Drupal 9.2.9
18 November 2021
Drupal version 9.2.9 is now available (security release).
Upgrading to Drupal 9.2.9
Drupal 9.2.9 can be upgraded to (or installed) using any of Installatron's products. Use Installatron's optional Automatic Update feature to automatically apply Drupal updates as new versions are released, or use Installatron's Clone feature to duplicate an existing Drupal install to test the 9.2.9 upgrade prior to applying it live. Get started managing your Drupal installations with Installatron
What's New in Drupal 9.2.9
9.2.9
Security
- Drupal core - Critical - Third-party library - SA-CORE-2021-011 - Vulnerabilities are possible if Drupal is configured to allow use of the CKEditor library for WYSIWYG editing. An attacker that can create or edit content (even without access to CKEditor themselves) may be able to exploit one or more Cross-Site Scripting (XSS) vulnerabilities to target users with access to the WYSIWYG CKEditor, including site admins with privileged access.
9.2.8
Improvements and Bug Fixes
- OEmbedWidget does not display the field's help text, only its own message
- HtmlHeadLink processing does not allow for duplicated alternate hreflang links
- Adding new text format gives Uncaught TypeError: f.format_tags.split is not a function
- Claro theme is incompatible with the Themable Forms module
- Update the Drupal\KernelTests\CoretitytityQueryAggregateTest::testAggregation() a little to make it pass for SQL Server
- Add explicit test coverage for JSON:API filtering on a datetime field
- Remove obsolete @todo for "Undo bug when first inserting media into unfocused CKEditor"
- Editing menus user-experience has regressed
- Machine name field throws notices if before source field
- media_requirements() should report missing source fields
- Fix source plugin documentation
- Contextual links of reusable content blocks are not displayed when rendering entities built via Layout Builder
- core/tests/Drupal/Tests/Composer/Plugin/Scaffold/fixtures/scripts/disable-git-bin/git is an odd file and it has the file mode 755
- Convert EntityViewsDataTest from a unit test to a kernel test
- the methods in FieldableEntity should document how they are meant to be used
- PHP errors when overriding the query settings
- Migration of nodes with cck nodereferrer fields fails (SQL error)
- Map text_plain field formatter to basic_string for long text fields
- FieldLink process plugin treats protocol-relative external URLs as internal ones
- Fix TermTranslation query and add missing source plugin test
- Fix EntityReferenceTranslationDeriver process pipeline
- d7_language_content_comment_settings triggers MigrateException if the source bundle is longer than 32 chars: use migration_lookup
- LogMessageParser breaks messages containing braces
- Toolbar menu theme override omits the 'menu_name' variable
- TypeError: Argument 1 passed to _editor_get_file_uuids_by_field() must implement interface Drupal\CoretitytityInterface
- Olivero: Z-index issue with the search bar
- Insufficient contrast on Olivero's inactive vertical form labels
- Insufficient contrast on Olivero's fieldset elements
- Olivero: Select dropdown icons need more contrast in Windows High Contrast mode
- Olivero: Primary nav search icon invisible in forced-colors mode in MS Edge
- CSS aggregation fails on many variations of @import
- Vertical tabs with #parents are broken in Claro
- Users deleted via JSON:API DELETE don't follow the site-wide cancel_method in the user settings
- Race Condition in 'public://simpletest' mkdir Call