom code, or in certain cases if a user submits a form shown on a 404 page with a specially crafted URL. For Drupal 8 this is a hardening against possible browser flaws handling certain redirect paths.
• Form API ignores access restrictions on submit buttons (Form API - Drupal 6 - Critical): An access bypass vulnerability was found that allows input to be submitted, for example using JavaScript, for form button elements that a user is not supposed to have access to because the button was blocked by setting #access to FALSE in the server-side form definition. This vulnerability is mitigated by the fact that the attacker must have access to submit a form that has such buttons defined for it (for example, a form that both administrators and non-administrators can access, but where administrators have additional buttons available to them).
• HTTP header injection using line breaks (Base system - Drupal 6 - Moderately Critical): A vulnerability in the drupal_set_header() function allows an HTTP header injection attack to be performed if user-generated content is passed as a header value on sites running PHP versions older than 5.1.2. If the content contains line breaks the user may be able to set arbitrary headers of their own choosing. This vulnerability is mitigated by the fact that most hosts have newer versions of PHP installed, and that it requires a module to be installed on the site that allows user-submitted data to appear in HTTP headers.
• Open redirect via double-encoded 'destination' parameter (Base system - Drupal 6 - Moderately Critical): The drupal_goto() function in Drupal 6 improperly decodes the contents of $_REQUEST['destination'] before using it, which allows the function's open redirect protection to be bypassed and allows an attacker to initiate a redirect to an arbitrary external URL. This vulnerability is mitigated by that fact that the attack is not possible for sites running on PHP 5.4.7 or greater.
• Reflected file download vulnerability (System module - Drupal 6 and 7 - Moderately Critical): Drupal core has a reflected file download vulnerability that could allow an attacker to trick a user into downloading and running a file with arbitrary JSON-encoded content. This vulnerability is mitigated by the fact that the victim must be a site administrator and that the full version of the attack only works with certain web browsers.
• Saving user accounts can sometimes grant the user all roles (User module - Drupal 6 and 7 - Less Critical): Some specific contributed or custom code may call Drupal's user_save() API in a manner different than Drupal core. Depending on the data that has been added to a form or the array prior to saving, this can lead to a user gaining all roles on a site. This issue is mitigated by the fact that it requires contributed or custom code that calls user_save() with an explicit category and code that loads all roles into the array.
• Email address can be matched to an account (User module - Drupal 7 and 8 - Less Critical): In certain configurations where a user's email addresses could be used to log in instead of their username, links to "have you forgotten your password" could reveal the username associated with a particular email address, leading to an information disclosure vulnerability. This issue is mitigated by the fact that it requires a contributed module to be installed that permits logging in with an email address, and that it is only relevant on sites where usernames are typically chosen to hide the users' real-life identities.
• Session data truncation can lead to unserialization of user provided data (Base system - Drupal 6 - Less Critical): On certain older versions of PHP, user-provided data stored in a Drupal session may be unserialized leading to possible remote code execution. This issue is mitigated by the fact that it requires an unusual set of circumstances to exploit and depends on the particular Drupal code that is running on the site. It is also believed to be mitigated by upgrading to PHP 5.4.45, 5.5.29, 5.6.13, or any higher version.

Läs mer: http://drupal.org/drupal-7.43-release-notes

7.42

3 Februari 2016 - 24MBMaintenance release of the Drupal 7 series. Includes bug fixes and small API/feature improvements only (no major, non-backwards-compatible new functionality).

Major changes

• #1191290: Stopped invoking hook_flush_caches() on every cron run, since some modules use that hook for expensive operations that are only needed on cache clears.
• #2392153: Changed the default .htaccess and web.config to block Composer-related files.
• #1443308: Added static caching to module_load_include() to improve performance.
• #1919338: Fixed double-encoding bugs in select field widgets provided by the Options module. The fix deprecates the 'strip_tags' property on option widgets and replaces it with a new 'strip_tags_and_unescape' property (minor data structure change).
• #2545480: Improved MySQL 5.7 support by changing the MySQL database driver to stop using the ANSI SQL mode alias, which has different meanings for different MySQL versions.
• #2599326: Fixed a regression introduced in Drupal 7.39 which prevented autocomplete functionality from working on servers that are not configured to automatically recognize index.php.
• #1414508: Updated the Archive_Tar PEAR package to the latest 1.4.0 release, to fix bugs with tar file handling on various operating systems.
• #1289336: Fixed fatal errors on node preview when a field is displayed in the node teaser but hidden in the full node view. The fix removes a field_attach_prepare_view() call from the node_preview() function since it is redundant with one in the node preview theme layer.
• #1862250: Improved the description of the "Trimmed" format option on text fields (translatable string change, and minor UI and data structure change).

Changelog

• #2645544 by Liam Morland: Improve documentation for module_disable() and related functions
• #2622012 by walangitan, snehi, Shreya Shetty, rashid_786, joachim, jhodgdon: Fix documentation errors in language_default()
• #1191290 by klausi, David_Rothstein, Fabianx: system_cron() should not invoke hook_flush_caches() on every cron run
• #1559506 by finnydobson, JuliaKM, snehi, anil280988, priya.chat, laranajim, jhodgdon, alexpott: Query alter docs need some clarification
• #2392153 by mparker17, hussainweb, chris.smith, alexpott, dawehner: Disallow composer.json and composer.lock from being indexed
• #1946090 by pjonckiere, alex-mo, rpayanm: _drupal_wrap_mail_line() does not force-wrap too long words after 996 characters
• #1443308 by cilefen, joseph.olstad, mikeytown2, joelpittet, btopro, alexpott, jonhattan, marcingy, stewsnooze, Fabianx, pounard, tstoeckler, penyaskito: Add static cache to module_load_include()
• #1919338 by catch, bradjones1, mpdonadio, David_Rothstein, Cottser, Jalandhar, shnark, das-peter, swentel, bblake, JvE, dewalt, Damien Tournoud, jwilson3: Select widget (from the options module) prone to double encoding
• #1891228 by eiriksm, logaritmisk, joelpittet, stefan.r, StefanPr, mariancalinro: image_style_deliver can create invalid headers
• #2545480 by gryp, morgantocker, Crell, kevinquillen: Don't use the ANSI SQL mode since it has different meanings for different MySQL versions (and breaks MySQL 5.7 support in Drupal 7)
• #2251019 by PietM, jhodgdon, mgifford: User wildcard search doesn't work
• #1328014 by eiriksm, superspring, jhedstrom, alexpott, franz, chx, phillamb168: Fix PDOException in the dblog module when saving a link URL with non-standard characters
• #2619816 by AshwiniPatil: Fix code style problem with array spacing in taxonomy_help()
• #2627524 by lokapujya: Change absense to absence in test assertion message
• #2596899 by bburg: Remove unnecessary DISTINCT from node access rebuild query to work around a MySQL bug
• #2599326 by Blanca.Esqueda, David_Rothstein: Fix autocomplete functionality on servers that are not configured to automatically recognize index.php
• #1414508 by droplet, KimNyholm, mglaman, kid_icarus, David_Rothstein, mgifford, Cottser: update system.tar.inc to latest Archive_Tar (Pear)
• #2611274 by felribeiro, joachim, joshi.rohit100, anchal29: missing docs for DrupalWebTestCase::xpath() $arguments param
• #2632284 by eiriksm, brianV: Fix code style issues in block.module
• #2156405 by Everett Zufelt, maximpodorov, rudiedirkx, jygastaud: Remove unnecessary static variable which can cause a Javascript error on user edit pages on multi-step forms.
• #2547691 by snehi, er.pushpinderrana, visabhishek, ipun.amin, edxxu, jhodgdon, cilefen, ttkaminski: Fix documentation typo regarding #theme_wrappers
• #1289336 by jthorson, JimmyAx, marcingy, David_Rothstein, no_commit_credit, drumm, matglas86, rooby, xjm, cristiroma, brockfanning, Damien Tournoud: Calling node_view for the same node with multiple view modes on the same page during node preview does not correctly attach fields
• #2594585 by Xano, dcam: Use entity_uri() when linking to nodes on the admin/content page
• #2530652 by da_cloud, jhodgdon, cilefen, marbard: Cannot use the search block again if an error occured in the previous search
• #2601116 by heykarthikwithu: Remove various unused variables from the Poll module
• #2598062 by eiriksm: theme_links contains > 80 character inline comment lines
• #2411917 by chaunceyt: Fix _block_rehash() performance issue
• #1862250 by amanire, Ivan Zugec, Novitsh, joates, sdstyles, yoroy, joshi.rohit100, acabouet, rpayanm, klonos, dahousecat, Daniel_Rose, HeimdallJHM, cluther, vineet.osscube, joachim, Stalski, Bojhan, chr

Läs mer: http://drupal.org/drupal-7.42-release-notes

7.41

(säkerhetsutgåvan)
21 Oktober 2015 - 24MBThis release fixes security vulnerabilities.

Security

• SA-CORE-2015-004: The Overlay module in Drupal core displays administrative pages as a layer over the current page (using JavaScript), rather than replacing the page in the browser window. The Overlay module does not sufficiently validate URLs prior to displaying their contents, leading to an open redirect vulnerability. This vulnerability is mitigated by the fact that it can only be used against site users who have the "Access the administrative overlay" permission, and that the Overlay module must be enabled.

Läs mer: http://drupal.org/drupal-7.41-release-notes

7.40

15 Oktober 2015 - 24MBMaintenance release of the Drupal 7 series. Includes bug fixes and small API/feature improvements only (no major new functionality); major, non-backwards-compatible new features are only being added to the forthcoming Drupal 8.0 release.

Upgrading .htaccess to incorporate this change is strongly recommended:

• A change to set the X-Content-Type-Options header to "nosniff" when possible, to prevent certain web browsers from picking an unsafe MIME type (see #462950).

Upgrading settings.php to incorporate the following changes is recommended but not required:

• A change to exclude private files from the "404_fast_paths" behavior. This is useful primarily for sites which call drupal_fast_404() directly from settings.php (see #2455057).
• A documentation change to make it easier for development sites to enable the 'theme_debug' feature via settings.php (see #2538640).

Major changes

• Added an optional 'project:' prefix that can be added to dependencies in a module's .info file to indicate which project the dependency resides in (API addition: https://www.drupal.org/node/2299747).
• Prevented the database API from executing multiple queries at once on MySQL, if the site's PHP version is new enough to do so. This is a secondary defense against SQL injection (API change: https://www.drupal.org/node/2463973).
• Changed the default thousand marker for numeric fields from a space ("1 000") to nothing ("1000") (minor UI change: https://www.drupal.org/node/1388376).
• Made Drupal's code for parsing .info files run much faster and use much less memory.
• Prevented drupal_http_request() from returning an error when it receives a 201 through 206 HTTP status code.
• Added support for autoloading traits via the registry on sites running PHP 5.4 or higher.
• Allowed the user-picture.tpl.php theme template to have HTML classes besides the default "user-picture" class printed in it (markup change).
• Fixed the URL text filter to convert e-mail addresses with plus signs into mailto: links.
• Added alternate text to file icons displayed by the File module, to improve accessibility (string change, and minor API addition to theme_file_icon()).
• Changed one-time login link failure messages to be displayed as errors or warnings as appropriate, rather than as regular status messages (minor UI change and data structure change).
• Changed the default settings.php configuration to exclude private files from the "404_fast_paths" behavior.
• Changed the page that displays filter tips for a particular text format, for example filter/tips/full_html, to return "page not found" or "access denied" if the format does not exist or the user does not have access to it. This change adds a new menu item to the Filter module's hook_menu() entry (minor data structure change).
• Added a new hook, hook_block_cid_parts_alter(), to allow modules to alter the cache keys used for caching a particular block.
• Made drupal_set_message() display and return messages when "0" is passed in as the message to set.
• Fixed non-functional "Files displayed by default" setting on file fields.
• The "worker callback" provided in hook_cron_queue_info() and the "finished" callback specified during batch processing can now be any PHP callable instead of just functions.
• Prevented drupal_set_time_limit() from decreasing the time limit in the case where the PHP maximum execution time is already unlimited.
• Prevented malformed theme .info files (without a "name" key) from causing exceptions during menu rebuilds. If an .info file without a "name" key is found in a module or theme directory, Drupal will now use the module or theme's machine name as the display name instead.
• Made the format column in the {date_format_locale} database table case-sensitive, to match the equivalent column in the {date_formats} table.
• Fixed a bug in the Statistics module that caused JavaScript files attached to a node while it is being viewed to be omitted from the page.
• Fixed various bugs that occurred after hooks were invoked early in the Drupal bootstrap and that caused module_implements() and drupal_alter() to cache an incomplete set of hook implementations for later use.
• Set the X-Content-Type-Options header to "nosniff" when possible, to prevent certain web browsers from picking an unsafe MIME type.
• Fixed a bug in the Drupal 6 to Drupal 7 upgrade path which caused the upgrade to fail when there were multiple file records pointing to the same file.

Läs mer: http://drupal.org/drupal-7.40-release-notes

7.39

(säkerhetsutgåvan)
19 Augusti 2015 - 24MBThis release fixes critical security vulnerabilities.

Security

• Cross-site Scripting - Ajax system - Drupal 7: A vulnerability was found that allows a malicious user to perform a cross-site scripting attack by invoking Drupal.ajax() on a whitelisted HTML element. This vulnerability is mitigated on sites that do not allow untrusted users to enter HTML. Drupal 6 core is not affected, but see the similar advisory for the Drupal 6 contributed Ctools module: SA-CONTRIB-2015-141.
• Cross-site Scripting - Autocomplete system - Drupal 6 and 7: A cross-site scripting vulnerability was found in the autocomplete functionality of forms. The requested URL is not sufficiently sanitized. This vulnerability is mitigated by the fact that the malicious user must be allowed to upload files.
• SQL Injection - Database API - Drupal 7: A vulnerability was found in the SQL comment filtering system which could allow a user with elevated permissions to inject malicious code in SQL comments. This vulnerability is mitigated by the fact that only one contributed module that the security team found uses the comment filtering system in a way that would trigger the vulnerability. That module requires you to have a very high level of access in order to perform the attack.
• Cross-site Request Forgery - Form API - Drupal 6 and 7: A vulnerability was discovered in Drupal's form API that could allow file upload value callbacks to run with untrusted input, due to form token validation not being performed early enough. This vulnerability could allow a malicious user to upload files to the site under another user's account. This vulnerability is mitigated by the fact that the uploaded files would be temporary, and Drupal normally deletes temporary files automatically after 6 hours.
• Information Disclosure in Menu Links - Access system - Drupal 6 and 7: Users without the "access content" permission can see the titles of nodes that they do not have access to, if the nodes are added to a menu on the site that the users have access to.

Major changes

• The Ajax system now validates URLs before making an Ajax request. Existing code which uses the Drupal Ajax API in any of the standard ways should continue to work after this update. In the event you have unusual Ajax code which does not work with Drupal 7.39, you can have your code manually validate the URL in one of two ways. Either add the URL to the "urlIsAjaxTrusted" JavaScript setting (see ajax_pre_render_element() for an example) or call ajax_set_verification_header() in the Ajax callback function to mark the current URL as trusted. Only do this for URLs that you actually trust; Ajax requests in Drupal should never be made to untrusted URLs.
• For security reasons, the autocomplete system now makes Ajax requests to non-clean URLs only, although protection is also in place for custom code that does so using clean URLs. There is a new form API #process function on autocomplete-enabled text fields that is required for the autocomplete functionality to work; custom and contributed modules should ensure that they are not overriding this #process function accidentally when altering text fields on forms (use element_info_property() for help with that). Part of the security fix also includes changes to theme_textfield(); it is recommended that sites which override this theme function make those changes as well (see the theme_textfield section of this diff for details).
• When form API token validation fails (for example, when a cross-site request forgery attempt is detected, or a user tries to submit a form after having logged out and back in again in the meantime), the form API now skips calling form element value callbacks, except for a select list of callbacks provided by Drupal core that are known to be safe. In rare cases, this could lead to data loss when a user submits a form and receives a token validation error, but the overall effect is expected to be minor.

Läs mer: http://drupal.org/drupal-7.39-release-notes

7.38

(säkerhetsutgåvan)
17 Juni 2015 - 24MBThis release fixes critical security vulnerabilities.

Security

• CVE-2015-3234 Impersonation (OpenID module - Drupal 6 and 7 - Critical): A vulnerability was found in the OpenID module that allows a malicious user to log in as other users on the site, including administrators, and hijack their accounts. This vulnerability is mitigated by the fact that the victim must have an account with an associated OpenID identity from a particular set of OpenID providers (including, but not limited to, Verisign, LiveJournal, or StackExchange).
• CVE-2015-3232 Open redirect (Field UI module - Drupal 7 - Less critical): The Field UI module uses a "destinations" query string parameter in URLs to redirect users to new destinations after completing an action on a few administration pages. Under certain circumstances, malicious users can use this parameter to construct a URL that will trick users into being redirected to a 3rd party website, thereby exposing the users to potential social engineering attacks. This vulnerability is mitigated by the fact that only sites with the Field UI module enabled are affected. Drupal 6 core is not affected, but see the similar advisory for the Drupal 6 contributed CCK module: SA-CONTRIB-2015-126
• CVE-2015-3233 Open redirect (Overlay module - Drupal 7 - Less critical): The Overlay module displays administrative pages as a layer over the current page (using JavaScript), rather than replacing the page in the browser window. The Overlay module does not sufficiently validate URLs prior to displaying their contents, leading to an open redirect vulnerability. This vulnerability is mitigated by the fact that it can only be used against site users who have the "Access the administrative overlay" permission, and that the Overlay module must be enabled.
• CVE-2015-3231 Information disclosure (Render cache system - Drupal 7 - Less critical): On sites utilizing Drupal 7's render cache system to cache content on the site by user role, private content viewed by user 1 may be included in the cache and exposed to non-privileged users. This vulnerability is mitigated by the fact that render caching is not used in Drupal 7 core itself (it requires custom code or the contributed Render Cache module to enable) and that it only affects sites that have user 1 browsing the live site. Exposure is also limited if an administrative role has been assigned to the user 1 account (which is done, for example, by the Standard install profile that ships with Drupal core).

Läs mer: http://drupal.org/drupal-7.38-release-notes

7.37

7 Maj 2015 - 24MBThis release is a maintenance release with numerous bug fixes (no security fixes).

Major changes:

• Fixed a regression in Drupal 7.36 which caused certain kinds of content types to become disabled if they were defined by a no-longer-enabled module.
• Removed a confusing description regarding automatic time zone detection from the user account form (minor UI and data structure change).
• Allowed custom HTML tags with a dash in the name to pass through filter_xss() when specified in the list of allowed tags.
• Allowed hook_field_schema() implementations to specify indexes for fields based on a fixed-length column prefix (rather than the entire column), as was already allowed in hook_schema() implementations.
• Fixed PDO exceptions on PostgreSQL when accessing invalid entity URLs.
• Added a sites/all/libraries folder to the codebase, with instructions for using it.
• Added a description to the "Administer text formats and filters" permission on the Permissions page (string change).

All changes:

• #2465159 by David_Rothstein, NancyDru: Fixed a regression in Drupal 7.36 which caused certain kinds of content types to become disabled if they were defined by a no-longer-enabled module.
• #1863290 by woprrr, vomiand, dcam, vegantriathlete: poll_node_info() has unused 'has_body' attribute that is left over from Drupal 6
• #2364047 by JvE, dcam: Fix missing file definitions in hook_theme() in the Update Manager module
• #2331151 by David_Rothstein, Devin Carlson: Remove leftover code in testFileValidateSize() which runs the tests as a specific user
• #1055150 by Devin Carlson, rootwork, yoroy, brianV, JimmyAx: Time zone description is confusing on user register form
• #2315255 by Dave Reid, Devin Carlson: Allow custom HTML tags with a dash in the name to pass through filter_xss() when specified in the list of allowed tags
• #1812056 by chx, byrond: Allow hook_field_schema() implementations to specify indexes for fields based on a column prefix (field sql storage test failing on various MySQL engines due to indexing unbound text fields)
• #1003788 by stefan.r, Alan D., JimmyAx, Josh Waihi, john_brown, twistor, bellHead, bzrudi71, pwolanin, gaas, wiifm, robhardwick, gngn: PostgreSQL PDOException: Invalid text representation when attempting to load an entity with a string or non-scalar ID
• #2208649 by areke, David_Rothstein, joachim, er.pushpinderrana, TravisCarden: Followup fixes to the documentation of the queue worker callback
• #2428399 by joshi.rohit100, SkidNCrashwell, Sagar Ramgade, er.pushpinderrana, Dom.: Default empty option label text different in documentation than in reality
• #2386903 by pfrenssen, dcam: Fixed DOMDocument::importNode() warning due to IDs already being defined when running tests
• #2399657 by klausi: Add session hijacking test cases for SA-CORE-2014-006
• #2457743 by skein: translation_remove_from_set() runs unnecessary queries to fetch and update every single node with tnid 0
• #2014851 by hlieberman, Wim Leers, bradjones1, markcarver: Drupal CSS preprocessing breaks protocol-relative paths
• #2356983 by bzrudi71, Dave Reid, jaredsmith: SystemQueue::claimItem() sometimes returns items in the wrong order (resolves locale test failures on PostgreSQL)
• #667058 by greggles, DamienMcKenna, cweagans, travelertt, Dave Reid, tstoeckler, geerlingguy: Add a sites/all/libraries folder and encourage people to use it properly
• #1684930 by amontero, David_Rothstein, joshi.rohit100, jthorson, dcam, rpayanm, jackbravo, yoroy: Add description to "administer filters" permission
• #2392221 by joegraduate, er.pushpinderrana, zealfire, ClientGuy: install_run_task() and install_tasks() don't document the task structure

Läs mer: http://drupal.org/drupal-7.37-release-notes

7.36

1 April 2015 - 24MBThis release is a maintenance release with numerous bug fixes (no security fixes).

Major changes:

• Prevented the form API from allowing arrays to be submitted for various form elements, such as textfields, textareas, and password fields (API change: https://www.drupal.org/node/2462723).
• Added a 'javascript_always_use_jquery' variable which can be set to FALSE by sites that may not need jQuery loaded on all pages, and a 'requires_jquery' option to drupal_add_js() which modules can set to FALSE when adding JavaScript files that have no dependency on jQuery (API addition: https://www.drupal.org/node/2462717).
• Added a user_has_role() function to check whether a user has a particular role (API addition: https://www.drupal.org/node/2462411).
• Added a 'file_public_schema' variable which allows modules that define publicly-accessible streams in hook_stream_wrappers() to bypass file download access checks when processing managed file upload fields.
• Fixed a bug that caused database query tags not to be added to search-related database queries under many circumstances, and which prevented the corresponding hook_query_TAG_alter() implementations from being called.
• Fixed the "for" attribute on managed file upload field labels to improve accessibility (minor markup change).
• Fixed incorrect foreign keys in the User module's role_permission and users_roles database tables.
• Changed permission descriptions throughout Drupal core to consistently link to relevant administrative pages, regardless of whether the user viewing the Permissions page can view the page being linked to (minor UI change).
• Fixed the drupal_add_region_content() function so that it actually adds content to the page.
• Added an 'image_suppress_itok_output' variable to allow sites already using the existing 'image_allow_insecure_derivatives' variable to also prevent security tokens from appearing in image derivative URLs.
• Fixed double-escaping of theme names in the Block module administrative interface (minor string change).
• Added basic support for Xdebug when running automated tests.
• Fixed a bug which caused previewing a node to remove elements from the node being edited. With this fix, calling node_preview() will no longer modify the passed-in node object (minor API change).
• Fixed installation failures when an opcode cache is enabled.
• Fixed a bug in the Drupal 6 to Drupal 7 upgrade path which caused private files to be inaccessible.
• Fixed a bug in the Drupal 6 to Drupal 7 upgrade path which caused user pictures to be lost.
• Fixed missing language code in hook_field_attach_view_alter() when it is invoked from field_view_field().
• Stopped sending ETag and Last-Modified headers for uncached page requests, since they break caching for certain Varnish and Nginx configurations.
• Changed the Simpletest module to allow PSR-4 test classes to be used in Drupal 7.
• Fixed a fatal error that occurred when using the Comment module's "Unpublish comment containing keyword(s)" action.
• Changed the "lang" attribute on language links to "xml:lang" so it validates as XHTML (minor markup change).
• Fixed a bug in the Contact module which caused the global user object to have the incorrect name and e-mail address during the remainder of the page request after the contact form is submitted.

All changes:

• #2305017 by David_Rothstein, slashrsm, marcingy: Add a 'file_public_schema' variable to allow bypassing file download access checks in managed file upload fields
• #2364069 by damiankloip: Search specific tags are not available and hook_query_TAG_alter hooks are not invoked
• #1734716 by larowlan, dcam, mgifford: Managed file form label has incorrect "for" attribute
• #1279226 by attiks, ericduran, Wim Leers, sun, David_Rothstein, nod_: Allow sites and modules to skip loading jQuery and Drupal JavaScript libraries on pages where they won't be used
• #1946240 by hampercm, eiriksm, David_Rothstein, rpayanm, rszrama, Yaron Tal, dgtlife, madhusudanmca, er.pushpinderrana, Cottser: Remove the hardcoded 0 index in theme_status_messages()
• #2432619 by vbouchet, jhodgdon, joachim: block_load() should state it's not suitable for general consumption
• #1201452 by mgifford, Heine, ircmaxell: Improve security on newer versions of PHP by setting an additional charset DSN parameter when connecting to MySQL via PDO
• #197641 by herom, good_man, elcuco: Drag and drop does not work correctly on RTL languages
• #1828530 by cam8001: Remove unused $default_method variable in user_cancel_confirm_form()
• #1051872 by boombatower, jdillick, marvil07: Add documentation concerning modified property flag on node_type_save()
• #1483736 by stefan.r, bfcam, jrigby: field_attach_update deletes file fields (content & file) in entity regardless of if they are included in the entity object
• #2386037 by gobinathm: Incorrect foreign key tables in users.install
• #2462223 by helmo: Typo in comment in node_access_test.module
• #2425259 by catch, sidharrell, nlisgo, Josh Waihi, Fabianx, Berdir, martin107: Router rebuild lock_wait() condition can result in rebuild later in the request (race condition)
• #2283717 by joshi.rohit100, amitgoyal, g3r4, er.pushpinderrana: Remove user_access function calls on hook_permission functions so the Permissions page consistently links to other admin pages for all users
• #1018618 by manfer, joshi.rohit100: Wrong assertions in block.test
• #2446657 by rpayanm, er.pushpinderrana: Remove dead link from robots.txt
• #2453321 by TravisCarden: Typo in @see reference: drupal_decode_exception() should be _drupal_decode_exception()
• #2453311 by TravisCarden: Fix a couple more "the the"s in the codebase
• #2453389 by rpayanm, joshi.rohit100: hook_view() does not document $langcode
• #713462 by jwilson3, Paul B, casey, sivaji@knackforge.com, dcam: Content added via drupal_add_region_content() is not added to pages
• #1934498 by attiks, David_Rothstein, KhaledBlah, tstoeckler, julien_acti, helmo, effulgentsia, Jelle_S, jcisio: Allow the image style 'itok' token to be suppressed in image derivative URLs
• #1995058 by TravisCarden, acbramley, vbouchet: Tableselect "select all" checkbox should be checked on page load if all checkboxes are ticked
• #413270 by Jody Lynn, Daniel Korte: Block settings for theme menu title getting double escaped
• #889338 by dawehner, das-peter, yched, heddn, frankcarey: Add support for Xdebug in DrupalWebTestCase
• #2001308 by stefan.r, David_Rothstein, marthinal, helmo: Node preview removes file values from node edit form for non-displayed items
• #1441950 by hefox: Node types removed from hook_node_info with base = 'node_content' cannot be deleted
• #1883058 by cilefen, aendrew: Default Drupal "drop" favicon needs a retina-quality version
• #2342243 by martin107, serundeputy: Rename a variable in theme_system_modules_fieldset() to avoid colliding index variable names in a nested foreach loop
• #2371759 by Valentine94, angel.angelio: The docblock for user_help() should read "Implements hook_help()."
• #2394517 by opdavies: Add a function to check if a user has a certain role
• #365241 by bcn, paulmarbach, xjm, chuckdeal97, skruf: Add select event to autocomplete feature
• #2428915 by pfrenssen: Remove mention of non-existing function in conf_path() documentation
• #375062 by cs_shadow, David_Rothstein, mondrake, juampy, theunraveler, hswong3i, smk-ka, fietserwin: "imagecolorsforindex() Color index nnn out of range in GDToolkit" message sometimes appears
• #779482 by mikeytown2, sun, dalin, cam8001, segi, alexpott, Boobaa, Sweetchuck, jbrown, quicksketch: Installation failure when opcode cache is enabled
• #2170453 by Darren Oh, mikeryan, Fabianx: Ignore case in code registry lookups
• #1404050 by JamesOakley, David_Rothstein: system_update_7061 breaks private files by leaving one too many forward slashes in protocol of migrated URIs
• #1882774 by David_Rothstein, iva2k: User pictures are lost when system_update_7061 merges files into {file_managed}.
• #495930 by fietserwin: Translated strings not correctly marked in the administrative interface when the default language is not English
• #1823306 by mkalkbrenner, p-neyens, webflo, swentel, zuuperman: Language code is missing from $context when hook_field_attach_view_alter() is invoked from field_view_field()
• #1303412 by nod_, droplet, Valentine94, KarenS, sahuni: Cannot drag in or out of 'Hidden' on the 'Manage Display' page under certain circumstances
• #2381839 by klausi, Damien Tournoud: Changed date format for Last-Modified header breaks caching for certain Varnish/Nginx configurations.
• #2067323 by Valentine94, geerlingguy, jessebeach, vlad.dancer: Don't show empty vertical tabs area if all vertical tabs are hidden
• #2439287 by jmsv23, jonathan_hunt: Fix typo in inline docs for field_sql_storage_field_storage_write().
• #2293767 by tstoeckler: Allow PSR-4 test classes to be used in Drupal 7.
• #1461732 by filijonka, Cottser, dcam, marcingy, swentel, udaksh: Fatal error when using the Comment module's "Unpublish comment containing keyword(s)" action
• #1904528 by Heine, GoddamnNoise: Language switcher (User interface text) Block generates invalid XHTML+RDFa 1.0
• #2417983 by jacob.embree: Change docs instances of "the the" to "the"
• #1081902 by zealfire: DrupalEntityControllerInterface::load - doc needs to clarify $conditions
• #2407175 by zealfire: Documentation error in default.settings.php
• #2392543 by awm: Fix documentation for hook_taxonomy_term_view_alter
• #2411227 by chx: Remove chx from the Drupal 7 MAINTAINERS.txt file.
• #2208649 by joachim, er.pushpinderrana: document queue worker callback
• #2377879 by er.pushpinderrana, yakoub: hook_user_view documentation has incorrect piece
• #2382801 by er.pushpinderrana, Liam Morland: Improve documentation for module_exists()
• #2383491 by er.pushpinderrana, Sweetchuck: Inaccurate documentation - hook_image_toolkits()
• #2380053 by klausi, pwolanin, tsphethean, sun, David_Rothstein: Posting an array as value of a form element is allowed even when a string is expected (and bypasses #maxlength constraints) - first step: text fields
• #2380143 by Lendude, pwolanin: Contact forms set an incorrect name and e-mail address on the global user object after the form is submitted.

Läs mer: http://drupal.org/drupal-7.36-release-notes

7.35

(säkerhetsutgåvan)
18 Mars 2015 - 24MBThis release fixes moderately critical security vulnerabilities.

Security:

• Access bypass (Password reset URLs - Drupal 6 and 7): Password reset URLs can be forged under certain circumstances, allowing an attacker to gain access to another user's account without knowing the account's password. In Drupal 7, this vulnerability is mitigated by the fact that it can only be exploited on sites where accounts have been imported or programmatically edited in a way that results in the password hash in the database being the same for multiple user accounts. In Drupal 6, it can additionally be exploited on sites where administrators have created multiple new user accounts with the same password via the administrative interface, or where accounts have been imported or programmatically edited in a way that results in the password hash in the database being empty for at least one user account. Drupal 6 sites that have empty password hashes, or a password field with a guessable string in the database, are especially prone to this vulnerability. This could apply to sites that use external authentication so that the password field is set to a fixed, invalid value.
• Open redirect (Several vectors including the "destination" URL parameter - Drupal 6 and 7): Drupal core and contributed modules frequently use a "destination" query string parameter in URLs to redirect users to a new destination after completing an action on the current page. Under certain circumstances, malicious users can use this parameter to construct a URL that will trick users into being redirected to a 3rd party website, thereby exposing the users to potential social engineering attacks. In addition, several URL-related API functions in Drupal 6 and 7 can be tricked into passing through external URLs when not intending to, potentially leading to additional open redirect vulnerabilities. This vulnerability is mitigated by the fact that many common uses of the "destination" parameter are not susceptible to the attack. However, all confirmation forms built using Drupal 7's form API are vulnerable via the Cancel action that appears at the bottom of the form, and some Drupal 6 confirmation forms are vulnerable too.

Läs mer: http://drupal.org/drupal-7.35-release-notes

7.34

(säkerhetsutgåvan)
20 November 2014 - 24MBThis release fixes moderately critical security vulnerabilities.

Security:

• Session hijacking (Drupal 6 and 7): A specially crafted request can give a user access to another user's session, allowing an attacker to hijack a random session. This attack is known to be possible on certain Drupal 7 sites which serve both HTTP and HTTPS content ("mixed-mode"), but it is possible there are other attack vectors for both Drupal 6 and Drupal 7.
• Denial of service (Drupal 7 only): Drupal 7 includes a password hashing API to ensure that user supplied passwords are not stored in plain text. A vulnerability in this API allows an attacker to send specially crafted requests resulting in CPU and memory exhaustion. This may lead to the site becoming unavailable or unresponsive (denial of service). This vulnerability can be exploited by anonymous users.

Läs mer: http://drupal.org/drupal-6.34-release-notes

7.33

7 November 2014 - 24MBThis release is a maintenance release with numerous bug fixes (no security fixes).

Major changes:

• Added an entity_view_mode_prepare() API function to allow entity-defining modules to properly invoke hook_entity_view_mode_alter(), and used it throughout Drupal core to fix bugs with the invocation of that hook (API change: https://www.drupal.org/node/2369141).
• Added a "theme_hook_original" variable to templates and theme functions and an optional sitewide theme debug mode, to provide contextual information in the page's HTML to theme developers. The theme debug mode is based on the one used with Twig in Drupal 8 and can be accessed by setting the "theme_debug" variable to TRUE (API addition).
• Began storing the file modification time of each module and theme in the {system} database table so that contributed modules can use it to identify recently changed modules and themes (minor data structure change to the return value of system_get_info() and other related functions).
• Added a "Did you mean?" feature to the run-tests.sh script for running automated tests from the command line, to help developers who are attempting to run a particular test class or group.
• Changed the date format used in various HTTP headers output by Drupal core from RFC 1123 format to RFC 7231 format.
• Added a "block_cache_bypass_node_grants" variable to allow sites which have node access modules enabled to use the block cache if desired (API addition).
• Made image derivative generation HTTP requests return a 404 error (rather than a 500 error) when the source image does not exist.
• Fixed a bug which caused user pictures to be removed from the user object after saving, and resulted in data loss if the user account was subsequently re-saved.
• Fixed a bug in which field_has_data() did not return TRUE for fields that only had data in older entity revisions, leading to loss of the field's data when the field configuration was edited.
• Fixed a bug which caused the Ajax progress throbber to appear misaligned in many situatons (minor styling change).
• Prevented the Bartik theme from lower-casing the "Permalink" link on comments, for improved multilingual support (minor UI change).
• Added a "preferred_menu_links" tag to the database query that is used by menu_link_get_preferred() to find the preferred menu link for a given path, to make it easier to alter.
• Increased the maximum allowed length of block titles to 255 characters (database schema change to the {block} table).
• Removed the Field module's field_modules_uninstalled() function, since it did not do anything when it was invoked.
• Security improvement: Made the database API's orderBy() method sanitize the sort direction ("ASC" or "DESC") for queries built with db_select(), so that calling code does not have to.
• Changed the RDF module to consistently output RDF metadata for nodes and comments near where the node is rendered in the HTML (minor markup and data structure change).
• Added an HTML class to RDFa metatags throughout Drupal to prevent them from accidentally affecting the site appearance (minor markup change).
• Fixed a bug in the Unicode requirements check which prevented installing Drupal on PHP 5.6.
• Fixed a bug which caused drupal_get_bootstrap_phase() to abort the bootstrap when called early in the page request.
• Renamed the "Search result" view mode to "Search result highlighting input" to better reflect how it is used (UI change).
• Improved database queries generated by EntityFieldQuery in the case where delta or language condition groups are used, to reduce the number of INNER JOINs (this is a minor data structure change affecting code which implements hook_query_alter() on these queries).
• Removed special-case behavior for file uploads which allowed user #1 to bypass maximum file size and user quota limits.

All changes:

• #2282541 by David_Rothstein, nod_: Followup to restore previous behavior in which the "Hide summary" click handler in text.js returned FALSE.
• #2307505 by Cottser, David_Rothstein, Fabianx: Followup to ensure all theme debug output is properly sanitized.
• #2305291 by scor: Fixed Poll title should have same length as regular content type (255).
• #1355526 by cafuego, jenlampton: Added a way to determine the date a module was added so the modules page can use it for sort.
• #892344 by amitgoyal, tstoeckler, hussainweb, pcambra, LaurentAjdnik: Fixed Wrong schema description for {cache_field}.
• #2282541 by Mark Carver | gge: Fixed Hide summary in text.js not working in jQuery 1.9+.
• #2147321 by manfer: Fixed Unnecessary space in session-active class.
• #393538 followup by David_Rothstein: Fixed code style error in check_plain() documentation.
• #2310415 by cilefen, ednawig, TravisCarden: Fixed run-tests.sh does not handle the error when invalid test groups/classes are specified.
• #393538 by Liam Morland, valthebald, dmitrig01, David_Rothstein: Document that check_plain() can issue PHP messages on invalid UTF-8 input.
• #1338966 by geerlingguy, loganfsmyth, lokapujya: Fixed Introduce _rdf_mapping_load_multiple to reduce queries.
• #1069152 by droplet, alexandrezia, Mixologic, jhedstrom, David_Rothstein | ogi: Fixed Throbber in textfield is misaligned when browser hardware acceleration enabled (followup for Bartik RTL styling).
• #863594 by David_Rothstein, smussbach, mbrett5062: Fixed Strange first paragraph in the installer database error message.
• #1918820 by neclimdul, typhonius, girishmuraly, pwolanin | 0x534B41: Fixed HTTP header date formats to follow RFC 7231 rather than RFC 1123.
• #1930960 by pounard, iamEAP, pjcdawkins, msonnabaum, David_Rothstein: Fixed Block caching disable hardcoded on sites with hook_node_grant() causes serious performance troubles when not necessary.
• #779374 by helmo, joshi.rohit100, meba, sun | coltrane: Fixed XSS via text format names.
• #927138 by manarth, handrus, rasmusluckow, douggreen, .John, Taz, David_Rothstein, droplet, webchick, marcingy: Fail image generation with 404 instead of 500, when source file is missing.
• #1433288 by haggins, fago, David_Rothstein, marcin.wosinek: Fixed Integrity constraint violation when saving a user account after creation.
• #935592 by pillarsdotnet, lokapujya, David_Rothstein, John Franklin, amitgoyal, joshi.rohit100, sivaji, mgifford, peximo, wodenx, Romlam, Owen Barton, alpritt, beejeebus | macgirvin: Fixed User picture is deleted after calls to user_save().
• #2356055 by bdlangton: Fixed Notice in includes/mail.inc define.
• #2278583 by nlisgo, Berdir, joshi.rohit100 | Fabianx: Fixed field_has_data looks at current data instead of revisioning data: this can lead to data loss.
• #1443070 by CrashTest_, bluegriff | Dave Reid: Added support for popular e-book formats, Google web formats, mkv and mka in file_default_mimetype_mapping().
• #1231710 by cs_shadow, Hydra, dcam, kathyh, klausi, mlncn: Fixed Field exceptions should return the name of the field that has exceptions.
• #2142441 by Garrett Albright: Fixed CSS aggregator prepends data: URLs with paths.
• #2193149 by mikeytown2: Fixed Deadlocks occur in cache_field table.
• #2112247 by sihv, mitsuroseba, dgroene, aalamaki, Dennis Walgaard, mErilainen: Fixed Valid file extensions in file names are not properly enforced when uploading files with non-lowercase names.
• #2357311 by penyaskito: Fixed Follow-up to SA-CORE-2014-005 (tests don't work correctly on non-MySQL databases).
• #1069152 by droplet, alexandrezia, Mixologic, jhedstrom | ogi: Fixed Throbber in textfield is often misaligned.
• #1913958 by hass, YesCT: Fixed Bartik theme shouldn't change capitalization of translatable strings with CSS.
• #1071818 by JeremyFrench, nod_, Cottser, gielfeldt, xjm, anthbel, reglogge, NROTC_Webmaster, kristofferwiklund, lliss, sun | sepgil: Fixed Lazy-loading CSS fails in IE.
• #1823906 by joshi.rohit100, amitgoyal, rahulbile | gargsuchi: Fixed Incorrect error message when poll is submitted with no option selected.
• #2324821 by rpayanm, er.pushpinderrana | Elijah Lynn: Remove reference to nonexistent theme_poll_bar() function in template_preprocess_poll_bar() documentation.
• #1640404 by er.pushpinderrana, dcam, amit.drupal, hass | versvs: Fixed Use format_username() in node_feed().
• #849624 by brad.bulger, dcam, Alan Evans, oriol_e9g, Stevel | tsvenson: Fixed wrong permission for admin/structure/menu/parents.
• #1195358 by Liam Morland, droplet: Fixed Multiple "Edit/Hide summary" links appear.
• #1824820 by crevillo, muriqui, a.milkovsky, Phizes: Fixed String offset cast notice in field_invoke_method_multiple().
• #1854134 by EtienneRd, jeffam | dolu: Added a query tag to the query in menu_link_get_preferred() to allow modules to alter the query.
• #1221772 by pounard, colan, jcisio | sivaji: Fixed Transaction database settings is misleading in settings.php.
• #908822 by jmking, asimmonds | salvis: Fixed Dashboard discards <em class="placeholder"> elements.
• #2058761 by kirby14, thedavidmeister: PHP notice when #attributes is not set with #theme_wrappers 'container'.
• #466576 by gagarine, jackbravo, tim.plunkett, sheise, Rob C, jamesm6162 | daemon: Increased the maximum allowed length of block titles to 255 characters.
• #366152 by Mile23, bjaspan: Removed the Field module's field_modules_uninstalled() function, since it did not do anything when it was invoked.
• #1775488 by mgifford, vijaycs85, amateescu | chx: Fixed drupal_cron_cleanup is not converted to lock.
• #1679570 by mgifford, lucascaro, sun: Fixed TestBase does not always use the correct database connection for handling assertions.
• #1099732 by joshi.rohit100, droplet | Chi: Fixed Incorrect encoding for error pages in image_style_deliver().
• #2228825 by donquixote | pingwin4eg: Fixed drupal_get_filename() does not search the filesystem when the file isn't yet listed in the {system} table in the database.
• #1891728 by gielfeldt: Fixed Database schema methods like getComment() and findTables() always query the "default" target on MySQL.
• #780304 by dcam, naxoc, Crell | zyxware: Fixed HTML encoding of em wrappers for database table names while showing schema errors.
• #1120440 by er.pushpinderrana | skwashd: Fixed user.api.php hook summary lines should be more consistent with other entity hooks.
• #2231693 by helmo, amitgoyal, joshi.rohit100, LinL, iS: Update Powered by Drupal link.
• #1452896 by Mile23, marthinal, Freso, kid_icarus, joshi.rohit100, alexpott, tim.plunkett, jhodgdon: Fixed PHP notice in clickLink if link does not exist.
• #205969 by Mile23, oadaeh, twistor, ssm2017 Binder, barraponto, superspring: Fixed drupal_http_request() assumes presence of Reason-Phrase in response Status-Line.
• #1790612 by carwin, Eric_A, mgifford: Fixed Sanitize the trim_length variable before printing it.
• #2224917 by m1r1k, Steven Jones, drumm: Fixed Tracker page doesn't order results properly.
• #28175 by dcam, bleen18 | bertboerland: Fixed Ordering by 'Visitor' in access log pages does not sort IP addresses.
• #1988456 by gaurav.goyal, eltermann, pvmchau: Non-standard indentation on user_register_form().
• #2307505 by Cottser, Fabianx: Port twig_debug output to Drupal 7.
• #1968348 by znerol, David_Rothstein, peximo, DuaelFr: Fixed hook_field_formatter_prepare_view does not make use of hook_entity_view_mode_alter causing major errors.
• #1936942 by jweowu: Fixed translation_node_insert() updates the node table directly without also flushing the entity load cache.
• #208611 by p.brouwers, mgifford, tstoeckler, DougKress, Jody Lynn, ksenzee | walkah: Made the Ajax system use drupal_array_merge_deep_array() to stop JavaScript settings from being added twice.
• #1183708 by Liam Morland | onair1: Fixed Notice: Undefined index: favicon_path in system_theme_settings_validate().
• #1182374 by lyricnz, xendil, sivaji, brianV: Code style fixes for includes/filetransfer.
• #2291081 by pounard: forum_node_view attempt an unnecessary vocabulary_load() under certain circumstances.
• #829464 by Berdir, klausi, sepgil | Heine: Fixed orderby() should verify that the sort direction is always ASC or DESC.
• #2130673 by lokapujya, cwells | scor: Place number of comments metadata inside node template.
• #1323830 by cwells, scor, mgifford, er.pushpinderrana, kay_v: Place title RDFa metadata inside entity HTML element.
• #2301955 by er.pushpinderrana, lokapujya | scor: Ensure RDFa metadata tags are hidden.
• #2332295 by sanduhrs, klausi, er.pushpinderrana, Berdir | jfha73: Fixed Unicode requirements check not working with PHP 5.6.
• #667098 by catch, chx, plach, Fabianx: Fixed a bug which caused drupal_get_bootstrap_phase() to abort the bootstrap when called early in the page request.
• #2329189 by nlisgo, joachim, Mirroar, opdavies: Fix up docs and example code for hook_field_attach_validate()
• #2283675 by er.pushpinderrana, amitgoyal, mparker17, joachim, mmarquez: Document how optgroups are generated in form_select_options()
• #2340675 by er.pushpinderrana, David Hernández: Clarify first, unused argument docs in update_calculate_project_update_status()
• #2314181 by roderik, er.pushpinderrana, hefox: Fix docs for drupal_static
• #2334689 by er.pushpinderrana, joachim: Document character limit on lock_aquire() for lock name
• #1166114 by jhodgdon, tomogden, Rajendar Reddy, larowlan, swentel, splatio, erics14, MF82 | RobLoach: Renamed the "Search result" view mode to "Search result highlighting input" to better reflect how it is used.
• #2277281 by dobe, amitgoyal, michaelfavia, er.pushpinderrana, dcam | drumm: Increase the maximum number of characters on the file field allowed extensions setting from 128 to 256.
• #1859084 by Jorrit, David_Rothstein, attiks: Improved database queries generated by EntityFieldQuery in the case where delta or language condition groups are used, to reduce the number of INNER JOINs.
• #1890980 by amitgoyal, robinvdvleuten: Fixed Unnecessary extra output variable in theme_links.
• #1468210 by marthinal, quicksketch, tstoeckler, Devin Carlson, David_Rothstein, Eric_A: Fixed Remove special $user->uid == 1 check in file_validate_size().
• #993186 by joshi.rohit100, moshe weitzman | webchick: Node access rebuilds should go newest to oldest (fix for direct node access rebuilds only, not rebuilds done via a batch).
• #2324083 by er.pushpinderrana, martin_q: Fix up description of return value from drupal_array_get_nested_value()
• #2318981 by grisendo: Make hook_node_grants and hook_node_access_records sample function bodies consistent
• #2309687 by eriksm: Fix typo in docs for verbose test class method
• #2309549 by Bevan, er.pushpinderrana: Fix incorrect documentation of node-type-specific hooks
• #1261846 by catch, dawehner, brianV, Berdir, sun, xjm, sandipmkhairnar, marvil07, chrisjlee, Cottser, amitgoyal, Elijah Lynn, er.pushpinderrana: Document 1 MB cache limit in cache functions

Läs mer: http://drupal.org/drupal-7.33-release-notes

7.32

15 Oktober 2014 - 24MBThis release fixes one highly critical security vulnerability.

Security:

• Drupal 7 includes a database abstraction API to ensure that queries executed against the database are sanitized to prevent SQL injection attacks. A vulnerability in this API allows an attacker to send specially crafted requests resulting in arbitrary SQL execution. Depending on the content of the requests this can lead to privilege escalation, arbitrary PHP execution, or other attacks.

Läs mer: http://drupal.org/drupal-7.32-release-notes

7.31

(säkerhetsutgåvan)
6 Augusti 2014 - 24MBThis release fixes security vulnerabilities.

Security:

• As of this release, the XML-RPC system in Drupal core will ignore information in declarations contained within XML-RPC messages (for example, XML version or character encoding information). This is not expected to matter for the vast majority of use cases.
• The XML-RPC system and OpenID XRDS parser will also reject messages that contain over 30,000 XML tags within them. This limit is not expected to matter for the vast majority of use cases. If you need to process an XML-RPC message that is larger than that, you can change the limit by setting the "xmlrpc_message_maximum_tag_count" variable to a higher value. Do not set the value higher than you need, since allowing too many XML tags per XML-RPC message increases your site's vulnerability to denial of service attacks. The OpenID XRDS parser has a similar variable ("openid_xrds_maximum_tag_count") which can be used in a similar way.

Läs mer: http://drupal.org/drupal-7.31-release-notes

7.30

24 Juli 2014 - 24MBMajor changes:

• Fixed a regression introduced in Drupal 7.29 that caused files or images attached to taxonomy terms to be deleted when the taxonomy term was edited and resaved (and other related bugs with contributed and custom modules; see this issue or the Drupal 7.29 release notes for more details).
• Added a warning on the permissions page to recommend restricting access to the "View site reports" permission to trusted administrators. See DRUPAL-PSA-2014-002.

All changes:

• #2305017 by David_Rothstein, pwolanin | beech: Fixed Regression: Files or images attached to certain core and non-core entities are lost when the entity is edited and saved.
• #2249025 by xjm, clintrandall777@gmail.com: Update Security topic coordinators section in MAINTAINERS.txt.
• #2012468 by joshi.rohit100, blueminds, David_Rothstein, plach | catch: Add trusted roles recommendation to 'access site reports'.
• #1369822 by amitgoyal, Cottser, er.pushpinderrana: Fix docs for template_preprocess_user_profile()
• #2267411 by er.pushpinderrana, amitgoyal, klausi, David_Rothstein: Document that field_access() does not check entity access
• #2098129 by er.pushpinderrana, drupal_sensei, Berdir, joachim: Fix docs for DrupalDefaultEntityController entityCache variable
• #2054189 by ShaunDychko, pc-wurm, joachim: Fix docs for field_info_instance()
• #2141221 by joshi.rohit100, dcam, thedavidmeister, joachim, anemes: Add docs to hook_update_N() about sandbox parameter
• #2039449 by joshi.rohit100, joachim, lokapujya, Jalandhar, paulh, yaworsk: Fix up docs for assertField and assertNoField methods
• #2290435 by PQ: Fix broken link in robots.txt file
• #1956782 by joshi.rohit100, bdimaggio, tanmayk, chertzog: Document parameter to xmlrpc_server()
• #2263047 by joshi.rohit100, lostkangaroo, sachin_s, martin107: Fix up hook_help docs and move to system module
• #2277623 by mparker17: Fix up docs for drupal_parse_url function
• #2248799 by amitgoyal, c31ck, Wim Leers: Fix docs for system_sort_themes
• #2267159 by juampy, xjm, alexpott: Remove nonexistent parameter from DrupalWebtestCase::assertNoLink docs
• #2273337 by vegantriathlete, ducktape, joachim: Fix up docs for db_add_field and related functions
• #2276469 by decibel.places: Fixed robots.txt syntax checking link broken.
• #2268947 by sachin_s, joachim: Add note to hook_field_formatter_settings_form() about when it is invoked

Läs mer: http://drupal.org/drupal-7.30-release-notes

7.29

(säkerhetsutgåvan)
17 Juli 2014 - 24MBThis release fixes multiple security vulnerabilities.

Security:

• Denial of service with malicious HTTP Host header (Base system) [Critical]
• Access bypass (File module) [Critical]
• Cross-site scripting (Form API option groups) [Moderately critical]
• Cross-site scripting (Ajax system) [Moderately critical]

Läs mer: http://drupal.org/drupal-7.29-release-notes

7.28

8 Maj 2014 - 24MBThis release includes bug fixes and small API/feature improvements only (no major new functionality or security fixes are included). Significant new features are only being added to the forthcoming Drupal 8.0 release.

Major changes:

• Fixed a regression introduced in Drupal 7.27 that caused JavaScript to break on older browsers (such as Internet Explorer 8 and earlier) when Ajax was used.
• Increased the timeout used by the Update Manager module when it fetches data from drupal.org (from 5 seconds to 30 seconds), to work around a problem which causes incomplete information about security updates to be presented to site administrators. This fix may lead to a performance slowdown on the Update Manager administration pages, when installing Drupal distributions, and (for sites that use the automated cron feature) on occasional page loads by site visitors.
• Fixed the behavior of the token system's "[node:summary]" token when the body field does not have a manual summary.
• Changed the behavior of db_query_temporary() so that it works on SELECT queries even when they have leading comments/whitespace. A side effect of this fix is that db_query_temporary() will now fail with an error if it is ever used on non-SELECT queries.
• Added a "node_admin_filter" tag to the database query used to build the list of nodes on the content administration page, to make it easier to alter.
• Made the cron queue system log any exceptions that are thrown while an item in the queue is being processed, rather than stopping the entire PHP request.
• Improved screen reader support by adding an aria-live HTML attribute to file upload fields when there is an error uploading the file (minor markup change).
• Made the pager on the Tracker module listing pages show the same number of items as other pagers throughout Drupal core (minor UI change).
• Fixed a bug which caused caches not to be properly cleared when a file entity was saved or deleted.
• Added several missing countries to the default list returned by country_get_list() (string change).
• Replaced the term "weight" with "influence" in the content ranking settings for search, and added help text for administrators (string change).
• Fixed untranslatable text strings in the administrative interface for the "Crop" effect provided by the Image module (minor string change).
• Fixed a bug in the Taxonomy module update function introduced in Drupal 7.26 that caused memory and CPU problems on sites with very large numbers of unpublished nodes.

Läs mer: http://drupal.org/drupal-7.28-release-notes

7.27

(säkerhetsutgåvan)
16 April 2014 - 24MBModerately critical security release of the Drupal 7 series. A vulnerability was found in the handling of temporary storage of form states which could result in form states leaking between anonymous users (SA-CORE-2014-002).

Major changes:

• Modules which use custom Ajax form page callbacks require updates for Drupal 7.27. This is expected to affect several popular modules such as Field Collection and Hierarchical Select, although only in cases where the form widgets provided by those modules are exposed to anonymous users.
• Modules which provide alternative page cache implementations require updates for Drupal 6.31 and Drupal 7.27 This is expected to affect modules such as Boost and Authcache.
• form_set_cache() now validates the passed-in form build ID This is not expected to affect most sites.

Läs mer: http://drupal.org/drupal-7.27-release-notes

7.26

(säkerhetsutgåvan)
15 Januari 2014 - 24MBCritical security release of the Drupal 7 series. A vulnerability was found in the OpenID module that allows a malicious user to log in as other users on the site, including administrators, and hijack their accounts.

Major changes:

• The database schema of the OpenID module's "openid_association" table has changed in this release (the "idp_endpoint_uri" column is now the primary key, rather than the "assoc_handle" column). During the update all existing entries in this table will be removed, but the table only stores temporary data and therefore the change is not expected to affect site operation or OpenID logins.
• A new, optional $form_state['programmed_bypass_access_check'] element has been added to the form API, for use with drupal_form_submit(). If this is provided and set to FALSE, drupal_form_submit() will perform the normal form access checks against the current user while submitting the form, rather than bypassing them like it normally does for programmatic form submissions. Any code which passes untrusted data (provided by the current user) to drupal_form_submit() is recommended to use this parameter for security reasons.

Läs mer: http://drupal.org/drupal-7.26-release-notes

7.25

2 Januari 2014 - 24MBMaintenance release of the Drupal 7 series. Includes bugfixes and small API/feature improvements only (no major new functionality). No security fixes are included in this release.

• Added an optional feature to the Statistics module to allow node views to be tracked by Ajax requests rather than during the server-side generation of the page. This allows the node counter to work on sites that use external page caches (string change and new administrative option: https://drupal.org/node/2164069).
• Fixed a bug in node_save() which prevented the saved node from being updated in hook_node_insert() and other similar hooks.
• Added a meta tag to install.php to prevent it from being indexed by search engines even when Drupal is installed in a subfolder (minor markup change).
• Fixed a bug in the database API that caused frequent deadlock errors when running merge queries on some servers.
• Performance improvement: Prevented block rehashing from writing blocks to the database on every cache clear and cron run when the blocks have not changed. This fix results in an extra 'saved' key which is added and set to TRUE for each block returned by _block_rehash() that actually is saved to the database (data structure change).
• Added an optional 'skip on cron' parameter to hook_cron_queue_info() to allow queues to avoid being automatically processed on cron runs (API addition).
• Fixed a bug which caused hook_block_view_MODULE_DELTA_alter() to never be invoked if the block delta had a hyphen in it. To implement the hook when the block delta has a hyphen, modules should now replace hyphens with underscores when constructing the function name for the hook implementation.
• Fixed a bug which caused cached pages to sometimes be sent to the browser with incorrect compression. The fix adds a new 'page_compressed' key to the $cache->data array returned by drupal_page_get_cache() (minor data structure change).
• Fixed broken tests on PHP 5.5.
• Made the File and Image modules more robust when saving entities that have deleted files attached. The code in file_field_presave() will now remove the record of the deleted file from the entity before saving (minor data structure change).
• Standardized menu callback functions throughout Drupal core to return MENU_NOT_FOUND and MENU_ACCESS_DENIED rather than printing their own "page not found" or "access denied" pages (minor API change in the return value of these functions under some circumstances).
• Fixed a bug in which caches were not properly cleared when a node was deleted via the administrative interface.
• Changed the Bartik theme to render content contained in pre, code and similar tags in a larger font size, so it is easier to read.
• Fixed a bug in the Search module that caused exceptions to be thrown during searches if the server was not configured to represent decimal points as a period.
• Fixed a regression in the Image module that made image_style_url() not work when a relative path (rather than a complete file URI) was passed to it.
• Added a link to the drupal.org documentation page for cron to the Cron settings page (string change).
• Added a 'drupal_anonymous_user_object' variable to allow the anonymous user object returned by drupal_anonymous_user() to be overridden with a classed object (API addition).
• Changed the database API to allow inserts based on a SELECT * query to work correctly.
• Changed the database schema of the {file_managed} table to allow Drupal to manage files larger than 4 GB.
• Changed the File module's hook_field_load() implementation to prevent file entity properties which have the same name as file or image field properties from overwriting the field properties (minor API change).

Läs mer: http://drupal.org/drupal-7.25-release-notes

7.24

(säkerhetsutgåvan)
20 November 2013 - 24MBThis is a security release only fixing two issues:

• This release contains a small change to the form API. It will have no effect on standard form API usage, but could affect code which does highly custom form processing; in particular, any code which calls functions like drupal_process_form() or drupal_validate_form() to process a form directly should be aware that when the form is validated, validation will now stop immediately in the case where the form's cross-site request forgery (CSRF) token fails validation. Previously all subsequent validation handlers would still be executed in this case.
• There is a new drupal_random_key() API function. Its usage is recommended for any code that needs to obtain a permanent, randomly-generated string which is safe to insert in HTML pages and URLs.

Läs mer: http://drupal.org/drupal-7.24-release-notes

7.23

8 Augusti 2013 - 24MBMaintenance release of the Drupal 7 series. Includes bugfixes and small API/feature improvements only (no major new functionality). No security fixes are included in this release.

• Added human-readable labels to image styles, in addition to the existing machine-readable name (API change: https://drupal.org/node/2058503).
• Fixed the default ordering of CSS files for sites using right-to-left languages, to consistently place the right-to-left override file immediately after the CSS it is overriding (API change: https://drupal.org/node/2058463).
• Fixed a fatal error on PostgreSQL databases when updating the Taxonomy module from Drupal 6 to Drupal 7.
• Added a drupal_check_memory_limit() API function to allow the memory limit to be checked consistently (API addition).
• Changed the default web.config file for IIS servers to allow favicon.ico files which are present in the filesystem to be accessed.
• Fixed inconsistent support for the 'tel' protocol in Drupal's URL filtering functions.
• Performance improvement: Allowed all hooks to be included in the module_implements() cache, even those that are only invoked on HTTP POST requests.
• Made the database system replace truncate queries with delete queries when inside a transaction, to fix issues with PostgreSQL and other databases.
• Fixed a bug which caused nested contextual links to display improperly.
• Fixed a bug which prevented cached image derivatives from being flushed for private files and other non-default file schemes.
• Fixed drupal_render() to always return an empty string when there is no output, rather than sometimes returning NULL (minor API change).
• Added protection to cache_clear_all() to ensure that non-cache tables cannot be truncated (API addition: a new isValidBin() method has been added to the default database cache implementation).
• Changed the default .htaccess file to support HTTP authorization in CGI environments.
• Changed the password reset form to pre-fill the username when requested via a URL query parameter, and used this in the error message that appears after a failed login attempt (minor data structure and behavior change).
• Fixed broken support for foreign keys in the field API.
• Fixed "No active batch" error when a user cancels their own account.
• Added a description to the "access content overview" permission on the permissions page (string change).
• Added a drupal_array_diff_assoc_recursive() function to allow associative arrays to be compared recursively (API addition).
• Moved the drupal_get_hash_salt() function to bootstrap.inc and used it in additional places in the code, for added security in the case where there is no hash salt in settings.php.
• Fixed a regression in Drupal 7.22 that caused internal server errors for sites running on very old Apache 1.x web servers.

Läs mer: http://drupal.org/drupal-7.23-release-notes

7.22

4 April 2013 - 24MBMaintenance release of the Drupal 7 series. Includes bugfixes and small API/feature improvements only (no major new functionality); significant new features are only being added to the forthcoming Drupal 8.0 release. No security fixes are included in this release.

• Allowed the drupal_http_request() function to be overridden so that additional HTTP request capabilities can be added by contributed modules.
• Changed the Simpletest module to allow PSR-0 test classes to be used in Drupal 7.
• Removed an unnecessary "Content-Disposition" header from private file downloads; it prevented many private files from being viewed inline in a web browser.
• Changed various field API functions to allow them to optionally act on a single field within an entity (API addition: http://drupal.org/node/1825844).
• Fixed a bug which prevented Drupal's file transfer functionality from working on some PHP 5.4 systems.
• Fixed incorrect log message when theme() is called for a theme hook that does not exist (minor string change).
• Fixed Drupal's token-replacement system to allow spaces in the token value.
• Changed the default behavior after a user creates a node they do not have access to view. The user will now be redirected to the front page rather than an access denied page.
• Fixed a bug which prevented empty HTTP headers (such as "0") from being set. (Minor behavior change: Callers of drupal_add_http_header() must now set FALSE explicitly to prevent a header from being sent at all; this was already indicated in the function's documentation.)
• Fixed OpenID errors when more than one module implements hook_openid(). The behavior is now changed so that if more than one module tries to set the same parameter, the last module's change takes effect.
• Fixed a serious documentation bug: The $name variable in the taxonomy-term.tpl.php theme template was incorrectly documented as being sanitized when in fact it is not.
• Fixed a bug which prevented Drupal 6 to Drupal 7 upgrades on sites which had duplicate permission names in the User module's database tables.
• Added an empty "datatype" attribute to taxonomy term and username links to make the RDFa markup upward compatible with RDFa 1.1 (minor markup addition).
• Fixed a bug which caused the denial-of-service protection added in Drupal 7.20 to break certain valid image URLs that had an extra slash in them.
• Fixed a bug with update queries in the SQLite database driver that prevented Drupal from being installed with SQLite on PHP 5.4.
• Fixed enforced dependencies errors updating to recent versions of Drupal 7 on certain non-MySQL databases.
• Refactored the Field module's caching behavior to obtain large improvements in memory usage for sites with many fields and instances (API addition: http://drupal.org/node/1915646).
• Fixed entity argument not being passed to implementations of hook_file_download_access_alter(). The fix adds an additional context parameter that can be passed when calling drupal_alter() for any hook (API change: http://drupal.org/node/1882722).
• Fixed broken support for translatable comment fields (API change: http://drupal.org/node/1874724).
• Added an assertThemeOutput() method to Simpletest to allow tests to check that themed output matches an expected HTML string (API addition).
• Added a link to "Install another module" after a module has been successfully downloaded via the Update Manager (UI change).
• Added an optional "exclusive" flag to installation profile .info files which allows Drupal distributions to force a profile to be selected during installation (API addition).
• Fixed a bug which caused the database API to not properly close database connections.
• Added a link to the URL for running cron from outside the site to the Cron settings page (UI change).
• Fixed a bug which prevented image styles from being reverted on PHP 5.4.
• Made the default .htaccess rules protocol sensitive to improve security for sites which use HTTPS and redirect between "www" and non-"www" versions of the page.

Läs mer: http://drupal.org/drupal-7.22-release-notes

7.21

7 Mars 2013 - 24MBIncludes fixes for incompatibilities introduced in the Drupal 7.20 security release only.
Läs mer: http://drupal.org/drupal-7.21-release-notes

7.20

21 Februari 2013 - 24MBThis release fixes security vulnerabilities.
Läs mer: http://drupal.org/drupal-7.20-release-notes

7.19

16 Januari 2013 - 24MB

7.18

19 December 2012 - 24MB

7.17

7 November 2012 - 24MB

7.16

17 Oktober 2012 - 24MB

7.15

1 Augusti 2012 - 24MB

7.14

3 Maj 2012 - 24MB

7.12

1 Februari 2012 - 24MB

7.10

6 December 2011 - 24MB

7.9

26 Oktober 2011 - 24MB

7.8

31 Augusti 2011 - 24MB

7.7

28 Juli 2011 - 24MB

7.6

27 Juli 2011 - 24MB

7.4

30 Juni 2011 - 24MB

7.2

25 Maj 2011 - 24MB

7.0

(större version)
5 Januari 2011 - 24MB

6.38

(säkerhetsutgåvan)
24 Februari 2016 - 8MBThis release contains security fixes.

Security

• File upload access bypass and denial of service (File module - Drupal 7 and 8 - Moderately Critical): A vulnerability exists in the File module that allows a malicious user to view, delete or substitute a link to a file that the victim has uploaded to a form while the form has not yet been submitted and processed. If an attacker carries out this attack continuously, all file uploads to a site could be blocked by deleting all temporary files before they can be saved. This vulnerability is mitigated by the fact that the attacker must have permission to create content or comment and upload files as part of that process.
• Brute force amplification attacks via XML-RPC (XML-RPC server - Drupal 6 and 7 - Moderately Critical): The XML-RPC system allows a large number of calls to the same method to be made at once, which can be used as an enabling factor in brute force attacks (for example, attempting to determine user passwords by submitting a large number of password variations at once). This vulnerability is mitigated by the fact that you must have enabled a module that provides an XML-RPC method that is vulnerable to brute-forcing. There are no such modules in Drupal 7 core, but Drupal 6 core is vulnerable via the Blog API module. It is additionally mitigated if flood control protection is in place for the method in question.
• Open redirect via path manipulation (Base system - Drupal 6, 7 and 8 - Moderately Critical): In Drupal 6 and 7, the current path can be populated with an external URL. This can lead to Open Redirect vulnerabilities. This vulnerability is mitigated by the fact that it would only occur in combination with custom code, or in certain cases if a user submits a form shown on a 404 page with a specially crafted URL. For Drupal 8 this is a hardening against possible browser flaws handling certain redirect paths.
• Form API ignores access restrictions on submit buttons (Form API - Drupal 6 - Critical): An access bypass vulnerability was found that allows input to be submitted, for example using JavaScript, for form button elements that a user is not supposed to have access to because the button was blocked by setting #access to FALSE in the server-side form definition. This vulnerability is mitigated by the fact that the attacker must have access to submit a form that has such buttons defined for it (for example, a form that both administrators and non-administrators can access, but where administrators have additional buttons available to them).
• HTTP header injection using line breaks (Base system - Drupal 6 - Moderately Critical): A vulnerability in the drupal_set_header() function allows an HTTP header injection attack to be performed if user-generated content is passed as a header value on sites running PHP versions older than 5.1.2. If the content contains line breaks the user may be able to set arbitrary headers of their own choosing. This vulnerability is mitigated by the fact that most hosts have newer versions of PHP installed, and that it requires a module to be installed on the site that allows user-submitted data to appear in HTTP headers.
• Open redirect via double-encoded 'destination' parameter (Base system - Drupal 6 - Moderately Critical): The drupal_goto() function in Drupal 6 improperly decodes the contents of $_REQUEST['destination'] before using it, which allows the function's open redirect protection to be bypassed and allows an attacker to initiate a redirect to an arbitrary external URL. This vulnerability is mitigated by that fact that the attack is not possible for sites running on PHP 5.4.7 or greater.
• Reflected file download vulnerability (System module - Drupal 6 and 7 - Moderately Critical): Drupal core has a reflected file download vulnerability that could allow an attacker to trick a user into downloading and running a file with arbitrary JSON-encoded content. This vulnerability is mitigated by the fact that the victim must be a site administrator and that the full version of the attack only works with certain web browsers.
• Saving user accounts can sometimes grant the user all roles (User module - Drupal 6 and 7 - Less Critical): Some specific contributed or custom code may call Drupal's user_save() API in a manner different than Drupal core. Depending on the data that has been added to a form or the array prior to saving, this can lead to a user gaining all roles on a site. This issue is mitigated by the fact that it requires contributed or custom code that calls user_save() with an explicit category and code that loads all roles into the array.
• Email address can be matched to an account (User module - Drupal 7 and 8 - Less Critical): In certain configurations where a user's email addresses could be used to log in instead of their username, links to "have you forgotten your password" could reveal the username associated with a particular email address, leading to an information disclosure vulnerability. This issue is mitigated by the fact that it requires a contributed module to be installed that permits logging in with an email address, and that it is only relevant on sites where usernames are typically chosen to hide the users' real-life identities.
• Session data truncation can lead to unserialization of user provided data (Base system - Drupal 6 - Less Critical): On certain older versions of PHP, user-provided data stored in a Drupal session may be unserialized leading to possible remote code execution. This issue is mitigated by the fact that it requires an unusual set of circumstances to exploit and depends on the particular Drupal code that is running on the site. It is also believed to be mitigated by upgrading to PHP 5.4.45, 5.5.29, 5.6.13, or any higher version.

Läs mer: http://drupal.org/drupal-6.38-release-notes

6.37

(säkerhetsutgåvan)
19 Augusti 2015 - 8MBThis release fixes critical security vulnerabilities.

Security

• Cross-site Scripting - Ajax system - Drupal 7: A vulnerability was found that allows a malicious user to perform a cross-site scripting attack by invoking Drupal.ajax() on a whitelisted HTML element. This vulnerability is mitigated on sites that do not allow untrusted users to enter HTML. Drupal 6 core is not affected, but see the similar advisory for the Drupal 6 contributed Ctools module: SA-CONTRIB-2015-141.
• Cross-site Scripting - Autocomplete system - Drupal 6 and 7: A cross-site scripting vulnerability was found in the autocomplete functionality of forms. The requested URL is not sufficiently sanitized. This vulnerability is mitigated by the fact that the malicious user must be allowed to upload files.
• SQL Injection - Database API - Drupal 7: A vulnerability was found in the SQL comment filtering system which could allow a user with elevated permissions to inject malicious code in SQL comments. This vulnerability is mitigated by the fact that only one contributed module that the security team found uses the comment filtering system in a way that would trigger the vulnerability. That module requires you to have a very high level of access in order to perform the attack.
• Cross-site Request Forgery - Form API - Drupal 6 and 7: A vulnerability was discovered in Drupal's form API that could allow file upload value callbacks to run with untrusted input, due to form token validation not being performed early enough. This vulnerability could allow a malicious user to upload files to the site under another user's account. This vulnerability is mitigated by the fact that the uploaded files would be temporary, and Drupal normally deletes temporary files automatically after 6 hours.
• Information Disclosure in Menu Links - Access system - Drupal 6 and 7: Users without the "access content" permission can see the titles of nodes that they do not have access to, if the nodes are added to a menu on the site that the users have access to.

Major changes

• For security reasons, the autocomplete system now makes Ajax requests to non-clean URLs only, although protection is also in place for custom code that does so using clean URLs. There is a new form API #process function on autocomplete-enabled text fields that is required for the autocomplete functionality to work; custom and contributed modules should ensure that they are not overriding this #process function accidentally when altering text fields on forms. Part of the security fix also includes changes to theme_textfield(); it is recommended that sites which override this theme function make those changes as well (see the theme_textfield section of this diff for details).
• When form API token validation fails (for example, when a cross-site request forgery attempt is detected, or a user tries to submit a form after having logged out and back in again in the meantime), the form API now skips calling form element value callbacks, except for a select list of callbacks provided by Drupal core that are known to be safe. In rare cases, this could lead to data loss when a user submits a form and receives a token validation error, but the overall effect is expected to be minor.

Läs mer: http://drupal.org/drupal-6.37-release-notes

6.36

(säkerhetsutgåvan)
17 Juni 2015 - 8MBThis release fixes critical security vulnerabilities.

Security

• CVE-2015-3234 Impersonation (OpenID module - Drupal 6 and 7 - Critical): A vulnerability was found in the OpenID module that allows a malicious user to log in as other users on the site, including administrators, and hijack their accounts. This vulnerability is mitigated by the fact that the victim must have an account with an associated OpenID identity from a particular set of OpenID providers (including, but not limited to, Verisign, LiveJournal, or StackExchange).

Läs mer: http://drupal.org/drupal-6.36-release-notes

6.35

(säkerhetsutgåvan)
18 Mars 2015 - 8MBThis release fixes moderately critical security vulnerabilities.

Security:

• Access bypass (Password reset URLs - Drupal 6 and 7): Password reset URLs can be forged under certain circumstances, allowing an attacker to gain access to another user's account without knowing the account's password. In Drupal 7, this vulnerability is mitigated by the fact that it can only be exploited on sites where accounts have been imported or programmatically edited in a way that results in the password hash in the database being the same for multiple user accounts. In Drupal 6, it can additionally be exploited on sites where administrators have created multiple new user accounts with the same password via the administrative interface, or where accounts have been imported or programmatically edited in a way that results in the password hash in the database being empty for at least one user account. Drupal 6 sites that have empty password hashes, or a password field with a guessable string in the database, are especially prone to this vulnerability. This could apply to sites that use external authentication so that the password field is set to a fixed, invalid value.
• Open redirect (Several vectors including the "destination" URL parameter - Drupal 6 and 7): Drupal core and contributed modules frequently use a "destination" query string parameter in URLs to redirect users to a new destination after completing an action on the current page. Under certain circumstances, malicious users can use this parameter to construct a URL that will trick users into being redirected to a 3rd party website, thereby exposing the users to potential social engineering attacks. In addition, several URL-related API functions in Drupal 6 and 7 can be tricked into passing through external URLs when not intending to, potentially leading to additional open redirect vulnerabilities. This vulnerability is mitigated by the fact that many common uses of the "destination" parameter are not susceptible to the attack. However, all confirmation forms built using Drupal 7's form API are vulnerable via the Cancel action that appears at the bottom of the form, and some Drupal 6 confirmation forms are vulnerable too.

Läs mer: http://drupal.org/drupal-6.35-release-notes

6.34

(säkerhetsutgåvan)
20 November 2014 - 8MBThis release fixes moderately critical security vulnerabilities.

Security:

• Session hijacking (Drupal 6 and 7): A specially crafted request can give a user access to another user's session, allowing an attacker to hijack a random session. This attack is known to be possible on certain Drupal 7 sites which serve both HTTP and HTTPS content ("mixed-mode"), but it is possible there are other attack vectors for both Drupal 6 and Drupal 7.

Läs mer: http://drupal.org/drupal-6.34-release-notes

6.33

(säkerhetsutgåvan)
6 Augusti 2014 - 8MBThis release fixes security vulnerabilities.

Security:

• As of this release, the XML-RPC system in Drupal core will ignore information in declarations contained within XML-RPC messages (for example, XML version or character encoding information). This is not expected to matter for the vast majority of use cases.
• The XML-RPC system and OpenID XRDS parser will also reject messages that contain over ~30,000 XML tags within them. This limit is not expected to matter for the vast majority of use cases. It is also only an approximate limit, since Drupal 6 is not capable of efficiently counting the exact number of XML tags. If you need to process an XML-RPC message that is larger than that, you can change the limit by setting the "xmlrpc_message_maximum_tag_count" variable to a higher value. Do not set the value higher than you need, since allowing too many XML tags per XML-RPC message increases your site's vulnerability to denial of service attacks. The OpenID XRDS parser has a similar variable ("openid_xrds_maximum_tag_count") which can be used in a similar way.
• As a consequence of the security fixes in this release, sites using the OpenID module will reject login attempts from OpenID servers which return an XRDS file with a declared DOCTYPE (due to the possibility of malicious DOCTYPE declarations). A DOCTYPE declaration is not part of the OpenID specification, so this is not expected to cause any problems for valid OpenID servers (this is also the same restriction that was earlier added to Drupal 7 to fix a different security issue; see SA-CORE-2012-003 and the Drupal 7.16 release notes). However, sites using unusual or custom OpenID servers may wish to test OpenID logins before deploying this release.

Läs mer: http://drupal.org/drupal-6.33-release-notes

6.32

(säkerhetsutgåvan)
17 Juli 2014 - 8MBThis release fixes multiple security vulnerabilities.

Security:

• Denial of service with malicious HTTP Host header (Base system) [Critical]
• Cross-site scripting (Form API option groups) [Moderately critical]

Läs mer: http://drupal.org/drupal-6.32-release-notes

6.31

(säkerhetsutgåvan)
16 April 2014 - 8MBModerately critical security release of the Drupal 6 series. A vulnerability was found in the handling of temporary storage of form states which could result in form states leaking between anonymous users (SA-CORE-2014-002).

Major changes:

• Modules which provide alternative page cache implementations require updates for Drupal 6.31 and Drupal 7.27. This is expected to affect modules such as Boost or other modules which provide alternative page cache implementations that write pages to to the cache under different conditions than Drupal core normally does.

Läs mer: http://drupal.org/drupal-6.31-release-notes

6.30

(säkerhetsutgåvan)
15 Januari 2014 - 8MBCritical security release of the Drupal 6 series. A vulnerability was found in the OpenID module that allows a malicious user to log in as other users on the site, including administrators, and hijack their accounts.

Major changes:

• The database schema of the OpenID module's "openid_association" table has changed in this release (the "idp_endpoint_uri" column is now the primary key, rather than the "assoc_handle" column). During the update all existing entries in this table will be removed, but the table only stores temporary data and therefore the change is not expected to affect site operation or OpenID logins.

Läs mer: http://drupal.org/drupal-6.30-release-notes

6.29

(säkerhetsutgåvan)
20 November 2013 - 8MBThis is a security release only fixing two issues:

• This release contains a small change to the form API. It will have no effect on standard form API usage, but could affect code which does highly custom form processing; in particular, any code which calls functions like drupal_process_form() or drupal_validate_form() to process a form directly should be aware that when the form is validated, validation will now stop immediately in the case where the form's cross-site request forgery (CSRF) token fails validation. Previously all subsequent validation handlers would still be executed in this case.
• There is a new drupal_random_key() API function. Its usage is recommended for any code that needs to obtain a permanent, randomly-generated string which is safe to insert in HTML pages and URLs.

Läs mer: http://drupal.org/drupal-6.29-release-notes

6.28

16 Januari 2013 - 8MB

6.27

19 December 2012 - 8MB

6.26

3 Maj 2012 - 8MB

6.25

1 Mars 2012 - 8MB

6.24

1 Februari 2012 - 8MB

6.22

26 Maj 2011 - 8MB

6.20

16 December 2010 - 8MB

6.19

12 Augusti 2010 - 8MB

6.17

3 Juni 2010 - 8MB

6.16

5 Mars 2010 - 8MB

6.15

21 December 2009 - 8MB

6.14

17 September 2009 - 3MB

6.13

1 Juli 2009 - 3MB

6.12

14 Maj 2009 - 3MB

6.11

30 April 2009 - 3MB

6.10

27 Februari 2009 - 3MB

6.9

16 Januari 2009 - 3MB

6.8

14 December 2008 - 3MB

6.6

27 Oktober 2008 - 3MB

6.5

10 Oktober 2008 - 3MB

6.4

16 Augusti 2008 - 3MB

6.3

11 Juli 2008 - 3MB

6.2

14 April 2008 - 3MB

6.1

29 Februari 2008 - 3MB

6.0

(större version)
16 Februari 2008 - 3MB

5.23

12 Augusti 2010 - 3MB

5.22

5 Mars 2010 - 3MB

5.21

21 December 2009 - 3MB

5.20

17 September 2009 - 3MB

5.19

1 Juli 2009 - 3MB

5.18

14 Maj 2009 - 3MB

5.17

30 April 2009 - 3MB

5.16

27 Februari 2009 - 3MB

5.15

16 Januari 2009 - 3MB

5.14

14 December 2008 - 3MB

5.12

27 Oktober 2008 - 3MB

5.11

10 Oktober 2008 - 3MB

5.10

16 Augusti 2008 - 3MB

5.9

6 Augusti 2008 - 3MB

5.8

12 Juli 2008 - 3MB

5.7

5 Februari 2008 - 3MB

5.5

4 April 2004 - 3MB

5.3

4 April 2004 - 3MB

5.2

6 Augusti 2007 - 3MB

5.1

8 Februari 2007 - 3MB

4.7.4

29 Oktober 2006 - 3MB

4.7.3

13 Augusti 2006 - 3MB

4.7.2

6 Juni 2006 - 3MB

4.7.0

10 Maj 2006 - 3MB

4.6.6

22 Mars 2006 - 2MB

4.6.5

15 December 2005 - 2MB

4.6.3

24 Augusti 2005 - 2MB

4.6.2

3 Juli 2005 - 2MB

4.6.1

12 Juni 2005 - 2MB

4.6.0

5 Maj 2005 - 0.5MB

4.5.2

29 Mars 2005 - 0.5MB

4.5.1

11 December 2004 - 2MB

4.4.2

12 Augusti 2004 - 0.5MB

4.4.1

4 April 2004 - 0.5MB

4.4.0

4 April 2004 - 0.5MB