Drupal 7.99
6 December 2023
Drupal version 7.99 is now available.
Upgrading to Drupal 7.99
Drupal 7.99 can be upgraded to (or installed) using any of Installatron's products. Use Installatron's optional Automatic Update feature to automatically apply Drupal updates as new versions are released, or use Installatron's Clone feature to duplicate an existing Drupal install to test the 7.99 upgrade prior to applying it live. Get started managing your Drupal installations with Installatron
What's New in Drupal 7.99
Important
- Menu link 'Parent link' is limited to the current menu when creating new custom menu links through the UI in Drupal 7
- hook_field_schema_alter() was added in Drupal 7
- file_validate_image_resolution() now validates minimum dimensions against the resized image in Drupal 7
- Node translations table now contains a link to delete translation in Drupal 7
- ModuleUpdater::getSchemaUpdates() was removed in Drupal 7
- When a user fails login, the reset password link no longer pre-fills the username in Drupal 7
- Drupal 7's aggregator feed now displays up to 255 characters from description if no title is found
- Protection against abuse of DrupalCacheArray::__destruct() in Drupal 7
Bug Fixes and Changes
- #3405443 [D7] phpcs job fails when run on-commit
- #2180877 file_validate_image_resolution() doesn't recalculate the image dimensions after checking $maximum_dimensions
- #2847553 XSS attribute handling mangles valid attribute names containing numbers (D7 backport)
- #3384397 [D7] When adding a new menu link, restrict the available parents to the current menu
- #764408 [D7] Drupal.t() does not respect locale_custom_strings
- #691932 Add hook_field_schema_alter()
- #3396440 [D7 PHP 8.1] html_entity_decode(): Passing null to parameter #1 ($string) of type string is deprecated in decode_entities()
- #3026560 After upgrade to 7.63, 8.5.10, 8.6.7, 9.4.0 get TYPO3 phar error for drush
- #2345695 Users are able to upload 0-byte images
- #3386936 Remove unused/non-working function getSchemaUpdates()
- #3326994 Username enumeration via one time login route
- #3383556 Username disclosure in /user/password
- #1721506 In update.php instructions, move database backup after maintenance mode
- #2677118 Wrong usage of watchdog in system.api.php
- #2801329 Remove system.cron.js
- #808416 Document that clock drift will cause lock system to fail
- #2978218 Add "delete" link on node Translate tab Operations
- #3403989 [D7] GitLab CI tests for MariaDB currently not working
- #3402945 [D7] Test-only job shouldn't require constant rebases to detect which files were changed
- #3384545 Update the list of reserved keywords in DatabaseConnection_mysql
- #2880910 [D7] Nothing clears the "5 failed login attempts" security message when a user resets their own password
- #3362409 Vertical tabs result in jQuery error when overlay-context hashtag is added to URL
- #3195566 Add a note on MySQL 8 sql_mode override
- #3348669 system.mail.inc: strpos(): Passing null to parameter #1 ($haystack) of type string is deprecated
- #3372666 D7 Backport: Links with "@" are converted into email addresses even if there is no domain suffix present
- #2540830 Sanitize watchdog() link in dblog_event()
- #3397117 SQLite testing in GitlabCI - apache2(98)Address already in use
- #3397119 Allow failures in D7 GitlabCI PHPCS checks
- #3396515 GitlabCI test-only job - ambiguous argument in git diff
- #3387052 [D7] GitLab CI integration for core
- #3380876 [D7 PHP 8.3] unserialize(): Extra data starting at offset
- #3379524 Update PHP requirements for D7 according to the PSA-2023-06-07
- #3393147 Exceptions ignored in errorHandler for DrupalTestCase
- #3373222 Fallback to feed item description does not strip HTML, only takes 40 chars even though field allows 255
- #3386055 Cookie base path not check in the test but set in code
- #3381481 add tests for PHP Gadget Chain Drupal7/RCE1 protection
- #3378257 harden D7 against PHP Gadget Chain Drupal7/RCE1
- #3365407 Promote poker10 to full D7 maintainer