Drupal is an open source content management application and PHP development framework.

1 click installation Drupal

1 click installation

Easy update Drupal

Easy update

Backup and restoration Drupal

Backup and restoration


Content Management
Current version
Last update
17 November 2016
English + 80 others

System Requirements

Installation size
115 MB
open source
What's new


(security release)
16 March - 115MBSecurity
  • Editor module incorrectly checks access to inline private files - Drupal 8 - Access Bypass - Critical - CVE-2017-6377 - When adding a private file via a configured text editor (like CKEditor), the editor will not correctly check access for the file being attached, resulting in an access bypass.
  • Some admin paths were not protected with a CSRF token - Drupal 8 - Cross Site Request Forgery - Moderately Critical - CVE-2017-6379 - Some administrative paths did not include protection for CSRF. This would allow an attacker to disable some blocks on a site. This issue is mitigated by the fact that users would have to know the block ID.
  • Remote code execution - Drupal 8 - Remote code execution - Moderately Critical - CVE-2017-6381: A 3rd party development library including with Drupal 8 development dependencies is vulnerable to remote code execution. This is mitigated by the default .htaccess protection against PHP execution, and the fact that Composer development dependencies aren't normal installed. You might be vulnerable to this if you are running a version of Drupal before 8.2.2. To be sure you aren’t vulnerable, you can remove the /vendor/phpunit directory from the site root of your production deployments.

Read more: http://drupal.org/project/drupal/releases/8.2.7


2 February - 115MB
  • #2509268 by joshi.rohit100, dmsmidt, tim.plunkett, willzyx, SKAUGHT, pfrenssen, left, mgifford, ok_lyndsey, TR, kattekrab, alexpott, bojanz, yched: Inline errors repeated on child elements in module uninstall form
  • #2818011 by shashikant_chauhan, rakesh.gectcr, yashsharma01, dalin, akalata, Chi, catch, rosschive: Missing 'attributes' under 'options' in docs for Link::createFromRoute
  • #2844181 by maxocub, Alex Bukach, alexpott: PluralTranslatableMarkup serialization error
  • #2634156 by dpi, jian he, dawehner: Missing configuration schema and tests for "user_current" views filter handler
  • #2829848 by xjm, mpdonadio, alexpott: Random test failure in DateRangeFieldTest
  • #2837676 by michielnugter, droplet, alexpott, Lendude, jibran, klausi, Wim Leers: Provide a better way to validate all javascript activity is completed
  • #2843901 by tedbow, drpal: Settings tray should use toolbar models to close the toolbar items
  • #2781579 by Vidushi Mehta, amit.mall, brahmjeet789, nathanlawson91, tedbow, naveenvalecha, Manjit.Singh, moonpeak, tkoleary, Gábor Hojtsy, xjm: Fix overlapping Edit buttons on menu sidebar in outside-in
  • #2843259 by alexpott, Mile23: Drupal\Tests\ComposerIntegrationTest breaks when composer.lock generated with composer version 1.3 and higher
  • #2572821 by AbhishekLal, xxronis, Adita, ritzz, dimaro, hardik.p, amit.drupal, gianani, quietone, subhojit777, alexpott: Fix documentation on hook_user_format_name_alter()
  • #2754217 by alexpott, xjm, martin107, dawehner: Random Test Failure with "failed to open stream" for temporary://.htaccess
  • #2823400 by vaplas, Adita, hardik.p, alexpott: Random fail in CopyFileTest
  • #2793849 by tedbow, drpal, alexpott, xjm, tim.plunkett, Wim Leers, phenaproxima: Handle offcanvas differently at lower widths
  • #2815831 by tedbow, drpal, droplet: Move Off-canvas related CSS from drupal.outside_in library to drupal.off_canvas
  • #2784159 by dawehner, alexpott, hchonov: Remove CURL timeout in BTB
  • #2157927 by alexpott: Intermittent test fails in LocaleUpdateTest::testUpdateImportSourceRemote()
  • #2825603 by quietone, mikeryan: Fix rollback of configuration translations
  • #2840595 by amateescu, Berdir: The 'Source feed' field of aggregator items has to be updated and marked as required
  • #2843828 by alexpott, timmillwood: \Drupal\Core\DrupalKernel::initializeSettings() can result in moving the autoloader position
  • #2817727 by Wim Leers: Add test coverage to prove controller is called *after* authentication validation
  • #2834316 by Berdir, claudiu.cristea: Node preview shows and defaults to "Default" instead of "Full" view mode
  • #2673960 by Jo Fitzgerald, hussainweb, phenaproxima, mikeryan, quietone, vasi: Unable to migrate D7 User cck fields
  • #2325463 by claudiu.cristea, swentel, GroovyCarrot, bircher, Berdir, lokapujya, mohit_aghera, yanniboi, mgifford, BarisW, Yogesh Pawar: Destination URL breaks preview
  • #2843358 by alexpott, mallezie, dawehner: Postgres fail in Drupal\Tests\path\Kernel\Migrate\d6\MigrateUrlAliasTest
  • #2731419 by hgoto, michielnugter, pareshpatel, tocab, Chernous_dn, Sabbi0612, cilefen, droplet: "cannot call methods on dialog prior to initialization" logged when resizing after closing a modal
  • Revert "Issue #2793849 by tedbow, drpal, alexpott, tim.plunkett, phenaproxima, Wim Leers: Handle offcanvas differently at lower widths"
  • #2843074 by tim.plunkett, alexpott, claudiu.cristea, denutkarsh, effulgentsia: Stale dependencies passed to onDependencyRemoval() result in data loss on uninstallation
  • #2793849 by tedbow, drpal, alexpott, tim.plunkett, phenaproxima, Wim Leers: Handle offcanvas differently at lower widths
  • #2784571 by tedbow, drpal, nod_, naveenvalecha, miteshmap, droplet, Everett Zufelt: Outside-in Accessibility: Allow escape from edit mode with ESC key
  • #2840596 by alexpott, catch, dawehner: Update Symfony components to ~2.8.16
  • #2837072 by BarisW: Incorrect closing of the t() call in the help pages
  • #1867030 by larowlan, Berdir, Oleksiy, andypost, fil00dl: Contact message preview appears at random form position after sorting fields in Manage fields
  • #2801097 by dawehner, Berdir: Converting feed to absolute URLs fails on invalid XML, results in empty output
  • #2782915 by tedbow, droplet, nickgs, drpal, xjm, tkoleary, cashwilliams, tim.plunkett, alexpott, phenaproxima, nod_: Standardize the behavior of links when Outside In editing mode is enabled
  • Revert "Issue #2828438 by Adita, timmillwood, Sam152, rachel_norfolk, jp.stacey: Exception when adding tab to a node managed by content moderation"
  • #2839951 by chiranjeeb2410, badjava: API docs FormattableMarkup::placeholderFormat %variable example contain errors
  • #2828438 by Adita, timmillwood, Sam152, rachel_norfolk, jp.stacey: Exception when adding tab to a node managed by content moderation
  • #2489606 by 20th, slashrsm: hook_file_download() docblock refers to a non-existing function file_download()
  • #2842910 by Lendude: Views module contains several bad namespace in a @see
  • #2842982 by alexpott: Fix Drupal\system\Tests\System\UncaughtExceptionTest in PHP7.1
  • #2842942 by alexpott: Fix tempnam() usage in PHP7.1
  • #2842952: Fix Drupal\taxonomy\Tests\TermTest in PHP7.1
  • #2827644 by maxocub, phenaproxima: Fix path alias migration of translated nodes [D6]
  • #2842741 by alexpott: Fix MigrateExecutable for PHP7.1
  • #2842763 by alexpott: views_ui_preprocess_views_view() broken in PHP 7.1
  • #2838095 by cilefen, pjcdawkins: Only one site slogan character in site slogan when using PHP 7.1
  • #2838968 by Ginovski, Berdir: BlockContentListBuilder should use RedirectDestinationTrait instead of hardcoding the collection link template
  • #2841948 by Mile23, dawehner: Modify run-tests.sh to show file paths of all discovered tests
  • #2599956 by claudiu.cristea, apmsooner: Handler admin summary is double escaped
  • #2824827 by damiankloip, dawehner, Wim Leers, klausi: \Drupal\hal\Normalizer\ContentEntityNormalizer::denormalize() fails with fatal PHP error when bundles are missing from link relation types
  • #2794699 by Jo Fitzgerald, klausi, phenaproxima: MigrateMenuSettingsTest.php is not in the correct location
  • #2828559 by tacituseu, alexpott, mpdonadio, amateescu, hchonov, catch, xjm, Wim Leers, Mixologic: UpdatePathTestBase tests randomly failing
  • #2623568 by yanniboi, claudiu.cristea, himanshugautam, anil280988, sidharthap, Sagar Ramgade, dawehner, tstoeckler: Config schema of argument_default plugins is incorrect
  • #2786443 by alexpott, Berdir, RKopacz, milos.kroulik, generalconsensus: \Drupal\field\FieldStorageConfigStorage::mapFromStorageRecords() can fail without a reasonable error
  • #2838205 by 20th, panshulk, Damien Flament: Invalid YAML syntax in code examples in documentation
  • #2829484 by vegantriathlete, 20th, xjm: Incorrect spelling of possessive "its own" in multiple comments

Read more: http://drupal.org/project/drupal/releases/8.2.6


5 January - 115MB
  • #2838954 by damiankloip: Ignore 'Transfer-Encoding' header in EntityResourceTestBase::testGet
  • #2837645 by cburschka: Views::viewsDataHelper declares the wrong return type
  • #2838678 by andrewmacpherson: Typo in documentation of ArgumentPluginBase - bellow
  • Revert "Issue #2797169 by Wim Leers, Fabianx: Mark BigPipe as stable/non-experimental"
  • #2797169 by Wim Leers, Fabianx: Mark BigPipe as stable/non-experimental
  • Revert "Issue #2836381 by phenaproxima, Wim Leers: Seven's entity-add-list template omits link attributes"
  • #2836381 by phenaproxima, Wim Leers: Seven's entity-add-list template omits link attributes
  • #2830485 by michielnugter, klausi, tedbow, xjm, catch, tim.plunkett, dawehner, alexpott, Wim Leers, Lendude: \Drupal\Tests\outside_in\FunctionalJavascript\OutsideInBlockFormTest fails randomly
  • #2721725 by Vinay15, snehi, zerbash, er.pushpinderrana, jhodgdon, xjm, Ashish.Dalvi, joachim, Kevin Davison, ckrina: Select form element has undocumented properties
  • #2651328 by aerozeppelin, GeduR: Views Handler Filter InOperator exposed fires illegal choice when all option has been selected
  • #2823955 by Jo Fitzgerald, benjy, quietone, claudiu.cristea, mikeryan: No need to specify operator for Vocabulary filter in Term source
  • #2836434 by alexpott, oriol_e9g, NickWilde, bradjones1, AdamPS, carteriii, gapple, tstoeckler, soulsymphonies: We should not ever recommend APC in Drupal 8
  • #2828542 by claudiu.cristea, pfrenssen, cebasqueira, heddn, alexpott: Properly check if a destination folder for a file exists
  • #2822296 by shashikant_chauhan, jp.stacey, xjm: Wrong fully qualified class name \Drupal\Core\Routing\LinkGeneratorInterface::generate() in docs of Drupal::l()** Revert "Issue #2828438 by Adita, Sam152, rachel_norfolk, timmillwood, jp.stacey: Exception when adding tab to a node managed by content moderation"
  • #2828438 by Adita, Sam152, rachel_norfolk, timmillwood, jp.stacey: Exception when adding tab to a node managed by content moderation
  • #2548713 by yongt9412, larowlan, Berdir, swentel, subhojit777, effulgentsia: Only one additional new value saved unlimited field and no non-field values are restored after preview
  • #2781927 by pguillard, kiamlaluno, Eda, kiwimind: Improve description of render array properties and examples
  • #2729663 by dmsmidt, thpoul, SKAUGHT, Wim Leers, Lendude, droplet, effulgentsia, xjm, Reinmar, alexpott: Fragment link pointing to should be redirected to CKEditor instance when CKEditor replaced that textarea
  • #2746671 by Jo Fitzgerald, stella, andrewmacpherson, hussainweb, tom friedhof, chriscalip, mikeryan: CCK field data not available for D7 taxonomy term migrations
  • #2835604 by Wim Leers, effulgentsia: BigPipe provides functionality, not an API: mark all classes & interfaces @internal
  • #2822881 by Jo Fitzgerald, tstoeckler: Improve Entity URI checking in menu link migration
  • #2829759 by ruloweb: Wrong @return doc comment in \Drupal\user\Controller\UserAuthenticationController.php
  • #2834453 by dixon_: Remove dixon_ as maintainer for Comment module
  • #2830333 by Wim Leers, tedbow: All REST update path test coverage fixtures contain no-op code and other mistakes
  • #2832246 by dangur: d6_profile_values.yml contains obsolete configuration
  • #2828559 by amateescu, alexpott: More random fails in UpdatePathTestBase tests: "settings.cache failed with: missing schema"
  • #2130277 by phenaproxima, michaellenahan, Jo Fitzgerald, David Hernández, hardik.p, fastangel, alvar0hurtad0: Variable to config: filter.settings [D7 only]
  • #2826200 by claudiu.cristea, pfrenssen: Don't let the whole migration crash on a download failure
  • #2309695 by quietone, alexpott, mikeryan, benjy: Add query batching to SqlBase
  • #2814035 by klausi, dawehner: Make $modules property protected on BrowserTestBase and KernelTestBase
  • #2833462 by alexpott, tim.plunkett, Berdir: hook_requirements($phase = 'install') does not work as expected for experimental modules

Read more: http://drupal.org/project/drupal/releases/8.2.5


28 December 2016 - 115MBHighlights
  • [regression] REST in Drupal 8.2.x does not allow HTTP methods other than GET/PATCH/POST/DELETE: OPTIONS, PUT, et cetera all fail
  • CommentResourceTestBase::testPostDxWithoutCriticalBaseFields() always fails on PHP 5.6 & MySQL 5.5 (works fine on other PHP versions)
  • Entity query allows to specify entity type ID for reference fields
  • md_entity destination plugin deprecated

Read more: http://drupal.org/project/drupal/releases/8.2.4

display more versions


17 November 2016 - 115MBSecurity
  • Inconsistent name for term access query (Less critical - Drupal 7 and Drupal 8)
  • Incorrect cache context on password reset page (Less critical - Drupal 8
  • Confirmation forms allow external URLs to be injected (Moderately critical - Drupal 7)
  • Denial of service via transliterate mechanism (Moderately critical - Drupal 8)

Read more: http://drupal.org/project/drupal/releases/8.2.3


17 October 2016 - 115MB
  • #2811519 by tim.plunkett, dbourrion, cilefen, futurmat: Blocks do not appear after being placed with the Rules module enabled (or other missing schemata for Condition plugins)
  • #2811927 by timmillwood, alexpott: Disabling Content moderation on a bundle, removes the ability to perform create content on that bundle

Read more: http://drupal.org/project/drupal/releases/8.2.1


(major version)
6 October 2016 - 115MBThe new version includes experimental modules to place blocks on pages, edit block configuration without leaving the page, create content moderation workflows, and use date ranges. Many smaller authoring, site building, and REST improvements are included as well.
Read more: http://drupal.org/project/drupal/releases/8.2.0


26 September 2016 - 115MBSecurity
  • Users without "Administer comments" can set comment visibility on nodes they can edit. (Less critical). Users who have rights to edit a node, can set the visibility on comments for that node. This should be restricted to those who have the administer comments permission.
  • Cross-site Scripting in http exceptions (critical): An attacker could create a specially crafted url, which could execute arbitrary code in the victim’s browser if loaded. Drupal was not properly sanitizing an exception
  • Full config export can be downloaded without administrative permissions (critical): The system.temporary route would allow the download of a full config export. The full config export should be limited to those with Export configuration permission.

Read more: http://drupal.org/project/drupal/releases/8.1.10


(security release)
19 July 2016 - 115MBSecurity
  • Drupal 8 uses the third-party PHP library Guzzle for making server-side HTTP requests. An attacker can provide a proxy server that Guzzle will use. The details of this are explained at https://httpoxy.org/. (Drupal Core - Highly Critical - Injection - SA-CORE-2016-003)

Read more: http://drupal.org/project/drupal/releases/8.1.7


(security release)
17 June 2016 - 115MBSecurity
  • Saving user accounts can sometimes grant the user all roles (User module - Drupal 7 - Moderately Critical)
  • Views can allow unauthorized users to see Statistics information (Views module - Drupal 8 - Less Critical)

Read more: http://drupal.org/blog/drupal-8-1-3-and-7-44


9 May 2016 - 115MBImportant
  • #2407853: TaxonomyIndexTid Views plugin stores selected terms with the ID instead of UUID
  • #2699627: url.path cache context for breadcrumbs is unnecessarily granular

Known Issues
  • There is not yet per-commit testing for MySQL 5.7.9 or MariaDB 10.1.8 (both released October 2015), but there are no known issues with them. We intend to add per-commit testing on one of these databases in the future.
  • Particular Apache configurations may have issues with serving public file assets. Issue: #2619250: Disabling -MultiViews in .htaccess can cause 500 errors

  • #2671344 by jwilson3: Better documentation for suspicious encoded string in dblog tests
  • #2716991 by mpdonadio: Incorrect ISO datetime attribute for date-only fields w/ default formatter
  • #2717401 by Boobaa: Link with in-page fragment only is rendered improperly
  • #2696353 by mpdonadio, dpovshed: Bad dates in Select List widget throw an exception
  • #2613178 by mikeryan, heddn: default_value: null in static map skips empty rows
  • #2647916 by Lendude, dawehner: Views ajax modals stop working in certain scenarios
  • #2407853 by alexpott, aerozeppelin, Berdir, vladan.me, dawehner: TaxonomyIndexTid Views plugin stores selected terms with the ID instead of UUID
  • #2711537 by chgasparoto, kostyashupenko: Syntax errors (un-quoted or mis-quoted strings) in various code examples in docs
  • #2715741 by Mile23, pfrenssen: Fix 'Drupal.Classes.FullyQualifiedNamespace' coding standard
  • #2707371 by Mile23: Fix several errors in the 'Drupal.Commenting.DocComment' coding standard
  • #2667588 by dimaro, malavya, johnrosswvsu: Document that a module's classes are not available during hook_requirements() 'install' phase
  • #2697235 by mpdonadio: Add jhedstrom as co-maintainer for DateTime module
  • #2572793 by attiks, andypost: Fix 'Drupal.WhiteSpace.OperatorSpacing' coding standard
  • #2626676 by neclimdul: Fix coversDefaultClass annotations to be FQSEN
  • #2707641 by alexpott, anoopjohn: Ensure core compliance to Drupal.Commenting.FunctionComment.ParamCommentIndentation (part 2)
  • #2707261 by alexpott, jhodgdon: Calling moduleInvokeAll in Help block is wrong
  • #2572307 by vprocessor, attiks, andriyun, alexpott, pfrenssen: Fix 'Generic.PHP.UpperCaseConstant' coding standard
  • #2702609 by Wim Leers, Berdir, Fabianx: Disable placeholdering (and BigPipe) on unsafe requests to help find forms as fast as possible (to allow EnforcedResponses to work)
  • #2572731 by attiks, andypost: Fix 'Drupal.Formatting.SpaceUnaryOperator' coding standard
  • #2582475 by alexpott: Installation fails if a valid config sync directory is defined
  • #2707619 by alexpott: Composer install generates warning
  • #2614202 by alexpott, felribeiro, dawehner, catch: CoreServiceProvider::registerUuid() assumes all environments have the same functions available
  • #2711645 by alexpott, dawehner: ConfigInstaller::isSyncing() should return true always during a config sync
  • #2714829 by Mile23: Fix 'Generic.Functions.FunctionCallArgumentSpacing' coding standard
  • #2702001 by olafkarsten, Wim Leers: Inject config factory for BigPipe (including in exception handlers)
  • #2697909 by pguillard, himanshugautam, snehi, aburrows, jhodgdon: Fix "login (noun/adjective)" vs. "log in (verb)" in comments (and logout/log out)
  • #2711973 by Berdir: buildRenderable() does not work with display plugin embed
  • #2702281 by edurenye, dpopdan, larowlan, alexpott, dawehner: Move Drupal\simpletest\RandomGeneratorTrait, Drupal\simpletest\WebAssert and Drupal\simpletest\SessionTestTrait into Drupal\Tests namespace
  • #2572601 by attiks, alexpott, tatarbj: Fix 'Drupal.Classes.ClassCreateInstance' coding standard
  • #2710081 by alexpott: Fix 'Drupal.Formatting.SpaceInlineIf' coding standard
  • #2572707 by attiks, alexpott: Fix 'Drupal.Files.EndFileNewline' coding standard
  • #2699627 by catch, dawehner, Wim Leers: url.path cache context for breadcrumbs is unnecessarily granular
  • #2714207 by alexpott: FieldUnitTestBase
  • #2711963 by jibran: Modernized ToolbarIntegrationTest
  • #2610344 by mikeker, dimaro, mohit_aghera, andriyun, anil280988, Cottser, joelpittet: Re-add some documentation about what you can get from the node object in node.html.twig
  • #2456477 by Berdir, dawehner, heddn, pguillard: Convert deprecated \Drupal\simpletest\KernelTestBase tests to KernelTestBaseNG
  • #2710103 by Pashupathi Nath Gajawada: Cleanup phpunit.xml.dist
  • #2678822 by DamienMcKenna, David_Rothstein, stefan.r, Berdir: Drupal 7.43 / 8.0.4 regression: When an anonymous user submits a form with an un-uploaded file that leads to a validation error, the file is lost on the next correct submission
  • #2710685 by dimaro, er.pushpinderrana, jhodgdon: inconsistent use of tags in docs for template_preprocess_links()
  • #2700261 by timmillwood, amateescu: allRevisions() entity queries ignore non-revisionable fields
  • #2710395 by joelrguezaleman, dimaro, nesta_, jhodgdon: No docs for ArgumentValidatorPluginBase::validateArgument(); other methods have bad first lines
  • #2700415 by nicolas.rafaelli, dimaro, rashid_786, er.pushpinderrana, korgik, David Hernández, jhodgdon: Problems with documentation of options in Url class
  • #2657826 by er.pushpinderrana: FieldHandlerInterface::getEntity() can also return NULL
  • #2709581 by Torenware, pepegarciag, jhodgdon: Better explain the $modules variable in kernel tests
  • #2708485 by damiankloip: Views Row caching still caches rows when cache plugin is 'none'
  • #2710669 by er.pushpinderrana: template_preprocess_item_list() '#wrapper_attributes' property is undocumented
  • #2708629 by tim.plunkett: \Drupal\system\Plugin\Condition\RequestPath::evaluate() fails if the current path is '/'
  • #2709411 by dagmar, jhodgdon: t() is used in an inconsistent way on Drupal\Core\Render\Element documentation
  • #2701851 by amateescu, animaci: The 'system.db_update' route should restrict access via the 'access_check.db_update' service
  • #2709625 by tim.plunkett: Wrong @group name on PermissionAccessCheckTest
  • #2073753 by amateescu, Sweetchuck, amitaibu, dawehner: Fix and add tests for the recursive rendering protection of the 'Rendered entity' formatter
  • #2696771 by Wim Leers, thpoul: Minor clean-up of \Drupal\ckeditor\Plugin\CKEditorPlugin\Internal::getConfig()
  • #2709541 by alexpott, dawehner: Set opcache.revalidate_freq when running tests
  • #2709525 by kevin.dutra: Comment bundle label is incorrect
  • #2684123 by dawehner: \Drupal\Core\Routing\RouteProvider::preLoadRoutes doens't handle the exception case correctly
  • #2700405 by amateescu, vasike: User ref field includes the Anonymous user when 'include_anonymous' is set not to, when using select widget
  • #2612334 by NickWilde: Remove dead code in \Drupal\Core\Asset\[Css|Js]Collection[Grouper|Optimizer]
  • #2667224 by rlhawk: Adding or editing "Change the author of content" action causes error
  • #2703487 by RobLoach: Move Drupal.php autoloading from "files" to "classmap"
  • #2707471 by dagmar: Langcode is duplicated in filter.format.plain_text.yml
  • #2697933 by felribeiro: Replace "does not" with "do not" in SearchLanguageTest
  • #2709569 follow-up by dawehner: Adjustments to CHANGELOG.txt

Read more: http://drupal.org/project/drupal/releases/8-1-1


13 April 2016 - 115MBKnown Issues
  • Installs on php-fpm environments may see fatal errors on enabling modules, due to #2572293: Do not rebuild router in kernel.terminate.
  • There is not yet per-commit testing for MySQL 5.7.9 or MariaDB 10.1.8 (both released October 2015), but there are no known issues with them. We intend to add per-commit testing on one of these databases in the future.
  • Particular Apache configurations may have issues with serving public file assets. Issue: #2619250: Disabling -MultiViews in .htaccess can cause 500 errors

  • #2694243 by marthinal, jhodgdon: node_field_data and search_index tables should match on langcode
  • #2699869 by er.pushpinderrana: deprecation notice for format_string() says to use SafeMarkup::format(), but that is also deprecated
  • #2698595 by davidhernandez: Named spelled incorrectly in Maintainers file
  • #2696919 by chgasparoto, snehi: EntityResource annotation class has @see after plugin annotation
  • #2614824 by alexpott, xjm, catch: Tests fail when version constant is stable
  • #2664748 by amateescu, alexpott, TravisCarden: Node revision queries tagged for node access cause "no node table" exception
  • #2677414 by blue_waters: VerticalTabs' #default_tab broken due to wrong/mismatching class name
  • #1458824 by idebr, JvE, mayaz17, cwoky, Henrik Opel: Ajax doesn't work with Tableselect with checkboxes
  • #2685021 by Lendude, cilefen, r0nn1ef, andypost: Fatal error: $this when not in object context in views.theme.inc
  • #2679883 by lokapujya: Audit use of YAML to ensure we're not using deprecated syntax
  • #2651986 by maxocub, balagan, Tom Robert, Kristen Pol, tstoeckler: Local task link "Translate" is not translated
  • #2535660 by david_garcia: PDO Exception in Node Search Plugin
  • #2274153 by dixon_, Wim Leers: Make RESTTestBase::httpRequest() work with HEAD requests
  • #2664290 by tstoeckler: Remove array typehints from batch callbacks
  • #2669418 by pwolanin: Php Storage not defining secret index
  • #2688813 by sidharthap: Documentation for FieldPluginBase::addSelfTokens is missing "__"
  • #2573975 by alexpott, juampynr, Berdir, edurenye: function_exists check in PluralTranslatableString is wrong
  • #2609874 by tstoeckler, mikeker, Kristen Pol, tassilogroeper: Boolean field "On label" and "Off label" are not translatable
  • #2687837 by alexpott: run-tests.sh --types does not work with --directory
  • #2664274 by alexpott, bojanz, fortis, Mile23, arknoll: Combination of --prefer-dist and .gitattributes confuses our vendor test cleanup
  • Revert "Issue #2609874 by tstoeckler, Kristen Pol, tassilogroeper: Boolean field "On label" and "Off label" are not translatable"
  • #2609874 by tstoeckler, Kristen Pol, tassilogroeper: Boolean field "On label" and "Off label" are not translatable
  • #2638856 by bojanz, webflo, SiliconMind: Unable to install modules with core dependencies via composer
  • #2633568 by quietone, ultimike: Improve method for migrating link attributes from D6
  • #2669590 by Lendude, joe_carvajal: IntegrityConstraintViolationException using an entity reference in a view with a entity reference display
  • #2684575 by chx, benjy, quietone: Get is unable to pick up 0
  • #2685463 by rakesh.gectcr: Typo in the usage example of HtmlTag API page
  • #2281393 by ultimike, mrjmd, bdone, quietone, Xano, vendion, benjy, brockfanning, alexpott: D6->D8 Blocks - Custom titles not imported
  • #2680057 by alexpott, dawehner, isntall: Allow to not override the simpletest results on a new test run
  • #2658412 by leolando.tan, lokapujya, rakesh.gectcr, harsha012, thisisit, zweishar, miteshmap: Config API topic makes no mention of getEditable()
  • #2248223 by olli, Lendude, peterg.griffin, finne, mikeker, pjonckiere, b0unty, ohthehugemanatee, zniki.ru, dawehner, jhodgdon, effulgentsia, xjm, droplet, metzlerd: Adding a new Views filter and making it exposed returns user back to list of filters
  • #2679953 by malavya, subharanjan, AjitS, aditya_anurag, mikebell_, jhodgdon: Replace mentions of url() in docs
  • #2684319 by TravisCarden, jhodgdon: ConfigFormBaseTrait::config() @return doxygen is inaccurate
  • #2676026 by dimaro, subharanjan, Girish-jerk, zaurav, jhodgdon: Correct documentation of ThemeNegotiatorInterface
  • #2680307 by metzlerd, jhodgdon: Direct people to Services and Elements pages on API sites in a clearer way
  • #2225477 by quietone: Add migrate sources and destinations for D6 i18n variables
  • #2177335 by drintios, idebr, czigor, oo0shiny, bdimaggio, samiullah, alexpott: Selecting 'Disabled' does not move the block to the disabled region when there are no disabled blocks
  • #2670978 by dawehner, isntall, jibran, alexpott: Allow to run just specific types when running all tests
  • #2616220 by webflo, quietone: Obey field cardinality in vocabulary migration
  • #2609680 by alexpott, jhedstrom: Add an AssertMailTrait to allow mail testing in Kernel tests and fix odd stdout not found in test output
  • #2608692 by snehi, r_sharma08, anil280988, marvin_B8, rakesh.gectcr, ashhishhh, malavya, heykarthikwithu, kaushalkishorejaiswal, jhodgdon: Revise docblock for BookManager methods
  • #2626106 by Wim Leers, gceja, thpoul: The image button does not work unless width+height attributes are allowed, even though those are optional
  • #2682367 by leolando.tan: Wrong comment in AdminRouteSubscriber::getSubscribedEvents
  • #2683391 by amateescu: Backport EntityKernelTestBase to 8.0.x
  • #2471689 by klopez, shashikant_chauhan, harings_rob, snehi, jhodgdon: Entity API documentation should consistently refer to handlers rather than controllers
  • #2676472 by micaelamenara, jhodgdon: docs for t() and related functions don't explain how context works
  • #2572125 by rodrigoaguilera, vijaycs85, swentel, Berdir, Wim Leers, tstoeckler: Content translation local tasks are not getting displayed due to caching
  • #2675000 by alexpott: SQLBase::mapjoinable does not support SQLite part 2
  • #2179537 by jweowu, alexpott: Drupal 8 has a broken UUID generator
  • #2672512 by Birk, kurund: CKEditorPluginConfigurableInterface::settingsForm() docs don't match API usage
  • #2664150 by dawehner: Expand BrowserTestBase with error handling support
  • #2665738 by droplet, zviryatko: jQuery Autocomplete applies "_renderItem" option only for first element on the page
  • #2679006 by blazey: 'incloming' in SourcePluginBase::$trackChanges comment
  • #2580177 by DuaelFr, GoZ: Language list is not correctly ordered when it's localized
  • #2668008 by dimaro, kannan@kiluvai.com, rakesh.gectcr, felribeiro, jhodgdon, eojthebrave, xjm, mobaid: Internationalization topic refers to format_plural() function that does not exist
  • #2614764 by snehi, priya.chat, rakesh.gectcr, anil280988, amit.drupal, jhodgdon: Wrong @param doc in class Composer
  • #2677672 by fago: Improve docs of getDataDefinition for lists and complex data
  • #2678620 by stBorchert: HandlerBase::breakString does not work with decimal values
  • #2623940 by alexpott, Berdir: ConfigInstaller tries to install optional config with missing dependencies
  • #2302259 by quietone: Test coverage for user profile link type from D6

Read more: http://drupal.org/drupal-8.0.6-release-notes


16 March 2016 - 115MBImportant
  • #2496867: Translatable image file is not working unless you also config the image field. Config can get lost anyway.
  • #2602268: Translated string are loaded into Views UI and then saved as default language strings.
  • #2616164: /update.php/run URL is generated with language prefix and returns 404 error
  • #2642374: Dependency removal logic incorrectly affects indirect dependents
  • #2665410: Book module breadcrumb remains cached when node title (or access) changes
  • #2671916: node_access_rebuild() will never work after since entityQuery has now accessCheck default set to true and the grants are deleted beforehand
  • #2649352: views_embed_view() should use a render array so metadata can bubble up

  • #2660446 by tduong: Test the node argument_default plugin
  • #2559695 by leolando.tan, bhavikshah9, falufalump, nod_, eiriksm: JSDoc tabledrag.js
  • #2364343 by damien_vancouver, criz, ksenzee, joegraduate, Neograph734, droplet, pounard, jp.stacey, ciss: Fix robots.txt to allow Google access to CSS, JavaScript and image files
  • #2578741 by amateescu, swentel, subson, larowlan: Add setting for size to email widget
  • #2646410 by claudiu.cristea, dawehner: Container cannot be saved to cache
  • #2676680 by klausi: Rename "Phone module" to "Telephone module" in MAINTAINERS.txt
  • #2534532 by michaellander, longwave: Cannot reinstall Forum after it was previously installed
  • #2472633 by Mile23, dawehner: Expand PHPUnit test coverage of the Diff component
  • #2488540 by Lendude, SteffenR, geertvd, nlisgo, ozin, joshuajleonard, Lóna Lore: Rewrite external links in views fields
  • #2676682 by klausi: Remove Drupal 6 from MAINTAINERS.txt
  • #2613878 by edysmp, heddn, Adita, Lord_of_Codes, jian he, chx, miiimooo, alexpott, benjy, mikeryan: Use hash for Migration source keys, rather than verbatim values
  • #2672442 by rakesh.gectcr, dimaro, aditya_anurag, jhodgdon: In the documentation, change all instances of "an URL" to "a URL"
  • #2676346 by alexpott, dawehner: Coding standards check on DB dump fixtures causes PHPCS to out of memory on PHP5.5 and is slow cause of huge files
  • #2501735 by snehi, lokapujya, malavya, priya.chat, sdstyles, ChuChuNaKu, er.manojsharma, mglaman, joelpittet: Add throws to Twig extension comments
  • #2660486 by pwolanin, dawehner, rrrob: MenuLinkDefaultForm::extractFormValues() does not include the plugin ID
  • #2599594 by agoradesign, mdespeuilles, nagwani: Multilingual content: Menu link is not correctly stored on translation
  • #2496867 by Berdir, swentel, alexpott, rodrigoaguilera, yobottehg, trebormc: Translatable image file is not working unless you also config the image field. Config can get lost anyway
  • #2541252 by HOG, pazhyn, finnsky, LewisNyman, nlisgo, saki007ster, alvar0hurtad0, maris.abols, PapaGrande, pjbaert, emma.maria, bruvers, ti2m, tstoeckler: Replace the .region-content ul/ol selector with text-formatted to refactor code + fix visual bugs
  • #2674480 by twistor: Views does not properly ignore the query cache during preview
  • Back to dev.
  • #2673552 by mcjim: Add missing @return documentation for _buildArguments() in ViewExecutable.php
  • #304540 by typhonius, BrockBoland, nabiyllin, RobLoach, marcingy, ravi.khetri, jyotisankar, sudhanshug, jaredsmith, nesta_: Disable themes when theme engine or base theme aren't available
  • #2575533 by leolando.tan, AlviMurtaza, LewisNyman, j2r, joaogarin: Add warning message to Seven and Bartik that they can change in the future
  • #2673918 by David Hernández: hook_entity_view_mode_info_alter still shows hook_entity_view_mode_info, that has been removed
  • #2649352 by dawehner, borisson_: views_embed_view() should use a render array so metadata can bubble up
  • #2674198 by neclimdul: @menu_name in menu_links migration_template is invalid yaml
  • #2204037 by kpv, Lendude: Views allows removal of required relationships and gives a fatal error on save
  • #2514212 by Berdir, tduong, chx: Entity::getEntity() does not correctly deal with an existing ID mapping without a destination ID
  • #2602268 by Berdir: Translated string are loaded into Views UI and then saved as default language strings
  • Revert "Issue #2561619 by phenaproxima, nod_, lokapujya, droplet, tic2000: Drupal Ajax objects and settings grows endlessly"
  • #2621422 by stefan.korn, harsha012, aditya_anurag, rakesh.gectcr, joyceg, Cottser, jhodgdon: Wrong default path for page.html.twig given
  • #2642374 by alexpott, Berdir, drunken monkey, beejeebus: Dependency removal logic incorrectly affects indirect dependents
  • #2579931 by rjacobs, stevector: Pager option not saved on views add form page widget
  • #2669898 by thpoul, DuaelFr, Wim Leers: cke_widget_element CSS Class get wrongly returned by the drupallink plugin
  • #2659100 by dawehner, alexpott: Allow run-tests.sh to run just the javascript Functional tests
  • #2561619 by phenaproxima, nod_, lokapujya, droplet, tic2000: Drupal Ajax objects and settings grows endlessly
  • #2461017 by aerozeppelin, Berdir, Lendude: TaxonomyIndexTid doesn't check whether there are any values before trying to loop over it
  • #2668008 by dimaro, rakesh.gectcr, kannan@kiluvai.com, felribeiro, jhodgdon, eojthebrave, mobaid, xjm, AjitS: Internationalization topic refers to format_plural() function that does not exist
  • #2575101 by quietone, jcnventura, jgrubb, hussainweb, chr.fritsch, heddn, benjy: Add an explode/separator process plugin
  • #2671182 by lokapujya: Views validates displays on Cancel
  • #2671916 by Berdir, mgoedecke: node_access_rebuild() will never work after since entityQuery has now accessCheck default set to true and the grants are deleted beforehand
  • #2671946 by mikeryan: d6_url_alias_language should accept language as a scalar
  • #2620576 by cilefen, alexpott, chapf, xjm, longwave, dawehner: fnmatch() is not available on all environments (i.e QNAP QTS)
  • #2665410 by catch, pwolanin, Wim Leers: Book module breadcrumb remains cached when node title (or access) changes
  • #2662592 by marcingy: TimestampFormatter.php has invalid input name
  • #2393387 by mondrake, gnuget, tim.plunkett: Add test for editing image effect when configuration form is Ajax enabled
  • #2226455 by quietone, ultimike, brockfanning: Migrated URL aliases not working until nodes are re-saved
  • #2668926 by DuaelFr: ReplaceCommand minor documentation glitch
  • Revert "Issue #994360 by DuaelFr, andypost, emosbaugh: #states cannot disable/enable radios and checkboxes"
  • #2321995 by jhodgdon: More info needed in hook_views_data docs/sample body
  • Revert "Issue #2521782 by paulmckibben, swentel: HTML head has alternate hreflang links to unpublished translations"
  • #2536682 by eporama, r_sharma08, snehi, rakesh.gectcr, chegor, Prashant.c: default.settings.php database instructions need to be user friendly
  • #2659564 by miteshmap: Wrong return type in TermStorageInterface::loadTree()
  • #2656578 by felribeiro, malavya: Tableselect documentation around #header needs more detail
  • #2667304 by felribeiro: Error in variables documentation for vertical-tabs.html.twig
  • #2606246 by rang501, heykarthikwithu: StaticTranslation::getLanguage, add @return values in the comment docblocks
  • #2540136 by Shreya Shetty, rang501, chx, priya.chat: Improve ContextualLinkInterface doxygen
  • #1811214 by Mile23, naveenvalecha, tisteegz: Add missing type hinting to Language module docblocks
  • #2610202 by rang501, Lars Toomre: Docblock fixes for file.module file
  • #1811328 by sushyl, Mile23: Add missing type hinting to Filter module docblocks
  • #2627052 by leolando.tan, snehi, anil280988, jhodgdon: Fix docblocks in file views/src/ViewExecutable.php
  • #1811888 by bleen, Mile23, a_thakur, Nitesh Sethia, naveenvalecha: Add missing type hinting to Tracker module docblocks
  • #2627038 by ashhishhh, jordanpagewhite, snehi, Manjit.Singh, jhodgdon, sudhanshug: Fix docblock for createTerm in TaxonomyTestBase.php
  • #2521782 by paulmckibben, swentel: HTML head has alternate hreflang links to unpublished translations
  • #2606304 by snehi, priya.chat, rang501, rakesh.gectcr: Wrong @param doc for construct function in class PrivateTempStore
  • #2666702 by heilop: Fix comments in the attributes of the TaggedWithTest class
  • #2348219 by Fabianx, dawehner, webchick, Berdir, damiankloip, joelpittet, gnuget: You have requested a non-existent service "cache.backend.null"
  • #2469553 by Lendude, geertvd, oenie: Views filtering on boolean fields doesn't use right formatter
  • #2667288 by felribeiro: FilterProcessResult docs refers to class as FilterProcess
  • #2659524 by gaydabura, rakesh.gectcr: Removing wrongly added @return in core/includes/form.inc
  • #2667606 by AchillesKal: Missing single quote on the Buttons element usage example
  • #2667172 by mikeker: core.api.php links to the old (deprecated) KernelTestBase
  • #2668652 by lokapujya: DisplayTest - drupalPlaceBlock() has wrong parameters
  • #2487269 by alexpott, Oliver Sommersberg, zhuber: Postgres insert queries that fail in a transaction break the entire transaction
  • #2663290 by edurenye, Berdir, dawehner: Argument validator schemas are broken
  • #2630886 by dawehner: Correct the join from revision data table to revision base table
  • Revert "Issue #2630886 by dawehner: Correct the join from revision data table to revision base table"
  • Revert "Issue #2598502 by alexpott: Double escaping in views attachment titles"
  • #2609504 by Lendude, mohit_aghera, ibustos: Default People display shows date since unix timestamp 0 as 'Last access'
  • #2485683 by Wim Leers: REST entity resource missing entity & field access cacheability metadata
  • #2667932 by nod_: Update eslint config for eslint 2.0 update
  • #2638410 by dawehner, Lendude: Views overview page doesn't filter on tags
  • #2516930 by coleman.sean.c, alexpott, jhedstrom, mohit_aghera: Remove from outline button goes to node/x/delete instead
  • #994360 by DuaelFr, andypost, emosbaugh: #states cannot disable/enable radios and checkboxes
  • #2598502 by alexpott: Double escaping in views attachment titles
  • #2652068 by alexpott, mglaman: Update jcalderonzumba/gastonjs to a tagged release
  • #2662152 by rafaolf: Entity::preSave() throws a exception, but this is not documented
  • #2509722 by NickWilde, dawehner, Lendude, rakesh.gectcr, Nitesh Pawar, xjm, tstoeckler: "Error: missing help" in Views for Node fields without descriptions
  • #2471593 by JeroenT, Devaraj johnson: Replace the use of entity_load_unchanged() in ImageAdminStylesTest
  • #2567091 by slashrsm: AJAX updates of an element in a #group are not working
  • #2616164 by agoradesign, swentel, facine, dawehner: /update.php/run URL is generated with language prefix and returns 404 error
  • #2571929 by klausi: REST entity POST request is not cacheable: cacheability metadata is unnecessary
  • #2661642 by neclimdul: ResourceResponse can't serialize empty array
  • #2666552 by mikeker: Incorrect path for unit tests in core.api.php
  • #2663936 by milodesc: Include .gitattributes file in list of core files to move in INSTALL.txt instructions
  • #2650588 by tim.plunkett, Wim Leers, alexpott, dawehner: Entities with plugin collections should be updated before serialization
  • #2397271 by Wim Leers, larowlan, penyaskito, MattA: REST configuration fails if it contains a plugin reference that does not exist
  • #2665232 by dawehner: Add the line to Error::formatBacktrace()
  • #2568413 by grasmash, pwolanin, dawehner, Wim Leers, xjm, klausi: REST views: Pass views style plugin instance to REST Export serializer
  • #2575549 by Wim Leers, znerol, Fabianx: Add Page Cache to MAINTAINERS.txt
  • #2664396 by TravisCarden: hook_node_access_records() doxygen refers to non-existent node_access_write_grants()
  • #2664882 by chx: RedirectDestinationInterface::get is factually wrong
  • #2575245 by toniteof: Click-sorting broken in previews
  • #2662006 by pwolanin, incrn8, jtyocum: Fatal error when trying to edit book nodes (that have children) in large books
  • #2641092 by laranajim: Wrong file doc block on some tests
  • Revert "Issue #2595613 by krknth, heykarthikwithu, k4v, aerozeppelin, naveenvalecha, swentel: Forms - '#title_display' => 'invisible' is not working for radio buttons ?"
  • #2660464 by mallezie: Migrate sql base toString method not accessible by subclasses
  • #2417917 by clemens.tolboom, sudhanshug, Wim Leers, joelpittet: Include content type format name in error response
  • #2418587 by xjm, marthinal, AjitS, Wim Leers, neilmc, Berdir: Set entity values to NULL instead of using unset() method: unset() is misleading
  • #2602536 by cosmicdreams: Unused local variable in testSerialization()
  • #2624256 by roderik, jhodgdon, dawehner: Fix mention of menu_router_rebuild() in LockBackendInterface comment
  • #2494131 by webchick, mgifford, mohit_aghera, LewisNyman, yoroy: Placeholder text for site name in installer can be confusing
  • #2412363 by Arla, zealfire, mgifford, xjm, fago: ComplexDataDefinition::getPropertyDefinition() does not need to check ->propertyDefinitions
  • #2512668 by MattA, martin107, dawehner: Dblog rest plugin throws exception with incorrect parameters
  • #2587755 by aerozeppelin, NickWilde, swentel: AJAX error when using progress bar on file field widget
  • #2621794 by ShaunDychko, Alan D., joelpittet, chx: Drupal 6 image field settings incorrect after migration
  • #2615790 by Xano: Field item properties do not prevent the services they contain from being serialized
  • #2595613 by krknth, heykarthikwithu, k4v, aerozeppelin, naveenvalecha, swentel: Forms - '#title_display' => 'invisible' is not working for radio buttons ?
  • #2637680 by Dom., mikeocana, laranajim: Submit buttons for GET forms in search/views are not W3C valid due to empty 'name' attribute
  • #2646786 by dawehner: Add a backtrace for logged exceptions
  • #2649602 by hchonov: hook_translation_create is not invoked with the new entity translation but with the previous entity object
  • #2639254 by dawehner, heddn: Make it possible to skip empty migration destinations
  • #2663830 by chx: Remove action.api.php
  • #2571539 by Lendude, Surabhi Gokte, Cottser, swentel, emma.maria, alexpott, Manjit.Singh: Progress bar higher than progress track
  • #2651766 by eojthebrave, malavya, jhodgdon, alexpott: Update link in documentation block for t() function
  • #2578173 by Peacog, maximpodorov, marvin_B8, andypost, alexpott, tatisilva: Increase menu title maxlength to 255 in forms containing menu items
  • #2645036 by chx: Performance: system_path_* doesn't pass the source
  • #2641540 by Mac_Weber: Replace deprecated usage of entity_create('entity_test_mulrev') with a direct call to EntityTestMulRev::create()
  • #2626548 by dawehner, slashrsm: The static caching in \Drupal\Core\Entity\EntityTypeManagerInterface::getFormObject() is problematic
  • #2640962 by Berdir: Theme Registry does not support switching the active theme
  • #2662108 by Cottser: Add Scott Reeves (Cottser) as a provisional core committer for Drupal 8 (cherry picked from commit e495c4904974dde67a93ad395b8ef252e08bed8d)

Read more: http://drupal.org/drupal-8.0.5-release-notes


(security release)
24 February 2016 - 115MBThis release contains security fixes.

  • File upload access bypass and denial of service (File module - Drupal 7 and 8 - Moderately Critical): A vulnerability exists in the File module that allows a malicious user to view, delete or substitute a link to a file that the victim has uploaded to a form while the form has not yet been submitted and processed. If an attacker carries out this attack continuously, all file uploads to a site could be blocked by deleting all temporary files before they can be saved. This vulnerability is mitigated by the fact that the attacker must have permission to create content or comment and upload files as part of that process.
  • Brute force amplification attacks via XML-RPC (XML-RPC server - Drupal 6 and 7 - Moderately Critical): The XML-RPC system allows a large number of calls to the same method to be made at once, which can be used as an enabling factor in brute force attacks (for example, attempting to determine user passwords by submitting a large number of password variations at once). This vulnerability is mitigated by the fact that you must have enabled a module that provides an XML-RPC method that is vulnerable to brute-forcing. There are no such modules in Drupal 7 core, but Drupal 6 core is vulnerable via the Blog API module. It is additionally mitigated if flood control protection is in place for the method in question.
  • Open redirect via path manipulation (Base system - Drupal 6, 7 and 8 - Moderately Critical): In Drupal 6 and 7, the current path can be populated with an external URL. This can lead to Open Redirect vulnerabilities. This vulnerability is mitigated by the fact that it would only occur in combination with custom code, or in certain cases if a user submits a form shown on a 404 page with a specially crafted URL. For Drupal 8 this is a hardening against possible browser flaws handling certain redirect paths.
  • Form API ignores access restrictions on submit buttons (Form API - Drupal 6 - Critical): An access bypass vulnerability was found that allows input to be submitted, for example using JavaScript, for form button elements that a user is not supposed to have access to because the button was blocked by setting #access to FALSE in the server-side form definition. This vulnerability is mitigated by the fact that the attacker must have access to submit a form that has such buttons defined for it (for example, a form that both administrators and non-administrators can access, but where administrators have additional buttons available to them).
  • HTTP header injection using line breaks (Base system - Drupal 6 - Moderately Critical): A vulnerability in the drupal_set_header() function allows an HTTP header injection attack to be performed if user-generated content is passed as a header value on sites running PHP versions older than 5.1.2. If the content contains line breaks the user may be able to set arbitrary headers of their own choosing. This vulnerability is mitigated by the fact that most hosts have newer versions of PHP installed, and that it requires a module to be installed on the site that allows user-submitted data to appear in HTTP headers.
  • Open redirect via double-encoded 'destination' parameter (Base system - Drupal 6 - Moderately Critical): The drupal_goto() function in Drupal 6 improperly decodes the contents of $_REQUEST['destination'] before using it, which allows the function's open redirect protection to be bypassed and allows an attacker to initiate a redirect to an arbitrary external URL. This vulnerability is mitigated by that fact that the attack is not possible for sites running on PHP 5.4.7 or greater.
  • Reflected file download vulnerability (System module - Drupal 6 and 7 - Moderately Critical): Drupal core has a reflected file download vulnerability that could allow an attacker to trick a user into downloading and running a file with arbitrary JSON-encoded content. This vulnerability is mitigated by the fact that the victim must be a site administrator and that the full version of the attack only works with certain web browsers.
  • Saving user accounts can sometimes grant the user all roles (User module - Drupal 6 and 7 - Less Critical): Some specific contributed or custom code may call Drupal's user_save() API in a manner different than Drupal core. Depending on the data that has been added to a form or the array prior to saving, this can lead to a user gaining all roles on a site. This issue is mitigated by the fact that it requires contributed or custom code that calls user_save() with an explicit category and code that loads all roles into the array.
  • Email address can be matched to an account (User module - Drupal 7 and 8 - Less Critical): In certain configurations where a user's email addresses could be used to log in instead of their username, links to "have you forgotten your password" could reveal the username associated with a particular email address, leading to an information disclosure vulnerability. This issue is mitigated by the fact that it requires a contributed module to be installed that permits logging in with an email address, and that it is only relevant on sites where usernames are typically chosen to hide the users' real-life identities.
  • Session data truncation can lead to unserialization of user provided data (Base system - Drupal 6 - Less Critical): On certain older versions of PHP, user-provided data stored in a Drupal session may be unserialized leading to possible remote code execution. This issue is mitigated by the fact that it requires an unusual set of circumstances to exploit and depends on the particular Drupal code that is running on the site. It is also believed to be mitigated by upgrading to PHP 5.4.45, 5.5.29, 5.6.13, or any higher version.

Read more: http://drupal.org/drupal-8.0.4-release-notes


3 February 2016 - 115MBThis release only contains bug fixes, along with documentation and testing improvements.

Bug fixes
  • #2625258: LocaleConfigManager::updateConfigTranslations() deletes translations if a config object's name happens to match that of a shipped configuration object
  • #2639352: File records, files themselves lost in translation
  • #2646100: Exception on php7 + APCu without backwards compatibilty enabled
  • #2606548: \\Drupal\\rest\\Plugin\\views\\row\\DataFieldRow::render should take into account the 'exclude' flag

Known issues
  • Installs on php-fpm environments may see fatal errors on enabling modules, due to #2572293: Do not rebuild router in kernel.terminate.
  • There is not yet per-commit testing for MySQL 5.7.9 or MariaDB 10.1.8 (both released October 2015), but there are no known issues with them. We intend to add per-commit testing on one of these databases soon.
  • Particular Apache configurations may have issues with serving public file assets. Issue: #2619250: Disabling -MultiViews in .htaccess can cause 500 errors

  • #2392057 by tim.plunkett, vasi, benjy, alexpott, Gábor Hojtsy, YesCT: Config schema fails to expand dynamic top-level types
  • #2624594 by pwolanin, lauriii, Xano: Local action plugins do not have any way to provide cacheability metadata
  • #2559241 by droplet, tic2000: Closing an #ajax dialog triggers Javascript errors when scrolling
  • #2660502 by floydm: Syntax error on the Usage example of class Radios
  • #2660034 by naveenvalecha: Move .eslintrc into core/.eslintrc
  • #2567339 by Lendude, penyaskito, dawehner: PHP Warning when using link field tokens in a view
  • #2660026 by theMusician: Remove obsolete \Drupal\Core\Config\Entity\ConfigEntityBase::$pluginConfigKey
  • #2610116 by rakesh.gectcr, lipi1: Removing unused variables
  • #2659078 by dpi: Unexpected access operation throws exception when node grant system is active
  • #2635242 by quietone, alvar0hurtad0: Add tests for node body [d6] [d7]
  • #2618804 by webflo: Migrate required setting from vocabulary to field
  • #2618830 by webflo, jan.stoeckler: Term widget migration should depend on tags property
  • #2510076 by DuaelFr: The [view:page-count] token should never return 0
  • #2442721 by daffie, mgifford: Direct access to the variable $parent in Drupal\Core\Field\FieldItemBase::getLangcode()
  • #2657734 by miteshmap, floydm: calculateDependencies() return value is double documented
  • #2633308 by dawehner, mparker17, Wim Leers, Fabianx: Views cache contexts are lost (and thus do not bubble) when rendering a view's block display
  • #2655700 by jhodgdon: ajaxRender() is referenced in documentation but no longer exists
  • #2633644 by rlhawk, mondrake, r_sharma08: Correct empty text does not display when there are no image styles
  • #2267039 by aerozeppelin, joachim: UnsupportedDataTypeConfigException doesn't say which config file the problem is
  • #2643274 by swentel, Mac_Weber, amateescu: EntityAutocomplete does not recognize URLs ending with a parenthesis
  • #2616816 by dawehner, Jaesin: Views aggregation: Grouping a field that doesn't exist on all bundles causes an error
  • #2642362 by alexpott, chrisfree, Manjit.Singh: Animation of throbber-active.gif image is broken
  • #2656202 by Gábor Hojtsy: Add Simple English to Drupal core
  • #376391 by mimran, snehi: Document that module_invoke_all / ModuleHandlerInterface::invokeAll reindexes arrays
  • #2508145 by jibran, s.reichert: Grouping level is always zero in Views
  • #2656260 by swentel: Cannot edit system mail "Admin (user awaiting approval)"
  • #2653692 by TravisCarden: Table form element usage example refers to non-existent "#title" element
  • #2656442 by swentel: Argument missing the 'context' key for 'decimal places' context
  • #2604484 by quietone, dobe, drclaw, skyredwang, mikeryan, grahl: Migrate Drupal 7 image and file fields
  • #2650212 by felribeiro: FieldItemListInterface @see tags are circular
  • #2641430 by googletorp, sudhanshug, priya.chat: Typo/spelling error in LoggerChannelFactoryInterface
  • #2646962 by walangitan, klidifia: AjaxPageStateTest typo and test cleanup
  • #2639796 by swentel: file widget duplicate code
  • Revert "Issue #2650964 by yongt9412: Fix the execution of regular expression"
  • #2655102 by edurenye: Run test --browser missing CSS and images
  • #2651610 by DeanRae, TR: Tableselect documentation lists wrong property name
  • #2650994 by drunken monkey: Javascript states not working for boolean fields
  • #2652970 by dagmar: Wrong @see doc on Plugin/rest/resource/EntityResource.php
  • #2650964 by yongt9412: Fix the execution of regular expression
  • #2649748 by alexpott, danielnv18: Replace instances of "that is can" with "that it can"
  • #2643942 by Lendude, no_angel, dawehner: Entityreference autocomplete with search fields uses wrong column name
  • #2579471 by walangitan, droplet, biguzis, thorandre, swentel: Allow more chars in "Limit allowed HTML tags" filter
  • #2637720 by dawehner, tim.plunkett: Ajax exposed filters + destination query don't work together
  • #2567561 by Sagar Ramgade, mbaynton, Cottser, gnuget, Wim Leers: Captioned elements and their children are removed when theme debugging on
  • #2479487 by claudiu.cristea, legolasbo, mondrake, yched, alexpott, jhedstrom, dawehner, Wim Leers: ImageStyles can be deleted while having dependent configuration
  • #2464055 by davidwbarratt, Mile23: Installation Failure on case insensitive file systems
  • #2655580 by claudiu.cristea: Dead code: hook_system_theme_info() removed but is still implemented
  • #2463113 by pwolanin, Berdir, alexpott, keith.smith, swentel: Plain text passwords can be accidentally dumped to the database by code that doesn't intend to do that
  • #2617586 by Wim Leers, zuuperman: Minor refinements to CKEditor module API docs
  • #2650072 by naveenvalecha, martin107: MessageAction::__construct has duplicate @param definition
  • #2639352 by tduong, swentel, Berdir: File records, files themselves lost in translation
  • #2652556 by Pol: Remove duplicate lines in MenuForm.php
  • #1494670 by Liam Morland, jhedstrom, Wim Leers, mfb: References to CSS, JS, and similar files should be root-relative URLs: avoids mixed content warnings & fewer bytes to send
  • #2580717 by tduong, Berdir, dawehner: Url::fromUri('base:2015/10/06') throws an exception
  • #2510150 by tduong, Berdir: AccountProxy is not calling date_set_default_timezone() for anonymous users
  • #2409789 by mglaman, clemens.tolboom: Double slashes in canonicals while calling resourcePluginManager->getDefinitions()
  • #2646766 by neclimdul: TwigSandboxTest::testExtendedClass() doen't test anything
  • #2526064 by Mile23, naveenvalecha: Remove usage of comment_view() & comment_view_multiple()
  • #2636774 by dawehner, jibran: Move some of the create* functionality into traits
  • #2611064 by joshi.rohit100, Chi, dawehner: CronForm::submitForm - makes wrong redirect
  • #2644216 by jordanpagewhite: Needless State::get call in \Drupal\config\Tests\ConfigEventsTest::testConfigEvents
  • #2540568 by Lendude, mikeyk, geertvd, DuaelFr, pjonckiere, dawehner: ManyToOne 'not' operator throws InvalidArgumentException ("Is none of" choice in UI)
  • #2637058 by claudiu.cristea, priya.chat, jhodgdon, dawehner: Fix HTTP proxy docs in default.settings.php
  • #2645662 by dawehner: Don't pollute the global namespace with t() in tests
  • #2392153 by mparker17, hussainweb, chris.smith, alexpott, dawehner: Disallow composer.json and composer.lock from being indexed
  • #2488886 by colinafoley, mikeker, joelpittet, Wim Leers: Forum - "new replies" message is escaped
  • #2614408 by amateescu: Add test coverage for multiple invalid + mixed existing/new entity reference validation
  • #2643280 by googletorp, alexpott: Fix outdated documentation for ConfigEvents::COLLECTION_NAMES
  • #2646100 by gapple: Exception on php7 + APCu without backwards compatibilty enabled
  • #2642128 by GeduR: DBLog views data unused search property
  • #2644734 by znerol: Replace confusing comment in PagerSelectExtender::execute()
  • #2482857 by jhedstrom, lokapujya, pwolanin, lindzeng, swati_qa, Truptti, alexpott: Cannot delete a book parent
  • #1559506 by finnydobson, JuliaKM, snehi, anil280988, priya.chat, jhodgdon, alexpott: Query alter docs need some clarification
  • #2606548 by Lendude, dawehner, alexpott, catch, tim.plunkett, xjm, damiankloip: \Drupal\rest\Plugin\views\row\DataFieldRow::render should take into account the 'exclude' flag

Read more: http://drupal.org/drupal-8.0.3-release-notes


2 February 2016 - 115MBThis release only contains bug fixes, along with documentation and testing improvements.

Bug fixes
  • #2625258: LocaleConfigManager::updateConfigTranslations() deletes translations if a config object's name happens to match that of a shipped configuration object. Note that no upgrade path is included for this fix (see known issues below).
  • #2620176: Logo image settings form is broken, breaks per-theme overrides and can result in data loss

Known issues
  • #2628004: Create an upgrade path to determine if default_config_hash should be added (2625258). This affects all sites created before 8.0.2 that have locale or an additional language installed (or that will install them in the future). Until this issue is fixed, sites will need to use the core Configuration Translation module to create their own translations for default configuration of currently installed modules, rather than automatically downloading them from localize.drupal.org.
  • #2616164: /update.php/run URL is generated with language prefix and returns 404 error
  • #2639352: File records, files themselves lost in translation
  • #2635728: Uninstalling a module providing display extenders causes fatal errors
  • Installs on php-fpm environments may see fatal errors on enabling modules, due to #2572293: Do not rebuild router in kernel.terminate.
  • There is not yet per-commit testing for MySQL 5.7.9 or MariaDB 10.1.8 (both released October 2015), but there are no known issues with them. We intend to add per-commit testing on one of these databases soon.
  • Particular Apache configurations may have issues with serving public file assets. Issue: #2619250: Disabling -MultiViews in .htaccess can cause 500 errors
  • Installs running on PHP7 with the apcu extension, but with out the APC backwards compatibility extension will get fatal errors from Symfony's classloader[#2646100]

  • #2643570 by gnuget: Correct $lockBackend local variable use
  • #2598178 by krknth, xjm: Remove unneeded settings in core/modules/file/src/Tests/FileFieldRSSContentTest.php
  • #2628754 by cilefen, kristiaanvandeneynde, dawehner, Berdir: Link::toString() should not be deprecated
  • #2642236 by TR: Various setUp() and tearDown() methods are not protected (the sequel)
  • #2643636 by hass: dialog.css: ajax-progress-throbber URL is incorrect
  • #2625512 by heykarthikwithu, Mac_Weber, Wim Leers: Add @param, @return in the code base for the editor module
  • #2635238 by dsnopek, tim.plunkett: Contexts not mapped in time to use them in BlockInterface::access()
  • #2637304 by legolasbo, Xano: Add missing typehints in EntityAutocomplete
  • #2569893 by quicksketch, Wim Leers, DuaelFr: CKEditor alignment buttons can be used even when the align filter is disabled
  • #2575387 by chrisfree, r_sharma08, hussainweb, sudhanshug, Cottser, anil280988, AjitS, rashid_786, drupal.ninja03, Prashant.c, snehi, jordanpagewhite, anil.gangwal, brahmjeet789, jhodgdon, davidhernandez, Manjit.Singh: Add README.txt to Classy Base Theme?
  • #2642824 by chx, jhodgdon: Document extension_discovery_scan_tests setting everywhere
  • #2580423 by giancarlosotelo, s_leu, ameymudras, Berdir: Entity reference widgets don't display entity translations
  • #2584869 by eyilmaz: States collapsed/open/closed doesn't work for
  • #2605214 by Gábor Hojtsy, ChuChuNaKu, EclipseGc, dawehner: Views InOperator::getValueOptions() children do not return values like InOperator::getValueOptions()
  • #2621486 by Lars Toomre: Fixes to migrate/tests/src/Unit/*.php files
  • #2624660 by Lars Toomre: Some fixes to migrate/src/Plugin/*.php files
  • #2302319 by geertvd, Lendude: Missing caption, if view (format table) is grouped by a field
  • #339384 by lotyrin, cilefen, neuquen, marcingy: Default option not set in exposed filters when terms are selected
  • #2604912 by stockholmz, pixelmord, sdstyles: Tableselect.js select all does not fire change event
  • #2359037 by jhodgdon, chx: QueueWorker plugin id is the queue name
  • #2371861 by DuaelFr, YesCT, Gábor Hojtsy, tucho: Strings including tokens in href or src attributes cannot be translated due to safeness check incompatibilities
  • #2640086 by markcarver: Editor routes don't use the ajax_base_page theme negotiator
  • #2604220 by yched, swentel, Cottser: PHP notice for single value image field configured with a default image (no image present) and a hidden label
  • #2592325 by sasanikolic, dawehner, Wim Leers: Revision tab is not shown directly
  • #2461671 by keopx, er.pushpinderrana, marieke_h, jhodgdon, alexpott, Berdir, joachim: Entity::load() docs has parameter that is not needed due to inheritdoc
  • #2634294 by andypost: Fix doc-block of ConfigTranslationFormBase::buildForm()
  • #2616784 by malcomio, shahinam, r_sharma08, kaushalkishorejaiswal, jhodgdon, cilefen, whatsupdan: Link to render API needs semicolon removed from URL
  • #2636980 by Lars Toomre, jhodgdon: Type hint additions in batch.inc
  • #2633686 by snehi, jordanpagewhite, jhodgdon: EntityInterface::urlInfo() deprecated notice does not link to preferred method
  • #2624914 by Lars Toomre: Fixes to migrate/src/Tests/*.php files
  • #2627534 by LewisNyman: Remove LewisNyman from maintainers.txt
  • #2613252 by davidhernandez, Cottser: Add Stable maintainer to MAINTAINERS.txt
  • #2589237 by chx, webflo, benjy, dmoore: Menu links parent migration is broken
  • #2624888 by Lars Toomre: More fixes to migrate/src/Plugin/*.php files
  • #2628418 by neclimdul, quietone: Test coverage for FieldTypeDefaults process plugin
  • #2605684 by chx, dawehner: Routing silently fails in kernel tests
  • #2624890 by Lendude: Views Messages area handler gives broken/missing handler when added to a view
  • #2636424 by eiriksm: Avoid testing for relative link starting with // in shortcut module
  • #2572789 by attiks, andriyun: Fix 'Drupal.WhiteSpace.Comma' coding standard
  • #2631958 by mpdonadio: Remove unnecessary query method in \Drupal\datetime\Plugin\views\sort\Date
  • #2633664 by jordanpagewhite, heddn: Wrong Annotation in MigrateExecutableTest
  • #2568439 by anchal29, hussainweb, priya.chat, r_sharma08, drupal.ninja03, anil280988, snehi, tedbow, joyceg, amit.drupal, jhodgdon: profiles/README.txt incorrectly states that installation profiles do not 'have any effect on' already running sites
  • #2634662 by David Hernández: Typo on \Drupal\taxonomy\Plugin\migrate\source\d7\Vocabulary
  • #2637254 by tvlooy: Form API using $this when not in object context
  • #2630592 by anil280988, hussainweb, drupal.ninja03, Cottser, davidhernandez, jhodgdon: Tweak Stable's README.txt to be more understandable by new users
  • #2629712 by leolando.tan: Typo in node argument default plugin
  • #2509390 by nathanlawson91, Maninders, herom, munzirtaha, Anansi_boy: tags has a wrong right padding in RTL
  • #2400543 by Nitesh Pawar, abhishek.kumar, hugronaphor, jibran, dawehner, PieterJanPut, wuinfo, cilefen, alexpott, ameymudras, lauriii, pec, ashutoshsngh, Truptti, JmOkay: Breadcrumb should be term name instead of term id on term edit and delete page
  • #2599454 by rakesh.gectcr, metzlerd, snehi, jhodgdon: Document Missing HTML Render Elements
  • #2283703 by pjonckiere, jhodgdon: Document how optgroups work on 'select' form elements
  • #2602448 by pjonckiere, heykarthikwithu, jhodgdon: In rdf.api,php, add @return value to the hook_rdf_namespaces()
  • #2611024 by benjy: Migration process plugins are missing schema
  • #2630988 by hussainweb, naveenvalecha: Update the test group name in ContainerAwareEventDispatcherTest.php Annotation to EventDispatcher
  • #2637030 by klausi: Assertions with BrowserTestBase are reported in the wrong file and line number
  • #2268941 by Wim Leers, thpoul, yched, mlewand: Removing caption from a previously captioned image fails to remove the caption-related classes
  • #2401953 by Lendude, dawehner: Database exception for View with Combined field filter with fields with no query alias
  • #2605290 by sanduhrs, Mile23: Improve docs, coding standards for run-tests.sh
  • #2621874 by czigor, Lendude, dawehner: "Hide empty column" only hides the header
  • #2503047 by svendecabooter, phenaproxima, quietone, mikeryan: Migrate the D6/D7 actions table to D8
  • #2595169 by mikeker, claudiu.cristea: Operator 'Is not equal' of BooleanOperator doesn't work
  • #2636228 by alexpott: BrowserTestBase and KernelTestBase tests break badly when they fail
  • #2620442 by Lendude: Theme logo upload settings are shown even if the file module is not installed
  • #2637458 by legolasbo: Remove !placeholder in FormValidator::performRequiredValidation()
  • #2617590 by aspilicious, Berdir: ConfigEntityBundleBase needs to clear bundle cache when updating a bundle
  • #2625782 by alexpott: Infinite loop in ConfigurableLanguageManager->getLanguages() on language config entities import
  • #2574077 by damiankloip, dawehner: REST Export display cannot show any raw output for fields using the Field field handler
  • #2609590 by Lars Toomre: Correct incorrect use of 'id' string in migration system
  • #2634986 by TravisCarden: Render API caching section refers to non-existent "language" context
  • #2598376 by quietone: d6_user_settings migration user_register constants don't seem to line up
  • #2620176 by joelpittet, markcarver, hatuhay: Logo image settings form is broken, breaks per-theme overrides and can result in data loss
  • #2494735 by hussainweb: add $runTestInSeparateProcess = TRUE for BrowserTestBase
  • #2616196 by LOBsTerr, xjm, jordanpagewhite, balagan: Missing opening parentheses in UI text
  • #2633388 by mparker17: Document why ViewsBlock::build() explicitly asks for an un-cached view
  • #2480719 by Lendude, aerozeppelin, Xano, dawehner: Missing label and description for exposed numeric filter when using 'between' filter
  • #2635324 by dawehner: kernel tests are unrunnabble because markTestSkipped message is not displayed
  • #2618034 by Lendude: Adding tag to a View gives an error
  • #2626476 by benjy: MigrationBuilder should have an interface
  • #2404039 by Lendude, jhedstrom, fgm, zealfire, adci_contributor, dawehner: Views performance statistics do not properly display
  • #2608656 by bserem, Mac_Weber, Gábor Hojtsy: Wrong english strings in book migration from D6->D8
  • #2631478 by neclimdul: bootstrap.php loader can show as changed global state
  • #2592213 by Chi, hussainweb: The documentation for TypedDataManagerInterface::createInstance() is wrong
  • #2633534 by steveoliver: Fix small typo in config_api section of core.api.php
  • #2629750 by mpp: Add link to settings page for automated cron on modules overview
  • #2458775 by aerozeppelin, pjonckiere, dawehner: Diff UI is missing colors
  • #2627852 by chx: hook_entity_create_access() is unusable
  • #2625258 by alexpott: LocaleConfigManager::updateConfigTranslations() deletes translations if a config object's name happens to match that of a shipped configuration object
  • #2629374 by benjy: $process should be initialised to empty array
  • #2539222 by sasanikolic: Exception when deleting a translation when there is no canonical link template
  • #2619332 by joelpittet, jmarkel, Wim Leers, Berdir, chintan.vyas, netsensei: Color scheme config changes aren't reflected in cached pages
  • #2596345 by mbovan, Nitesh Pawar, Shreya Shetty, dawehner: Deleting a view should rebuild the routes
  • #2626472 by benjy: MigrateTemplateStorage should have an interface
  • #2596649 by legolasbo, rakesh.gectcr: Exposed form does not save state when it is placed in a block
  • #2535220 by Berdir, droplet, mbaynton: Javascript error in Firefox in node edit form if uid field is not visible but author details is
  • #2388247 by pguillard, snehi, joelpittet, sriharsha.uppuluri: Documentation refers to _theme() function, which has been removed
  • #2586047 by willzyx: Fatal error: Call to a member function getFieldStorageDefinition()
  • #2629772 by webflo: Update mink-phantomjs-driver to a tagged release
  • #2623708 by lauriii, aspilicious, joelpittet: Whitelist instances instead of specific classes in Twig sandbox policy
  • #2617568 by amateescu, cilefen, Fabianx: Rename apc_* functions with apcu_*
  • #2505997 by olli, peterpoe, Lendude: User error: "preview" is an invalid render array key
  • #2606258 by heykarthikwithu: Number::validStep, add @param values in the comment docblocks
  • #2626518 by michaellenahan: Mention sites/default/settings.php in example.settings.local.php
  • #2607870 by Lars Toomre: Some docblock fixes for PHP type 'integer'
  • #2606058 by MattA, priya.chat, alexpott: Documentation for the ConfigEntityType annotation class does not reference the correct entity class
  • #2614604 by rakesh.gectcr, dawehner: PHPdoc is missing for an overridden function in class ConditionManager
  • #2605726 by edxxu, rakesh.gectcr: Wrong @return doc for \Drupal\Core\DrupalKernel::getModuleFileNames()
  • #2610142 by rakesh.gectcr: Wrong @param documentation in folder core/lib/Drupal/Core/Field/
  • #2610128 by rakesh.gectcr: Comment Typos in class FieldItemList
  • #2564577 by snehi, borisson_, Wim Leers, r_sharma08, lauriii: Improve comments on PlaceholderGeneratorInterface::shouldAutomaticallyPlaceholder() and DynamicPageCacheSubscriber::shouldCacheResponse()
  • #2421451 by cilefen, dawehner: Drupal needs comments in opcache
  • #2612618 by anil280988, r_sharma08, Cottser, davidhernandez, kaushalkishorejaiswal: Add README.txt file to Stable explain its role as a backwards compatibility layer
  • #2614862 by rakesh.gectcr: Missing @param doc for method access
  • #2607332 by r_sharma08, ashhishhh, snehi, pjonckiere, dawehner: Missing @return tag in getActiveHelp(), denormalize(), createBookNode()
  • #2628702 by zerolab, joachim: hook_entity_extra_field_info() @return references non-existent method
  • #2616412 by Lendude: ViewResultAssertionTrait verbose Query argument output is empty
  • #2612150 by LOBsTerr: You can no longer see the locks when locking colors together
  • #2105583 by neclimdul, tim.plunkett, dawehner, Mile23: Add some sane strictness to phpunit tests to catch risky tests
  • #2608890 by ashhishhh: Improve comment standards for tracker module
  • #2623790 by roderik, priya.chat, stefan.r: Update SessionManager::migrateStoredSession() method comment
  • #2610140 by pjonckiere: Pluginbase inheritdoc blocks
  • #2608982 by rakesh.gectcr: Comment Typos in DefaultPluginManager class
  • #2606344 by rakesh.gectcr, aneeshthankachan, dawehner, cilefen: Wrong @param doc for construct function in class CoreServiceProvider
  • #2604018 by heykarthikwithu, snehi, kaushalkishorejaiswal, pjonckiere: Add @param documentation in __construct() of User module
  • #2627018 by Lars Toomre: Some fixes for 'e.g.' in docblocks and code comments
  • #2606724 by Lars Toomre, malavya: Few {@inheritdoc} formatting fixes
  • #2614842 by rakesh.gectcr, dawehner: Wrong @param in core/lib/Drupal/Core/Asset
  • #2603818 by jhodgdon, beejeebus, blackra: Add defgroups for listing page headers for api.drupal.org
  • #2617822 by czigor: Comment fixes

Read more: http://drupal.org/drupal-8.0.2-release-notes


3 December 2015 - 115MBKnown issues
  • LocaleConfigManager::updateConfigTranslations() deletes translations if a config object's name happens to match that of a shipped configuration object

Bug Fixes
  • LocaleConfigManager::getTranslatableDefaultConfig() reads config from uninstalled modules
  • Configuration of configurable language types reset after module install
  • SQL::addWhere not defaulting to "IN" operator when using EntityReferenceView for multiple values
  • LocalePluralFormatTest::testPluralEditDateFormatter() is failing randomly
  • Installs on php-fpm environments may see fatal errors on enabling modules, due to #2572293: Do not rebuild router in kernel.terminate.
  • While PHP 7 does not yet have a stable release, Drupal 8.0.x is now tested on every commit with PHP 5.5, 5.6 and 7 with a 100% pass rate, so should support PHP 7’s first stable release once it is available (expected tomorrow December 3rd).
  • There is not yet per-commit testing for MySQL 5.7.9 or MariaDB 10.1.8 (both released October 2015), but a minor incompatibility issue was fixed since RC4, and there are no known issues with them otherwise. We intend to add per-commit testing on one of these databases soon.
  • Particular Apache configurations may have issues with serving public file assets. Issue: #2619250: Disabling -MultiViews in .htaccess can cause 500 errors
  • Drupal needs comments in opcache

  • #2616498 by neclimdul, dawehner, Mixologic: Drupal\Core\Routing\RouteProvider::getCandidateOutlines() does an illegal shift when config is empty
  • #2625216 by alexpott: LocaleConfigManager::getTranslatableDefaultConfig() reads config from uninstalled modules
  • #2621782 by amateescu: SQL::addWhere not defaulting to "IN" operator when using EntityReferenceView for multiple values
  • #2572695 by marvin_B8, attiks, pfrenssen, xjm: Fix 'Drupal.ControlStructures.ElseIf' coding standard
  • Revert "Issue #2617112 by zsofi.major: Missing "one" from translatable string"
  • Revert "Issue #2623232 by xjm, plach, benjy, penyaskito: Improve messages when entity/field mismatch happens"
  • Revert "Issue #2571521 by Maouna, dawehner, sdstyles: Make the logger available on the controllerBase"
  • Revert "Issue #2503981 by eiriksm: Move checkEmptyRegions to named function and before first use (block.js)"
  • #2611758 by swentel, webflo, zuuperman: Field UI table is broken for nested elements
  • #2617112 by zsofi.major: Missing "one" from translatable string
  • #2503981 by eiriksm: Move checkEmptyRegions to named function and before first use (block.js)
  • #2623232 by xjm, plach, benjy, penyaskito: Improve messages when entity/field mismatch happens
  • #2571521 by Maouna, dawehner, sdstyles: Make the logger available on the controllerBase
  • #2618040 by Maouna, plach, catch, YesCT, steelsector, matsbla, SiliconMind, vodde83: Configuration of configurable language types reset after module install
  • #2623680 by alexpott, pfrenssen: Fix phpcs.xml.dist to work with the latest rules and not have unnecessary lines
  • #2604038 by heykarthikwithu: Views module's "base.js" function "Drupal.Views.parseViewArgs", Local variable 'args' is redundant
  • #2619400 by JKerschner: Typo in Tabbing Manager comment
  • #2623548 by rbmboogie: Remove obsolete views.argument_default.php config schema
  • #2075889 by kgoel, pwolanin, catch, YesCT, dawehner, mpdonadio, johnshortess, Crell, mradcliffe, alexpott, webchick, ohthehugemanatee: Document that Drupal will handle incoming paths in a consistent and case-insensitive fashion for routing
  • #2620260 by JKerschner: Typo in BulkForm class
  • #2587149 by Dane Powell, claudiu.cristea: Single item config export names are ambiguous
  • #2610236 by cilefen, aerozeppelin: Views - "No Results Behavior" for individual fields escapes HTML
  • #2621216 by nirvana_u: Typo: "extension if" instead of "extension is"
  • #2621518 by jeroen_drenth: Wrong label of timestamp data type plugin
  • #2547639 by dcrocks, mgifford, Pravin Ajaaz, Gábor Hojtsy, Wim Leers: Rename ambiguous "Menu" toggle in Bartik for accessibility
  • #2122087 by rakesh.gectcr, snehi, InternetDevels, Xano, alvar0hurtad0: Remove references to hook_init()
  • #2622306 by JKerschner: Typos in comments
  • #2581399 by YesCT, effulgentsia: views.style.table schema has incorrect label for 'description'
  • #2579695 by willzyx: ViewsMenuLink should use parent contructor instead of set manually the member variables
  • #2618048 by seppelM: Single quoted HTML attributes in Bartik and Classy template files
  • #2620658 by bojanz: Remove entity_load_multiple() usage from DefaultSelection
  • #2554911 by penyaskito, benjy, catch, ifrik, plach, Bojhan, Gábor Hojtsy, yoroy: Inform users/developers about entity/field mismatch details if it happens
  • #2620266 by JKerschner, plach: Typo in LanguageNegotiationContentEntity class
  • #2587685 by Antti J. Salminen, lauriii, jaakko, AjitS, Sagar Ramgade, rang501: Remove references to non existing preprocess functions
  • #2556273 by Mile23: Fix @deprecation docs of Drupal\Core\DrupalKernelInterface::prepareLegacyRequest()
  • #2617742 by xjm: Followup: fix Views post-update hook doc groups
  • #2600078 by YesCT, koppie, kgoel: Correct syntax for data type documentation in TranslationManager.php
  • #2608938 by rakesh.gectcr: Wrong @return comment block in StackedRouteMatchInterface interface
  • #2607454 by Wim Leers, Devin Carlson: Remove allowedContent for drupalunlink command
  • #2607676 by andypost: Remove useless assigning in template_preprocess_views_view_unformatted()
  • #2603348 by rakesh.gectcr, jhodgdon: Comment block contains wrong argument in @param and typo in description
  • #2614066 by webflo: Machine name element leaks to much data to drupalSetting
  • #2621516 by TravisCarden: hook_page_attachments_alter() @see's itself instead of hook_page_attachments()
  • #2608056 by rakesh.gectcr: Comment Typo in TranslatableMarkup class
  • #2576881 by snehi, stefan.r: Deprecate theme functions for removal before Drupal 9 (docs only)
  • #2619700 by tim.plunkett: \Drupal\Core\Path\PathValidator::getPathAttributes() does not catch MethodNotAllowedException
  • #2611078 by felribeiro: Two spaces insted one in classy.libraries.yml
  • #2612580 by hchonov: Remove unused service from WidgetBase::flagErrors
  • #2567077 by dcrocks, joelpittet, xjm: Followup to Use a Branding Block docs - 2005546
  • #2574719 by chegor, snehi, pguillard, Chi: Grammatical error in assertion message "Make sure that a broken handler of type: @type are created"
  • #2506485 by justAChris, akalata, subhojit777: Test that Header label + customized label wrapper of a Views table display is not double escaped
  • #2608072 by ameymudras: "Object of type "@class" cannot be printed." exception message should not be translated
  • #2609928 by micropat, cilefen, Cottser, chx: Xss::attributes() mangles valid attribute names containing numbers
  • #2321583 by Wim Leers, DuaelFr: Update CKEditor library to 4.5.5
  • #2485761 by mondrake, c470ip, jhedstrom: Support for transparent GIFs broken
  • #2587229 by Chi, claudiu.cristea: Cleanup AssertContentTrait::xpath()
  • #2599080 by edurenye, Studiographene: Duplicated schema field.formatter.settings.boolean
  • #2409547 by znerol: Remove config_export_test.module
  • #2598300 by krknth: Improve field_help() by actually using $field_ui_url
  • #2563803 by borisson_, DietrichM: Remove deprecated functions from core/modules/system/tests/modules/module_test/module_test.module
  • #2392533 by cilefen, bircher, snehi, deepakaryan1988, Oleksiy, priya.chat, Shefarik, rpayanm, venkatadapa: Grammatical error in ModuleUninstallValidatorException message
  • #2608054 by stefan.r: Give more context in invalid placeholder error message PlaceholderTrait::placeholderFormat()
  • #2618418 by plach: Docs follow-up for "hook_entity_create() affects the data of new translations of existing entities in unexpected and undocumented ways"
  • #2613976 by Oleksiy: Remove redundant "See..." that duplicates "@see..." in protected method documentation
  • #2607508 by mangy.fox, joelpittet: Incorrect site branding documentation in page.html.twig
  • #2620764 by andypost: Fix entity.api hook_entity_translation_* examples
  • #2620826 by Lars Toomre: Fix @var directive misuse in interface method docblock
  • #2614310 by moshe weitzman: Mention cache responsibilities of form alter implementations
  • #2606376 by rakesh.gectcr, Himanshu5050, sdstyles, dawehner, nicrodgers: mark \Drupal::l() as deprecated
  • #2606396 by sdstyles, dawehner: mark \Drupal\Core\Routing\LinkGeneratorTrait and \Drupal\Core\Routing\UrlGeneratorTrait as deprecated
  • #2602644 by rakesh.gectcr, Chi: Update @file documentation block for views.module
  • #2613998 by joshi.rohit100, Chi: Remove bartik_preprocess_page() reference from page.html.twig
  • #2611162 by NickWilde: CssCollectionOptimizer comment typo fix
  • #2618886 by alexpott: LocalePluralFormatTest::testPluralEditDateFormatter() is failing randomly

Read more: http://drupal.org/node/2627402


(major version)
19 November 2015 - 115MBThis is the biggest update ever to Drupal. Here are just a few of the hundreds of improvements in Drupal 8:
  • In-context, what-you-see-is-what-you-get (WYSIWYG) editing and previews
  • Comprehensive content modeling out of the box with entities, fields, and views
  • Customization of content pages and even forms and administrative pages via the administrative interface
  • Full translatability and localization out of the box
  • Reliable configuration management for safe and straightforward deployment of changes between environments
  • Mobile-first, responsive, HTML5 output
  • REST-first native web services
  • Enhanced accessibility and WAI-ARIA compliance
  • Modern PHP standards and practices, with integration of popular libraries such as Composer, Symfony2, Guzzle, and Twig
  • Significantly improved front-end performance out of the box
  • Enhanced caching and best-of-class integration with CDNs and reverse proxies
  • Full compatibility with PHP7, and the PostgreSQL and SQLite databases
  • ...And much more!

Read more: http://drupal.org/news/drupal-8.0.0-released


(beta release)
5 November 2015 - 115MBThis release is a beta version. Betas are good testing targets for developers and site builders who are comfortable reporting (and where possible, fixing) their own bugs, and who are prepared to rebuild their test sites from scratch if necessary. Beta releases are not recommended for non-technical users, nor for production websites.

This release candidate includes numerous fixes to regressions in CKeditor since beta 15.

Known issues
  • We are confident that our code is stable enough for wider testing by site owners, developers, and end users. However, there are currently 6 known critical issues with this release candidate. We expect to identify and resolve additional critical issues as the release candidate is tested more widely.

Full changes
  • #2598070 by Wim Leers, jaxxed, DuaelFr, Haza, Reinmar, oleq: [regression] CKEditor Link button does not show if HTML filtering is enabled
  • #2585173 by Wim Leers, Jelle_S, DuaelFr, nod_, Reinmar, attiks: [regression] "Allowed HTML tags" setting corrupted upon accessing Text Format configuration UI
  • #2510380 by Wim Leers, DuaelFr, mlewand, quicksketch, Reinmar, oleq: Images cannot be linked in CKEditor
  • Revert "Issue #2510380 by Wim Leers, DuaelFr, mlewand, quicksketch, Reinmar, oleq: Images cannot be linked in CKEditor"
  • #2581291 by Wim Leers: Update CKEditor library to 4.5.4
  • #2599190 by chegor, rakesh.gectcr, sdstyles, aneeshthankachan, anil280988, Himanshu5050, jhodgdon: Update upgrading procedure describing in UPGRADE.txt
  • #2605546 by dawehner: Mark \Drupal::url() as deprecated
  • #2516742 by DuaelFr, dawehner: Allow Views to be resolved by TitleResolver
  • #2194155 by cosmicdreams, subhojit777, tatarbj, Cottser: Replace deprecated Twig_NodeInterface with recommended Twig_Node
  • #2605408 by IRuslan: Invalid HTML markup in status-report.html.twig
  • #2605280 by rakesh.gectcr: Missing return $this in Url::setUnrouted
  • #2602872 by rakesh.gectcr: Wrong @param doc for construct function in class ContainerAwareEventDispatcher
  • #2602464 by heykarthikwithu, anil280988, rakesh.gectcr: Remove unused local variable and add return value to docs in _search_find_match_with_simplify() of 'search.module'
  • #2605388 by rakesh.gectcr, anil280988, mahavir003, aneeshthankachan: Comment Typos in DrupalKernel.php
  • #2603372 by heykarthikwithu: Remove unused variable in LibraryDiscovery::getLibrariesByExtension()
  • #2480333 by Wim Leers, Elijah Lynn: Document how to use an unminified CKEditor build (for developing/debugging)
  • #2581817 by YesCT: Follow-up for #2505263: clean up comments
  • #2606460 by Wim Leers, alexpott: Regression caused by #2557113: Enabling CKEditor for a text format that did not have it previously is broken
  • #2600672 by alexpott, dawehner: Core MarkupInterface implementations used in Twig templates should implement \Countable
  • #2601790 by Liam Morland: In AttachedAssetsTest.php, separate a 3-part test into 3 separate test assertions
  • #2604324 by krknth, anil280988: block.html.twig variable docs are incorrect
  • #2606470 by alexpott: Symfony prevents container cloning in 2.8 - let's fix this early
  • #2597359 by Wim Leers: Require responses with attachments to contain the final attachment values
  • #2324649 by phenaproxima, svendecabooter, benjy, Berdir: Migrate text fields correctly based on their text_processing setting
  • #2596043 by mpdonadio, pjonckiere: DrupalDateTime constructor claims to support \DateTime object - it should not
  • #2605264 by rakesh.gectcr: Fixing typos for core/lib/Drupal/Core/Entity
  • #2603070 by rakesh.gectcr: Unused variable in file_url_transform_relative()
  • #2602410 by xaiwant: Invalid @param name in core/modules/comment/src/CommentStorage.php
  • #2601682 by krknth, rakesh.gectcr, anil280988, jhodgdon: Unnecessary @param tags & Missing variable names in block, block_content module
  • #2536374 by DuaelFr: Generate placeholder content for ListItemBase Field types
  • #2596083 by Wim Leers, lokapujya, jamin_melville: Allowed attribute 'class' not respected in CKEditor: ACF strips it
  • #2549951 by Wim Leers: Document how to specify multiple CSS classes for CKEditor's styles dropdown
  • #2604618 by andypost, xjm: Views operations dropbuttons do not work with Comment because it does not specify a list builder
  • #2491875 by joachim, xjm, Xano, alexpott: EntityViewsData adds Operations links to all entities, which won't work if the entity type has no list builder, leading to WSOD on some views
  • #2598488 by NickWilde: Views Page display menu expanded option is not included and gets destroyed by cache-rebuild
  • #2590403 by Wim Leers: Remove "Open in new window" checkbox from EditorLinkDialog — Was: "Consider whitelisting 's target attribute in the Standard install profile"
  • #2604092 by Wim Leers: BookNavigationBlock has the 'user.roles' cache context, is wrong
  • #2594909 by rakesh.gectcr, krknth, jhodgdon: Missing @return tags in function/method comments in the core/modules folder
  • #2603296 by heykarthikwithu: 'hook_shortcut_default_set' hook's docblock return can be improved
  • #2453551 by mbovan, edurenye, Berdir, Saphyel, jhodgdon: TranslationLanguageRenderer tries to add langcode field to the view for entity types that have no langcode
  • #2602380 by jonhattan: Innacurate exception message: The "%s" entity cannot have a URI as it does have an ID
  • #2603786 by joelpittet, Wim Leers, Fabianx: Make Renderer(Interface)::renderPlaceholder() public
  • #2575703 by borisson_, stefan.r, Berdir, joshi.rohit100: Remove default fall-through from PlaceholderTrait::placeholderFormat()
  • #2602662 by mikeryan, phenaproxima: Feed ID should be required base field for aggregator items
  • #2604722 by rakesh.gectcr: Comment typo in BaseFieldDefinition.php file
  • #2597628 by plach, jhedstrom, alexpott, Gábor Hojtsy: Enabling translation for menu links / taxonomy terms results in "Entity/field definitions" -- "Mismatch detected" on reports/status page
  • #2600152 by Cottser, dawehner: Make ThemeRegistryLoader only throw an error when $throw is true
  • #2589829 by rakesh.gectcr, joshi.rohit100, yched, Arla: Missing return $this in FieldConfigBase::setSetting and setConstraints
  • #2540870 by joelpittet, lauriii: Improve the |safe_join Twig to be inline with twig_join_filter()
  • #2603152 by alexpott, Fabianx, neclimdul: Fix PHP 7 testbot failures
  • #2541344 by Wim Leers, borisson_, DietrichM, Xano, tim.plunkett, alvar0hurtad0, joshi.rohit100: BlockBase subclasses should merge their cache tags/contexts with the parent's (BlockBase's)
  • #2500931 by mikeker, jhedstrom, Berdir: Views feed doesn't encode embedded HTML anymore
  • #2603798 by neclimdul, phenaproxima, mikeryan: dblog_settings tests prove nothing
  • #2590105 by webflo, phenaproxima, snehi, alexpott: Fix undefined variable in d6_field migration
  • #2574973 by mikeryan, phenaproxima: Option to tee idmap messages to message interface
  • #2596793 by phenaproxima, penyaskito, svendecabooter: Migrate legacy languages to configurable language entites
  • #2599246 by mcdruid, Gábor Hojtsy: data in bulk_form_key should not be separated by -
  • #2337191 by tim.plunkett, dawehner, jibran, yched, Wim Leers, catch: Split up EntityManager into many services
  • #2601610 by krknth: Fix comment standards for filter module
  • #2599156 by nicrodgers, snehi, jhodgdon: Several methods in node.module are missing return type documenation
  • #2599442 by jhodgdon, heykarthikwithu, Himanshu5050, eojthebrave, metzlerd: Document common form/render element properties
  • #2599524 by blackra, krknth, jhodgdon, rhett.prichard: Fixing order of documentation sections for /core/lib/Drupal
  • #2598696 by mikeryan, effulgentsia, quietone: Rollback should not delete uid 1
  • #2600538 by rakesh.gectcr, anil280988, justAChris, jhodgdon: Incorrect @file description in core/ classes - wrong namespace or class name
  • #2602442 by mcdruid: typo in \Drupal\tracker\Tests\TrackerNodeAccessTest - drupalCreateuser
  • #2601244 by heykarthikwithu: Removal of unused variable in function config_translation_config_translation_info(&$info)
  • #2601364 by rakesh.gectcr: Unused local variables in template_preprocess_table()
  • #2599612 by rakesh.gectcr: Unused variable in drupal_get_filename()
  • #2601220 by heykarthikwithu: ConfigTranslationOverviewAccess::__construct docblock parameters doesn't match actual parameters
  • #2578377 by YesCT, jhodgdon, Gábor Hojtsy, alexpott, herom, xjm: Make translatable docs consolidated and better for developers
  • #2600996 by heykarthikwithu: Removal of unused variable CommentController::getReplyForm
  • #2600990 by heykarthikwithu: Removal of unused variable BookManager::getActiveTrailIds
  • #2601162 by heykarthikwithu: ShortcutSetStorage::__construct documentation of @param StorageInterface is not required
  • #2598232 by Berdir, alexpott, juanse254: ConfigFactory::get() pollutes ::loadMultiple() static cache with new config objects
  • #2569223 by tim.plunkett: Add tim.plunkett to Ajax system in MAINTAINERS.txt
  • #2400197 by pwolanin, fgm, znerol, neclimdul, mpdonadio, thekevinday, Fabianx: Harden the security where hash values are compared
  • #2594845 by er.manojsharma, tarekdj, snehi, dpopdan, anil280988, jhodgdon, cilefen: Many database driver classes have no class doc blocks
  • #2597860 by neclimdul: UpdateRegistryTest tests missing assertions
  • #2597844 by neclimdul: EntityManagerTest doesn't assert everything it thinks it does
  • #2591125 by Berdir, Jaesin: Only the last views argument token works
  • #1443342 by joseph.olstad, mikeytown2, xjm, joelpittet, brianV, effulgentsia: Inline file_uri_scheme() in file_stream_wrapper_uri_normalize() and other file.inc functions
  • #2600200 by alexpott, chx, swentel: PHP7 reveals inconsistent ordering in views_entity_field_label()
  • #2600686 by jhodgdon: Broken views test config YAML
  • #2530296 by googletorp, mondrake, snehi, andile2012, jhodgdon, mikeker: Fix up docs in core/includes/pager.inc
  • #2600328 by aanschut, brandenlhamilton, dawehner, pjonckiere: Argument default plugin docblocks
  • #2600304 by marvin_B8, anil280988, GoZ, justAChris: Bad @file description in core/ classes
  • #2579427 by lauriii, ibullock, joelpittet, bigjim: Outputting markup from custom text field is not possible
  • #2600282 by dawehner, alexpott: PHP7 fails on Drupal\system\Tests\Update\UpdatePostUpdateTest
  • #2597303 by benjy: Kernel Tests should be allowed in profiles
  • #2599250 by krknth: Fixing order of documentation sections
  • #2600176 by alexpott, dawehner, tim.plunkett: Step 1.875: Include the PhantomJS Mink driver for real
  • #2580049 by Cottser, Manjit.Singh, NickWilde, alexpott, Wim Leers: Removed CSS files not removed from library definitions
  • #2588529 by David_Rothstein, cilefen, kikoalonsob: Code indentation is incorrect in simpletest_generate_file()
  • #2549571 by borisson_, nicrodgers: method visiblity in NodeTranslationUITest
  • #2042239 by tbradbury, pkiraly, lucaslg, pjonckiere, oriol_e9g, ivanchaer, jhodgdon, chx, cilefen, David_Rothstein: DeleteQuery::execute (Delete::execute() in D8) return value documentation is unusable
  • #2595605 by snehi, kiamlaluno, cilefen: Wrong comment in User module in user.module file
  • #2598500 by krknth, nicrodgers: Remove unused variables from core/modules/toolbar/src/Tests/ToolbarAdminMenuTest.php
  • #2598840 by GoZ, DuaelFr: Bad @file description in Test files classes
  • #2598620 by penyaskito: Wrong assertion on BulkFormTest
  • #2513266 by mikeker, joelpittet, lauriii, Cottser, pwolanin, larowlan, Fabianx, stevector, catch, alexpott, dawehner: Twig templates can call delete() on entities and other objects
  • #2597644 by Mile23: ComposerIntegrationTest::testAllModulesReplaced() doesn't test anything
  • #2596801 by alexpott, dawehner: Step 1.75: Include the PhantomJS Mink driver
  • #2502621 by Pravin Ajaaz, hussainweb, Peacog, jhodgdon, ivanjaros: Replace implement notes with inheritdoc tag
  • #2599446 by alexpott: UncaughtExceptionTest fails on PHP7
  • #2592665 by jhedstrom, alexpott: Create RC1 database dumps
  • #2600004 by koppie, YesCT: Missing param type for getOption()
  • #2484645 by giancarlosotelo, Arla: Assigning context mapping: allow empty selection for optional contexts
  • #2544156 by joelpittet: Deprecate drupal_render_children()
  • #2594441 by rakesh.gectcr, joshi.rohit100, Nitesh Pawar, cilefen, xjm: Comment Typos in bootstrap.inc file
  • #2599172 by TravisCarden: Typo: "Provides a service to handler..."
  • #2502867 by Peacog, trwad, jhodgdon: Document all drupal(Post|Get)(*) methods $path parameter
  • #2547691 by snehi, er.pushpinderrana, edxxu, ipun.amin, visabhishek, jhodgdon, cilefen, ttkaminski: Typo with #theme_wrappers
  • #2597814 by dawehner, Xano: Kerneltests are broken in phpstorm
  • #2576431 by joyceg, YesCT: Improve t() docs "fully-translatable site" is overstating
  • #2575735 by almaudoh: LibraryDiscoveryCollector::reset() does not properly reset its $cid, resulting in loading wrong library assets if the active theme changes
  • #2584745 by mbovan, s_leu: Entity references should be displayed translated on non translatable entity types
  • #2593481 by Wim Leers: PlaceholderGenerator::createPlaceholder() generates invalid markup; causes placeholders to not be replaced if processed by DOMDocument
  • #1938900 by joelpittet, lokapujya, Cottser, lauriii, swentel, neochief, tstoeckler, andypost, duellj: Convert theme_field_ui_table into a template (DIE THEME FUNCTIONS DIE)
  • #2512468 by bendev, munzirtaha, rudraram, chipway, emma.maria, cchanana, elchiconube, Manjit.Singh, jim005, trevorkjorlien, fil00dl, meenakshi.r, davidhernandez, rbrissaud, Knee-X, LewisNyman: Regression: Indented styles for indented comments are missing in Bartik
  • #1938912 by Manuel Garcia, joelpittet, lokapujya, duellj, Cottser, akalata, pplantinga, mdrummond, rpayanm, Hydra, lauriii: Convert language content setting table theme to a twig template
  • #2544176 by lauriii, joelpittet: Remove drupal_render_children() usage in Drupal\toolbar\Element\Toolbar
  • #2582309 by neclimdul, joelpittet, YesCT, dawehner, tim.plunkett: Cookies get lost during RedirectResponse replacement
  • #2597718 by googletorp, tstoeckler: Date library is missing dependency to jquery.once
  • #2585781 by anil280988, Davinder.Snehi, sdstyles, lucian.gutoiu, Chi, jhodgdon, GoZ, YesCT: Wrong documentation of t()
  • #2580569 by anavarre, Davinder.Snehi, Schnitzel, jhodgdon: Update documentation that mentions active CMI directory. active was removed
  • #2597548 by jhodgdon, tim.plunkett: Useless message thrown by SqlContentEntityStorage::wrapSchemaException()
  • #2583135 by Torenware, klausi: Context::getContextData() sometimes returns NULL which violates ContextInterface
  • #2597137 by Dom., jhodgdon, dawehner: Missing schema error on 'sorts.score.expose' views configurations
  • #2599152 by mikeryan, jhedstrom: ROLLBACK_PRESERVE is not respected
  • #2587549 by herom, prestonso: Remaining RTL fixes for Drupal 8
  • #2582577 by Shlyapkin Grigoriy, Liam Morland, stefan.r, mradcliffe, oriol_e9g, shazbot28: D8 install should check MySQL version (Syntax error or access violation: 1115 Unknown character set: 'utf8mb4')

Read more: http://drupal.org/node/2608078


(beta release)
12 October 2015 - 115MBThis release is a beta version. Betas are good testing targets for developers and site builders who are comfortable reporting (and where possible, fixing) their own bugs, and who are prepared to rebuild their test sites from scratch if necessary. Beta releases are not recommended for non-technical users, nor for production websites.

We revamped Drupal's user interface; added WYSIWYG and in-place editing; significantly improved mobile support; added and improved key contributed modules including Views, Date, and Entity Reference; introduced a new object-oriented backend leveraging Symfony components; revamped configuration management; improved multilingual support; and added hundreds of other improvements. Drupal 8.0.0-rc1 is the collective work of over 3,200 core contributors.

Known issues
  • We are confident that our code is stable enough for wider testing by site owners, developers, and end users. There are however still known issues with Drupal 8.0.x, including major bugs. Help resolve these issues by testing Drupal 8 and searching for existing bug reports and adding more information to help resolve those bugs. If your suspected bug hasn't been reported yet, submit a bug report.
  • There is a known issue with response cache headers sometimes exceeding hosting configuration limits that may cause some pages to not be viewable on some hosting providers. If you run into this, see that issue and its related issues for details.

Full changes
  • #2072945 by Berdir, plach, effulgentsia, Schnitzel, andypost, Wim Leers: Remove the $langcode parameter in EntityAccessControllerInterface::access() and friends
  • #2570285 by mr.baileys, cpj, stefan.r, alexpott, nlisgo, joelpittet, Aki Tendo, borisson_, chx, dawehner, s_leu, Berdir: Make sure TranslatableMarkup accepts string values only
  • #2581683 by alexpott, hussainweb: Update PHP dependencies pre RC using composer
  • #2507031 by claudiu.cristea, dawehner, Wim Leers, mitrpaka, webflo, catch, piyuesh23, beejeebus, Berdir: Optimize automatic cron subscriber by moving automatic cron to a module
  • Revert "Issue #2507031 by claudiu.cristea, dawehner, Wim Leers, mitrpaka, webflo, catch, piyuesh23, beejeebus: Optimize automatic cron subscriber by moving automatic cron to a module"
  • #2507031 by claudiu.cristea, dawehner, Wim Leers, mitrpaka, webflo, catch, piyuesh23, beejeebus: Optimize automatic cron subscriber by moving automatic cron to a module
  • #2520526 by alexpott, dawehner, pwolanin, nlisgo, Eli-T, claudiu.cristea, catch, cosmicdreams, Wim Leers, yched, jibran, Gábor Hojtsy, YesCT, swentel, heddn, xjm: Calculate configuration entity dependencies on install
  • #2151113 by akalata, joelpittet, mdrummond, mfernea, martin107, mr.baileys, Cottser: Convert theme_system_modules_uninstall() to Twig
  • #2575869 by pwolanin, Wim Leers, JeroenT, dawehner, YesCT: Remove all remaining usage of deprecated UrlGeneratorInterface::generateFromPath() and delete it
  • #2516918 by mErilainen, vulcanr, pazhyn, LewisNyman, Wim Leers, Bojhan, eliza411, ivanstegic, lunk_rat, nickrosencrans, stpaultim, webchick: Prevent mobile browsers from zooming on all form inputs
  • #2572689 by jhodgdon, rumburak, ifrik, yoroy, Bojhan, longwave, bendev: Update the UI text for the Search module
  • Revert "Issue #2572689 by jhodgdon, rumburak, ifrik, yoroy, Bojhan, longwave: Update the UI text for the Search module"
  • #2572689 by jhodgdon, rumburak, ifrik, yoroy, Bojhan, longwave: Update the UI text for the Search module
  • #2572621 by rachel_norfolk, jhodgdon, ifrik, Bojhan, xjm: Update the menu descriptions provided by the System module
  • #2580575 by alexpott, YesCT, Gábor Hojtsy: Installing a module can delete config translations
  • #2575421 by Cottser, mdrummond, lauriii, davidhernandez, LewisNyman, catch, alexpott, joelpittet, webchick, Bojhan, emma.maria, mortendk: Add a Stable base theme to core and make it the default if a base theme is not specified
  • #2483887 by Wim Leers, joshi.rohit100, Fabianx, dawehner: Mark RenderCache as internal
  • #2581195 by jhodgdon, dawehner: Views UI help still talks about theme suggestions, which is gone
  • #2571665 by jhodgdon, ifrik: Review the hook_help for the system module - should mention status report
  • #2581243 by jhodgdon: Views UI help does not have standard headings
  • #2575469 by hussainweb, borisson_: Require the composer/semver library to do version checking
  • #2570359 by ekes, jhodgdon, ifrik, Wim Leers: Update the hook_help for the filter module again
  • #2429191 by claudiu.cristea, amateescu, yched, nlisgo, Berdir, alexpott, klausi, Wim Leers, xjm, catch: Deprecate entity_reference.module and move its functionality to core
  • #2151109 by akalata, Cottser, joelpittet, jcnventura, lauriii, derheap: Convert theme_system_modules_details() to Twig
  • #2578561 by tim.plunkett, joelpittet, Bojhan, Fabianx, xjm, cilefen, David_Rothstein, DamienMcKenna: Move "Inline Form Errors" functionality to optional module and restore D7-style form errors by default
  • #2557265 by claudiu.cristea, Wim Leers: Synchronize editor status with paired text format status
  • #2578559 by yched: Have ViewsSelection no longer extend SelectionBase
  • #2118663 by cdog, nod_: Remove the Drupal.checkWidthBreakpoint method from drupal.js; replace with window.matchMedia where appropriate
  • #2458601 by Denchev, Berdir: statistics library is not loaded if node template doesn't print it
  • #2531678 by mondrake, MattA: The 'create_new' and 'rotate' image operations do not release memory
  • #2580697 by Wim Leers: UserLoginBlock has max-age=0, is not necessary
  • #2560987 by tstoeckler: Active class (almost) always added to frontpage links for anonymous users, even on other pages
  • #2488032 by jhodgdon, opdavies, ifrik, webchick, Berdir: Integrate help test into module uninstall test
  • #2485425 by MathieuSpil, iro, saki007ster, Wim Leers, Manjit.Singh, wiifm, kostask, Studiographene, alvar0hurtad0, LewisNyman: Clean up editor CSS inline with our CSS standards
  • #2416857 by cilefen, evgeny.chernyavskiy, lauriii, chr.fritsch, pjonckiere: Add an active_theme_path twig function
  • #2577487 by martin107, jhodgdon, cilefen: \Drupal\Core\Database\Query\SelectExtender - Needs more @inheritdoc tags
  • #2073217 by andypost, Berdir, plach: Remove the $langcode parameter from the entity view/render system
  • #2487588 by YesCT, Leksat, Schnitzel, alexpott, anavarre, xjm: Move CMI import/export directory "staging" to "sync", as it is confused with staging environments
  • #2579903 by mnfriend: Improve doumentation for decimal item field type
  • #1832946 by Sutharsan, Jose Reyero, Gábor Hojtsy, Wim Leers, vijaycs85: Runtime translation download fallback works different from installer translation download fallback
  • #2476407 by borisson_, hussainweb, znerol, Fabianx, Wim Leers, dawehner, Crell, Berdir: Use CacheableResponseInterface to determine which responses should be cached
  • #1832862 by jerdavis, nlisgo, Zekvyrin, Maouna, nod_, royal121, tadityar, Lendude, dawehner, tim.plunkett, B_man, damiankloip, ohthehugemanatee, YesCT, Bojhan, xjm, dajjen, yoroy, lisarex, penyaskito, metzlerd, veronicanerak: Make views add field scannable
  • #2504815 by neclimdul, phenaproxima, mikeryan: d6 to d8 migration throws integrity contraint warning with duplicate file paths
  • #2579979 by Jelle_S, attiks, nod_, Wim Leers: Allow contrib to alter EditorImageDialog/EditorImageDialog and have custom attributes be stored
  • #2503755 by Wim Leers, bobrov1989, webchick, dcrocks, andypost, emma.maria, catch, Bojhan, dawehner, Gábor Hojtsy, alexpott, tstoeckler, yoroy: Switch from user login block to login menu link and search block in standard profile
  • #2488568 by Jose Reyero, alexpott, Gábor Hojtsy, tstoeckler: Add a TypedDataManagerInterface and use it for typed parameters
  • #2571647 by mpdonadio, joelpittet, pjonckiere: Create DateFormatterInterface
  • #2409639 by k4v, madhavvyas, katzilla, tstoeckler, hexabinaer, dawehner: Hide empty details containers
  • #2578433 by longwave, hussainweb: \Drupal\views\Plugin\views\filter\FieldList uses undefined function
  • #2578249 by yched: Some e_r fields get the wrong Selection handler
  • #2578805 by hussainweb: Upgrade to Symfony 2.7.5
  • #2580527 by webflo, hussainweb, neclimdul: Revert vendor/bin/phpunit
  • Revert "Issue #2503755 by Wim Leers, bobrov1989, webchick, dcrocks, andypost, emma.maria, catch, dawehner, Bojhan, tstoeckler, alexpott, yoroy: Switch from user login block to login menu link and search block in standard profile"
  • #827468 by paulmartin84, latikas, aburrows, alimac, fatfish, rocket_nova, Truptti, pektinasen, DuaelFr, YesCT, ifrik, John Cook, danylevskyi, dcam, anil.gangwal, gajendra sharma, danharper, mgriego, realityloop, bleen18, alvar0hurtad0, dddave, droplet, susanb, nlisgo, webchick, meeli: Fix the allowed punctuation wording in user_edit_form
  • #2568595 by hussainweb, dawehner: Upgrade PHPUnit to latest 4.8.x
  • #2579615 by longwave, dawehner, juxe, alexpott: Views only able to add Attachment display
  • #2560049 by hass, chrisfree, cilefen, Wim Leers, Gábor Hojtsy: Incorrect capitalisation of translatable strings
  • #2579399 by phenaproxima, mikeryan, neclimdul: db-tools.php import does not work
  • #2572637 by ifrik, dubois, ndobromirov, jhodgdon, Gábor Hojtsy, lachezar.valchev, xjm: Update the hook_help for the Interface translation module again
  • #2520540 by alexpott: Enforced configuration dependencies shouldn't have to be repeated in the calculated dependencies
  • #2575741 by Berdir: Priority of serialialization EntityReferenceFieldItemNormalizer must be lower than the one from hal
  • #1218814 by swentel, pixelmord, andypost, franz: PDOException because of incorrect validation of number fields
  • #2454649 by Aki Tendo, dawehner: Cache Optimization and hardening -- [PP-1] Use assert() instead of exceptions in Cache::merge(Tags|Contexts)
  • #2348729 by Manuel Garcia, joelpittet, akalata, subhojit777, Cottser, rpayanm: Convert theme_views_view_field to twig
  • #2580255 by Wim Leers: Remove (classy|seven)_library_info_alter() in favor of libraries-extend
  • #2568511 by Mile23, ianthomas_uk, Wim Leers: Fix broken test: KernelTestBase::render
  • #2571337 by maxocub, rodrigoaguilera, tstoeckler: Node type title label cannot be translated in the UI
  • #2578519 by phenaproxima, webchick: Node has invalid config schema for node_unpublish_by_keyword_action
  • #2527546 by DuaelFr, larowlan, chx: ModulesListForm::buildRow() does not properly build the Request object for the TitleResolver
  • #2550925 by PrineShazar, maijs, LewisNyman, opdavies, justAChris: Header style in seven theme with drupal set message
  • #2579357 by pwolanin: Fix text for "Limit allowed HTML tags" filter to also indicate it restricts HTML attributes
  • #2557367 by davidhernandez, joelpittet, madhavvyas, alexpott, nikkyR, Studiographene, emma.maria, xjm: Fix inline list CSS
  • #2528988 by znerol: Remove the option to specify a base_url from within settings.php
  • #2579095 by Aki Tendo: Create Inspector::assertStringable - a shorthand for (is_string($string) || (is_object($string) && method_exists($string, '__toString')
  • #2571533 by damiankloip, yched: Allow setting custom storage on FieldStorageConfig
  • #1978714 by amateescu, claudiu.cristea, pfrenssen, yched, jibran, filijonka, dawehner, alexpott, tstoeckler: Entity reference doesn't update its field settings when referenced entity bundles are deleted
  • #2554065 by neclimdul, larowlan: Fix APC test for PHP 7
  • #2497667 by almaudoh, Wim Leers, Cottser, Fabianx, jaxxed: Add libraries-extend to themes' *.info.yml
  • #2555069 by ianthomas_uk, Mile23: Remove invocation of hook_html_head_alter()
  • #2576945 by hchonov: PathProcessorLanguage::initProcessors is not sorting the methods by weight
  • #2498137 by yas, dawehner, daffie, jhodgdon, sumitmadan: QueryBase::sort can only work with capital letter such as 'ASC' or 'DESC' as the second parameter
  • #2578567 by Cottser: Remove theme_indentation() and use Twig template only
  • #2505263 by maxocub, tstoeckler: Session language switch links are (sometimes) broken
  • #2579411 by yched: Resolve @todo by adding test in EntityReferenceFieldTest
  • #2578083 by claudiu.cristea: Followup: Clean docs after #2064191
  • #2568099 by Wim Leers, mdrummond, mortendk: Follow-up for #2407739: Remove the js-quickedit-main-content class that was added in favor of relying on
  • #2575853 by DuaelFr, Lendude: Fix \Drupal\views\Tests\Plugin\DisplayPageTest::testPageRouterItems so all assertions are called
  • #2552799 by heddn, glenshewchuck, Xano, deepakaryan1988, swentel, jordanpagewhite, yched, tim.plunkett: FieldType with no available widget causes Fatal error
  • #2570895 by alexpott: FieldPluginBase can duplicate a suffix
  • #2579887 by StryKaizer, hussainweb, dawehner: EntityListBuilder requires cache tags
  • #2503755 by Wim Leers, bobrov1989, webchick, dcrocks, andypost, emma.maria, catch, dawehner, Bojhan, tstoeckler, alexpott, yoroy: Switch from user login block to login menu link and search block in standard profile
  • #2577895 by sdstyles, attiks: Update JS library picturefill to 3.0.1
  • #2578991 by ifrik, jhodgdon, Bojhan, snehi: Update link descriptions on the Configuration page that are confusing
  • #2578989 by ifrik, alvar0hurtad0, jhodgdon, Bojhan, snehi, mairi, rachel_norfolk: Update link descriptions on the Configuration page that are not correct for D8
  • #2553909 by GoZ, deepakaryan1988, Pravin Ajaaz, DuaelFr, alexpott: Update ProjectInfo class to not use 'disabled'
  • #2410497 by alvar0hurtad0, sdstyles, hussainweb, webchick, jhodgdon, mpdonadio: Update remaining url() and _l() calls in comments/documentation
  • #2578815 by hussainweb: Upgrade behat/mink and behat/mink-goutte-driver
  • #2342247 by martin107, Mile23: Within nested foreach loop you cannot use the same loop variable
  • #2344831 by martin107, jhodgdon, tstoeckler, Mile23: Document behavior of Drupal/Core/Database/Query/SelectInterface::__toString()
  • #2422481 by akalata, lokapujya, joelpittet: Convert language negotiation theme table to table #type
  • #2574597 by Upchuk, jhedstrom, Berdir, klausi: Comment body doesn't show up in preview for Anonymous users
  • #2349303 by PQ, Charles Belov, Wim Leers: Can't drag directly from Active Toolbar to Available Buttons 2nd row
  • #2273671 by JeroenT, mgifford, Tim Bozeman, StryKaizer, catch: Allowed number of values more than 1 needs aria-describedby Support
  • #2534066 by Jelle_S, Dom., attiks: Allow selecting the original image when creating a responsive image style
  • #2396473 by herom, Aunion, pjbaert, Manjit.Singh, Dhorkiy, b0unty, prabhurajn654, Dom., Gábor Hojtsy, LewisNyman, idebr: Add missing RTL rules to System CSS
  • #2549017 by pjonckiere: Add getGroup() and getGroupLabel() to an interface and add docs
  • #2563505 by javivf, adooo, Wim Leers, Truptti, DuaelFr, Reinmar, quicksketch, FMB: "Enter caption here" text missing due to auto-created
  • #2487025 by shellshocked59, harings_rob, rteijeiro, subhojit777, vijaycs85, ashutoshsngh, aburrows, swetashahi, mradcliffe, Wim Leers, lauriii, LewisNyman, Bojhan, DeeLay, B_man, davidhernandez, lizzjoy, lweinmeister, wizonesolutions, arh1, GenerUmali, tstoeckler: Remove contextual links in Seven
  • #2471739 by RajeevK, martins.kajins, pektinasen, LewisNyman, jaxxed: Convert reusable layout classes to BEM standards
  • #2468851 by Upchuk, geertvd, JinX-Be, dawehner, Lendude: Validation criteria of contextual filter stays active after unchecking 'Specify validation criteria'
  • #478994 by valthebald, sushantpaste, LewisNyman, InternetDevels, Xano, lucastockmann, alansaviolobo, mgifford, emmajane: Please state the version you are installing
  • #2576525 by joshi.rohit100, DuaelFr, MattA: Missing package property in *.info.yml files for some testing support modules
  • #2570999 by RajeevK, Andrew Gleeson, ifrik, jhodgdon, Bojhan, yoroy: Update the module descriptions on the Structure page
  • #2572577 by amfranco, ifrik, pguillard: Update the UI texts for the Database Logging module
  • #2427889 by daffie, Mile23: ConfigurableLanguageTest not found by SimpleTest
  • #2578539 by longwave: Remove obsolete forum_update_last_removed()
  • #2577659 by mkalkbrenner, stefan.r: Documentation for property ContentEntityBase::entityKeys is wrong
  • #2348325 by fago, pradeep.singh, Mile23, Berdir: EntityManagerInterface::getHandler() documentation still refers to controllers
  • #2567835 by lussoluca, alvar0hurtad0, valthebald: Typo in SessionHandler::read() method
  • #2579625 by laurencemercer: Typo in file_validate_image_resolution() doc
  • #2572513 by ifrik, MattA, mdoedens, yoroy, jhodgdon: Update the hook_help for the block module again
  • #2572525 by mdoedens, ifrik, jhodgdon: Update the hook_help for the comment module again
  • #2579847 by marcvangend, hussainweb, YesCT, dawehner, chx, Wim Leers: /node/add is lacking cacheability metadata, causes problems when cached by Dynamic Page Cache and "Use admin theme when editing or creating content" is turned off
  • #2579965 by claudiu.cristea: AssertContentTrait "use"d twice in AjaxPageStateTest
  • #2558885 by Cottser, jhedstrom, david_garcia, alexpott: TwigEnvironment is unable to cache inline templates because it sends invalid filenames to MTimeProtectedFastFileStorage
  • #2497115 by melvinlouwerse: ajax_page_state is not taken into account for normal GET requests
  • #2559955 by Wim Leers, swentel, mdrummond: Ensure that Quick Edit relies less on the structure of the HTML
  • #2451411 by almaudoh, Shamsher_Alam, lauriii, borisson_, cilefen, davidhernandez, Cottser, Wim Leers, joelpittet: Add libraries-override to themes' *.info.yml
  • #2571655 by jan.stoeckler, maxocub, tstoeckler: ConfigNamesMapper::hasTranslatable has flawed logic
  • #2281533 by claudiu.cristea, amateescu, tim.plunkett, yched, jibran, catch: Entity Reference default selection plugin ignores matches if an entity type has no label key
  • #2562811 by Jaesin, dawehner, jibran: Make \Drupal\views\Plugin\views\display\DisplayPluginBase::getType() public and add it to the interface
  • #2464409 by borisson_, Wim Leers, jhodgdon, Fabianx, catch, swentel: Search results should bubble rendered entity cache tags and set list cache tags
  • #2562107 by claudiu.cristea, jibran, yched, Berdir: EntityDisplayBase should react on removal of its components dependencies
  • #2463567 by borisson_, Wim Leers, Xano: Push CSRF tokens for forms to placeholders + #lazy_builder
  • Revert "Issue #2563843 by heddn, jhodgdon, mradcliffe, swentel: MapItem FieldType isn't used, documented, or tested: remove it"
  • #2568203 by phenaproxima, mikeryan: Remove migrate-db.sh in favor of core tools
  • #2465907 by mkalkbrenner, cedric_a, plach, Gábor Hojtsy, matsbla: Node revision UI reverts multiple languages when only one language should be reverted
  • #2575615 by alexpott, pwolanin, stefan.r, catch, dawehner, effulgentsia, xjm, David_Rothstein, iMiksu, lauriii, joelpittet: Introduce HtmlEscapedText and remove SafeMarkup::setMultiple() and SafeMarkup::getAll() and remove the static safeStrings list
  • #2579187 by plach, mkalkbrenner: Revert to an older entity revision with less translations leads to fatal error caused by EntityStorageException
  • #2576037 by unqunq, er.manojsharma, sdstyles, martins.kajins, Devaraj johnson, cilefen, Bojhan, Wim Leers: "Sorry" in user-facing errors violates the User Interface Standards
  • #812810 by Kuldip Gohil, kiamlaluno, akozma, cilefen, rocket_nova, JulienD: Replace "copying and pasting it to" with "copying and pasting it into"
  • #2554003 by mikeryan, benjy, phenaproxima: isComplete() should not rely on RESULT_COMPLETED
  • #2579021 by Wim Leers, Berdir, sasanikolic, Fabianx: Prevent comment forms from marking rendered nodes as uncacheable
  • #2563843 by heddn, jhodgdon, mradcliffe, swentel: MapItem FieldType isn't used, documented, or tested: remove it
  • #2574893 by heddn: Configure parameter in migrate.info.yml malformed
  • #2452217 by mikeryan, sdstyles, benjy: Rename SourcePluginBase::getIterator() and try make protected
  • #2550291 by neclimdul, phenaproxima: Improve and generalize database dump tools
  • #2569245 by quietone, phenaproxima: [D7] Migrate search pages
  • #2562695 by phenaproxima, neclimdul, mikeryan, benjy: migrate-db.sh skips uid 1 but shouldn't
  • #2522008 by pwolanin, nlisgo, Wim Leers, jplopezy: Provide a setting to override base url when creating links to public files
  • #2547125 by phenaproxima, mikeryan: D7 file migration should allow selecting public/private/all files
  • #2561697 by phenaproxima, anavarre, Jeremy: Migration should not choke when the content_node_field table isn't available
  • #2382703 by phenaproxima, quietone, miguelc303, benjy: Migration Files for Drupal 7 Contact
  • #2577155 follow-up: Remove assert() call.
  • #2577155 by mikeryan, benjy: Some source plugins produce duplicate rows
  • #2474075 by mkalkbrenner, hchonov, plach, catch: Fix Node::preSave() and document that preSave() and postSave() are not working with ContentEntity translations
  • #2554771 by Mile23, Wim Leers: Remove deprecated drupal_process_attached()
  • #2090983 by plach, Berdir, yched: ContentEntityInterface::getTranslation() should throw an exception when an invalid language is specified
  • #2480921 by hchonov, maxocub, plach, RavindraSingh, Gábor Hojtsy: Make the node entity's revision_log untranslatable
  • #2476563 by Gábor Hojtsy, penyaskito, amateescu: Entity operations links tied to original entity language, ignore everything else
  • #2464427 by jibran, Wim Leers, Berdir, borisson_: Replace CacheablePluginInterface with CacheableDependencyInterface

Read more: http://drupal.org/drupal-8.0.0-rc1


(beta release)
4 August 2015 - 95MBThis release is a beta version. Betas are good testing targets for developers and site builders who are comfortable reporting (and where possible, fixing) their own bugs, and who are prepared to rebuild their test sites from scratch if necessary. Beta releases are not recommended for non-technical users, nor for production websites.

Known issues
  • Obvious user facing bugs: If you are testing the beta, be aware that there are obvious site visitor and site builder-facing bug.
  • There are still over 20 critical issues with this beta release that need to be resolved before we will create a release candidate.

Changes since 8.0.0-beta13
  • #2474903 by Mile23: Add composer.json to \Drupal\Component\Gettext\ component
  • #2503453 by mgifford, bobrov1989, rikki_iki, kattekrab, LewisNyman: Increase contrast on inline form error text
  • #2398465 by DickJohnson, emma.maria, jp.stacey, idebr: Clean up the "contextual" component in Bartik
  • Revert "Issue #2527126 by dawehner, Wim Leers, hass: Only send cache context/tags if frontend proxy exists"
  • #2516842 by er.pushpinderrana, jhodgdon: Fix indentation in UPGRADE.txt
  • #2404253 by wuinfo, mermentau: Undefined index: css in color_library_info_alter()
  • #2541340 by dawehner: Remove dead code from user module
  • #2534022 by phenaproxima: Move module-specific migration support into the node module
  • #2541384 by mikeryan: Move module-specific migration support into the menu_ui module
  • #2474151 by JeroenT, dcmul, naveenvalecha, sorabh.v6, trwad, Nitesh Sethia, sushilkr, disasm, dylanf, Mile23, xjm, dawehner, tim.plunkett, andypost: Mark procedural wrappers in entity.inc as deprecated
  • #2398467 by lduerig, tresti88, Eski, LewisNyman, emma.maria: Clean up "dropbutton" component in Bartik
  • #2119997 by Sharique, ursula, vijaycs85, dimaro, quietone, dawehner, mpdonadio, Bojhan: Change UI to remove display machine name for date formats
  • #2539246 by brandon.holtsclaw, cilefen, pwolanin: Search page local task label was an XSS vector—add tests
  • #2031883 by mortendk, rachel_norfolk, andypost, zestagio, epari.siva, nguerrier, Manjit.Singh, rteijeiro, MathieuSpil, pablo.guerino, HOG, lauriii, LewisNyman, joelpittet, Wim Leers, Cottser, minneapolisdan: Markup for: comment.html.twig
  • #2532476 by dawehner, pwolanin, pfrenssen, Gábor Hojtsy, effulgentsia: Menu links should use a TranslationWrapper to encapsulate safe translatable strings from YAML files
  • #2542632 by joshi.rohit100: system.install has redundant code

Changes since 8.0.0-beta12
  • #2538228 by alexpott, amateescu: Document that Config save/delete/rename events may be dispatched during hook_update_N(), what that means for subscribers, and fix core subscribers accordingly
  • #2429659 by chx, Berdir, mpdonadio, geerlingguy, Cottser, rteijeiro, Fabianx, catch, dawehner: Race conditions in the twig template cache
  • #2535118 by longwave, Wim Leers, borisson_, effulgentsia: Toolbar subtrees not working on admin pages due to lack of theme negotiation on Toolbar's custom JSONP route
  • #2540954 by mikeryan: Move module-specific migration support into the dblog module
  • #2538158 by joyceg: Clarification to where hook_modules_installed should be implemented
  • #2541420 by amateescu, chx: Introduce QueryConditionTrait
  • #2533994 by phenaproxima: Move module-specific migration support into the block_content module
  • #2534034 followup by mikeryan: Move module-specific migration support into the taxonomy module
  • #2534032 by mikeryan: Move module-specific migration support into the system module
  • #2534030 by mikeryan: Move module-specific migration support into the syslog module
  • #2534016 by phenaproxima: Move module-specific migration support into the forum module
  • #2534018 by phenaproxima: Move module-specific migration support into the locale module
  • #2534020 by phenaproxima: Move module-specific migration support into the menu_link_content module
  • #2540538 by znerol: Behavior of testErrorContainer() and testExceptionContainer() is unpredictable
  • #2514044 by dawehner, stefan.r, alexpott: Do not use SafeMarkup::format in exceptions
  • #2534024 by mikeryan: Move module-specific migration support into the search module
  • #2534014 by phenaproxima: Move module-specific migration support into the filter module
  • #2534002 by phenaproxima: Move module-specific migration support into the book module
  • #2533986 by phenaproxima: Move module-specific migration support into the block module
  • #2533984 by phenaproxima: Move module-specific migration support into the aggregator module
  • #2533980 by phenaproxima: Move module-specific migration support into the action module
  • #2534026 by mikeryan: Move module-specific migration support into the simpletest module
  • #2534034 by mikeryan: Move module-specific migration support into the taxonomy module
  • #2534036 by mikeryan: Move module-specific migration support into the text module
  • #2534038 by mikeryan: Move module-specific migration support into the update module
  • #2490228 by damiankloip, almaudoh, martin107, clemens.tolboom, -enzo-, znerol, dawehner: Add Authentication Collector
  • #2534156 by mikeryan: Move module-specific migration support into the path module
  • #2498785 by damiankloip, dawehner: Remove ViewExecutable::getMenuLinks(), its just wrong
  • #2534028 by mikeryan: Move module-specific migration support into the statistics module
  • #2539258 by cilefen: Inject the cache bin into TwigEnvironment
  • #2541094 by dawehner: Get rid of strtr in Html::getId()
  • #2541318 by dawehner: Get rid of strtr in Crypt
  • #2078803 by Wim Leers, aspilicious, wmortada, Sumit kumar, mrjmd, John Cook: Change contextual links background color to match the styleguide
  • #2501481 by Cottser, davidhernandez, kfriend, alimac, YesCT, lauriii, tim.plunkett, cilefen, lbainbridge, porchlight: form_select_options() is a theme function in disguise and should not use SafeMarkup::set
  • #1894396 by Mile23, Crell, catch: Mark db_*() wrappers in database.inc as @deprecated for 9.x
  • #2541084 by martin107, dawehner: ViewPageController does not need $storage nor $executableFactory
  • #2507093 by claudiu.cristea, catch, timmillwood, dawehner: Don't calculate the theme_token for ajaxPageState unless necessary
  • #2521946 by eiriksm: JSDoc field_ui module
  • #2498163 by Arla, jeni_dc, nathanlawson91, MrPaulDriver, LewisNyman: Legend overlap with radios/checkboxes inside fieldset/fieldgroup
  • #2539860 by jeni_dc, LewisNyman: Add a class to field that contain user-generated formatted text
  • #2499793 by mikeryan, phenaproxima: Several migrate_drupal migrations fatal error on count()
  • #2516842 by er.pushpinderrana, thejacer87, jhodgdon: UPGRADE.txt should explain where to find release notes
  • #2382513 by mikeker, chris_hall_hu_cheng, joachim, joelpittet, alexpott, YesCT, quietone, mikeker, Jeroen, joris_lucius, katy5289, sivaji@knackforge.com: Regression fix: allow Drupal 8 to work without Apache mod_rewrite
  • #2538982 by dawehner, pwolanin, Fabianx: Get rid of strtr in UrlGenerator, it is not needed
  • #2535364 by mikeryan: Missing dependency in d6_vocabulary_field_instance
  • #2529514 by dawehner, Fabianx, Wim Leers: Replace system.filter::protocols with container parameters
  • #2534006 by phenaproxima: Move module-specific migration support into the contact module
  • #2539300 by cilefen, tim.plunkett: Remove SafeMarkup::set in \Drupal\Tests\Core\Form\FormCacheTest::testSetCacheWithSafeStrings()
  • #2521832 by neclimdul, Crell, amateescu: Uncomment StatementInterface methods
  • #2505965 by olli: Remove dead code related to old views ui modal
  • #2540764 by borisson_: Fix error in documentation that was added in #2533768
  • #2527126 by dawehner, Wim Leers, hass: Only send cache context/tags if frontend proxy exists
  • #2537600 by DuaelFr: An empty path on search pages settings leads to an infinit redirection loop
  • #972528 by mkalkbrenner, harijari, ryanissamson, mikeytown2, haripalrao, kasperg: dblog fails to log MAX_ALLOWED_PACKET errors because they're longer than MAX_ALLOWED_PACKET
  • #2507727 by mikeker, olli: Adding an "All taxonomy terms" field results in "Invalid parameter number" error
  • #2537602 by hchonov, dawehner: JQuery ajax GET requests result in "406 Not Acceptable"
  • #2443679 followup by chx: PostgreSQL: Fix taxonomy\Tests\TermTest
  • #2342521 by JacobSanford, ecrown, dylanf, martin107, bburg, donquixote, dcmul, jhodgdon, Crell, pcorbett: Docblock fixes for core/lib/Drupal/Core/Database/Connection.php
  • #2528178 by dawehner, amateescu, larowlan, tim.plunkett, jibran, catch, jhodgdon, effulgentsia, Berdir: Provide an upgrade path for blocks context IDs #2354889 (context manager)
  • #2426967 by mortendk, BarisW, joelpittet, akalata, jwilson3, Manjit.Singh, joginderpc, rteijeiro, mgifford, LewisNyman, Manuel Garcia, markconroy: Feed icon should be a CSS background image not a image file
  • #2489578 by Manjit.Singh, saki007ster, pjbaert, Cottser, jhodgdon, epophoto: Move search.theme.css to classy
  • #2538294 by Aki Tendo: Formally declare public scope in \Drupal\Core\Template\TwigNodeVisitor
  • #2497693 by marvin_B8, joshi.rohit100, borisson_, Crell: Add PSR-7 to Symfony Response View listener
  • #2534926 by chx, jhodgdon: EntityFormBuilderInterface doxygen needs a little love
  • #2475231 by jcnventura, mgifford, xjm: Content translation header in content type edit form is not styled correctly
  • #2501183 by borisson_, dileepmaurya, Gábor Hojtsy, Berdir: LocaleLookup cache ID is using numeric indexes of the roles field, not role ID's
  • #2534780 by olli, dawehner: Fatal error rendering fields using an optional relationship
  • #2532970 by Xano, tim.plunkett, jhodgdon: PluginFormInterface must document $form means the plugin's own elements
  • #2535192 by chx, dawehner, jhodgdon: Security: LoggerChannelInterface doxygen needs a little love
  • #2465751 by andypost, JeroenT, RavindraSingh, tim.plunkett, Berdir: Remove config_test_load() and replace with entity_load
  • #2512062 by dsnopek, tim.plunkett, Wim Leers: VariantInterface extends ConfigurablePluginInterface so PageDisplayVariantSelectionEvent should allow passing configuration to the Variant (to enable Panels Everywhere)
  • #2532148 by timmillwood, davidwbarratt: Modules cannot be put in ./modules/vendor
  • #2536906 by aspilicious: Warning when saving third party settings while no settings available
  • #2533768 by Wim Leers, lauriii: Add the user entity cache tag to user.* cache contexts that need it
  • #2056089 by BarisW, TR, mgifford, rodvolpe, Dom., nambisolo, nod_, katewelling, Manjit.Singh, jhodgdon, Bojhan, Wim Leers: UI problems on the Modules/Extend page
  • #2536508 by Aki Tendo: Content Negotiation Test showing up as a core module
  • #2489830 by cilefen, davidhernandez, dcmul, Adam Clarey, joshi.rohit100, rpayanm, sqndr, Cottser, lauriii: Improve theme compatibility error message
  • #2430397 by Wim Leers, Fabianx: When mapping cache contexts to cache keys, include the cache context ID for easier debugging
  • #2513094 by hchonov, pfrenssen, mkalkbrenner, yched, Berdir: ContentEntityBase::getTranslatedField and ContentEntityBase::__clone break field reference to parent entity
  • #2500499 by phenaproxima, bdimaggio: Migration path for dblog 7.x
  • #2500529 by phenaproxima, bdimaggio: Migration path for Syslog 7.x configuration
  • #2534158 by phenaproxima, mikeryan: MigrateFullDrupalTestBase must use dynamic test discovery
  • #2536212 by chx: Link CronInterface to the handbook page
  • #2401159 by kim.pepper, Jaesin: Convert instances of Guzzle getBody(TRUE)
  • #2508830 by s_leu, pivica: Various UI problem with autocomplete select control
  • #2533822 by alexpott: Duplicate array keys in CssOptimizerUnitTest resulting in missing test coverage
  • #2539310 by neclimdul, alexpott: BackendCompilerPassTest::testProcess fails when sqlite not installed
  • Revert "Issue #2492429 by mikeryan: Migration count caching broken"
  • #2338081 by pwolanin, dawehner, effulgentsia, kgoel, vijaycs85, mpdonadio, chx, brandon.holtsclaw, alexpott, Gábor Hojtsy, Fabianx, catch, YesCT, JvE: Local Tasks, Actions, and Contextual links mark strings from derivatives (or alter hooks) as safe and translated
  • #2524082 by pfrenssen, Gábor Hojtsy, Wim Leers, Berdir, Fabianx, dawehner, catch: Config overrides should provide cacheability metadata
  • #2525884 by jesperjb, joshi.rohit100, Berdir: Avoid unecessary cache tag invalidations in ConfigEntityBase and aggregator Item entity
  • #2536644 by tim.plunkett: generate-proxy-class.php should generate the same file regardless of a missing leading slash
  • #2536448 by vbouchet: First param of ViewsUIController::edit() is documented wrong
  • #2535586 by andypost: Clean-up "links" templates from removed "html" option
  • #2535284 by jibran: Move block_install hook to block.install file
  • #2492429 by mikeryan: Migration count caching broken
  • #2529616 by andypost: Move CurrentLanguageContext to Core\Language\ContextProvider
  • #2409701 by tstoeckler, Leksat, Schnitzel, _nolocation, Gábor Hojtsy, xjm: Field storage configuration is not exposed to config translation UI
  • #2531408 by chx, dawehner: Default backend database driver
  • #2527846 by dawehner, Wim Leers: Try to get rid of Url::fromRoute() in system_js_settings_alter()
  • #2497275 by borisson_, alexpott, dawehner, Gábor Hojtsy: ~50 calls to t() for two strings in LanguageManager() on every request
  • Revert "Issue #2497275 by borisson_, alexpott: ~50 calls to t() for two strings in LanguageManager() on every request"
  • #2497275 by borisson_, alexpott: ~50 calls to t() for two strings in LanguageManager() on every request
  • #2536456 by mbovan, Berdir, Wim Leers, dawehner: Autocomplete is broken (its JS it not loaded)
  • Revert "Issue #2510104 by pwolanin, nod_, Fabianx, Wim Leers, droplet, Pere Orga: Convert drupalSettings from JavaScript to JSON, to allow for CSP in the future"
  • #2535302 by mbaynton, Berdir, kgoel, claudiu.cristea, tim.plunkett, RavindraSingh, cilefen, dawehner: Selecting too many files with JS off causes WSOD with data loss
  • #2498599 by Cottser, naveenvalecha, webchick, karolus, cilefen: Remove sdboyer/gliph since it is unused by core
  • #2505315 by stefan.r, dawehner, tim.plunkett, Berdir: Catch PHP7 Throwable objects instead of BaseExceptions in the error handler
  • #2024695 by olli, SpadXIII: The "Reset" button ignores the "Use AJAX" setting (always behaves in a non-AJAX way)
  • #2525910 by dawehner, effulgentsia, Berdir, lauriii, larowlan, timmillwood, Wim Leers, chx, arlinsandbulte, Fabianx, Gábor Hojtsy, Dave Reid, alexpott, catch: Ensure token replacements have cacheability + attachments metadata and that it is bubbled in any case
  • #2535082 by alexpott, jhedstrom, xjm, plach, Fabianx, effulgentsia, Berdir: Allow hook_update_N() implementations to run before the automated entity updates
  • #2493911 by dawehner, larowlan, damiankloip, hussainweb, jibran, cilefen, benjy, iMiksu, mtdowling: Update guzzle, goutte and mink-goutte-driver to the latest release
  • #2408013 by Aki Tendo, alexpott, Fabianx, dawehner, Crell, jhodgdon, Wim Leers, aspilicious: Adding Assertions to Drupal - Test Tools
  • #2531972 by dawehner: Move ThemeManager::theme() to ThemeManager::render()
  • #2536678 by alexpott: SimpletestTestForm broken
  • #2536880 by alexpott: CKEditor admin form broken
  • #2506581 by alexpott, Wim Leers, Fabianx, xjm, joelpittet, Cottser, dawehner: Remove SafeMarkup::set() from Renderer::doRender
  • #2082315 by Wim Leers, realityloop, mrjmd: Tracker history markers ("new" and "updated" markers, "x new replies" links) forces render caching to be per user
  • #2533946 by alexpott: UncaughtExceptionTest is a monkey in the control room
  • #2471232 by borisson_, JeroenT, sorressean, rbmboogie, ruha, mariancalinro: Optimize Cache::merge*(), by only accepting 2 instead of N arguments
  • #2512106 by cilefen, droplet, alexpott: Inline templates are XSS filtered incorrectly
  • #2507831 by dawehner, tim.plunkett, effulgentsia: Harden redirect responses to make external URIs opt in (was SA-CORE-2015-002 foward-port)
  • Revert "Issue #2228217 by pwolanin, ecrown, neclimdul, Fabianx, dawehner, klausi: Further optimize RouteProvider and add web test for large number of path parts"
  • #2228217 by pwolanin, ecrown, neclimdul, Fabianx, dawehner, klausi: Further optimize RouteProvider and add web test for large number of path parts
  • #2532490 by tim.plunkett, dawehner, Wim Leers, Crell, mtift: Unrouted URLs break toolbar but are hidden by caching
  • #2462907 by tstoeckler, penyaskito, Gábor Hojtsy, miro_dietiker: Entity operations to field UI shown in config overview
  • #2496897 by sasanikolic, Arla, dawehner, miro_dietiker, Berdir: Throw helpful exception if link templates are missing leading /
  • #2504141 by alexpott, tim.plunkett, larowlan, David_Rothstein, dawehner: Information disclosure/open redirect vulnerability via blocks that contain a form
  • #2534830 by Wim Leers: Toolbar subtrees not working
  • #2534856 by Dave Reid: Remove unused _toolbar_get_user_cid()
  • #2529144 by phenaproxima: Create cckfield plugin for text fields
  • #2506151 by joelpittet, Cottser, lauriii, Lukas von Blarer, tim.plunkett: Make the Twig extension link() accept Attribute objects
  • #2382859 by rpayanm, mondrake, ianthomas_uk: Remove file_stream_wrapper_get_*() and file_get_stream_wrappers()
  • #2498691 by cilefen, mesch, deepakaryan1988, RavindraSingh, honzakuchar, darol100, kattekrab, Cottser, David_Rothstein: "Install and set as default" link on the Appearance page doesn't work
  • #2299361 by trgreen17, wadmiraal, naveenvalecha, er.pushpinderrana, neetu morwani, jhodgdon, joachim: description of drupalGetTestFiles() is vague and has a typo; simpletest_generate_file() needs help too
  • #2534516 by webflo: Fix NodeAccessControlHandlerInterface doxygen
  • #2351015 by plach, effulgentsia, Wim Leers, dawehner, martin107, damiankloip, cilefen, Fabianx, catch, pwolanin, Damien Tournoud, znerol, YesCT, larowlan: URL generation does not bubble cache contexts
  • #2151103 by twistor, kerby70, ParisLiakos, cilefen: Zend feed plugins are incorrectly registered
  • #2454829 by maxocub, eiriksm, rvilar, Gábor Hojtsy, penyaskito, tstoeckler, Jose Reyero: Configuration translation UI does not support plural sources/targets
  • #2533222 by neclimdul, Berdir: Fix ConfigEntityBaseUnitTest
  • #2424805 by mdrummond, YesCT, vijaycs85, xjm, marcoscano, ifrik, joelpittet, Jelle_S, attiks, lauriii: Toolbar can no longer switch horizontal and vertical -- expects breakpoints ordered from smallest to largest; responsive images need largest to smallest
  • #2466931 by mikeker, Fabianx, dawehner, joelpittet: Valid Twig syntax is incorrectly escaped in Views rewrites
  • #2528242 by timmillwood: Add color-* classes to all rows on the status page
  • #2522652 by neclimdul, phenaproxima, prajaankit, benjy: Add getTemplateByName method to TemplateStorage
  • #2526412 by neclimdul, hussainweb, Fabianx: Remove Singleton hack in registerWithSymfonyGuesser
  • #2532604 by alexpott: Fix reference to "var drupalSettings" in NoJavaScriptAnonymousTest
  • #2488960 by cilefen, joshi.rohit100, naveenvalecha: Upgrade egulias/EmailValidator to 1.2.9
  • #2512132 by Wim Leers, effulgentsia, Fabianx: Make CSRF links cacheable
  • #2482625 by mbovan, Berdir, dawehner: Views entity reference selection with autocomplete widget broken
  • #2522002 by pwolanin, fgm, znerol: Do not strip www. from cookie domain by default because that leaks session cookies to subdomains
  • #2392109 by jacob.embree, dcmul, ByronNorris, jhedstrom: Filter: Allow plus sign in email addresses
  • #2533168 by neclimdul, Berdir: Fix BlockRepositoryTest
  • #2509650 by willzyx: Faulty dependency to Renderer in Drupal\comment\CommentLazyBuilders
  • #2532616 by TR: "return" used instead of "@return" in RoleInterface::isAdmin() docblock
  • #2532944 by chx, dawehner: AliasManagerInterface lacks doxygen
  • #2533034 by chx, webflo: AliasWhitelistInterface doxygen missing
  • #2527708 by joshi.rohit100, chx, jhodgdon, alexpott: Improve documentation for TypedConfigManagerInterface
  • #2486983 by metzlerd, jhodgdon, tim.plunkett: Document Text Input Form Elements
  • #2533360 by hussainweb: Upgrade to Symfony 2.7.2
  • #2532618 by TR: "return" used instead of "@return" in documentation
  • #2532646 by TR: "@return boolean" is wrong, use "@return bool"
  • #2531636 by Lucasljj, olli: Remove unnecessary extra space in dialogs
  • #2533218 by mpdonadio: Resolve todo for Symfony #12349
  • #2514168 by phenaproxima, mikeryan, benjy: Streamline migrate_drupal integration tests
  • #2527064 by jboxberger, tstoeckler: Nested condition groups in entity queries are broken
  • Revert "Issue #2527064 by tstoeckler: Nested condition groups in entity queries are broken"
  • #2493033 by Berdir, Wim Leers, lauriii, Fabianx, effulgentsia, dawehner, catch, msonnabaum, Crell, webchick: Make 'user.permissions' a required cache context
  • #2217985 by Berdir, Wim Leers: Replace the custom menu caching strategy in Toolbar with Core's standard caching
  • #2532434 by alexpott: UncaughtException test doesn't quite uncatch everything
  • #2531258 by neclimdul: Improve \Drupal\Tests\user\Unit\PermissionHandlerTest::testBuildPermissionsSortPerModule
  • #2530936 by webflo: Ensure that the classloader prefix is really unique
  • #1838242 by jhedstrom, pivica, tim.plunkett, bojanz, GaëlG, mpdonadio, dawehner, olli, Lendude: Provide Views integration for datetime field
  • #2526004 by andypost: UnpublishByKeywordComment should inject needed services properly
  • #2531568 by willzyx: Remove obsolete hook_menu() from responsive_image module
  • #2531622 by colbol: The description for the responsive image module admin link should end with a period.
  • #2530908 by olli: Caching problem in PageTitleTest
  • #278958 by jhodgdon, pwolanin, mgifford: Advanced search form has usability issues
  • #2409415 by phenaproxima, hosef: Variable to config: aggregator.settings [d7]
  • #2531028 by Berdir, neclimdul: Null migrate destination is a reserved keyword in PHP 7
  • #2513586 by kfitz, cilefen, jhodgdon, Bojhan, eliza411, ivanstegic, LewisNyman, lunk_rat, nickrosencrans, stpaultim, webchick: Remove the word "positive" from the "Must include a positive keyword with three characters or more." error message
  • #2525068 by daffie, googletorp: Document the class variable Node::in_preview as will stay public
  • #2528688 by phenaproxima: Create cckfield plugin for file fields
  • #2521774 by naveenvalecha: Add new line at the EOF in system_test.permissions.yml file
  • #2392559 by mondrake, mitrpaka, JeroenT, rpayanm, adci_contributor, ianthomas_uk: Remove all uses of file_stream_wrapper_get_* and file_get_stream_wrappers
  • #2472431 by davidhernandez, yannickoo, cilefen, LewisNyman: Do not load normalize.css in all themes, load it in Classy
  • #2502009 by joelpittet, Cottser, Wim Leers: Remove SafeMarkup::set in SearchExtraTypeSearch::execute()
  • #2500013 by Berdir, Wim Leers, plach: Add cacheability metadata information to translation overview
  • #2527064 by tstoeckler: Nested condition groups in entity queries are broken
  • #2504967 by hussainweb, joshtaylor, jibran, Berdir: Upgrade to Symfony 2.7.1
  • #2502785 by dawehner, effulgentsia, tim.plunkett, amateescu, Fabianx, Wim Leers, catch, dsnopek, EclipseGc, yched, Berdir, larowlan, mondrake, olli: Remove support for $form_state->setCached() for GET requests
  • #2532082 by mbovan: Replace SafeMarkup::filterXss() with SafeMarkup::xssFilter() in method documentation
  • #2321969 by rpayanm, subhojit777, prics, LinL, JeroenT, Temoor, prashantgoel, Mile23, pcambra, Sumi: Replace all instances of file_load(), file_load_multiple(), entity_load('file') and entity_load_multiple('file') with static method calls
  • #1963978 by joelpittet, NickWilde, jmolivas, dimaro, lauriii, Manuel Garcia, 2ndmile, Cottser, tim.plunkett: Convert theme_views_ui_build_group_filter_form() to Twig
  • #2510104 by pwolanin, nod_, Fabianx, Wim Leers, droplet, Pere Orga: Convert drupalSettings from JavaScript to JSON, to allow for CSP in the future
  • #2506195 by alexpott, joelpittet, xjm, David_Rothstein, Fabianx, pwolanin: Remove SafeMarkup::set() from Xss::filter()
  • #2261669 by Berdir, timmillwood, jhedstrom: Slow query in NodeRevisionAccessCheck
  • #2512456 by tim.plunkett, legolasbo, MattA, dawehner, googletorp, darol100, Bojhan, webchick, andypost, ivanstegic, larowlan, lauriii, LewisNyman, tkoleary, rickvug, eliza411, lunk_rat, nickrosencrans, stpaultim, Mark LaCroix: Implement the new block layout design to emphasize the primary interaction of placing a block
  • #2505989 by alexpott, dawehner, olli: Controllers render caching at the top level and setting a custom page title lose the title on render cache hits
  • #2507967 by tim.plunkett: \Drupal\Core\Entity\Controller\EntityViewController::buildTitle() assumes the is in the render array
  • #2508231 by timmillwood, amateescu, hussainweb, catch, dawehner, David_Rothstein, Mixologic, effulgentsia: Raise minimum required version of PHP to 5.5.9
  • #2529442 by neclimdul: Random phpunit failures in EntityUnitTest
  • #2509600 by andypost: AggregatorFeedBlock should return render array
  • #2529082 by timmillwood: Set better version for mikey179/vfsStream
  • #2508623 by xjm: Remove Frando from MAINTAINERS.txt
  • #2513692 by pameeela, naveenvalecha, andypost: Remove tim-e from Maintainers.txt for contact module. Add jibran and andypost
  • #2354889 by larowlan, dawehner, lauriii, Berdir, catch, martin107, pfrenssen, EclipseGc, Fabianx, Wim Leers, dsnopek, jibran, tim.plunkett, andypost: Make block context faster by removing onBlock event and replace it with loading from a ContextManager
  • #2512866 by lauriii, Berdir, Wim Leers, Fabianx, effulgentsia, catch, dawehner: CacheContextsManager::optimizeTokens() optimizes ['user', 'user.permissions'] to ['user'] without adding cache tags to invalidate that when the user's roles are modified
  • #2528292 by Fabianx, dawehner: Decouple Error testing from relying on a cached on disk-container that is created by a different Kernel
  • #2477413 by daffie, Crell, bzrudi71, stefan.r, catch, mradcliffe, chx: Increase minimum version requirement for Postgres to 9.1.2
  • #2527816 by jhedstrom, pfrenssen, chx, catch: Logic error in SqlContentEntityStorage::countFieldData() attempts to drop `name` column
  • #2526458 by cilefen, googletorp, alexpott: Test XSS filtering of slogan in SystemBrandingBlock
  • #2527406 by Gábor Hojtsy, Berdir: CommentForm::init() and MessageForm::init() are useless/broken
  • #2525002 by daffie, benjy: Make the class variables protected for Migration
  • #2528414 by jhedstrom: Block visibility by path docs are missing leading slash
  • #2525870 by pwolanin, willzyx, Fabianx: Regression: machine name inputs no longer work properly after #2508735
  • #2527638 followup by xjm: Fix duplicated setUp() method in MigrateDrupal7TestBase
  • #2514998 by tim.plunkett: Reduce fragility in the monolithic BlockListBuilder
  • #2527606 by dawehner, plach, catch, mpdonadio, Wim Leers, xjm, Fabianx: Uncaught PHP Exception LogicException when editing Views
  • Revert "Issue #2527606 by dawehner, plach, mpdonadio, xjm, Wim Leers, Fabianx: Uncaught PHP Exception LogicException when editing Views"
  • #2493665 by Fabianx, dawehner, msonnabaum, catch: Add centralized container invalidation method
  • #2527606 by dawehner, plach, mpdonadio, xjm, Wim Leers, Fabianx: Uncaught PHP Exception LogicException when editing Views
  • #2512718 by Berdir, pfrenssen, Wim Leers, Fabianx, dawehner, catch, effulgentsia, plach, Gábor Hojtsy: EntityManager::getTranslationFromContext() should add the content language cache context to the entity
  • #2527638 by phenaproxima: MigrateDrupal7TestBase never installs Drupal 7 migrations
  • #2428861 by tbradbury, Nitesh Sethia, neetu morwani, deepakaryan1988, Sagar Ramgade, yogen.prasad, Daniel_Rose, Cottser, jhodgdon, Sutharsan, leeotzu: user.html.twig documentation refers to a nonexistent 'account' variable
  • #2491259 by Chernous_dn, rudraram, jhodgdon, LewisNyman, mortendk: move search.admin.css into seven
  • #2527076 by daffie: Make the class variables protected for Drupal\Core\Datetime\Entity\DateFormat
  • #2527710 by Fabianx: Decouple Error testing from running with container builder
  • #2516866 by willzyx: Faulty dependency to RedirectDestination in Drupal\menu_ui\Plugin\Menu\LocalAction\LocalActionDefault
  • #2513612 by davidhernandez, ivanstegic, Bojhan, eliza411, LewisNyman, lunk_rat, nickrosencrans, stpaultim, webchick: Make the autocomplete form option text for an entity reference not be all caps
  • #2522600 by neclimdul, phenaproxima: Remove CMI dependency from Migration Templates
  • #2527486 by alexpott: --browser in run-tests.sh broken
  • #2512210 by trgreen17, jhodgdon, liberatr: SimpleTest - WebTestBase method creates binary-text files when the intention was to create text files, and text file creation is broken
  • #2328883 by andypost, dawehner: menu ui route used in menu link content
  • #2516802 by Dave Reid: FilterProcessResult->merge() results in PHP warning: Missing argument 1 for FilterProcessResult::__construct()
  • #2522120 by jhedstrom: DbDumpCommand should add collation information to the generated script
  • #1835016 by googletorp, nod_, KarenS, Sharique, Nitesh Sethia, mpdonadio: Polyfill date input type
  • #2497691 by Crell, cilefen, marvin_B8, dawehner: Include Symfony PSR-7 bridge library
  • #2453175 by tim.plunkett, plach, rteijeiro, effulgentsia, eshta, dawehner, fago, Berdir, alexpott: Remove EntityFormInterface::validate() and stop using button-level validation by default in entity forms
  • #2492585 by pguillard, yarik.lutsiuk, andypost, Mile23: Deprecate comment_view() & comment_view_multiple()
  • #2501701 by akalata, pwolanin, lauriii, GreenSkunk, cdulude, joelpittet, Cottser: Remove SafeMarkup::set in template_preprocess_color_scheme_form()
  • #2526462 by Mile23: Mark entity_get_bundles() as @deprecated for 9.x
  • #2513646 by pwolanin, alexpott: Role name is unescaped on block admin via JS
  • #2450993 by Wim Leers, Fabianx, Crell, dawehner, effulgentsia: Rendered Cache Metadata created during the main controller request gets lost
  • #2509898 by dawehner, znerol, larowlan, lauriii, Aki Tendo, Wim Leers: Additional uncaught exception thrown while handling exception after service changes
  • #2478459 by plach, mkalkbrenner, chx, yched, Berdir, dawehner, benjy: FieldItemInterface methods are only invoked for SQL storage and are inconsistent with hooks
  • #2508547 by tim.plunkett, tannerjfco, neclimdul: Placing a block with same machine name of region causes region to disappear in admin UI
  • #2526084 by andypost, yarik.lutsiuk: Fix comment in Comment entity
  • #2513568 by cilefen, ivanstegic, Bojhan, webchick, eliza411, LewisNyman, lunk_rat, nickrosencrans, stpaultim: Relabel "Configuration Management"
  • #911352 followup: Fix comment wrapping.
  • #911352 by Liam Morland, Crell: Document that foreign keys may not be used by all DB drivers
  • #2511806 by claudiu.cristea, sumitmadan, znerol, neetu morwani, jhodgdon: Fix documentation in password hashing class
  • #2516690 by mlevasseur, joshi.rohit100: Missing test for "Help" links per module on "Extend" admin page
  • #2505721 by eiriksm, nod_, jhodgdon: JSDoc color module
  • #2505669 by pwolanin, jcloys, joshi.rohit100, dawehner, Wim Leers, kgoel, larowlan: Inject render service into LinkGenerator instead of calling drupal_render
  • Revert "Issue #2505669 by pwolanin, jcloys, joshi.rohit100: Inject render service into LinkGenerator instead of calling drupal_render"
  • #2505669 by pwolanin, jcloys, joshi.rohit100: Inject render service into LinkGenerator instead of calling drupal_render
  • #2511584 by jhedstrom, rpayanm: Move NodeFormButtonsTest::assertButtons() to a trait
  • #2507911 by mikebell_, dylanf, naveenvalecha, deepakaryan1988, kfitz, jhodgdon, webchick, Charles Belov: Mention location of settings.php in UPGRADE.txt
  • #2514092 by neclimdul: Fix typo in drupal_attach_tabledrag
  • #2314825 by kay_v, jhedstrom: incomplete instructions in INSTALL.txt
  • #2501903 by pguillard, Manjit.Singh: inline form errors classnames to follow namestandard
  • #2512734 by Wim Leers, dawehner, Berdir: session_test routes/controllers don't specify the appropriate cacheability metadata
  • #2474363 by Aki Tendo, alexpott, Dom., MattA, dawehner, TR, hass, Wim Leers, cburschka, Berdir: Stuck in failed module install process
  • #2514052 by phenaproxima: Remove migrate_drupal's MigratePluginManager implementation
  • #2513132 by klausi: Remove duplicated getDataDefinition() method in EntityAdapter
  • #2509628 by andypost: TranslationStatusForm::buildForm() should not use drupal_render()
  • #2512820 by JvE, pwolanin: 'administer actions' permission can be abused - needs to be flagged as restricted
  • #2512580 by Wim Leers: NodeEntityViewModeAlterTest uses State to dynamically affect hook_entity_view_mode_alter()
  • #2443323 by Wim Leers, Nitesh Sethia, yched, Fabianx, jhodgdon: New convention: CacheContextInterface implementations should mention their ID in their class-level docblock
  • #2502021 by willzyx, Saphyel, dawehner, DuaelFr, b0unty, cilefen, larowlan, lauriii: Unhandled exception when trying to register a duplicate user
  • #2421503 by lauriii, larowlan, Wim Leers, dawehner, tim.plunkett: SA-CORE-2014-002 forward port only checks internal cache
  • #2508679 by tim.plunkett, Fabianx: Fix empty redirects and redirects with options in \Drupal\field_ui\FieldUI::getNextDestination()
  • #2502571 by pjonckiere, mpdonadio, catch, jhodgdon: Date format granularity should only render adjacent units
  • #2498919 by stefan.r, Berdir, catch: Node::isPublished() and Node::getOwnerId() are expensive
  • #2508627 by rvtraveller, pwolanin: Changing email address should invalidate one-time login links
  • #2375695 by Berdir, EclipseGc, tim.plunkett, Wim Leers, Fabianx, dawehner: Condition plugins should provide cache contexts AND cacheability metadata needs to be exposed
  • #2513244 by Berdir, Wim Leers, EclipseGc, Fabianx: ContextHandler incorrectly checks required/optional contexts of plugins
  • #2463909 by phenaproxima, mikeryan: Migrations should support non-installed default configurations (templates)
  • #2513264 by moshe weitzman, webflo: Fix bad class reference
  • #2309215 by googletorp, subhojit777, lokeoke, tadityar, crowdcg, aneek, joelpittet, jhedstrom, alexpott, lauriii, amankanoria: HTML double-escaping in revision messages
  • #1831798 by darol100, pjonckiere, rhuffstedtler, ifrik, paul.linney, rajneeshb, batigolix, jhodgdon: Update hook_help() for config manager module
  • #2448681 by jeqq: Remove obsolete todo from MenuTreeParameters class
  • #2512444 by MattA: Unused namespaces in EntityDeriver.php
  • #2509512 by chx: Redundant code in StaticMapTest::setUp
  • #2514136 by pwolanin, Fabianx: Add default clickjacking defense to core
  • #2188165 by tim.plunkett, dww: [Regression] View term filter 'is/not empty' and 'not one of' operators do not work
  • #2516078 by cilefen, naveenvalecha: Upgrade doctrine/lexer to v1.0.1
  • #2494063 by tohesi, trwad, dcmul, droplet, nod_, naveenvalecha: Update Backbone to 1.2.1
  • #2513396 by Cottser, larowlan, HelloNewman, webchick, crowdg, Bojhan, eliza411, ivanstegic, LewisNyman, lunk_rat, nickrosencrans, stpaultim: There is no link, anywhere, to a contact form once a user creates it
  • #2517114 by joshi.rohit100, cilefen: Remove needless, wrongly-placed system_test.permissions.yml file
  • #2513626 by cilefen, akalata, Les Lim: [Regression] Module permission links missing from module list page
  • #2477853 by ingaro, daffie, bzrudi71, mradcliffe, alexpott: PostgreSQL: Add support for reserved field/column names
  • #2508735 by darol100, dawehner, pwolanin, Chi, Fabianx, tim.plunkett: Code injection via preg_replace()
  • #2487498 by Cristian.Andrei, Scott Weston, iMiksu: Make randomString always return a > to avoid random test fails
  • #2463581 by Wim Leers, swentel: #cache_redirect cache items should have an 'expire' timestamp that matches the merged max-age
  • #2487600 by dawehner, Wim Leers, fgm: #access should support AccessResultInterface objects or better has to always use it
  • #2443679 by bzrudi71, daffie, mradcliffe, alexpott: PostgreSQL: Fix taxonomy\Tests\TermTest
  • #2511854 by NickWilde, cilefen: Datetime select list uses PHP non-OOP datetime functions
  • #2408371 by dawehner, Fabianx, alexpott, bforchhammer: Proxies of module interfaces don't work

Read more: http://drupal.org/node/2544542


(beta release)
30 June 2015 - 95MBThis release is a beta version. Betas are good testing targets for developers and site builders who are comfortable reporting (and where possible, fixing) their own bugs, and who are prepared to rebuild their test sites from scratch if necessary. Beta releases are not recommended for non-technical users, nor for production websites.

Known issues
  • Obvious user facing bugs: If you are testing the beta, be aware that there are obvious site visitor and site builder-facing bug.
  • There are still over 20 critical issues with this beta release that need to be resolved before we will create a release candidate.

Changes since 8.0.0-beta11
  • #2512452 by dawehner, pwolanin, alexpott, fnqgpc: Confirm form cancel button can lead to external domain
  • #2509300 by dawehner, catch, larowlan: Path alias UI allows node/1 and /node/1 as system path then fatals
  • #2453153 by mkalkbrenner, plach: Node revisions cannot be reverted per translation
  • Revert "Issue #2512452 by dawehner, pwolanin, fnqgpc: Confirm form cancel button can lead to external domain"
  • #2512478 by googletorp, pwolanin, G1N1: XSS on field edit form via label field via ckeditor
  • #2512452 by dawehner, pwolanin, fnqgpc: Confirm form cancel button can lead to external domain
  • #2512382 by Wim Leers: Follow-up for #2407195: #attached['http_header'] being added to Response in two places
  • #2511024 by lahoosascoots, jibran, kattekrab: Can't add multiple content types to shortcuts
  • #1392754 by tss, justAChris, jhodgdon: Comply with new documentation standards for @file for namespaced class files
  • #2509694 by kfitz, joshi.rohit100, cilefen: The $name parameter for UrlGenerator::getRoute() is documented incorrectly
  • #2500523 by tim.plunkett, effulgentsia, dawehner: Rewrite views_ui_add_ajax_trigger() to not rely on /system/ajax
  • #2512460 by pwolanin, Gábor Hojtsy, grisendo, JvE: "Translate user edited configuration" permission needs to be marked as restricted.
  • #2489024 by lauriii, Fabianx, Gábor Hojtsy, Cottser, dawehner, zeropx: Arbitrary code execution via 'trans' extension for dynamic twig templates (when debug output is on)
  • #2491987 by alexpott: Config import validation needs to take into account install profiles
  • #2497455 by Manuel Garcia, davidhernandez, Cottser, dawehner: Remove unnecessary markup from views templates, a.k.a. divitis
  • #2509630 by andypost: Update doc-block for _node_mass_update_batch_finished
  • #2511472 by Wim Leers, Fabianx, dawehner: Refactor all usages of drupal_render()/Renderer::render() that break #2450993
  • #2505201 by munzirtaha: Quick Edit toolbar's arrow should be reversed in RTL
  • #2511348 by kfitz, dylanf, cilefen: HtaccessTest::testFileAccess() has a documentation typo
  • #2509890 by Dom., saki007ster, emma.maria: Fix footer menus in Bartik being vertically misaligned if you have +1 items
  • #2507509 by catch, dawehner: Service changes should not result in fatal errors between patch or minor releases
  • #2511354 by tim.plunkett: Remove StringTranslationTrait from FormBuilder
  • #2465053 by larowlan, dawehner, Arla, fago, cilefen, lauriii, Wim Leers: Drupal 8 only allows one user every 6 hours to register when page caching is enabled — caused by entity UUID in form state
  • #2506539 by mikeryan: d6_contact_settings not specifying source provider
  • #2399211 by mpdonadio, legolasbo, vijaycs85, pjonckiere, rteijeiro, jhodgdon, dawehner, yched: Support all options from views fields in DateTime formatters
  • #2505941 by JeroenT, joshi.rohit100: Remove deprecated methods on BubbleableMetadata class
  • #2500527 by dawehner, tim.plunkett, effulgentsia: Rewrite \Drupal\file\Controller\FileWidgetAjaxController::upload() to not rely on form cache
  • #2508666 by alexpott, pwolanin, benjy: Drupal 8 .htaccess rule to prevent php file access can be easily bypassed
  • #2278965 by jhedstrom: Add a warning to the installer for MySQL if an InnoDB-compatible engine is not selected
  • #2500443 by jhodgdon, Wim Leers: Cache API topic says nothing about cache context, add something
  • #2505841 by andypost: Make CommentAdminOverview use link templates
  • #2422353 by andypost: Comment module should check that comment body field exists
  • #2470233 by wadmiraal, emma.maria, sxnc, idebr, googletorp, LewisNyman: Fix the visual bugs in the Bartik footer
  • #2507459 by Wim Leers: CachePluginBase and subclasses no longer need Renderer/RenderCache services injected
  • #2505649 by tohesi: Update jquery.once to 2.0.2
  • #2504995 by Xano: Component DefaultFactory relies on core's concept of plugin providers
  • #2506793 by Gábor Hojtsy: Config translation shows search field below table
  • #2510072 by phenaproxima: UTF-8 support in MySQL driver breaks migrate dump files
  • #2509434 by willzyx: Faulty dependency to ThemeInitialization in Drupal\Core\Theme\ThemeManager
  • #2203779 by ivanstegic, pguillard, Xano, Prashant.c, jhodgdon: Improve wording of the configuration import form
  • #2417895 followup by David_Rothstein: AccountPermissionsCacheContext/PermissionsHashGenerator must special case user 1, since permissions don't apply to it
  • #2505197 by Arskiainen, jaimeguzman, tstoeckler: Add a @see + docs about language_element_info_alter() to LanguageSelect
  • #2417895 by David_Rothstein, Berdir, Wim Leers, willzyx, catch: AccountPermissionsCacheContext/PermissionsHashGenerator must special case user 1, since permissions don't apply to it
  • #2407195 by Wim Leers, Fabianx, joelpittet, lauriii, Crell: Move attachment processing to services and per-type response subclasses
  • #2506655 by pguillard, joshi.rohit100: Database Schema class has no doc block
  • #2509496 by chx, benjy, phenaproxima: Make migrate process plugins more flexible/less boilerplate
  • #2503083 by pwolanin, neclimdul: Simplify PasswordInterface so it's not coupled to UserInterface
  • #2480811 by catch, dawehner, Crell, Berdir, amateescu: Cache incoming path processing and route matching
  • #2506349 by alexpott: Unnecessary looping in Xss::filter when processing attributes
  • #1305882 by dawehner, nod_, Fabianx, Steven Jones, sun, nlisgo: drupal_html_id() considered harmful; remove ajax_html_ids to use GET (not POST) AJAX requests
  • #2508591 by timmillwood, alexpott, chx, pwolanin: vendor/ is web accessible
  • #2505171 by neclimdul: Follow-up for follow-up for #2483433 (phpunit tests broken)
  • #2422815 by Xano, fgm, tim.plunkett, dawehner: Don't initialize the discovery object in plugin managers, unless needed
  • #2505171 by Wim Leers: Follow-up for #2483433
  • #2505521 by benjy: Clean-up un-need test classes in migrate_drupal
  • Revert "Issue #2505521 by benjy: Clean-up un-need test classes in migrate_drupal"
  • #2502617 by droplet, darol100: When changing from a text format with an editor to one without, any user-entered changes are ignored: the original text is saved
  • #2504993 by Xano: HookDiscovery sets "module" instead of "provider" in plugin definitions
  • #2509448 by xjm: Further refactor use of SafeMarkup in HWLDFWordAccumulator
  • #2462221 by emma.maria, Dom., rudraram, jp.stacey, Manjit.Singh, sxnc, Cottser, idebr: Highlighted region has not fixed width layout on Bartik theme
  • #2505835 by andypost: Optimize CommentAdminOverview
  • #2505937 by JeroenT: Remove usage of @deprecated methods on BubbleableMetadata class
  • #2502913 by jibran, larowlan: Link field default options values should be array
  • #298768 by mkalkbrenner, stefan.r: Ensure that entries are written to watchdog table
  • #2506369 by catch, dawehner, Wim Leers: Cache CSS/JS asset resolving
  • #2499943 by mikey_p, Berdir, catch: system.active_theme.THEMENAME state should not cache theme data
  • #2508654 by chx, dawehner, Chi: File inclusion in transliteration service
  • #2501823 by peezy, joelpittet, davidhernandez: Document SafeMarkup::set in FormCache::loadCachedFormState
  • #2506133 by alexpott, joelpittet, dawehner, pwolanin: Replace SafeMarkup::set() in \Drupal\Core\Template\Attribute
  • #2508777 by dawehner: Database Connection test fails on PHP-5.5
  • #2349711 by lauriii, mortendk, sqndr, akalata, yannickoo, Manjit.Singh, Jolidog, b0unty, aliyakhan, LewisNyman: Remove all visual from stark
  • #1314214 by stefan.r, phayes, ergophobe, YesCT, damienwhaley, kbasarab, Tor Arne Thune, basic, pfrenssen, yannickoo, simolokid, fietserwin, bzrudi71: MySQL driver does not support full UTF-8 (emojis, asian symbols, mathematical symbols)
  • #2496367 by jibran, nod_, zniki.ru, ashutoshsngh: Add dawehner and pwolanin as Menu subsystem maintainer
  • #2496789 by lauriii: Add davidhernandez and mortendk as maintainers for Classy theme
  • #2504893 by mpdonadio: Add mpdonadio as maintainer for DateTime module
  • #2503109 by Cottser: Remove Cottser from the Core mentoring leads in MAINTAINERS.txt
  • #2501685 by Dave Reid: Batch::claimItem() contains wrong class in documentation
  • #2505193 by googletorp: MockFileFinder has empty contruct method
  • #2358409 by tien.xuan.vo, Haza: image_image field element is processed 2 times
  • #2499823 by ryanissamson, dylanf: Minor CHANGELOG.txt formatting
  • #2505851 by JeroenT: Remove deprecated function taxonomy_*
  • #2483781 by borisson_, rbayliss, cilefen, mitalimehta, joshi.rohit100: Move cache contexts classes from \Drupal\Core\Cache to \Drupal\Core\Cache\Context
  • #2484619 by borisson_, Wim Leers, lauriii, larowlan, dawehner: Forum responses don't set cache tags
  • #2505149 by Dom.: Remove empty Personalization panel in AccountSettingsForm
  • #2501639 by crowdcg, Cottser, cwells, YesCT, Gábor Hojtsy: Remove SafeMarkup::set in drupal_check_module()
  • #2495179 by dawehner, Gábor Hojtsy, lauriii, Fabianx, chx, effulgentsia: Twig placeholder filter should not map to raw filter
  • #2504417 followup by dawehner, daffie: Fix Drupal\Tests\migrate\Unit\MigrateSqlIdMapTest::testGetQualifiedMapTablePrefix()
  • #2501441 by mlncn, joelpittet, cilefen: Document SafeMarkup::set in AllowedTagsXssTrait::fieldFilterXss
  • #2452577 by JeroenT, AjitS, tadityar, arpitr, dpopdan, Mile23, andypost: Remove Usage of deprecated function taxonomy_*
  • #2504781 by neclimdul: Skip instead of fail migration tests if pdo_sqlite is missing
  • #2505701 by pwolanin, YesCT, akalata: Document SafeMarkup::set and Use htmlspecialchars() directly in Attribute() so we don't bloat the list of safe strings
  • #2505655 by martin107: Remove stale todo in AuthenticationManager
  • #2473955 by Cottser: Prefix form-wrapper classes with js-
  • #2501827 by cwells, kgoel, jcloys, YesCT, crowdcg, Bojhan: Remove SafeMarkup::set() in file_save_upload() and allow render/template code to control a single-item list
  • #2501705 by tetranz, pwolanin, Cottser, joelpittet, akalata: Remove SafeMarkup::set() in LinkGenerator and document SafeMarkup::set() in LinkGeneratorTest
  • #2263569 by tim.plunkett, effulgentsia, Fabianx, dawehner, Wim Leers, larowlan: Bypass form caching by default for forms using #ajax.
  • #2451395 by dawehner, catch, fgm, David_Rothstein: drupal_get_schema()/drupal_get_complete_schema() no longer work as expected; remove them
  • #2501947 by kgoel, leslieg, crowdcg, dawehner: Remove SafeMarkup::set in ViewUI::renderPreview()
  • #2501933 by leslieg, ashutoshsngh, YesCT, joelpittet, Cottser, dawehner: Remove dead code in ViewUI::getDefaultAJAXMessage()
  • #2505469 by pwolanin, joelpittet: Remove drupal_render() calls from template_preprocess_table()
  • #2494177 by nod_: Enable ESLint warning for missing JSDoc
  • #2495073 by dawehner, catch: Views feed display plugin has to get all views data on init
  • #2408463 by thomasfava, MathieuSpil, Manjit.Singh, Vidushi Mehta, LewisNyman: Rewrite entity-meta component inline with our CSS standards
  • #2408525 by MathieuSpil, cosmicdreams, Manjit.Singh, njbarrett, kamalpreetkaur, LewisNyman, axe312, dawehner: Rewrite Views UI CSS inline with our CSS standards - Part 1
  • #2504633 by eiriksm: Fix comments with more than 80 characters per line in BookManager
  • #1811858 by Mile23, deepakaryan1988: Add missing type hinting to File module docblocks
  • #2484611 by jhedstrom, fgm, Berdir, borisson_, Wim Leers: Tracker responses don't set cache tags & contexts
  • #1493324 by tim.plunkett, dmsmidt, mgifford, bleen18, davidhernandez, crasx, mparker17, stefan.r, YesCT, joelpittet, tstoeckler, larowlan, vijaycs85, swentel, rpayanm, Bojhan, LewisNyman, emma.maria, BarisW, njbarrett, rteijeiro, nod_, sun, joshtaylor, mrjmd, webchick, marcvangend, kattekrab, SKAUGHT, bowersox, andrewmacpherson, Manjit.Singh, RavindraSingh, Wim Leers, BLadwin, aspilicious, mortendk, mausolos, jessebeach, Gábor Hojtsy, anandps, falcon03, franz, andypost, rooby, rootwork, Cottser, Xano: Inline form errors for accessibility and UX
  • #2501749 by joelpittet: Remove SafeMarkup::set in SimpletestResultsForm.php
  • #2472621 by hchonov, plach: Translatable entity 'created' and 'uid' fields not initialized properly during content translation 'Add'
  • #2456009 by davidwbarratt: Add a "replace" section to core/composer.json
  • #2498625 by jhedstrom, larowlan: Write tests that ensure hook_update_N is properly run
  • #2502095 by joelpittet, cwells: Remove SafeMarkup::set in template_preprocess_views_ui_view_info()
  • #2501819 by leslieg, edysmp, Cottser, joelpittet: Remove SafeMarkup::set in search_embedded_form_preprocess_search_result()
  • #2504211 by mpdonadio: DateFormatter::formatDiff() ignore granularity in some circumstances
  • #2493557 by pfrenssen: Fatal error when creating a translatable vocabulary type
  • #2107249 by Jelle_S, tstoeckler, amateescu, Xano, jibran, yched: Don't assume that content entities have numeric IDs in EntityReferenceItem
  • #2504147 by mikeryan: Copypasta error with FileInterface::getCreatedTime() doc
  • #2503737 by googletorp: Wrong @file documentation for \Drupal\Core\Datetime\DateFormatter
  • #2471609 by jcnventura, pguillard: FilterTest testFilterQuery wrong assert message
  • #2496501 by olli, NickWilde: Grouped Filters Javascript Improvements
  • #2501655 by tim.plunkett, hchonov, willzyx: ConfirmFormHelper::buildCancelLink() incorrectly handles ?destination URLs with a leading slash
  • #2401843 by lahoosascoots, jhodgdon: Move all *.api.php files except system.api.php out of system module directory
  • #2401519 by davidwbarratt, derhasi: [policy] Decide on Composer Package Names
  • #2485409 by rudraram, Manjit.Singh, LewisNyman: Clean up content translation CSS inline with our CSS standards
  • #2496039 by yched: Formatter's #attached assets are not carried over by Views
  • #2254235 by AohRveTPV, mahtoranjeet, er.pushpinderrana, yogen.prasad, ashutoshsngh, Manjit.Singh, Charles Belov, nod_: Don't include leading and trailing spaces in password strength
  • #2504417 by alexpott: Fix Drupal\Tests\migrate\Unit\MigrateSqlIdMapTest::testGetQualifiedMapTablePrefix()
  • #2503017 by joshi.rohit100: Rename the migration setting conf_path to site_path
  • #2499035 by droplet: When in CKEditor maximized mode, Insert Image dialog is not working
  • #2195083 by Les Lim, ParisLiakos, Xano, gaurav_varshney, ravi.khetri, fago, jain_deepak: Add a dedicated @Constraint annotation class
  • #2504109 by EvanSchisler, cilefen: A bunch of old update test dump scripts are still hanging out
  • #2497323 by jhedstrom, dawehner, alexpott, larowlan: Create a php script that can dump a database for testing update hooks
  • #2484037 by plach, Gábor Hojtsy, YesCT, dawehner: Make Views bulk operations entity translation aware
  • #2280963 by cwells, mlncn, peezy, joelpittet: Refactor use of SafeMarkup in HWLDFWordAccumulator
  • #2499835 by phenaproxima, chx, benjy: Remove broken Fake DB driver
  • #2502255 by dawehner, larowlan: Enable tags cache plugin by default for Views
  • #2494415 by bzrudi71: PostgreSQL: Fix migrate_drupal\Tests\d6\MigrateTaxonomyTermTest
  • #2410019 by alexpott, dstelljes: DrupalKernel::findSitePath() incorrectly reports directories for sites on nonstandard ports
  • #2475221 by alexpott: Remove some unused varaibles from views
  • #2451359 by alexpott: Remove the ability of collections other than the default to support configuration entities
  • #2497259 by catch, tim.plunkett, alexpott: system_region_list() unnecessarily translates region names
  • #2456521 by pjonckiere, mpdonadio, jhodgdon, rteijeiro, David_Rothstein, xjm: Add DateFormatter::formatDiff() as a non-buggy alternative to DateFormatter::formatInterval() when the start and end of the interval are known
  • #2490936 by cbanman, joshi.rohit100, ashutoshsngh, andypost, Cottser: hook_library_info_alter() docs and function signature are slightly out of date
  • #2385429 by tim.plunkett: setExecutableManager() is implemented on the wrong class
  • #2384675 by sidharrell, cilefen, Mile23, damiankloip, dawehner, Wim Leers, alexpott, neclimdul: Deprecate conf_path()
  • #2497847 by yched, amateescu: Simplify EntityDisplayEditFormBase ajax rebuild flow to work only with $this->entity
  • #2494313 by Pere Orga, sumitmadan: Follow up to Spellchecking Drupal - PHP
  • #2485397 by Manjit.Singh, MathieuSpil, gajendra sharma, saki007ster, LewisNyman: Clean up config translation CSS inline with our CSS standards
  • #2489400 by Bojhan, manauwarsheikh, yogen.prasad, Manjit.Singh, hylid: Reduce duplication/unnecessary text from Exposed forms
  • #2495209 by yogen.prasad, Manjit.Singh: 'Blocks administration page' link offered to users with no access
  • #2501577 by willzyx: Faulty dependency to ModuleHandler
  • #2501355 by willzyx: Remove unused router.builder service from Drupal\Core\Menu\LocalTaskManager
  • #2485293 by MathieuSpil, Manjit.Singh, rudraram, prajaankit, LewisNyman, DeeLay, sqndr: Clean up tour.module.css
  • #2392293 by bircher, tim.plunkett, alexpott, cilefen, gobinathm: Refactor hook_system_info_alter implementations to use ModuleUninstallValidatorInterface
  • #2494989 by catch, alexpott, vijaycs85: Don't render main help pages on modules page just to generate help links - can lead to high memory usage on form submit
  • #2443361 by joelpittet, Cottser, sqndr, lauriii, Manuel Garcia, Wim Leers: Remove theme_book_link, make book tree align with MenuLinkTree build
  • #2500723 by olli: Ajax dialog triggers click before mouseup
  • #2499605 by davidum, hchonov: tabledrag is adding tabledrag-handle twice for nested tables
  • #2385243 by aneek, subhojit777, iMiksu, spesic, deepakaryan1988, tohesi, Petr Illek, Cottser, lauriii: Make core user fields available for twig templates
  • #2499673 by droplet: Add back tabledrag row indication
  • #2346261 by DuaelFr, kmoll, Berdir: Deprecate entity_create() in favor of a ::create($values) or \Drupal::entityManager()->getStorage($entity_type)->create($values)
  • #2279105 by mgifford, nidaismailshah, thedavidmeister, amitgoyal, rpayanm, ameenkhan07, rakhimandhania, jhodgdon: Remove as many "..." and ellipsis characters from the codebase as possible without altering the meaning of text
  • #2350683 by rjacobs, Berdir: File field "Enable Description field" setting cannot be saved via instance settings in UI
  • #2486979 by metzlerd, ashutoshsngh, deepakaryan1988: Document Select/list elements
  • #2473943 by Manjit.Singh, Cottser, mu5a5hi, LewisNyman, mortendk, rteijeiro, rachel_norfolk: Prefix form-file and form-managed-file classes with js-
  • #2502477 by alexpott: Running all the PHPUnit tests using PHPUnit results in failure
  • #2492191 by droplet: Remove "Crawl-delay" in robots.txt
  • #2381277 by dawehner, plach, damiankloip, alexpott, olli, fgm, Wim Leers, Fabianx: Make Views use render caching and remove Views' own "output caching"
  • #2497017 by damiankloip, jmolivas: Views::getApplicableViews() initializes displays during route rebuilding etc
  • #2493677 by nod_, dawehner, Wim Leers: JSDoc for misc/ files
  • Revert "Issue #1838242 by jhedstrom, pivica, tim.plunkett, GaëlG, dawehner, olli, Lendude: Provide Views integration for datetime field"
  • #2481453 by dawehner, pwolanin, rteijeiro, neclimdul, znerol: Implement query parameter based content negotiation as alternative to extensions
  • #2494293 by umarzaffer, pguillard, ashutoshsngh, xjm, RavindraSingh, joelpittet: Document the #noscript property
  • #2273925 by larowlan, aneek, lauriii, mikey_p, joelpittet, dimaro, Fabianx, xjm, jaredsmith, effulgentsia, lokapujya, iMiksu, chx, YesCT, googletorp, dawehner, Wim Leers, Cottser: Ensure #markup is XSS escaped in Renderer::doRender()
  • #2501447 by Cottser: Document SafeMarkup::setMultiple in _batch_page()
  • #2500747 by joelpittet, effulgentsia: Remove 'html' option from theme('time')
  • #2501747 by cwells, joelpittet, peezy: Remove SafeMarkup::set in search_excerpt
  • #2472177 by Dom., nod_, drubb, mgifford: Collapsible fieldset have duplicated and wrong aria-expanded
  • #2501451 by Cottser, joelpittet: Document SafeMarkup::set in drupal_get_messages()
  • #2493683 by nod_, dawehner, eiriksm, Wim Leers: JSDoc for JS using Backbone
  • #2501403 by Cottser, xjm, pwolanin, joelpittet: Document SafeMarkup::set in Xss::filter
  • #2500977 by olli: History module triggers a post request for anonymous users on all node pages
  • #2500031 by cilefen: Killing the entire Testing list page if any test anywhere is missing a summary is not nice; add robustness
  • #1838242 by jhedstrom, pivica, tim.plunkett, GaëlG, dawehner, olli, Lendude: Provide Views integration for datetime field
  • #2478119 by znerol, andypost: Replace references to Session Manager with references to Session
  • #2483433 by damiankloip, Wim Leers, catch, dawehner: Optimize CacheableMetadata::merge() + BubbleableMetadata::merge()
  • #2395831 by dawehner, fago, martin107, cafuego, YesCT, plach, jibran, larowlan, Wim Leers, effulgentsia, klausi: Entity forms skip validation of fields that are not in the EntityFormDisplay
  • #2494319 by Pere Orga: Follow up to Spellchecking Drupal - Comments
  • #2493691 by nod_, eiriksm, dawehner: Add JSDoc for core modules JS
  • #2498849 by catch, dawehner: Entity view controller title rendering is expensive
  • #2195573 by Xano, eiriksm, heddn, ParisLiakos, Les Lim, Pere Orga, dinarcon, xjm, alexpott: Add a dedicated @LanguageNegotiation annotation class
  • #2460529 by alexpott, chx, phenaproxima: Migrations need to use the configuration entity dependency system
  • #2478483 by Wim Leers, Fabianx: Introduce placeholders (#lazy_builder) to replace #post_render_cache
  • #2498293 by cilefen, Fabianx: Only allow lowercase service and parameter names
  • #2478413 by typhonius: Remove an extra comment space in the MySQL Connection class
  • #2473729 by FMB, darol100, ifrik, ivarlaks, jhodgdon: Review the hook_help for Internal page cache module
  • #2499615 by honzakuchar: Docblock interface Drupal\Core\Extension\ThemeHandlerInterface::uninstall typo
  • #2389811 by znerol, mpdonadio, alexpott, hussainweb, neclimdul: Move all the logic out of index.php (again)
  • #2218145 by mglaman, fran seva, Alumei, dawehner: Change EntityRouteEnhancer::enhance() to use protected methods instead of one giant method
  • #2476059 by willzyx, tadityar, yarik.lutsiuk, Berdir: Remove EntityInterface->getSystemPath(), all its implementations and related usage
  • #2475715 by stefan.r, tstoeckler: Module uninstall form does not validate correctly and breaks the confirmation form after 60 seconds
  • #2496801 by cilefen, Cottser: Change setGenerators to setUrlGenerator on TwigExtension
  • #2495419 by Cottser: Move the 'search-results' class from the render array and into a Classy template
  • #2477461 by borisson_, googletorp, Wim Leers, Crell: Move X-Generator header to its own listener
  • #2498689 by lauriii, Wim Leers, David_Rothstein: "Back to site" link no longer appears in the toolbar
  • #2115737 by darol100, rhuffstedtler, andythomnz, jemandy, ijf8090, zealfire, er.pushpinderrana, jhodgdon: Make the text in modules, themes, and profiles README.txt files more user-friendly
  • #1810002 by Mile23, piyuesh23: Add missing type hinting to Config module docblocks
  • #2488844 by markie, jhodgdon: Write tests for raw time span and time span formatters in Views
  • #2494679 by Xano: Fix LanguageNegotiatorInterface type hints in docblocks
  • #2497447 by mpdonadio, stefan.r, jhodgdon: DrupalDateTime::format() and DateTimePlus::format() ignore the timezone setting
  • #2489664 by sumitmadan, davidhernandez, Manjit.Singh, Cottser: Remove unnecessary markup from core templates, a.k.a. divitis
  • #2485375 by marieke_h, Manjit.Singh, MathieuSpil, LewisNyman, geertvd: Clean up shortcut CSS inline with our CSS standards
  • Revert "Issue #1314214 by stefan.r, phayes, ergophobe, YesCT, damienwhaley, Tor Arne Thune, kbasarab, pfrenssen, basic, yannickoo, simolokid: MySQL driver does not support full UTF-8 (emojis, asian symbols, mathematical symbols)"
  • #2139185 by penyaskito, YesCT: Notify users when landing on config translation page with only one language listed
  • #2489560 by Manjit.Singh, Cottser, mortendk, LewisNyman: move comment.theme.css to classy
  • #2498269 by willzyx: Syslog is incompatible with Webprofiler - Faulty dependency to ConfigFactory
  • #2498515 by Berdir, neclimdul: Update additional Symfony Components to 2.7.0
  • #1314214 by stefan.r, phayes, ergophobe, YesCT, damienwhaley, Tor Arne Thune, kbasarab, pfrenssen, basic, yannickoo, simolokid: MySQL driver does not support full UTF-8 (emojis, asian symbols, mathematical symbols)
  • Revert "Issue #2498515 by neclimdul: Update additional Symfony Components to 2.7.0"
  • #2497113 by catch, dawehner: views_theme() gets 19 types of plugin definition, only needs five
  • #2498515 by neclimdul: Update additional Symfony Components to 2.7.0
  • #2254865 by Wim Leers, lauriii, borisson_, JeroenT, alexpott, Fabianx: toolbar_pre_render() runs on every page and is responsible for ~15ms/17000 function calls
  • #2429443 by vijaycs85, rteijeiro, penyaskito, gloob, xjm, nod_, geertvd, pjonckiere, alexpott, Wim Leers, Gábor Hojtsy, Fabianx, tim.plunkett: Date format form is unusable
  • #2497307 by Wim Leers: Search block marks itself uncacheable for no reason
  • #2486433 by damiankloip, Gábor Hojtsy, Wim Leers, dawehner, plach: Make ViewsForm stop marking itself as needing to be cached
  • #2489826 by droplet: tabledrag is broken
  • #2470693 by dawehner, Berdir, jibran, hussainweb, pwolanin, znerol: Upgrade to Symfony 2.7.0
  • #2451749 by amateescu, bzrudi71, jaredsmith: PostgreSQL: Fix views\src\Tests\GlossaryTest.php
  • #2491333 by Mac_Weber, opdavies: Update MAINTAINERS.txt to use human URLs
  • #2496943 by sasanikolic, stefan.r: Add condition to ignore PHP 7 on rest requirements check
  • #2456225 by nod_, drupaldrop, droplet: Improve formUpdated event
  • #2495353 by phenaproxima, benjy: migrate-db.sh should ignore volatile variables
  • #2488936 by lauriii, emma.maria: Bartik CSS library reordering
  • #2496261 by Berdir: Field Purging invalidates views_data caches as it uses the wrong hook
  • #2416831 by cilefen, vasi, tadityar, Noe_, lauriii, akalata, JeroenT, Cottser, davidhernandez: Add an active_theme twig function
  • #2482231 by alexpott: Deleting configuration entities is super slow once you have a few
  • #2493807 by jhedstrom, cilefen: Add symfony/console component to core
  • #2493047 by Wim Leers: Cache redirects should be stored in the same cache bin
  • #2489474 by mortendk, LewisNyman, Manjit.Singh, davidhernandez: Move book.theme.css to Classy
  • #2495657 by alexpott, jhodgdon: Admin links are missing from a module's help page
  • #2495833 by alexpott, tim.plunkett, dawehner: Drupal\node\NodePermissions::contentPermissions() is duplicate and dead code
  • #2494915 by Gábor Hojtsy: Fix comment in ViewEditTest.php
  • #2495755 by phenaproxima: Create MigrateDrupal7TestBase
  • #2495407 by jhedstrom, Noe_, cilefen: Regression: Editing a node with a disabled menu link re-enables that menu link
  • #1533366 follow-up by nod_, LewisNyman: Fix broken fullscreen AJAX throbber
  • #2466797 by mikeryan, benjy: Rename migration_groups key to avoid confusion with MigrationGroup support
  • Revert "Issue #1838242 by jhedstrom, pivica, tim.plunkett, GaëlG, dawehner, Lendude: Provide Views integration for datetime field"
  • #1838242 by jhedstrom, pivica, tim.plunkett, GaëlG, dawehner, Lendude: Provide Views integration for datetime field

Read more: http://drupal.org/node/2514176


(beta release)
28 May 2015 - 95MBThis release is a beta version. Betas are good testing targets for developers and site builders who are comfortable reporting (and where possible, fixing) their own bugs, and who are prepared to rebuild their test sites from scratch if necessary. Beta releases are not recommended for non-technical users, nor for production websites.

Known issues
  • Obvious user facing bugs: If you are testing the beta, be aware that there are obvious site visitor and site builder-facing bug.
  • There are still over 20 critical issues with this beta release that need to be resolved before we will create a release candidate.

Changes since 8.0.0-beta10
  • #2493091 by Wim Leers: Installing block module should invalidate the 'rendered' cache tag
  • #1805054 by Wim Leers, Gábor Hojtsy, effulgentsia, jibran, jessebeach, catch, dawehner, Fabianx, sun, larowlan: Cache localized, access filtered, URL resolved, and rendered menu trees
  • #2494561 by googletorp: double newline in the end of quickedit.module
  • #1994292 by David_Rothstein, Gábor Hojtsy: LanguageInterface::TYPE_URL (D8) and LANGUAGE_TYPE_URL (D7) have no name or description
  • #2030191 by andypost, j2r, forbesgraham, henk, InternetDevels, IshaDakota, millerbennett: Clean-up api examples of node module
  • #2494767 by plach: Rename MenuLinkContentUITest to MenuLinkContentTranslationUITest
  • #2473215 by smccabe, joshi.rohit100, googletorp, drubb, sumitmadan, m4olivei, jmolivas, darol100, meramo: Wrong text if no content types are available
  • #2470769 by wadmiraal, droplet, Manjit.Singh: Color module lock hooks don't show up correctly
  • #2449813 by JeroenT: Remove update_get_projects()
  • #2168893 by marthinal, euphoric_mv, lauriii, Elijah Lynn, nod_, blueminds, jhedstrom, joelpittet, dawehner, tim.plunkett, YesCT: Views filters groups adding and removing is broken
  • #2475483 by Arla, alexpott, Berdir, jeroen.b: Cannot quickedit an image or date field
  • #2432911 by pfrenssen, znerol: Provide test coverage to prove that a third party authentication provider does not automatically start a session
  • #2492835 by fago: Documented type for WidgetBaseInterface::flagErrors() parameter $violations is wrong
  • #2481383 by jmolivas, willzyx, cilefen: Remove unused entity.manager service from Drupal\system\Form\ModulesListForm
  • #2493021 by Wim Leers, Fabianx, dawehner: Remove unused & useless services from HtmlRenderer
  • #2417975 by phenaproxima, benjy, chx, neclimdul: EntityFile destination incorrectly assumes temporary files are absolute paths
  • #2349775 by Manuel Garcia, saki007ster, mortendk, Manjit.Singh, brahmjeet789, tombo, davidhernandez: Remove classes from Views templates
  • #980144 by DuaelFr, yched, ACF, poedan, tim.plunkett, mgifford, swentel, asgorobets, SamH, sun, Everett Zufelt: Issues with "required, multiple" fields in forms
  • #2342745 by Cottser, chr.fritsch, epari.siva, lauriii, wesruv, joelpittet, dawehner: Allow Twig link function to pass in HTML attributes
  • #2491353 by pfrenssen, znerol: Cookies from previous tests are still present when a new test starts
  • #2491691 by marcoscano, cilefen, jhodgdon, joachim: Entity API docs incorrectly state hook_schema() is needed
  • #2494069 by tohesi: Update normalize.css to v3.0.3
  • #2488884 by pixelmord, tim.plunkett, droplet: Machine name HTML5 validation fails when field is hidden
  • #2493913 by iMiksu: Update mikey179/vfsstream to the latest stable release
  • #2486943 by lostkangaroo, Crell, neclimdul: Standardize error message property name
  • #2489394 by cr0ss, jhodgdon, Cottser: Refactor the Search module markup to be inline with our standards
  • #753898 by corbacho, weri, opdavies, dscl, idebr, willzyx, manauwarsheikh, dansologuren, yoroy, alexpott: Wrong message for blocked users who request password reset
  • #2357997 by mpdonadio, martin107, lauriii, cilefen, alexpott, cdanik, connorwk: Add test coverage for tablesort header link titles
  • #2491687 by joachim: Make EntityViewsData::getViewsTableForEntityType() public rather than protected
  • #2487704 by AlexB-appnovation, Bojhan, rudraram, zetagraph: Use underline as the focused state (not border left/bottom)
  • Revert "Issue #2487704 by AlexB-appnovation, Bojhan, rudraram, zetagraph: Use underline as the focused state (not border left/bottom)"
  • #2410625 by hosef, benjy, phenaproxima: Update D7 dumps to match the D6 dumps
  • #2477845 by ingaro, bzrudi71: PostgreSQL: Fix broken migrate table creation
  • #2420737 by rodrigoaguilera, Pere Orga, Gábor Hojtsy, maxocub, jhodgdon, penyaskito, plach, danigrrl: Differences in dynamic language names are confusing in views, content, etc
  • #1944572 by hass, Cottser, idebr: Remove "ul.menu" dependency to prevent theme clashes
  • #2383871 by mgifford, rpayanm, a_thakur, maximpodorov, AohRveTPV, jhodgdon: Spellchecking Drupal - PHP
  • #2491155 by mikeburrelljr, Mac_Weber, opdavies: Update drupal.org and kernel.org URLs in core modules (Follow-up to 2489912)
  • #2486475 by Eli-T, alexpott, xjm: Notifying user of config changes when config has never been synched still makes no sense
  • #2477641 by opdavies, pguillard, kaypro4, gyuhyon, edutrul, yoroy: One-time login link failure messages are misleading because they are not marked as errors
  • #1818692 by mbrett5062, lokapujya, David_Rothstein, blacklight4: Improve the maintenance page error message (rollback)
  • #2485579 by ram4nd, droplet, nod_, MustangGB, evilfurryone, iMiksu: Update JS library picturefill to 2.3.1
  • #2486177 by disasm, amateescu, plach, Pere Orga, piyuesh23, webchick, Saphyel, dawehner, jibran, YesCT, yched, xjm, Gábor Hojtsy, Bojhan: Deleting an entity translation from the UI deletes the whole entity
  • #2489834 by droplet: Add droplet as maintainer for JavaScript
  • #2474677 by Mac_Weber: Add Mac_Weber to MAINTAINERS.txt for the link.module
  • #2457875 by webchick: reorganized MAINTAINERS.txt for new governance policy
  • #1833356 by grendzy: CSS files encoded in UTF-8 with BOM break the design when enabling CSS aggregation
  • #2470807 by LewisNyman, Dom., davidhernandez, emma.maria, lauriii, jp.stacey: Rename the default "Messages" region for all themes to "Highlighted"
  • #2490420 by amateescu, larowlan, Berdir, dpi: EntityAutocomplete element settings allows sql injection and for arbitrary user-supplied data to be passed into unserialize()
  • #2491915 by Berdir, miro_dietiker: Test @group detection fails for test classes with non-standard indendation
  • #2475187 by amateescu: Add a user-space implementation for LIKE BINARY in SQLite
  • #2465887 by dawehner, amateescu, tim.plunkett: Extract the install/uninstall functionality to a ThemeInstaller
  • #2469623 by phenaproxima, ultimike, amateescu, mrjmd, douggreen, chx, benjy: Process for creating migration source DBs for automated tests
  • #2468565 by eiriksm: Entity type view should provide a context for its label
  • Revert "Issue #2486453 by LewisNyman, sqndr, heatherwoz, hylid, yoroy, Bojhan: Set maximum width on Seven"
  • #2483617 by vasi, phenaproxima: The d6_file migration forgot to mention the uid column
  • #2112895 by willzyx, swentel, drunken monkey: Wrong redirection in admin/modules/uninstall/confirm if drupal is installed in a subdirectory
  • #2191115 by cs_shadow, alexrayu, JacobSanford, jhodgdon, Cottser: Clean up stale references to theme('foo') in documentation
  • #2473105 by ifrik, jhodgdon, lostkangaroo, opratr, LinL: Update hook_help texts that link to modules that can be uninstalled
  • #2486453 by LewisNyman, sqndr, heatherwoz, hylid, yoroy, Bojhan: Set maximum width on Seven
  • #2361423 by alexpott, larowlan, dixon_, swentel: Add a step to config import to allow contrib to create content based on config dependencies
  • #2489884 by mikeburrelljr, yoroy: Give the views modal window a larger width
  • #2473953 by mortendk, rteijeiro, rachel_norfolk, Cottser, aburrows, LewisNyman: Prefix form-submit classes with js-
  • #2488610 by catch, kim.pepper, Berdir: Use ModuleHander::getName() instead of rebuilding module data on permissions page
  • #2208585 by googletorp, quicksketch: Make #wrapper_attributes official and document it
  • #1533366 by nod_, valthebald, Jelle_S, Wim Leers: Simplify and optimize Drupal.ajax() instantiation and implementation
  • #2446859 by frob, jcnventura, mducharme, ge, mikeburrelljr: Installer warning: date_default_timezone_get(): It is not safe to rely on the system's timezone settings
  • #2337753 by alexpott: ContentEntityNullStorage does not implement a query service
  • #2413695 by joelpittet: Modules getting installed in the theme directory if they don't have a *.module file
  • #2491009 by trwad: Replace deprecated usage of entity_create with a direct call to the entity type class in Field UI module
  • #2433591 by dawehner, plach, YesCT, Wim Leers: Views using pagers should specify a cache context
  • #2475263 by LKS90, Berdir: Remove Role::postSave() method
  • #2456025 by stefan.r, alexpott, klausi: Rest tests fail on PHP 5.6 because of always_populate_raw_post_data ini setting
  • #2473805 by PieterJanPut, alieffring: Unused use statement in RearrangeFilter
  • #2251861 by olli, jibran: Add the feed icon back to taxonomy/term/% pages
  • #2489420 by Bojhan: Simply AJAX use form
  • #2452995 by JacobSanford, ashutoshsngh, jhodgdon: link_path should be url in the menu API documentation
  • #1751434 by droplet, oxyc, pguillard, lauriii, nod_: Selectors clean-up: user module
  • #2490974 by jstoller: seven_library_info_alter() is missing $extension parameter and condition
  • #1328014 by eiriksm, superspring: PDOException when saving a node on non-English languages
  • Revert "Issue #2433591 by dawehner, plach, YesCT, Wim Leers: Views using pagers should specify a cache context"
  • Revert "Revert "Issue #2489922 by anavarre, RavindraSingh: Fix minor typos""
  • Revert "Issue #2489922 by anavarre, RavindraSingh: Fix minor typos"
  • #2489922 by anavarre, RavindraSingh: Fix minor typos
  • #2490382 by mfarineau, cilefen, mradcliffe: Fix typo in EntityQueryTest doc block for figures var
  • #2476745 by joshi.rohit100, znerol, andile2012, webchick, Daniel Kanchev: Fix case of SuperNovaGenerator in HelpEmptyPageTest
  • #2447365 by JacobSanford, klausi, dawehner, jhodgdon, webchick: Let's explain in DestructableInterface why it is useful
  • #2490074 by chx, dawehner: hook_entity_access documentation is useless
  • #2469929 by mondrake, Bojan Živkov, LewisNyman, tim.plunkett, Bojhan, roderik: The confirmation forms' cancel link should be styled as a button
  • #2472147 by googletorp, anavarre, jaredsmith, bojanz: Standardize getter docblocks in node module
  • #2489402 by Bojhan: Remove "if any" from pager title
  • #2489912 by mikeburrelljr, opdavies, larowlan: Update Drupal.org URL in core modules
  • #889772 by stefan.r, tuutti, opdavies, Sutharsan, joachim, das-peter, YesCT, Zerdiox, hussainweb, mgifford: following a password reset link while logged in leaves users unable to change their password
  • #2488940 by plach: Contextual links are broken on multilingual sites
  • #2490146 by droplet: Prevent empty request on machine name transliterate
  • #2488866 by googletorp: Missing * in docblock for StatusMessages::generatePlaceholder
  • #2487808 by JesseSturgis, Scott Weston: autocorrect="off" and autocapitalize="off" in login form are deprecated and may be not enough
  • #2478167 by andypost, znerol: Generate proper value for sessionName property in BrowserTestBase
  • #2445497 by Mile23, dawehner: Decouple ContainerBuilderTest from Symfony's tests
  • #2422399 by aliyakhan, JCL324, mortendk, skippednote, rpayanm, tadityar, LewisNyman, joelpittet, idebr: Rewrite block.admin.css inline with our CSS standards
  • #2484131 by phenaproxima, neclimdul, mikeryan: Migration process plugin should log exceptions encountered during stubbing
  • #2486911 by mark.labrecque, joshi.rohit100: Garbled documentation in AssertBreadcrumbTrait.php
  • #2060553 by jhodgdon, manningpete: Search result snippet displayes HTML entities
  • #2478535 by phillamb168, sasanikolic, jhodgdon: Rewrite the documentation of content_translation_entity_type_alter()
  • #2473907 by alexpott, maijs: Tests not being run by testbot due to missing summary line
  • #2489966 by plach: The Views table style plugin does not specify cache contexts for click sorting
  • #2156295 by vegantriathlete, Rajendar Reddy: ajax_views.js has some extraneous code?
  • #2470307 by Mark_L6n, eiriksm, Gábor Hojtsy: Modifying path prefix for URL language detection causes error message for default language
  • #2488126 by phenaproxima: MachineName process plugin should use injected transliteration service
  • #2475001 by chris_hall_hu_cheng, jcnventura: Cache DateTime exception when Timezone not set
  • #2474537 by Noe_, tstoeckler, michaellenahan, cilefen: Installing in a non-English language fails for command-line installations (Drush, ...)
  • #2283637 by pfrenssen, dawehner, shivanshuag, znerol: Provide test coverage to prove that an AuthenticationProvider can initiate a session
  • #2489362 by shellshocked59, devupable, bpleduc, LewisNyman: Change views listing drop button to standard size
  • #2488632 by rpayanm, jhodgdon: Help test module should be in the Testing package
  • #2489376 by Bojhan: Remove "should" to more actionable
  • #2488954 by alexpott, webflo: Set simpletest memory limit to 128M
  • #2479819 by jhedstrom, grendzy: Menu hierarchy tests are not being run
  • #2485431 by bjmac, saki007ster, LewisNyman, rudraram: Clean up file CSS inline with our CSS standards
  • #2474047 by arturogarrido, ejabrown, mikeburrelljr, acrosman, lauriii, pwolanin, dawehner: Remove Timer from DrupalKernel
  • #2416109 by alexpott, bircher, xjm, dawehner: Validate configuration dependencies before importing configuration
  • #2461845 by Fabianx, Berdir, larowlan, David_Rothstein, Gábor Hojtsy: Private files that are no longer attached to an entity should not suddenly become accessible to people who couldn't see them before
  • #2486441 by jibla, richgilbert, entendu, emma.maria, amyvs, mradcliffe, heatherwoz, mu5a5hi, lnicks, hzakaryan: Clean up the "Search results" component in Bartik
  • #2480799 by mradcliffe, bzrudi71, dawehner, ingaro, jaredsmith: PostgreSQL: Fix views\Tests\Handler\FieldGroupRowsTest (again)
  • #2487099 by dawehner, plach, Wim Leers: Set cache contexts for exposed sorts / items_per_page / offset
  • #2485575 by ram4nd, willzyx, iMiksu, nod_: Update jQuery to 2.1.4
  • Revert "Issue #2470807 by LewisNyman, Dom., davidhernandez, emma.maria, jp.stacey, lauriii: Rename the default "Messages" region for all themes to "Highlighted""
  • #2468767 by eiriksm, Gábor Hojtsy: English config source strings are saved as custom translations in locale in foreign install
  • #2428795 by mkalkbrenner, plach, yched, catch, hchonov, webchick, tstoeckler, pjonckiere, miro_dietiker, Schnitzel, klausi: Translatable entity 'changed' timestamps are not working at all
  • #2480307 by camoa: DefaultPluginManager doesn't allow Plugin definitions from Themes
  • #2470807 by LewisNyman, Dom., davidhernandez, emma.maria, jp.stacey, lauriii: Rename the default "Messages" region for all themes to "Highlighted"
  • #2478855 by xjm, JacobSanford, jhodgdon: Improve documentation for hook_entity_type_build() and hook_entity_type_alter()
  • #2478319 by NickWilde: DBLog module config link
  • #2296885 by mikeker, dawehner: Remove format_xml_elements()
  • #2473949 by mortendk, rteijeiro, rachel_norfolk, Cottser, LewisNyman: Prefix form-type-* classes with js-
  • #2489100 by alexpott: Random fail in Drupal\views\Tests\Plugin\RowRenderCacheTest
  • #2473941 by mortendk, rteijeiro, rachel_norfolk, Cottser, LewisNyman: Prefix field-parent classes with js-
  • #2483903 by mradcliffe, dawehner: Fix tests broken by leverage entityDisplay to provide fast rendering for fields
  • #2258177 by amateescu, sun, mikeryan, bdone, dawehner, Berdir: Convert migrate_drupal tests to KernelTestBase
  • #2480959 by mradcliffe, dawehner, jaredsmith, bzrudi71: PostgreSQL: Fix views\Tests\Handler\FieldGroupRowsWebTest (again)
  • #2473709 by nicoloye, marcvangend, pjbaert, yoroy, webchick: Do not use SERVER_NAME as default value for the site name
  • #2317975 by Martin Mayer, jhodgdon, ifrik: Update Views help to explain multilingual
  • #2488156 by andile2012: Fix typos in @inheritdoc
  • #2289201 by mariano.barcia, webchick: [Meta] Make drupal install and run within reasonable php memory limits so we can reset the memory requirements to lower levels
  • #2472323 by dawehner, neclimdul, Crell, kim.pepper, nod_, Wim Leers, larowlan, jibran, pwolanin, catch: Move modal / dialog to query parameters
  • #2484539 by amateescu, dawehner, bzrudi71: PostgreSQL: Fix views\Tests\Handler\FieldFieldTest
  • #2486413 by Manjit.Singh, vinmassaro, LewisNyman: Seven's primary tabs have incorrect spacing on narrow screens
  • #2369987 by aneek, alexpott, joelpittet, rteijeiro, pgautam, jain_deepak, idebr: Remove SafeMarkup::set() from 'head' title on template_preprocess_html
  • #2486831 by amateescu: The $dbh and $connection members are mixed up in Drupal\Core\Database\StatementPrefetch
  • #2450897 by plach, epari.siva, dawehner, jibran, Fabianx: Cache Field views row output
  • #2339447 by lauriii, joseph.olstad, Fabianx, joelpittet, jcnventura, amateescu, Antti J. Salminen: Improve theme registry build performance by 85%
  • #2383865 by mgifford, pguillard, rpayanm, alexpott, jhodgdon: Spellchecking Drupal - Javascript
  • #2487261 by nod_, alanburke: Eslint config update for function spacing style
  • #2457427 by Crell: Bad error handling of invalid Entity definition
  • #2459777 by jibran, Jaesin, tstoeckler, TR: {taxonomy_index} and {taxonomy_term_hierarchy} doesn't join taxonomy data table in views
  • #2486431 by vilepickle, vinmassaro: Progress bar starts at 100%
  • #1862250 by amanire, Ivan Zugec, joates, yoroy, joshi.rohit100, acabouet, rpayanm: The "Trim length" format description is confusing/not clear to Drupal newcomers
  • #2487464 by mark.labrecque: Internationalization topic code section is not showing up as code
  • #2473123 by sander.devos, JacobSanford, xjm, jhodgdon: Add node grant classes and interfaces to the node access topic
  • #2473089 by boris sondagh, jhodgdon, drubb, ifrik: Book settings page has wrong settings label
  • #2448691 by joshi.rohit100, rpayanm, ameymudras, lakshminp: comment at top of comment_hacks.css references removed function
  • #2482295 by Berdir: Rebuilding field map with many bundles/fields is very slow
  • #2247379 by yched, alexpott, Berdir: Optimize config entity query conditions on ID
  • #2471793 by drubb, tadityar, ifrik, jhodgdon: Update hook_help text for Forum module
  • #2482215 by alexpott: Improve config_prefix documentation
  • Revert "Issue #2369987 by aneek, joelpittet, rteijeiro, jain_deepak, pgautam, idebr: Remove SafeMarkup::set() from 'head' title on template_preprocess_html"
  • #2485505 by Manjit.Singh, LewisNyman: Remove CSSlint errors from node module css
  • #2485573 by alanburke, ragnarkurm: Update JS library domready to version 1.0.8
  • #2369987 by aneek, joelpittet, rteijeiro, jain_deepak, pgautam, idebr: Remove SafeMarkup::set() from 'head' title on template_preprocess_html
  • #2473957 by sqndr, Cottser, LewisNyman: Prefix text-* classes with js-
  • #2251121 by olli, dawehner: Support to add a feed icon on pages with parameters
  • #2449445 by Cottser, emma.maria: Add "indentation" class back to indentation theme hook, use it for styling
  • #2485983 by willzyx: Rename the remaining {Form}::getFormID to {Form}::getFormId
  • #2471653 by bojanz, Kazanir: Standardize getter docblocks in Drupal\Core\Entity
  • #2417921 by jibran: Change Tour module tests & Block test views package to testing
  • #452244 by jhedstrom: Help text for Language domain needs to specify "no trailing slash"
  • #2393531 by jcnventura, mrjmd, simonrjones, rpayanm, Cottser, akalata, eiriksm, David_Rothstein, dawehner, xjm: Maximum function nesting level of '100' reached
  • #2485403 by mmatsoo, gaurav_varshney: DependencyTrait documentation still mentions 'entity'
  • #2475247 by amateescu, dawehner: SQLite: Fix views\Tests\Handler\FilterStringTest
  • #2485605 by ram4nd, iMiksu: Update jquery.once to 2.0.1
  • #2411689 followup by alexpott: Use a MemoryBackend in StorageComparer so that configuration import validators don't have to reread data from disk or the db
  • #2375589 by larowlan, pameeela, jibran, kim.pepper, Wim Leers, Bojhan: Convert custom block library page to views
  • #2471571 by bojanz, Dom.: Standardize getter docblocks in Drupal\Component
  • #2486083 by stefan.r: The following module is missing from the file system: standard
  • #2160643 by jhedstrom, dawehener: Add status report "requirement" for Twig C extension for PHP
  • #2335661 by Wim Leers, pwolanin, dawehner, Fabianx, larowlan, catch, Berdir: Outbound path & route processors must specify cacheability metadata
  • #2485171 by mikeryan: Fix spelling of MigrateExecutableMemoryExceededTest
  • #2472421 by geertvd, bircher, dawehner, jibran: Entity reference, views filter reference method is broken
  • #2396253 by geertvd, pcambra, dawehner, klausi, pjonckiere: Respect format configuration on REST views display
  • #2204509 by klausi, Xano, fago: Allow context definitions to specify default values
  • #2105797 by dawehner, fago, larowlan, effulgentsia, jibran, amateescu, yched: Add CompositeConstraintBase so that constraints involving multiple fields, such as CommentNameConstraint, can be discovered
  • #2471809 by Dom., skippednote, nod_, jessebeach: Toolbar module does not follow W3C
  • #2485611 by Jelle_S: Add Jelle Sebreghts (Jelle_S) as co-maintainer of Responsive Image module
  • #2483005 by rootwork: Minor typo in INSTALL.txt
  • #2336247 by larowlan, andythorne: Make Relation and Type domain configurable based on context
  • #2428103 by dawehner, amateescu, Berdir, AjitS: String formatter should link to its translation
  • #1081266 by stefan.r, mikeytown2, jeroen.b, tsphethean, mfb, joseph.olstad, marcelovani: Avoid re-scanning module directory when a filename or a module is missing
  • #2430219 by alexpott: Implement a key value store to optimise config entity lookups
  • #2484667 by joshi.rohit100, Berdir: Do not run query in node_cron() if search.module is not enabled
  • #2484247 by tim.plunkett: Documentation and coding standards fixes for \Drupal\system\Controller\FormAjaxController
  • #2462893 by anavarre, benjy: MigrateBlockContentTest assumes auto-increment increment of 1
  • #2187113 by Cottser, joelpittet: Incorrect usage of attributes in twig templates resulting in possible duplicate attributes
  • #2483479 by phenaproxima: d6_user_role migration depends on d6_filter_format
  • #2462889 by tim.plunkett: Remove TypedConfigManagerInterface::getDefinition()'s $is_config_name before Drupal 8.0.0
  • #2208811 by Pol, ivanjaros, dawehner, wizonesolutions: views_embed_view() cannot handle arguments
  • #2477157 by dawehner, Wim Leers, Fabianx, aneek, catch: rest_export Views display plugin does not set necessary cache metadata
  • #2481729 by larowlan: Cannot inject DatabaseQueue instances into forms - The database connection is not serializable
  • #2481731 by larowlan: Cannot inject DBLog instances into forms - The database connection is not serializable
  • #2467449 by googletorp, b0unty, LewisNyman: jQuery UI datepicker styles broken in Seven
  • #2343035 by fago, dawehner, larowlan, ianthomas_uk, cilefen, hussainweb, Miroling, jibran, beejeebus, dashaforbes, webmozart, klausi: Upgrade validator integration for Symfony versions 2.5+
  • #1923406 by stefan.r, yannickoo, catch, Crell, amateescu, pwolanin, morgantocker, Damien Tournoud, sun: Use ASCII character set on alphanumeric fields so we can index all 255 characters
  • #2448501 by ultimike, phenaproxima, benjy: Use the migrate cckfield plugin type for the link field
  • Revert "Issue #1923406 by stefan.r, yannickoo: Use ASCII character set on alphanumeric fields so we can index all 255 characters"
  • #2322949 by plach, kgoel, Berdir, fgm, damiankloip, dawehner: Implement generic entity link view field handlers
  • #2432791 by alexpott, vijaycs85, tim.plunkett, joshtaylor, Fabianx, Berdir, yched, bojanz: Skip Config::save schema validation of config data for trusted data.
  • #2030637 by yched, Mile23, daffie, Alumei, tidrif, chertzog, Berdir, swentel, ofry: Expand FieldConfig/BaseFieldOverride/FieldConfigBase with methods
  • #2469563 by marthinal, lauriii, dawehner, Fabianx, xjm, pjonckiere: Double-escape on Views filters
  • #2478091 by willzyx: Pager is shown twice in admin/people if views module is disabled
  • #2464283 by jeqq: Restore Simpletest's batch after modules installation in WebTestBase::setUp()
  • #2478151 by willzyx: Shortcuts to pages generated by views are not recognized as added to the shortcutset and are being added multiple times
  • #2479767 by Wim Leers: Fix MenuLinkInterface::isCacheable(): remove it in favor of implementing CacheableDependencyInterface
  • #2452491 by arpitr, Mile23: @deprecate drupal_pre_render_link() for Drupal 9
  • #2454751 by amateescu, dawehner, tstoeckler: SQLite: Fix user\Tests\Views\RelationshipRepresentativeNodeTest
  • #2449809 by JeroenT, tadityar: Remove usage of update_get_projects()
  • #1923406 by stefan.r, yannickoo: Use ASCII character set on alphanumeric fields so we can index all 255 characters
  • #2479363 by Wim Leers, dawehner: Cache MenuActiveTrail::getActiveIds() for *all* menus per route match: 1 cache get instead of N DB queries, saves 1 ms/response
  • #1867518 by plach, dawehner, yched, iMiksu, epari.siva, marcvangend, Fabianx, Wim Leers, effulgentsia: Leverage entityDisplay to provide fast rendering for fields
  • #2453931 by pjonckiere: ContextualDynamicContextTest follow up
  • #2475237 by mkalkbrenner: Method FieldItemList::equals() uses type safe comparison limiting usefulness.
  • #2456701 by kgoel, Cottser, dawehner, jhodgdon: Replace aggregator_title_link Views formatter with Field API formatter
  • #2375773 by olli, dawehner: Remove pager from default taxonomy term feed
  • #2481183 by davidhernandez: Quote tokens in theme .info.yml files
  • #1800174 by Mile23, Lars Toomre, rishikant05, YesCT, idebr, Jalandhar, jhodgdon, dawehner: Add missing type hinting to User module docblocks
  • #1811334 by Mile23, deepakaryan1988, Lars Toomre, yogen.prasad: Add missing type hinting to Forum module docblocks
  • #1811882 by Mile23, deepakaryan1988, Lars Toomre, yogen.prasad: Add missing type hinting to Search module docblocks
  • #2481751 by yogen.prasad, deepakaryan1988, Cottser, andypost, joelpittet, willzyx: Don't use full namespace for \Drupal\views\ViewExecutable in views.module
  • #2476225 by pixel5, cilefen, disasm, jhodgdon, TravisCarden: Doxygen on SuspendQueueException mentions non-existent callback_queue_worker()
  • #1811874 by Mile23, Lars Toomre: Add missing type hinting to Path module docblocks
  • #1811892 by Mile23: Add missing type hinting to Statistics module docblocks
  • #1800774 by Mile23, Lars Toomre: Add missing type hinting to menu_ui module docblocks
  • #2204697 by alexpott, tstoeckler, mauzeh, Berdir: Move getConfigPrefix() to ConfigEntityTypeInterface
  • #2473813 by FMB, joshi.rohit100, darol100, ifrik, jhodgdon, xjm: Update hook_help text for Custom Menu Link module
  • #2470069 by wadmiraal, Manjit.Singh, pjbaert, zakxxi, LewisNyman: Refactor color module CSS inline with our CSS standards
  • #2443651 by alexpott, mradcliffe, bzrudi71: PostgreSQL: Fix system\Tests\Cache\DatabaseBackendUnitTest
  • #2424533 by davidhernandez, mortendk: Copy views templates to Classy
  • #2471405 by tompagabor: When not logged Drupal\Core\EventSubscriber\FinishResponseSubscriber->setExpiresNoCache() causes a PHP warning because of an invalid timezone.
  • Revert "Issue #2470069 by wadmiraal, Manjit.Singh, pjbaert, zakxxi, LewisNyman: Refactor color module CSS inline with our CSS standards"
  • #2473113 by znerol, dpovshed, Wim Leers, Fabianx, dawehner, effulgentsia: All stack middlewares are constructed at the same time even for cached pages
  • #2395143 by amateescu, Fabianx, Berdir, beejeebus, dashaforbes, alexpott, larowlan, znerol, dawehner, catch, neclimdul, yched, fgm, effulgentsia: YAML parsing is very slow, cache it with FileCache
  • #2458387 by stefan.r, anksy, andypost, alexpott, hussainweb: Remove Utility\String class
  • #2461863 by stefan.r: Upgrade PHPUnit to the latest stable release
  • #2471751 by boris sondagh, oceankrish76, keopx: Update hook_help text for Book module
  • #2479515 by znerol: Use BasicAuthTestTrait in BasicAuthTest
  • #2480233 by xjm: Incorect docblocks in route processor tests
  • #2479815 by plach: Remove obsolete ContentEntityInterface::initTranslation() method
  • #2474909 by alexpott, mpdonadio, znerol, catch, Wim Leers, Berdir: Allow Simpletest to use the same APC user cache prefix so that tests can share the classmap and other cache objects

Read more: http://drupal.org/node/2459341


(beta release)
8 May 2015 - 95MBThis release is a beta version. Betas are good testing targets for developers and site builders who are comfortable reporting (and where possible, fixing) their own bugs, and who are prepared to rebuild their test sites from scratch if necessary. Beta releases are not recommended for non-technical users, nor for production websites.

Known issues
  • Obvious user facing bugs: If you are testing the beta, be aware that there are obvious site visitor and site builder-facing bug.
  • There are still over 40 critical issues with this beta release that need to be resolved before we will create a release candidate.

Changes since 8.0.0-beta9:
  • #2479593 by jhedstrom, zaporylie: Use User::getAnonymousUser() in DblogController::eventDetails()
  • #1942682 by zaporylie, deadbeef, jhedstrom, dawehner: Blank detail view in dblog for deleted users
  • #2478443 by Wim Leers: Set the 'is-active' class for anonymous users in a Response Filter instead of a #post_render_cache callback
  • #2468873 by pfrenssen, Dom., dawehner, znerol, xjm: Test that the authentication provider doesn't leak authentication credentials from the previous request
  • #2449457 by Anushka-mp, sasanikolic, Berdir, plach: inconsistent checks in content_translation
  • #2450251 by alexpott, xjm, sasanikolic, Berdir: Bundle cache is not invalidated after changing translation settings
  • #2405165 by yched, alexpott, xjm: Entity::setOriginalId() does enforceIsNew(FALSE), that is wrong for ConfigEntities
  • #2478667 by mdrummond: Remove link_path from responsive_image theme
  • #2123251 by Jelle_S, marcvangend, attiks, Sutharsan: Improve DX of responsive images; convert theme functions to new #type element
  • #567148: remove stray line added by previous commit to this issue.
  • #567148: remove stray file added by previous commit to this issue.
  • #2408513 by MathieuSpil, Manjit.Singh, Vidushi Mehta, svendecabooter, LewisNyman, emma.maria: Refactor forum module CSS files inline with our CSS standards
  • #2478543 by Wim Leers: Follow-up for #2463009: remove unused use statements
  • #2408481 by kyuubi, Karmen: Rewrite help.module component's inline with our CSS standards
  • #2463009 by Wim Leers: Introduce CacheableResponseInterface: consolidate ways of setting X-Drupal-Cache-Tags/Contexts headers
  • #567148 by jcnventura, Damien Tournoud, greenrover33: Use ONLY_FULL_GROUP_BY for MySQL
  • #2478247 by Mile23: SIMPLETEST_BASE_URL is an environmental requirement which should not fail tests
  • Revert "Issue #2429443 by vijaycs85, rteijeiro, penyaskito, gloob, xjm, nod_, geertvd, Wim Leers, Gábor Hojtsy, Fabianx, pjonckiere, tim.plunkett: Date format form is unusable"
  • #2466585 by Wim Leers, Fabianx: Decouple cache implementation from the renderer and expose as renderCache service
  • #2400143 by geertvd, pcambra, koence, pjonckiere: Bulk form actions display action message in the confirmation form
  • #2429443 by vijaycs85, rteijeiro, penyaskito, gloob, xjm, nod_, geertvd, Wim Leers, Gábor Hojtsy, Fabianx, pjonckiere, tim.plunkett: Date format form is unusable
  • #2432585 by almaudoh, znerol, dawehner, cpj: Improve authentication manager service construction to support custom global service providers
  • #2475177 by amateescu: SQLite: Fix system\Tests\Database\FetchTest
  • #2322195 by rpayanm, nlisgo, cilefen, balagan, LinL, akashjain132, filijonka, epari.siva, Tebro, Temoor, pcambra, unstatu, Poornima3, Shivam Agarwal, abhi170893, Dom., PieterJanPut, Mile23, JeroenT, disasm: Replace all instances of user_load(), user_load_multiple(), entity_load('user') and entity_load_multiple('user') with static method calls
  • #2475805 by tstoeckler, googletorp, webwarrior: menu_ui_form_node_form_submit() is called when the Preview button is pressed which fatals
  • #2425535 by lucaslg, balagan, tim.plunkett, lucaschain, nicoloye, pjonckiere, akalata, mondrake: No pager shows on taxonomy overview pages
  • #2350569 by webflo, alexpott, tim.plunkett: Allow external update of ConfigEntity properties that are associated with a PluginCollection
  • #2137849 by MartiMcFlight, m4olivei, jmuzz: No scrollbar in views style option popup
  • #2475749 by mbovan: Allow to set #cache metadata in hook_page_attachments()
  • #2275377 by martin107, mikeryan, chx, benjy, YesCT: Rename Row::stub to Row::isStub
  • #2474431 by droplet, nod_, Manjit.Singh: Better way to handle responsive navigation tabs
  • #2472269 by martin107, Xano, derhasi: Fix syntax errors in Drupal\Component\Plugin's composer.json, Add test
  • #2087103 by Mile23, rickwelch, jhodgdon, Crell, joachim: ParamConverterInterface one-line description doesn't explain what the class does
  • #2347799 by andypost, almaudoh, znerol: Remove bugged session-related methods from AccountInterface
  • #70722 by David Lesieur, bircher, rocket_nova, paranojik, Pasqualle, jhodgdon, robertDouglass, douggreen, petar.gnjidic, pfournier: Search results should respect the content type's "Display author and date information." option
  • #2472371 by Dom., pfrenssen: Exception shown on 401 Unauthorized
  • #2471611 by MathieuSpil, yannickoo, maijs: Create HiDPI ready version of theme screenshots
  • #2477251 by amateescu: PostgreSQL: Fix Connection::getFullQualifiedTableName()
  • #2121863 by googletorp, drubb, jhodgdon: There is no FileTransferInterface
  • #2472453 by googletorp, jhodgdon: Use full namespace for @return documentation
  • #2443805 by a_thakur, JeroenT: Remove element_* from common.inc
  • #2475397 by Wim Leers: Tiny follow-up for #2474121 + unit test coverage for (Bubbleable|Cacheable)Metadata::merge()
  • #2476247 by alexpott, mpdonadio: rebuild.php clears APU user cache w/o access check
  • #2473301 by stefan.r, jcnventura, David_Rothstein, yannickoo: Raise MySQL requirement to 5.5.3
  • #2473759 by tim.plunkett, Berdir, effulgentsia: Form caches should be deleted after submission
  • #2446783 by mpdonadio, dawehner, koence: Views preview not working without saving new display
  • Revert "Issue #2395143 by amateescu, Fabianx, Berdir, beejeebus, dashaforbes, larowlan, dawehner, catch, alexpott, neclimdul, yched, znerol, fgm, effulgentsia: YAML parsing is very slow, cache it with FileCache"
  • Revert "Issue #2395143 followup by amateescu: YAML parsing is very slow, cache it with FileCache"
  • Revert "Issue #2470145 by rbmboogie: Update manager displays checkbox for disabled extensions"
  • #2472669 by keopx, rpayanm, rteijeiro, jhodgdon: Complete documentation for every implementation of hook_ENTITY_TYPE_*
  • #2462393 by stefan.r, joelpittet: Upgrade Twig to 1.18.1 from 1.18.0
  • #2473687 by Dom.: Fix @todo in BasicAuthTest
  • #2462459 by Cinnead, Bojan Živkov, haasontwerp, emma.maria: Active trail menu items should be distinct from other items
  • #2398445 by jp.stacey, LewisNyman, Manjit.Singh, pjbaert, emma.maria, ti2m: Clean up the "elements" component in Bartik
  • #2346209 by keopx, Zekvyrin, subhojit777, cburschka, pguillard, dimaro, realityloop, m4olivei, joelpittet, rteijeiro, idebr: /filter/tips improperly escaped
  • #2369675 by FMB, pstewart: Document that SearchQuery does not support orderBy in queries outside of addScore
  • #2473075 by amateescu, alexpott: SQLite: Fix system\Tests\Installer\* test
  • #2362637 by yched, slashrsm, rpayanm: Editor.js attach/detach doesn't pass context all the way down
  • #2422679 by mortendk, davidhernandez, akalata: copy text template to classy
  • #1882788 by jabberwooki, keopx, joshi.rohit100, jhodgdon: assertText/assertNoText doesn't really show what you could see in the browser (bad docs)
  • #2474567 by alexpott: Remove unneeded code in hook_help implementations and standardise them
  • #2474121 by Wim Leers: CacheableMetadata should get BubbleableMetadata's merge/applyTo/createFromRenderArray/createFromObject methods
  • #2474107 by Cottser: Make OptionsWidgetsTest::testEmptyValue() care less about markup
  • #2349461 by Jelle_S, mdrummond, attiks, Wim Leers: Move fallback image style into the responsive image style entity
  • #2454669 by amateescu: SQLite: Fix tests in migrate_drupal test group
  • #2470924 by Xano: Entity manager allows entity type derivers, but should not
  • #2474817 by znerol: DrupalKernel::classLoader not updated when switching to apcu either through settings.php or automatically
  • #2409885 by nlisgo, tstoeckler, crasx, dmsmidt: Switch shortcut set form has accessibility issues
  • #2474439 by droplet: Missing Drupal.debounce wait time in responsive tabs
  • #2453711 by rbmboogie: Use public: false for request and response policy services
  • #2474761 by tim.plunkett: Remove TestFormBuilder completely
  • #2474835 by alexpott, znerol: Random test fail in PageCacheTest::testPageCacheAnonymous403404
  • #2389735 by lauriii, iMiksu, davidhernandez, larowlan, loopduplicate, LewisNyman, Wim Leers, dawehner, Cottser: Core and base theme CSS files in libraries override theme CSS files with the same name
  • #2349503 by targoo, guntervs, tadityar, meramo, piyuesh23, janne.valtakari: Incorrect documentation about dates in node template
  • #2455149 by k4v, jhodgdon, dawehner, Berdir: Aggregator xss fields should be using Field/Entity formatters
  • #2465633 by amateescu: Bring back the custom Statement class for the SQLite driver
  • #2473903 by mradcliffe: PostgreSQL: Fix entity_reference\Tests\Views\EntityReferenceRelationshipTest
  • #2474055 by dawehner, pwolanin: Performance regression in contact_help()
  • #2073075 by vanilla-bear, joshi.rohit100, swentel, marcingy, er.pushpinderrana, ACF, roderik: Don't call the t() function in OO code in the field_ui module
  • #2381505 by dawehner, pwolanin, aspilicious, rteijeiro: Unserialize preloaded routes on the fly
  • #2471228 by jcnventura, Wim Leers, Hjarnmastara: Optimize merging of attachments
  • #2472043 by drumm, jcnventura: Canceling a user account, assigning content to Anonymous, should clear the comment name
  • #2474011 by pwolanin: Incorrect class name in rest class documentation
  • #2474071 by lauriii: hook_library_alter() clean up
  • #2461531 by nod_, lauriii, pguillard: ESlint 0.18.0 compatibility and new rule
  • #2463263 by amateescu: SQLite: Fix system\Tests\Entity\EntityDefinitionUpdateTest
  • #2146045 by D Szkiba, joshi.rohit100, tyler.frankenstein, er.pushpinderrana, dajjen, jhodgdon, joachim: Document Field API allowed_values_function callback
  • Revert "Issue #2146045 by D Szkiba, joshi.rohit100, tyler.frankenstein, er.pushpinderrana, dajjen, jhodgdon, joachim: Document Field API allowed_values_function callback"
  • #2468499 by webflo: Add vendor libs to classmap through composer script event
  • #2473343 by floretan, Martin Mayer, LewisNyman: Seven Theme is dependent on system.admin.css
  • #2459873 by borisson_, swentel: FieldStorageConfig::__sleep() should unset ->original
  • #2471136 by eiriksm, nod_: Improve user interface for translating strings
  • #2471619 by jeanfei: Remove tags from all core theme.info.yml files
  • #2395143 followup by amateescu: YAML parsing is very slow, cache it with FileCache
  • #2472187 by Cinnead, jhodgdon: t() docs should not use @code inline
  • #2099137 by Wim Leers, amateescu, rteijeiro, larowlan, effulgentsia: Entity/field access and node grants not taken into account with core cache contexts
  • #2470137 by tadityar, zaporylie, pec, LewisNyman, ry5n, Bojhan, yoroy: Style Seven's fieldset elements
  • #2407565 by epari.siva, davidhernandez, akalata, pakmanlh, lauriii, vedpareek, Cottser, brianperry: Consensus Banana Phase 1, cleanup
  • #2161793 by boris sondagh, arrrgh, jhodgdon, catch, benjy: Create hook_help for migrate module
  • #2161797 by boris sondagh, mfernea, arrrgh, amitgoyal: Create hook_help for migrate drupal module
  • #2471218 by amateescu, Wim Leers: Dummy comment entity necessary for building comment form is expensive to build
  • #2471737 by klausi: PageCache::get() should return FALSE on a cache miss as promised by the docs
  • #2457551 by Gábor Hojtsy, rteijeiro, keopx, eiriksm, alexpott: Regression: optional default configuration is not translatable anymore in locale
  • #2400287 by hass, cutesquirrel, borisson_, rteijeiro, pfrenssen, cilefen: Remove all occurences of sourceMappingURL and sourceURL when JS files are aggregated
  • #2461049 by Arla, agentrickard, webflo, rteijeiro, xjm, Berdir: Node module permissions are broken if hook_node_grants is implemented
  • #2473837 by nod_, aspilicious: Use minified jQuery once
  • #2393713 by droplet, nod_: Update JS lib: jquery.form to 3.5.1
  • #2472865 by chx: PageEditTest presumes STRINGIFY_FETCHES
  • #2472547 by lauriii, dawehner: Remove deprecated hook_library_alter()
  • #2331783 by rpayanm, gerzenstl, keopx, rgristroph, nlisgo, er.pushpinderrana, andypost, rteijeiro, alexpott, BFox, omessaoudi: hook_ENTITY_TYPE_prepare_form() is not documented
  • #1663206 by mortendk, aliyakhan, LewisNyman, Manuel Garcia, pakmanlh, rteijeiro, jwilson3: Update update.admin.css inline with our CSS standards
  • #2395143 by amateescu, Fabianx, Berdir, beejeebus, dashaforbes, larowlan, dawehner, catch, alexpott, neclimdul, yched, znerol, fgm, effulgentsia: YAML parsing is very slow, cache it with FileCache
  • #2036195 by rteijeiro, m1r1k, _nolocation, andypost, joelpittet, akalata, haasontwerp: Remove views-more.html.twig and replace with #type link render arrays
  • #2228393 by almaudoh, andypost, pfrenssen, znerol, cpj, Dom.: Decouple session from cookie based user authentication
  • #2281989 by stefan.r: Add a fast and simple way to get module name from the module handler
  • #2469277 by Fabianx, effulgentsia, marcvangend, Wim Leers, YesCT: Changing #cache keys during #pre_render or anywhere else leads to cache redirect corruption
  • #2470946 by boris sondagh, ifrik: Update hook_help text for Filter module
  • #2471557 by Reno Greenleaf, boris sondagh, joshi.rohit100, JinX-Be, ifrik, jhodgdon: Update hook_help text for Text module
  • #2470976 by jeanfei, dimaro, jhodgdon: Move token hooks into new api.php file
  • #2091431 by ifrik, wzoom, batigolix, InternetDevels, jhodgdon: Update hook_help for Update Manager module
  • #2472329 by joshi.rohit100, ifrik, Reno Greenleaf: Update hook_help text for Statistics module
  • #2470936 by googletorp, meramo, Xano: Add proper @return tags to functions' PHPDoc comments
  • #2368987 by Wim Leers, Berdir, Schnitzel, epari.siva, bircher, vijaycs85, likin: Move internal page caching to a module to avoid relying on config get on runtime
  • #2467411 by klausi, fago: Context class does not use typed data trait correctly, leading to fatal errors
  • #2472961 by lussoluca: Update Twig to latest stable
  • #2472413 by geertvd: Unused variable in \Drupal\views\Plugin\views\argument_validator\Entity::calculateDependencies()
  • #2469667 by willzyx, m4olivei: Wrong message on shortcut insert/update
  • #2464657 by amateescu: Remove unnecessary cache clear in Views tests
  • #2470617 by trboslav, MathieuSpil, Manjit.Singh, _nolocation, LewisNyman, YesCT: Clean up css in ckeditor module
  • #2470952 by D Szkiba: Path deletion should be removed in path module after content translation removal.
  • #2428837 by swentel, borisson_: Adding/updating interface translations should invalidate page & render caches
  • #2467101 by neclimdul: Fix DialogTest outside apache/mod_php: don't send multiple Accept request headers
  • #2470093 by keopx, jhodgdon, dawehner: Views plugin 'user' needs to be replaced with entity-aware 'field' plugin
  • #2452381 follow-up by Lendude: Fixed progress bar not showing up
  • #2472281 by pwolanin: 404/403 responses for non-existing nodes are cached in Page Cache/reverse proxy, are not invalidated when the node is created
  • #2375689 by Arla, Wim Leers, dawehner, tim.plunkett, Berdir: BlockBase::blockAccess() should return AccessResult instead of a bool
  • #2297817 by alexpott, pounard, Berdir, yched, Fabianx, plach, mkalkbrenner: Do not attempt field storage write when field content did not change
  • #2400675 by hass, pguillard: Missing .map files causing 404 file not found errors
  • #2050269 by lauriii: hook_library_info_alter() is not called for themes
  • #2031641 by aburrows, lauriii, nlisgo, Pol, redsquid, tuutti, LewisNyman, akalata, agviu, kallehauge, _nolocation, rpayanm, saki007ster, mdrummond, RavindraSingh, brahmjeet789: Change active class to is-active
  • #2452381 by lanchez, googletorp, PieterJanPut: Use Drupal.theme for progress.js
  • #2296009 by fgm, Fabianx, AjitS: Use APC Classloader by default (when available)
  • #2442769 by keyral, jcnventura, dimaro, pec: Views result cache ignores query arguments
  • #2468151 by lhangea, rpayanm, Palashvijay4O: Rename the CacheContexts service to CacheContextsManager
  • #2471633 by AjitS, JeroenT: Spelling fixes in UserDeleteTest
  • #2388023 by GoZ: File/Image field formatters don't add a cache tag for the file they display
  • #2456599 by k4v, dawehner, larowlan, rteijeiro, cutesquirrel, yched, jhodgdon: Field node_field_revision.title needs to use an entity-aware formatter in Views
  • #2471743 by pwolanin: Create a more generic superclass of \Drupal\Core\Render\BubbleableMetadata
  • #2447555 by Cinnead: Unnecessary index on langcode and deleted column in dedicated field tables
  • #2470980 by PieterJanPut: Use $this->redirect() instead of ResponseRedirect in LocaleController::checkTranslation
  • #2469663 by eiriksm: Rename the Norwegian translation of the Norwegian languages
  • Revert "Issue #2459753 follow-up by tim.plunkett, alexpott: EntityForm::validate() should be able to modify the form structure"
  • #2459753 follow-up by tim.plunkett, alexpott: EntityForm::validate() should be able to modify the form structure
  • Revert "Issue #2459753 by tim.plunkett: EntityForm::validate() should be able to modify the form structure"
  • #2464045 by fgm: Move twig_render_var/twig_drupal_escape_filter to TwigExtension, inject the renderer in Twig extension and inline render() / show() function instead of calling it
  • #2422369 by mortendk, LewisNyman, akalata, katzilla: Remove Seven's block-recent-content.css
  • #2471707 by xjm: Provide an issue link in the @todo in EntityHandlerBase
  • #2470910 by PieterJanPut, ifrik: Update hook_help text for Entity Reference module
  • #2471729 by drubb, ifrik: Tracker module refers to replies instead of comments
  • #2471547 by drubb, ifrik: Update hook_help text for Shortcut module
  • #2470960 by Igor Kandyba, Reno Greenleaf, ifrik, jhodgdon: Update hook_help text for Link module
  • #2470994 by drubb, ifrik: Update hook_help text for Node module
  • #2469937 by ifrik, PieterJanPut, anavarre: Update hook_help text for Custom Block module
  • #2471216 by joshi.rohit100, PieterJanPut, Wim Leers: render() should call the renderer service directly
  • #2390241 by wadmiraal, jhodgdon, nod_: No documentation on how to define a library
  • #2427649 by hampercm, nod_: Update to jQuery UI 1.11.4
  • #2459753 by tim.plunkett: EntityForm::validate() should be able to modify the form structure
  • #2470833 by dpovshed: Tuning of the AssetResolver class
  • #2470928 by andrewsuth: Versions in core.libraries.yml are not always parsed as strings
  • #2471473 by klausi, pwolanin: REST responses should have proper cache tags
  • #2467887 by joshi.rohit100: Rename drupalGetAJAX to drupalGetAjax for parity with drupalPostAjaxForm
  • #2467895 by jhedstrom, lgalanter: taxonomy filter with depth completely broken
  • #2471024 by pjbaert, ifrik: Update hook_help text for RDF module
  • #2467041 by mr.baileys, jan.stoeckler: max-age on HTML responses wrongly set to `max-age=0, private` instead of `max-age=N, public` (breaks reverse proxies and client-side caching)
  • #2417549 by alexpott, znerol, benjy, Berdir: Drupal\migrate_drupal\Tests\d6\MigrateFileTest fail in MigrateTestBase
  • #2470155 by D Szkiba: Custom block types page has bad page title
  • #2469965 by tadityar, jeanfei: Bad @file doc blocks in core/modules/system/*.api.php
  • #2470145 by rbmboogie: Update manager displays checkbox for disabled extensions
  • #2105841 by mr.baileys, Wim Leers, cs_shadow, sanduhrs, chx, webflo: Xss::filter() ignores malicious content in data-attributes and mangles image captions
  • #2470569 by pwolanin: Mark \Drupal\Core\Template\TwigExtension::getUrlFromPath() as deprecated
  • #2154475 by tarekdj, neelam.chaudhary, droplet, nod_, lanchez, Poornima3, jamin_melville: Convert position selectors to be compatible with with jQuery native-API selector
  • #2469731 by xjm, larowlan, pfrenssen, hussainweb, chx: Document when to use BrowserTestBase
  • Revert "Issue #2469929 by Bojan Živkov: The entity delete confirmation form's cancel link should be styled as a button"
  • #2409653 by MathieuSpil: The color module lock/unlock link is not accessible
  • #2469929 by Bojan Živkov: The entity delete confirmation form's cancel link should be styled as a button
  • #2469911 by joshi.rohit100: The edit image styles form's cancel link should be styled a a button
  • #2414413 by joelpittet: Make sure we are building CSS classes as arrays
  • #2396483 by Karmen, balagan, SoumyaDas, saki007ster, lauriii, joginderpc: Add missing RTL rules to Seven theme CSS
  • #2470559 by vpeltot: Move some more core hooks out of system.api.php
  • #2470685 by czigor: MailManagerInterface->mail() documentation is wrong
  • #2469921 by joshi.rohit100: The appearance page doesn't have a primary button
  • #2469917 by tadityar: The install new theme page doesn't have a primary button
  • #2469889 by joshi.rohit100: The modules page doesn't have a primary button
  • #2462265 by jeqq: Return saving status when saving user entities
  • #2437761 by Dom., znerol: CSRF token seed and possibly other session data lost when set after a session regenerate
  • #2408265 by wadmiraal: Update hook_theme_registry_alter to not reference removed user.pages.inc
  • #2321901 by JeroenT, epari.siva, unstatu, Temoor, lokapujya, LinL, pcambra, piyuesh23: Replace all instances of entity_load('image_style') and entity_load_multiple('image_style') with static method calls
  • #2368373 by rafuel92, BrightBold, b0unty, rpayanm, pjbaert, Maninders, sushyl, jedihe: Focus effect on vertical tabs conflicts with tab affordance
  • #2345779 by subhojit777, singularo, idebr, Noe_, Yaron Tal, aneek, gngn, zaporylie, m.ioannidis, Sachini, clemens.tolboom, scor, ravi.khetri, rpayanm, SebCorbin: Fix double-escaping due to Twig autoescape in dblog event "operations"
  • #2469933 by Cauliflower: The view field edit form's remove should be styled as a danger button
  • #2469939 by joshi.rohit100: The permissions page doesn't have a primary button
  • #2454145 by kgoel, dawehner, adamwhite, rteijeiro, wwhurley: Replace user_name handler with Field API formatter
  • #2349907 by jhodgdon, susanb: Review and fix block hook_help text
  • #2079427 by Berdir, andypost, yched: Core/Entity depends on classes / functions from field.module
  • #2091395 by jhodgdon, amitgoyal, paboden, berkas1: Update hook_help for Contact module
  • #1833012 by rbmboogie: Move admin language negotiation up to first option
  • #2461773 by stefan.r, martin107: SortArrayTest has hardcoded string comparison result values, but these can differ between PHP versions
  • #2469941 by wadmiraal, jhodgdon: Move database-related hook docs from system.api.php to a new database.api.php file
  • #2296445 by Palashvijay4O, pjonckiere, er.pushpinderrana, roderik, blazey: Batch API: Overriding the queue class and name is not documented
  • #2074297 by pwolanin, hussainweb, larowlan: Optimize the code in doGenerate() in the UrlGenerator to take advantage of Drupal path restrictions.
  • #2318579 by roderik, andypost, rteijeiro, ashutoshsngh, AjitS, vedpareek: Remove comment_prepare_thread()
  • #2430909 by anwar_max, wadmiraal, harshil.maradiya, joshi.rohit100, ClientGuy: hook_theme_suggestions() hook_theme_suggestions_HOOK() documentation is incorrect about how the hook is invoked
  • #2467657 by wadmiraal: Typo in typedDataManager::createInstance() description
  • #2467429 by pfrenssen: Remove obsolete documentation from ActionInterface
  • #2468901 by Xano: Improve \Drupal\Component\Annotation\Plugin\Discovery\AnnotatedClassDiscovery documentation
  • #2448339 by a_thakur, gaurav_varshney, Mile23: Remove drupal_form_submit() from form.inc
  • #2463285 by stefan.r: Support PHP7 EngineExceptions in the error handler
  • #2265099 by znerol, neclimdul, rpayanm: Cleanup SessionHttpsTest and fix redirect to non-existing URL after POST requests
  • #2232861 by grom358, daffie, alexpott, larowlan, pfrenssen, hussainweb, pcambra, jibran, phenaproxima, moshe weitzman, nick_schuch: Create BrowserTestBase for web-testing on top of Mink
  • #2456713 by larowlan, dawehner, jibran: Custom taxonomy field views handler needs to be replaced with generic Field API handler
  • #2418559 by Palashvijay4O, chintan4u, rteijeiro: Fix comment formatting in /core/modules/rest/src/Tests/CreateTest.php
  • #2045473 by njbarrett, dcrocks, chippper, jjcarrion, lauriii, InternetDevels: Improve visibility of Seven's smallest font elements
  • #2463419 by Mile23, rpayanm, hussainweb: Clean-up Test members in core/tests - ensure property definition and use of camelCase naming convention
  • #2469507 by chx: EntityRevisionsTest output makes it hard to discern what is causing the error
  • #2331407 by Xano, tstoeckler, damiankloip: YamlDiscovery does not handle empty files
  • #2467559 by jmonkfish: "Summary" wrappers around links are not clickable on node form's edit entity meta panels
  • #2469269 by Berdir: Don't use a form submission to check the password in MigrateUserTest
  • #2469169 by Berdir: SchemaCheckTraitTest should use assertEqual(), not assertIdentical()
  • #2467627 by Wim Leers: Field(Storage)DefinitionInterface should implement CacheableDependencyInterface
  • #2463579 by tstoeckler: Add an ellipsis to truncated comment titles
  • #2466917 by jhedstrom: DatabaseCacheTagsChecksum::calculateChecksum() has incorrect documentation
  • Revert "Issue #2451395 by dawehner: drupal_get_schema()/drupal_get_complete_schema() no longer work as expected; remove them"
  • #2340993 by Berdir: SqlContentEntityStorageSchema::requiresEntityDataMigration() returns TRUE for cases where it should return FALSE
  • #2426781 by jibran: Custom OptionWidget have no empty option label
  • #2468079 by dawehner: Try to speed up InstallUninstallTest / ConfigImportAllTest
  • #2456705 by dawehner, adamwhite, larowlan, YesCT: Comment views field handlers need to be replaced with field/entity aware handlers
  • #2465221 by amateescu: Raise the minimun version requirement for SQLite to 3.6.8
  • #2463417 by rpayanm, cilefen, hussainweb: Clean-up remaining test members in module tests - ensure property definition and use of camelCase naming convention
  • #2396649 by Mile23, rpayanm: Clean-up forum module test members - ensure property definition and use of camelCase naming convention
  • #2457273 by pjonckiere: Number lists are not supported in docs - use bullet lists
  • #2448605 by martin107, willzyx, tim.plunkett, klausi, dpopdan: Replace usages of drupal_get_destination() with the redirect destination service
  • #2226621 by JeroenT, ianthomas_uk, lokapujya, pjonckiere, marcingy, LinL, Xano, rpayanm, piyuesh23: Remove usage of element_info(), element_child() and element_children(). Deprecate element_info_property()
  • #2464097 by joshi.rohit100: Add leading backslash to the test classes on the simpletest UI
  • #2466647 by joshi.rohit100: Misspelt key in render array in DbUpdateController
  • #2458543 by mbovan, Anushka-mp, jhedstrom: Entity query age(EntityStorageInterface::FIELD_LOAD_REVISION) only gets current revision ID
  • #2467775 by mondrake: Contrib toolkits are not picked up after module install
  • #2450153 by josephleon, damiankloip, joshi.rohit100, anksy: Add a default_formatter to UUIDs fields
  • #2451395 by dawehner: drupal_get_schema()/drupal_get_complete_schema() no longer work as expected; remove them
  • #2460695 by mitrpaka, rpayanm: No methods on RendererInterface should be static
  • #2456709 by dawehner, rteijeiro: File views handlers need to be replaced with entity-aware formatters
  • #2464877 by Wim Leers: Update RendererInterface::addDependency() to accept *any* object, not only CachableDependencyInterface objects
  • #2464605 by willzyx, Dom.: Regression: no link to admin/reports/status/php
  • #2451603 by nlisgo: Minor PHPDoc issue with LocalTasksTest::assertLocalTasks
  • #2432939 by neclimdul, Mile23: Optimize DrupalComponentTest
  • #2397225 by Chi, ufku: Drupal.formatPlural does not work
  • #2459819 by Wim Leers, rteijeiro: Remove CacheableInterface (and no longer let block plugins implement it)
  • #2422101 by andypost, pcambra, penyaskito: CommentItem should override the generateSampleValue method and provide sample values
  • #606840 by Wim Leers, cilefen, Fabianx, markpavlitski: Enable internal page cache by default
  • #2429501 by ParisLiakos, EclipseGc, mitrpaka: AggregatorFeedBlock does not output item links
  • #2454163 by larowlan, geertvd, rteijeiro: Replace comment_username handler with generic views handler
  • #2463321 by amateescu: Serializing the database connection is dangerous and error-prone, make it unserializable again
  • #2464659 by Wim Leers, rteijeiro: Routes that are varied by the 'user.permissions' cache context for anonymous users must also get the anonymous Role's cache tag
  • #2455739 by maxocub: formatPlural() is not fully tested for SafeMarkup
  • #2458817 by Berdir, dawehner: Creating new user entities for anonymous users is very slow
  • #2461857 by stefan.r: Update Zend Feed to latest stable
  • #2463103 by amateescu: SQLite: Fix system\Tests\Entity\FieldSqlStorageTest
  • #2448069 by a_thakur, JeroenT, Mile23: Remove usage and function update_project_storage() from update.compare.inc
  • #2465425 by jibran, pjonckiere, idebr: Vocabulary listing missing add taxonomy term link
  • #2465467 by willzyx, Dom., andypost: SystemInfoController::php() should check if function phpinfo() exists
  • #2466119 by marthinal: Remove duplicated word in the ControllerBase class doc
  • #2459155 by alexpott, pfrenssen, hussainweb, neclimdul: Remove REQUEST_TIME from bootstrap.php
  • #2463887 by pjbaert, er.pushpinderrana, Wim Leers, jhodgdon: Cache API topic - do not use @code inline
  • #2462259 by stefan.r, nicrodgers, nod_: Update underscore to 1.8.3
  • #2463817 by alexpott: Drupal\Core\FileTransfer\Local should use a leading \ when using PHP built-in classes
  • #2462589 by dawehner, jhodgdon: Provide test coverage for access checking of all views fields
  • #2452317 by dawehner: Let views result cache use cache contexts
  • #2448765 by nlisgo, Damien Tournoud, vlad.n, rteijeiro, Berdir, Fabianx, dawehner: Element::children sort order undefined and slower than it could be - This makes tests fail in PHP7
  • #2465917 by stefan.r, Damien Tournoud: CKEditor test fails in PHP7
  • #2465611 by alexpott: Fix --xml option in run-tests.sh
  • #2465031 by damiankloip: Do not allow UUID field to be click sortable
  • #2465005 by Berdir: PHP Strict Standards in NodeAccessGrantsCacheContextTest
  • #2464369 by neclimdul, joshtaylor: Upgrade to Symfony 2.6.6
  • #2465301 by klausi: Remove entity module from MAINTAINERS.txt, it does not exist
  • Revert "Issue #2458817 by Berdir, dawehner: Creating new user entities for anonymous users is very slow"
  • #2457405 by stefan.r, andypost: DateTimePlus violates substitution principle of DateTime. Make it support PHP 7
  • #2462261 by nicrodgers, stefan.r, attiks: Update picturefill to 2.3.0
  • #2463363 by rpayanm: ConditionInterface::condition docmentation contains wrong information
  • #2459949 by amateescu: Remove field_ui_entity_type_alter() and move the content to field_ui_entity_type_build()
  • #2464817 by amateescu: A few PHPUnit tests are not in the correct namespace
  • #2465009 by Berdir: Fix fatal errors in rest and views with PHP 7
  • Revert "Issue #2449445 by mortendk, alexpott, Cottser: Add "indentation" class back to indentation theme hook, use it for styling"
  • #2451363 by alexpott, Berdir, pjcdawkins: Ensure install_profile is exists in settings.php after installation
  • #2462851 by rpayanm, Wim Leers: Improve Views entity row renderer plugins' cache contexts
  • #2460847 by alexpott: Allow optional configuration to be installed when its dependencies are met
  • #2460911 by Wim Leers, jhodgdon: Search reindexing should invalidate cache tags
  • #2463029 by Wim Leers: EntityFormDisplay should update $form with cache tags of FieldConfig, FieldStorageConfig, EntityFormDisplay config entities
  • #2383863 by rpayanm, mgifford, maximpodorov, Valentine94: Spellchecking Drupal - Comments
  • #2389455 by hussainweb, AjitS, Mile23, subhojit777, tibbsa, Ayesh: Clean-up system module test members - ensure property definition and use of camelCase naming convention
  • #2452691 by prics, valthebald: Missing button type property on "Add language" button
  • #2412949 by kyuubi: Rewrite the system status report component inline with our CSS standards
  • #2462641 by jhedstrom: Incomplete documentation in Schema::addIndex() for $fields parameter
  • #2142997 by stefan.r: Test for ValidReferenceConstraintValidator
  • #2392221 by joegraduate, er.pushpinderrana, zealfire, ClientGuy: install_run_task() and install_tasks() don't document the task structure
  • #2460823 by jhodgdon: Document that locale + config translation integration treats string uniqueness the same way as locale itself
  • #2463807 by nod_: Remove seutje from MAINTAINERS.txt
  • #2428399 by SkidNCrashwell, Sagar Ramgade: Default empty option label text different in documentation
  • #2453341 by Wim Leers: Contact forms don't have necessary cache contexts & tags; flood control should work on validate, not on view
  • #2451789 by olli, jibran: Entity reference joins to the wrong base table in views
  • #2429037 by fago, larowlan: Allow adding entity level constraints
  • #2456691 by YesCT, andypost, dawehner, rteijeiro: User email field need to use Field-Entity-aware formatters in Views
  • #2463879 by fago: PHP unit tests fail if intl extension is missing
  • #2463821 by alexpott: Fix Drupal\Core\Config\ConfigManagerInterface::diff return documentation
  • #2461097 by Wim Leers: Make TwigThemeTestController:::registryLoaderRender()'s response uncacheable
  • #2454171 by damiankloip: Replace node_type Views handler with Field API formatter
  • #2392669 by hussainweb, Mile23, rteijeiro, subhojit777, AjitS: Clean-up field module test members - ensure property definition and use of camelCase naming convention
  • #2448503 by amateescu: Convert the "Field edit" form to an actual entity form
  • #2462681 by jessebeach, Manjit.Singh: Remove jessebeach from the maintainers.txt
  • #2453311 by David_Rothstein, TravisCarden, Dom., rpayanm: Issue #2417983 follow-up: a few more "the the"s
  • #2383015 by AjitS, jacob.embree: Revert back is redundant
  • #2461047 by chx: Simplify SourcePluginBase a tiny bit
  • #2460677 by Wim Leers: Tests testing config_test routes should use an authenticated user
  • #2462481 by amateescu: SQLite: Fix views\Tests\Handler\ArgumentDateTest
  • #2454731 by amateescu: SQLite: Fix search\Tests\SearchRankingTest
  • #2461087 by Wim Leers, dawehner: Add 'no_cache' route option to mark a route's responses as uncacheable (was: Cron run response should not be cacheable)
  • #2444231 by Wim Leers, nlisgo: Fix CacheableInterface so it makes sense (was: "Make Config objects & Entities implement CacheableInterface + add BubbleableMetadata::createFromCacheableObject()")
  • #2461523 by chx: UniqueFieldValueValidator condition is invalid EntityQuery
  • #2388255 by dawehner, hussainweb, pwolanin: Limit PDO MySQL to executing single statements if PHP supports it
  • #2418119 by Berdir, jhedstrom, larowlan, martin107, nlisgo, klausi, fago, Gábor Hojtsy: REST user updates bypass tightened user account change validation
  • #2461985 by stefan.r: Update Guzzle to latest release
  • #2456951 by chx: Impossible to enable views if entities are not in SQL: part 2
  • #2458487 by martin107: Alter php.xml.dist to remove test classes from code coverage reports
  • #2398471 by DickJohnson, crazyrohila, rpayanm, lauriii, idebr, LewisNyman, saki007ster, piyuesh23, lanchez, davidhernandez: Clean up the "footer" component in Bartik
  • #1897058 by disasm, rteijeiro: Replace "boolean" with "bool" when used as param/return/var type
  • #2398331 by cilefen, davidhernandez, Wim Leers, nod_: Add the ability to attach asset libraries directly from a template file
  • #2446869 by amateescu: Convert the "Field storage edit" form to an actual entity form
  • #2321599 by Temoor, rpayanm, subhojit777, vineeth@nair, LinL, pcambra: Replace all instances of comment_load(), entity_load('comment') and entity_load_multiple('comment') with static method calls
  • #2462175 by amateescu: SQLite: Fix case sensitivity in Views' string argument plugin
  • #2452363 by joekers: Classy's @file docblocks shouldn't say "Default theme implementation…"
  • #2457703 by Gábor Hojtsy: Default translatable site name is "Drupal" (incorrectly)
  • #2454733 followup by amateescu: Add a user-space case-insensitive collation to the SQLite driver
  • #2453399 by neclimdul: Use VFS for FileStorage tests
  • #2462289 by TravisCarden: Grammar error in config single import prompt
  • #2460731 by Wim Leers: Strict warning in ViewUnitTestBase
  • #2459975 by fgm: RouteCacheContext / RouteNameCacheContext implement CacheContextInterface
  • #2461081 by Wim Leers: Lock test pages are uncacheable but aren't marked as such
  • #1559116 by omega8cc, mva.name, droplet, Xano, mgifford: Make core aware of Nginx and PHP-FPM to avoid confusing alerts
  • #2296261 by GemVinny, lokapujya, lduerig, herom, rteijeiro: Misalligned Type field in Drupal 8.x views
  • #2460027 by epari.siva, vijaycs85: Update the documentation of Drupal\language\LanguageServiceProvider::getDefaultLanguageValues()
  • #2460479 by pjonckiere: CommentController::getReplyForm() docblock has a copy paste error
  • #2392221 by er.pushpinderrana, ClientGuy, zealfire: install_run_task() and install_tasks() don't document the task structure
  • #2459325 by jhodgdon: Document that language is not set on search keyword preprocessing
  • #2458723 by Xano: Incomplete documentation for DiscoveryInterface::getDefinitions()
  • #2459607 by idebr: Seven vertical tabs have underlined links in hover/focus state
  • #2453761 by Gábor Hojtsy: Views numeric formatter's plural formatting setting incompatible with many languages
  • #2460259 by sasanikolic, ameenkhan07: Multiple calls to LocaleConfigManager::getStringTranslation can return multiple new translation objects for the same source
  • #2443693 by mradcliffe, daffie: PostgreSQL: Fix views\Tests\Handler\ArgumentDateTest
  • #2458349 by Wim Leers: Route's access result's cacheability not applied to the response's cacheability
  • #2346373 by fago, sidharrell, rteijeiro, arlinsandbulte: Data reference validation constraints are applied wrong
  • Revert "Issue #2457345 by vijaycs85: Remove unnecessary format lookup in \Drupal\Core\Datetime\DateFormatter::dateFormat for 'custom' format"
  • #2455099 by kunalgrover05: Views overview topic page has some typos and omissions
  • #2461105 by cilefen, Wim Leers: One-time password reset page should never be cached
  • Revert "+ '.sparkleshare'"
  • #2459971 by Gábor Hojtsy: The langcode key on configuration files is not explicit in configuration schema
  • #2461063 by Wim Leers, effulgentsia: AJAX forms using #ajax broken when page caching is enabled
  • + '.sparkleshare' + 'SparkleShare.txt'
  • #2457345 by vijaycs85: Remove unnecessary format lookup in \Drupal\Core\Datetime\DateFormatter::dateFormat for 'custom' format
  • #2459407 by jhodgdon, jhedstrom: SQL syntax error when using the search_keywords filter or argument
  • #2453059 by Wim Leers: Set default render cache contexts: 'theme' + 'languages:' . LanguageInterface::TYPE_INTERFACE
  • #2462151 by hussainweb, benjy: Remove unused Utility\String use statements
  • #2457781 by prateekMehta, stefan.r, AjitS, hussainweb: Use Utility\Html class instead of Utility\String for decodeEntities() function
  • #2457271 by rteijeiro, Palashvijay4O, Cottser: More cleanup of the 'themeable' documentation group
  • #2457695 by alexpott: Make app.root.factory private
  • #2457887 by prateekMehta, stefan.r, rpayanm, alexpott: Use Utility\SafeMarkup class instead of Utility\String for placeholder(), checkPlain(),format() functions
  • #2454733 by amateescu: Add a user-space case-insensitive collation to the SQLite driver
  • #2401191 by jhedstrom, a_thakur, nlisgo, mohrerao: Activity Tracker shows 'Last updated' status as '45 years 1 week ago'
  • #2454625 by amateescu: SQLite: Fix SQLITE_SCHEMA errors in web tests
  • #2443699 by bzrudi71, daffie: PostgreSQL: Fix views\Tests\Plugin\CacheTest
  • #2455153 by damiankloip: Switch revision log views fields to use 'field' formatter
  • #1847596 by amateescu, amitaibu, YesCT, Berdir, David_Rothstein, xjm, rteijeiro, ParisLiakos, webchick, Wim Leers, yched, jhodgdon, Bojhan: Remove Taxonomy term reference field in favor of Entity reference
  • #2451679 by Wim Leers, dawehner: Validate cache contexts (+ cache contexts in some views plugins wrong)
  • #2212069 by Gábor Hojtsy, pjonckiere, rteijeiro, cilefen: Non-English Drupal sites get default configuration in English, edited in English, originals not actually used if translated
  • #2451665 by dawehner: Don't rebuild the route on ModuleInstaller::install() (30% installer speedup)
  • #2428703 by Wim Leers: Add a 'user.permissions' cache context (was: "Should cache contexts be able to associate a cache tag?")
  • #2455131 by andypost, larowlan: Field comment_field_data.field_name should be using Field API formatter
  • #2459003 by Wim Leers: #cache[cid] breaks bubbling
  • #2428805 by Wim Leers: Remove the ability to configure a block's cache contexts
  • Revert "Revert "Issue #2457653 by Gábor Hojtsy: System.site langcode is both used as a file language code and a site language code""

Read more: http://drupal.org/node/2459341


(beta release)
27 March 2015 - 95MBThis release is a beta version. Betas are good testing targets for developers and site builders who are comfortable reporting (and where possible, fixing) their own bugs, and who are prepared to rebuild their test sites from scratch if necessary. Beta releases are not recommended for non-technical users, nor for production websites.

Known issues
  • Obvious user facing bugs: If you are testing the beta, be aware that there are obvious site visitor and site builder-facing bug.
  • There are still over 50 critical issues with this beta release that need to be resolved before we will create a release candidate.

Changes since 8.0.0-beta8
  • Revert "Issue #2457653 by Gábor Hojtsy: System.site langcode is both used as a file language code and a site language code"
  • #2458925 by alexpott: Screen is black and completely unreadable in Configure page after install on standard profile
  • #2457653 by Gábor Hojtsy: System.site langcode is both used as a file language code and a site language code
  • #2411689 by alexpott: Use a MemoryBackend in StorageComparer so that configuration import validators don't have to reread data from disk or the db
  • #2454859 by Gábor Hojtsy, alexpott, mrjmd: Not possible to format plural an already translated string
  • #2458993 by Wim Leers: #cache[expire] is undocumented, unused, untested: remove it, use #cache[max-age] instead

Changes since 8.0.0-beta7
  • #2458413 by Wim Leers: BlockViewBuilder should specify cache contexts even for uncacheable blocks
  • #2456707 by dawehner, larowlan: Block Content views field handlers need to be replaced with entity-aware handlers
  • #2428695 by amateescu, daffie: SQLite date handling is wrongly implemented and arguments handling needs override
  • #1548204 by andypost, sun, typhonius, amateescu: Remove user signature and move it to contrib
  • #2458289 by Wim Leers: CronRunTest::testAutomaticCron() should test with an authenticated user
  • #2450637 by tim.plunkett, jasonawant: Block page visibility option "Show for the listed pages" does not appear to save
  • #2458045 by webflo: Remove calls to core/vendor/autoload.php
  • #2456983 by cilefen: Five methods in class TestFormBuilder are dead code. Remove them
  • #2372011 by richardcanoe, Noe_: NotFoundHttpException handler should take into account it's parameters
  • #2457251 by vijaycs85: Remove unnecessary call to drupal_get_user_timezone() in Drupal/Core/Datetime/DrupalDateTime::prepareTimezone() method
  • #2408511 by joaogarin, pjbaert, rpayanm, bobrov1989: Rewrite vertical-tabs component inline with our CSS standards
  • #2454441 by rteijeiro, hussainweb, 17thColossus, nullkernel: Rename Typed Data classes to support PHP 7
  • #2432837 by Wim Leers, Fabianx: Make cache contexts hierarchical (e.g. 'user' is more specific than 'user.roles')
  • #2412553 by amateescu: Taxonomy terms in an Entity Reference field are not sorted
  • #2443697 by mradcliffe: PostgreSQL: Fix views\Tests\Handler\HandlerAllTest
  • #1844198 by mgifford: wording of unimportant columns doesn't describe functionality
  • #2348321 by RobLoach, nod_: Upgrade to jQuery Once 2.x
  • #1598924 by david_garcia, omegamonk: Query with duplicate placeholders throws PDO Exception
  • #2454447 by andypost, dawehner, rteijeiro: Split Utility\String class to support PHP 7 (String is a reserved word)
  • #2090115 by alexpott, xjm: Don't install a module when its default configuration has unmet dependencies
  • #2457155 by chx: VocabularyCrudTest is needlessly SQL bound
  • #2394419 by hussainweb, cilefen, sachinwable: Clean-up file module test members - ensure property definition and use of camelCase naming convention
  • #2373741 by Wim Leers, hussainweb: Move bulk of render pipeline documentation to d.o handbooks
  • #2448357 by amateescu: Config entity forms need to have access to an updated entity object at all times
  • #2451607 by aneek: Remove call to SafeMarkup::set() from node_requirements()
  • #2303765 by davidhernandez, larowlan, mgifford: Make the default 'alt' attribute for Image fields required
  • #2455415 by rteijeiro, hussainweb, rpayanm, baisong: Rename Views plugin classes to support PHP 7
  • #2442999 by idebr: Views dialog filter does not restripe
  • #2444211 by Wim Leers, jhodgdon: Document cacheability of render arrays, and the considerations to use when generating render arrays
  • #2388349 by almaudoh: FormState::cleanValues() doesn't conform with the FormStateInterface documentation
  • #2443847 by cilefen: Remove dead HTML ID-tracking code from ViewPreviewForm
  • #2456459 by andypost: CommentInterface::getCommentedEntity() should return FieldableEntityInterface
  • #2148319 by crazyrohila, juankvillegas, Manjit.Singh, poojakural, Chloe Chen, joshtaylor: h2 on footer blocks must be hidden by default but must show when its enable
  • #2337509 by amateescu: Remove "@todo In theory we should use the data table as base table, as this would" from EntityViewsData
  • #2445723 by dawehner, neclimdul: Use the $request format instead of the ContentNegotation
  • #2442041 by Berdir: Remove CachedStorage::listAll() caching
  • #731298 by pjonckiere, jhodgdon: Searches for words with diacritics/accents: word not highlighted in results
  • #2452247 by rteijeiro, joshi.rohit100: Incorrect constructor docblock for RequestCloseSubscriber
  • #2452371 by Palashvijay4O: Remove @addtogroup themeable from theme.inc, only theme_indentation() needs it
  • #2449147 by Island Usurper: Backwards logic in a comment in a test
  • #2453891 by Dragooon, Wim Leers: Renderer::getCacheableRenderArray() does not include max-age
  • #2348773 by geertvd, IT-Cru: Aggregator item counts are formatted as date intervals
  • #2448915 by martin107, joshi.rohit100: FieldStorageAddForm constructor annotation bug
  • #2331907 by LewisNyman, alvar0hurtad0, tim-diels, tstoeckler, jOksanen, lduerig, psebborn, Outi: Seven theme's uppercasing of details summaries fails on the Simpletest results form
  • #2454393 by hussainweb: Upgrade to Symfony 2.6.5
  • #2455083 by dawehner, larowlan, klausi, David_Rothstein, hefox, tsphethean, dstol, DamienMcKenna, Pere Orga, benjy: Open redirect fixes from SA-CORE-2015-001 need to be ported to Drupal 8
  • #2424171 by vijaycs85, likin, Gábor Hojtsy, Wim Leers: Language module vs. content translation module interaction exposes content translation bug
  • #2346435 by fago: Improve interface-related instructins for providing an entity type to be accurate
  • #2451085 by dawehner, Arla: _drupal_log_error() passes NULL to ThemeManager::setActiveTheme(), violating its typehint
  • #1919930 by tim.plunkett, nlisgo: Bundle entity form IDs violate module namespaces (both on server-side + front-end CSS)
  • #2403743 by quietone, rpayanm: assertion style in migration
  • #2408461 by psebborn: Clean up 'page-title' component
  • #2405445 by crazyrohila: Refactor book module CSS files inline with our CSS standards
  • #2453627 by neclimdul, drunken monkey: Fix DrupalStandardsListener for non-TestCase objects
  • #2452943 by bzrudi71: PostgreSQL: Fix views\Tests\Handler\FieldGroupRowsWebTest
  • #2443683 by bzrudi71: PostgreSQL: Fix user\Tests\Views\HandlerFieldRoleTest
  • #2137801 by Berdir: Refactor entity storage to load field values before instantiating entity objects
  • #2443695 by bzrudi71: PostgreSQL: Fix views\Tests\Handler\FieldGroupRowsTest
  • #1668644 by Island Usurper, phayes, daffie, Brandonian, gease: PostgreSQL: Impossible to change a field to serial, bigserial, or numeric
  • #2454287 by dawehner: Make a couple of services lazy
  • #2443663 by daffie, vlad.n: PostgreSQL: Fix system\Tests\Entity\EntityDefinitionUpdateTest
  • #2455079 by klausi, David_Rothstein, pwolanin, benjy, Berdir: Password reset URL access bypass fixes from SA-CORE-2015-001 need to be ported to Drupal 8
  • #2286971 by znerol, Berdir, almaudoh, cilefen: Remove dependency of current_user on request and authentication manager
  • #11883 by samwilson, garym@teledyn.com: Add test coverage for auto-comment title functionality and word-breaking
  • #2423435 by benjy, chx: Add CckField Plugin type to migrate_drupal
  • #2452619 by vasike, amateescu, joshtaylor: Move entity_reference_create_field function to EntityReferenceTestTrait
  • #2446511 by amateescu, Wim Leers, yched, Bojhan: Add a "preconfigured field options" concept in Field UI
  • #2269033 by zaporylie, rpayanm, lieb, swentel, charginghawk, lorique, YesCT: ManageFieldsTest should not care about order of operations all the time
  • #2452347 by alexpott: "Make sure that the $test_class..." text appearing in whilst running Drupal\simpletest\Tests\KernelTestBaseTest
  • #2398451 by idebr, Dragan Eror, thamas, DickJohnson, emma.maria, saki007ster, LewisNyman: Clean up "layout" CSS in Bartik
  • #2449445 by mortendk, alexpott, Cottser: Add "indentation" class back to indentation theme hook, use it for styling
  • #2443681 by daffie, mradcliffe, bzrudi71: PostgreSQL: Fix user\Tests\UserAccountLinksTest
  • #2452361 by sushyl, Cottser: Remove "@ingroup themeable" from all Classy templates
  • #2421021 by YesCT, lhuacho, martin107, shashikant_chauhan, amateescu, tremix: Missing help text for external url only for link widget
  • #2418155 by jhedstrom, Berdir: options_field_views_data() excludes fields with an allowed_values_function for no reason
  • #2413709 by geertvd, Lendude: Javascript error after using jQuery UI Dialog close button in Views UI
  • #2446657 by rpayanm: Dead link on robots.txt
  • #2426495 by dawehner, alexpott: Remove the global $script_path
  • #2443885 by Xano: DrupalStandardsListener causes errors when it cannot retrieve test results. Missing abstract keyword
  • #2429671 by Berdir, Wim Leers: "The website has encountered an error. Please try again later." page is cached
  • #2436835 by amateescu, alexpott: Unable to create config schema for entity type specific entity reference selection plugin
  • #2451885 by Gábor Hojtsy: Config entities need to ship with language or are assumed undefined
  • #2453351 by effulgentsia, Wim Leers: Maintenance mode message ends up in page cache, served endlessly
  • #2449743 by root_brute, tstoeckler: SwitchShortcutSet has an unnecessary dependency on the route match
  • #2452499 by arpitr: Remove deprecated function definition for entity_load_by_uuid() and its references
  • #2452957 by claudiu.cristea: Remove node & taxonomy term hardcoding of bundle names in SelectionBase
  • #2452637 by a_thakur: Remove function system_rebuild_theme_data() from system.module
  • #2452995 by Jeroen: link_path should be url in the menu API documentation
  • #2453143 by Wim Leers: CommentForm depends on configured field, but doesn't associate that cache tag
  • #2443659 by daffie, mradcliffe, bzrudi71: PostgreSQL: Fix system\Tests\Entity\FieldSqlStorageTest
  • #2385443 by larowlan, dawehner: Test that base entity fields on views respect field level access
  • #2452659 by cilefen: Taxonomy term View preview is broken
  • #2443073 by Wim Leers, joshtaylor: Add #cache[max-age] to disable caching and bubble the max-age
  • #2429157 by root_brute, joshi.rohit100, rpayanm, rteijeiro, hussainweb, sidharthap: Remove TypedConfigInterface::set()
  • #2429481 by larowlan: Not able to create new tour tip plugin
  • #2449633 by joshi.rohit100, pjonckiere, willzyx, andypost: ShortcutsBlock does not respect the 'access shortcuts' permission
  • #2450205 by Gábor Hojtsy, mrjmd, plach: Translation settings don't appear for node in standard
  • #356399 by dawehner, beejeebus, catch, sidharrell, klausi, nlisgo, Josh Waihi, Berdir, martin107: Optimize the route rebuilding process to rebuild on write
  • #2427335 by benjy, chx, dawehner: Combine legacy Source class into SourcePluginBase
  • #2448847 by dawehner, arlinsandbulte: [regression] Themes unable to implement hook_theme_registry_alter()
  • #2342045 by dawehner, Gábor Hojtsy, larowlan, joshtaylor: Standard views base fields need to use same rendering as Field UI fields, for formatting, access checking, and translation consistency
  • Revert "Issue #2345779 by subhojit777, idebr, singularo, Yaron Tal, aneek, gngn, m.ioannidis, scor, clemens.tolboom, Sachini, ravi.khetri, SebCorbin, rpayanm: Fix double-escaping due to Twig autoescape in dblog event "operations""
  • #2345779 by subhojit777, idebr, singularo, Yaron Tal, aneek, gngn, m.ioannidis, scor, clemens.tolboom, Sachini, ravi.khetri, SebCorbin, rpayanm: Fix double-escaping due to Twig autoescape in dblog event "operations"
  • #2433281 by neclimdul, mrjmd: Move Role Constants on to a Class/Interface
  • #2386903 by pfrenssen: Warning: DOMDocument::importNode() ID already defined
  • #2447139 by Gábor Hojtsy: Config entities should be created in the negotiated language unless otherwise specified
  • #2443119 by geertvd: Views preview not working for REST display
  • #2259501 by anksy: Forward-port tests for taxonomy terms being retained after node edit
  • #2450383 by joshi.rohit100, martin107: Two incorrectly titled Subscriber constructor functions
  • #2370593 by daffie, nathanweeks, bzrudi71: Database::tableExists optimization for PostgreSQL
  • #2315015 by alexpott, gauravkhambhala, longwave: Remove progress-disabled class and associated CSS
  • #2451655 by klausi: Cache database schema description for expire is wrong
  • #2092245 by jbrown, rpayanm: SVGZ isn't served with correct encoding
  • #2415937 by Xano: Add a formatter for ChangedItem
  • #2367747 by Palashvijay4O, andypost, Alienpruts, Cottser, er.pushpinderrana, gaurav.pahuja, pfrenssen, rpayanm, vadim.hirbu: Remove usage of system_rebuild_theme_data()
  • #2449709 by banviktor: ContentEntityBase::set() does not respect its interface
  • #2432657 by Berdir, znerol: BasicAuth challenge never sent to browser
  • #2449079 by martin107, damiankloip: ViewsUI executable cleanup
  • #2417727 by Berdir: Notice: Undefined offset: 1 in core/scripts/run-tests.sh on line 952
  • #2448077 by a_thakur: Clean views.module with remaining deprecated functions: views_get_disabled_views, views_get_enabled_views and views_get_views_as_options
  • #2445175 by Arla: Exception message in setNewRevision() is missing @entity_type context
  • #2427095 by likin, idebr, prateekMehta: Formatting guidelines are not shown for textareas without WYSIWYG
  • #2076321 by yched, Mac_Weber, pcambra: Link "title" validation should use a static method
  • #2399939 by DickJohnson, LewisNyman, mherchel, idebr, brahmjeet789: Refactor 'admin-panel' CSS component
  • #2447049 by Cottser, joelpittet: Add a render filter to twig
  • #2332029 by Eric115: Add test coverage for .htaccess rules
  • #2433595 by chx, Berdir: WebTestBase::refreshVariables only resets cache_tags.invalidator.checksum
  • #2409417 by cafuego, jibran, larowlan: Disabling feed view display does not remove feed header from display it is attached to
  • #2447819 by pameeela: 'Custom Block' labels should use sentence case, not title case
  • #2443657 by daffie, bzrudi71: PostgreSQL: Fix system\Tests\Entity\EntityQueryTest
  • #2384863 by Gábor Hojtsy, vijaycs85, rodrigoaguilera: Translation language base field handler should use views field handler, provide unified options
  • #2443701 by bzrudi71, daffie: PostgreSQL: Fix views\Tests\ViewExecutableTest
  • #2289917 by Wim Leers, mdrummond, lauriii, Manuel Garcia, emma.maria, Scionar, davidhernandez: Convert "messages" page element into blocks
  • #2428643 by Upchuk: Always display the more link causes exception: cannot create a URL to a display without routes
  • #2445743 by dawehner, Wim Leers: Allow views base tables and entity types to define additional cache contexts
  • Revert "Issue #2445743 by dawehner, Wim Leers: Allow views base tables and entity types to define additional cache contexts"
  • #2433599 by Wim Leers: Ensure every (non-views) pager automatically associates a matching cache context
  • #2381217 by Wim Leers, dawehner, Fabianx: Views should set cache tags on its render arrays, and bubble the output's cache tags to the cache items written to the Views output cache
  • #2450151 by yched: Don't try to render all fields (including hidden ones) for single entity display
  • #2443691 by bzrudi71, xjm: PostgreSQL: Fix views\Tests\Handler\AreaTitleWebTest
  • #2443655 by daffie, bzrudi71: PostgreSQL: Fix system\Tests\Entity\EntityReferenceFieldTest
  • #2441583 by daffie: Upgrade Drupal\views\Tests\Plugin\StyleTestBase to HTML5
  • #2448843 by dawehner: [regression] Themes unable to implement hook_element_info_alter()
  • #2406681 by tstoeckler, hussainweb, alexpott, ParisLiakos, almaudoh, tadityar: Add an autoload.php in the repo root to control the autoloader of front controllers
  • #2448213 by alexpott: Remove admin templates from Classy
  • #1273052 by Chloe Chen: Footer container contents are wider than other page elements in Bartik
  • #2447831 by gordon: "The content access permissions need to be rebuilt" message not being escaped correctly
  • #2431329 by plach: Make (content) translation language available as a field definition
  • #2443665 by grom358, bzrudi71: PostgreSQL: Fix node\Tests\NodeCreationTest
  • #2417327 by cilefen: Remove usages of the deprecated valid_email_address()
  • #2408491 by joaogarin, mrjmd, vermario, jOksanen: Rewrite button components inline with our CSS standards
  • #2408475 by joaogarin, pjbaert: Rewrite skip-link component inline with our CSS standards
  • #2448023 by anksy: Fix or remove dead CSS in toolbar.module.css
  • #2446483 by Anushka-mp: Viewing fields requires a view builder
  • #2428297 by tvlooy: Duplicate index on entity_id column in dedicated field tables
  • #2426805 by dawehner, martin107: Modernize drupal_get_destination()
  • #2442221 by devpreview: Recursion calculate dependencies in area plugin
  • #2434697 by amateescu, pcambra: Remove UserAutocompleteController
  • #1811242 by Katiemouse, mrjmd: Add missing type hinting to Dblog module docblocks
  • #2394693 by mikeker: "Add another item" button in the wrong place for grouped filters
  • #2426489 by dawehner: Remove request_uri()
  • #2443381 by pjbaert: Make all test functions public
  • #2449069 by Berdir: Remove default block_plugin cache tags, because they're useless
  • #2447829 by Cottser: Add "menu" classes back to menu.html.twig for toolbar functionality
  • #2278073 by cbr, garphy, jonathan_hunt, Berdir: Files with spaces in URIs fail entity TypedData validation
  • #2429363 by babruix, twistor, filijonka, sun, Mile23, daffie, Wim Leers, chx: Add HTML5-lib to Drupal 8 core for the filter system and for the testing system
  • #2448373 by jbrown: X-Generator has incorrect drupal.org URL
  • #2273923 by mpdonadio, pfrenssen, effulgentsia, pcambra, xjm, tim.plunkett, martin107, cilefen: Remove html => TRUE option from l() and link generator
  • #2252763 by damiankloip, skipyT, martin107, dawehner, dashaforbes: Views exposed filter form causes enormous form state cache entries
  • #2442339 followup by mrjmd: ViewsLocalTask param annotation bug
  • #2445761 by Wim Leers: Add a X-Drupal-Cache-Contexts header to aid in debugging and testing
  • #2414539 by webflo, vijaycs85: Simplify schema definition for sequence
  • #2431379 by tim.plunkett, Upchuk, dawehner: LazyPluginCollection should not implement \Iterator
  • #2448223 by alexpott: Cannot run all PHPUnit tests using PHPUnit
  • #2443667 by grom358: PostgreSQL: Fix node\Tests\NodeTypeRenameConfigImportTest
  • #2443635 by mradcliffe, grom358: PostgreSQL: Fix config\Tests\ConfigEntityListTest
  • #2349559 by mortendk, jstoller: [meta] Discuss the organization of subfolders in Classy
  • #2443469 by martin107: ThemeController constructor documentation bug
  • #2322639 by hussainweb, LinL, Temoor, oenie, MKorostoff, mglaman, kyuubi, unstatu, omers, pcambra, legolasbo, benjy, JeroenT: Replace all instances of node_type_load(), node_type_get_types(), entity_load('node_type') and entity_load_multiple('node_type') with static method calls from DRUPAL SOUTH WOOOO!
  • #2424787 by toin0u, dawehner, Crell: Unit tests for content type negotiation
  • #2315791 by alexpott, cilefen, dawehner: Add functionality to open results in browser window to run-tests.sh
  • #2398461 by DickJohnson, jp.stacey, idebr, rachel_norfolk, lauriii, Mukeysh, emma.maria: Clean up the "comments" component in Bartik
  • #2447313 by dawehner: Views UI misses entity row plugins
  • #146278 by jhodgdon, pwolanin, douggreen: The "No results" text is not correct for UserSearch -- search help needs to be per-plugin, not global
  • #2443615 by benjy: Add an interface to MigrateExecutable
  • #2422227 by benjy, chx, dawehner: Add setProcessOfProperty to Migration entity
  • #2417075 by tstoeckler, David4514, dawehner, sachbearbeiter, mpdonadio: Trusted host verification is incompatible with URIs with the "internal" scheme
  • #2443653 by bzrudi71, tstoeckler, daffie: PostgreSQL: Fix system\Tests\Condition\ConditionFormTest
  • #2396333 by larowlan, effulgentsia, Wim Leers, tim.plunkett: BlockContentBlock ignores cache contexts required by the block_content entity
  • #2373491 by amateescu, jibran: Categorize field type plugins
  • #2424445 by geertvd, dobrzyns, rpayanm, Gábor Hojtsy, Cottser, alexpott, jmauro8ac: Views default options such as pager options are not translated
  • #2443817 by andypost, a_thakur: Remove usage and the function drupal_theme_access()
  • #2407397 by JeroenT, mrjmd: remove drupal_html_id()
  • #2388941 by vijaycs85, mrjmd, abhishek-anand, dawehner, alexpott: Correction needed for hook_views_query_alter in views.api.php
  • #2444897 by claudiu.cristea: Code cleanup in Views Sql query plugin
  • #2446995 by tim.plunkett, Berdir: Block content titles are not escaped on new block form (Port SA-CONTRIB-2013-082)
  • #2443669 by bzrudi71: PostgreSQL: Fix node\Tests\NodeTranslationUITest
  • #2446127 by mikey_p: Fix misnamed page_cache_response_policy services
  • #2429447 by dawehner, jhodgdon, xjm, jibran: Use data table as views base table, if available
  • #2407361 by cilefen, JeroenT, hussainweb, neclimdul, ircmaxell, tim.plunkett, nlisgo, Crell: Move usages of drupal_html_id() to Html::getUniqueId()
  • Revert "Issue #2407361 by JeroenT, cilefen, hussainweb: Move usages of drupal_html_id() to Html::getUniqueId()"
  • #2407361 by JeroenT, cilefen, hussainweb: Move usages of drupal_html_id() to Html::getUniqueId()
  • #2384049 by suntog, mikemiles86, lokapujya, arpitr: Remove deprecated function _update_fetch_data and its usage
  • #2443783 by gaurav_varshney, fotuzlab: Remove language_load(), language_list() and language_default() from bootstrap.inc
  • #2444775 by neclimdul: Remove dead ContentFormControllerSubscriber class
  • #2347625 by alexpott, idebr: Remove drupal_bootstrap and drupal_get_bootstrap_phase
  • #1052854 by aaaristo, mrjmd: double db_drop_field in schema.test
  • #2443485 by Berdir, dawehner: Remove extension:views cache tag and other views related cache improvements
  • #2434745 by geertvd: Boolean field: On/Off labels are in the "storage" settings but shouldn't be
  • #2362403 by tstoeckler: Fatal error during multilingual installation when network goes away
  • #2407765 by Wim Leers, borisson_: Wherever simple config is used to render output to end user, associate their cache tags
  • #2443571 by larowlan, Berdir: Port SA-CONTRIB-2015-052
  • #2443409 by Berdir: Add a way to entity manager to get fresh entity and field definitions without invalidating all caches
  • #2252033 by olli, dawehner: Don't serialize database connection info
  • #2435075 by dawehner: Implement admin role as a flag on the role storage, simplify permissions page, remove user_modules_installed
  • #2378815 by damiankloip, dawehner: DisplayPluginBase::elementPreRender() and View::preRenderViewElement() are called even when the Views output cache is being used, causing notice
  • #2429257 by Wim Leers, Fabianx, effulgentsia: Bubble cache contexts
  • #2430813 by geertvd: Selecting the 'views' selection handler on an entity_reference field causes a fatal error
  • #2442411 by jhedstrom: Update react/promise to 2.2.0
  • #2341455 by swentel, cosmicdreams: Creating a new view mode should clear cache, so the new view mode can be displayed
  • #2430981 by Cottser: Unnecessary notices when twig_render_template() catches \Twig_Error_Loader exceptions
  • #2017471 by rodrigoaguilera, balagan, clemens.tolboom, Kristen Pol, Outi, rpayanm, danylevskyi, mon_franco, Antti J. Salminen, aloyr, thlafon, Marc Hannaford, kreatIL, oussema, David Hernández: Multilingual tour for language section
  • #2431477 by martin107: make TermUnitTest a KernelTestBase by moving createTerm and createVocabulary to a trait
  • #2223435 by Sutharsan, Xano, tim.plunkett: Do not use t() in block plugins anymore
  • #2382561 by Sabreena, DickJohnson, aliyakhan, Tom Verhaeghe, emma.maria: In narrow viewports ( 80 character inline comment lines
  • #2411917 by chaunceyt: Fix _block_rehash() performance issue
  • #1862250 by amanire, Ivan Zugec, Novitsh, joates, sdstyles, yoroy, joshi.rohit100, acabouet, rpayanm, klonos, dahousecat, Daniel_Rose, HeimdallJHM, cluther, vineet.osscube, joachim, Stalski, Bojhan, chr

Read more: http://drupal.org/drupal-7.42-release-notes


(security release)
21 October 2015 - 24MBThis release fixes security vulnerabilities.

  • SA-CORE-2015-004: The Overlay module in Drupal core displays administrative pages as a layer over the current page (using JavaScript), rather than replacing the page in the browser window. The Overlay module does not sufficiently validate URLs prior to displaying their contents, leading to an open redirect vulnerability. This vulnerability is mitigated by the fact that it can only be used against site users who have the "Access the administrative overlay" permission, and that the Overlay module must be enabled.

Read more: http://drupal.org/drupal-7.41-release-notes


15 October 2015 - 24MBMaintenance release of the Drupal 7 series. Includes bug fixes and small API/feature improvements only (no major new functionality); major, non-backwards-compatible new features are only being added to the forthcoming Drupal 8.0 release.

Upgrading .htaccess to incorporate this change is strongly recommended:
  • A change to set the X-Content-Type-Options header to "nosniff" when possible, to prevent certain web browsers from picking an unsafe MIME type (see #462950).

Upgrading settings.php to incorporate the following changes is recommended but not required:
  • A change to exclude private files from the "404_fast_paths" behavior. This is useful primarily for sites which call drupal_fast_404() directly from settings.php (see #2455057).
  • A documentation change to make it easier for development sites to enable the 'theme_debug' feature via settings.php (see #2538640).

Major changes
  • Added an optional 'project:' prefix that can be added to dependencies in a module's .info file to indicate which project the dependency resides in (API addition: https://www.drupal.org/node/2299747).
  • Prevented the database API from executing multiple queries at once on MySQL, if the site's PHP version is new enough to do so. This is a secondary defense against SQL injection (API change: https://www.drupal.org/node/2463973).
  • Changed the default thousand marker for numeric fields from a space ("1 000") to nothing ("1000") (minor UI change: https://www.drupal.org/node/1388376).
  • Made Drupal's code for parsing .info files run much faster and use much less memory.
  • Prevented drupal_http_request() from returning an error when it receives a 201 through 206 HTTP status code.
  • Added support for autoloading traits via the registry on sites running PHP 5.4 or higher.
  • Allowed the user-picture.tpl.php theme template to have HTML classes besides the default "user-picture" class printed in it (markup change).
  • Fixed the URL text filter to convert e-mail addresses with plus signs into mailto: links.
  • Added alternate text to file icons displayed by the File module, to improve accessibility (string change, and minor API addition to theme_file_icon()).
  • Changed one-time login link failure messages to be displayed as errors or warnings as appropriate, rather than as regular status messages (minor UI change and data structure change).
  • Changed the default settings.php configuration to exclude private files from the "404_fast_paths" behavior.
  • Changed the page that displays filter tips for a particular text format, for example filter/tips/full_html, to return "page not found" or "access denied" if the format does not exist or the user does not have access to it. This change adds a new menu item to the Filter module's hook_menu() entry (minor data structure change).
  • Added a new hook, hook_block_cid_parts_alter(), to allow modules to alter the cache keys used for caching a particular block.
  • Made drupal_set_message() display and return messages when "0" is passed in as the message to set.
  • Fixed non-functional "Files displayed by default" setting on file fields.
  • The "worker callback" provided in hook_cron_queue_info() and the "finished" callback specified during batch processing can now be any PHP callable instead of just functions.
  • Prevented drupal_set_time_limit() from decreasing the time limit in the case where the PHP maximum execution time is already unlimited.
  • Prevented malformed theme .info files (without a "name" key) from causing exceptions during menu rebuilds. If an .info file without a "name" key is found in a module or theme directory, Drupal will now use the module or theme's machine name as the display name instead.
  • Made the format column in the {date_format_locale} database table case-sensitive, to match the equivalent column in the {date_formats} table.
  • Fixed a bug in the Statistics module that caused JavaScript files attached to a node while it is being viewed to be omitted from the page.
  • Fixed various bugs that occurred after hooks were invoked early in the Drupal bootstrap and that caused module_implements() and drupal_alter() to cache an incomplete set of hook implementations for later use.
  • Set the X-Content-Type-Options header to "nosniff" when possible, to prevent certain web browsers from picking an unsafe MIME type.
  • Fixed a bug in the Drupal 6 to Drupal 7 upgrade path which caused the upgrade to fail when there were multiple file records pointing to the same file.

Read more: http://drupal.org/drupal-7.40-release-notes


(security release)
19 August 2015 - 24MBThis release fixes critical security vulnerabilities.

  • Cross-site Scripting - Ajax system - Drupal 7: A vulnerability was found that allows a malicious user to perform a cross-site scripting attack by invoking Drupal.ajax() on a whitelisted HTML element. This vulnerability is mitigated on sites that do not allow untrusted users to enter HTML. Drupal 6 core is not affected, but see the similar advisory for the Drupal 6 contributed Ctools module: SA-CONTRIB-2015-141.
  • Cross-site Scripting - Autocomplete system - Drupal 6 and 7: A cross-site scripting vulnerability was found in the autocomplete functionality of forms. The requested URL is not sufficiently sanitized. This vulnerability is mitigated by the fact that the malicious user must be allowed to upload files.
  • SQL Injection - Database API - Drupal 7: A vulnerability was found in the SQL comment filtering system which could allow a user with elevated permissions to inject malicious code in SQL comments. This vulnerability is mitigated by the fact that only one contributed module that the security team found uses the comment filtering system in a way that would trigger the vulnerability. That module requires you to have a very high level of access in order to perform the attack.
  • Cross-site Request Forgery - Form API - Drupal 6 and 7: A vulnerability was discovered in Drupal's form API that could allow file upload value callbacks to run with untrusted input, due to form token validation not being performed early enough. This vulnerability could allow a malicious user to upload files to the site under another user's account. This vulnerability is mitigated by the fact that the uploaded files would be temporary, and Drupal normally deletes temporary files automatically after 6 hours.
  • Information Disclosure in Menu Links - Access system - Drupal 6 and 7: Users without the "access content" permission can see the titles of nodes that they do not have access to, if the nodes are added to a menu on the site that the users have access to.

Major changes
  • The Ajax system now validates URLs before making an Ajax request. Existing code which uses the Drupal Ajax API in any of the standard ways should continue to work after this update. In the event you have unusual Ajax code which does not work with Drupal 7.39, you can have your code manually validate the URL in one of two ways. Either add the URL to the "urlIsAjaxTrusted" JavaScript setting (see ajax_pre_render_element() for an example) or call ajax_set_verification_header() in the Ajax callback function to mark the current URL as trusted. Only do this for URLs that you actually trust; Ajax requests in Drupal should never be made to untrusted URLs.
  • For security reasons, the autocomplete system now makes Ajax requests to non-clean URLs only, although protection is also in place for custom code that does so using clean URLs. There is a new form API #process function on autocomplete-enabled text fields that is required for the autocomplete functionality to work; custom and contributed modules should ensure that they are not overriding this #process function accidentally when altering text fields on forms (use element_info_property() for help with that). Part of the security fix also includes changes to theme_textfield(); it is recommended that sites which override this theme function make those changes as well (see the theme_textfield section of this diff for details).
  • When form API token validation fails (for example, when a cross-site request forgery attempt is detected, or a user tries to submit a form after having logged out and back in again in the meantime), the form API now skips calling form element value callbacks, except for a select list of callbacks provided by Drupal core that are known to be safe. In rare cases, this could lead to data loss when a user submits a form and receives a token validation error, but the overall effect is expected to be minor.

Read more: http://drupal.org/drupal-7.39-release-notes


(security release)
17 June 2015 - 24MBThis release fixes critical security vulnerabilities.

  • CVE-2015-3234 Impersonation (OpenID module - Drupal 6 and 7 - Critical): A vulnerability was found in the OpenID module that allows a malicious user to log in as other users on the site, including administrators, and hijack their accounts. This vulnerability is mitigated by the fact that the victim must have an account with an associated OpenID identity from a particular set of OpenID providers (including, but not limited to, Verisign, LiveJournal, or StackExchange).
  • CVE-2015-3232 Open redirect (Field UI module - Drupal 7 - Less critical): The Field UI module uses a "destinations" query string parameter in URLs to redirect users to new destinations after completing an action on a few administration pages. Under certain circumstances, malicious users can use this parameter to construct a URL that will trick users into being redirected to a 3rd party website, thereby exposing the users to potential social engineering attacks. This vulnerability is mitigated by the fact that only sites with the Field UI module enabled are affected. Drupal 6 core is not affected, but see the similar advisory for the Drupal 6 contributed CCK module: SA-CONTRIB-2015-126
  • CVE-2015-3233 Open redirect (Overlay module - Drupal 7 - Less critical): The Overlay module displays administrative pages as a layer over the current page (using JavaScript), rather than replacing the page in the browser window. The Overlay module does not sufficiently validate URLs prior to displaying their contents, leading to an open redirect vulnerability. This vulnerability is mitigated by the fact that it can only be used against site users who have the "Access the administrative overlay" permission, and that the Overlay module must be enabled.
  • CVE-2015-3231 Information disclosure (Render cache system - Drupal 7 - Less critical): On sites utilizing Drupal 7's render cache system to cache content on the site by user role, private content viewed by user 1 may be included in the cache and exposed to non-privileged users. This vulnerability is mitigated by the fact that render caching is not used in Drupal 7 core itself (it requires custom code or the contributed Render Cache module to enable) and that it only affects sites that have user 1 browsing the live site. Exposure is also limited if an administrative role has been assigned to the user 1 account (which is done, for example, by the Standard install profile that ships with Drupal core).

Read more: http://drupal.org/drupal-7.38-release-notes


7 May 2015 - 24MBThis release is a maintenance release with numerous bug fixes (no security fixes).

Major changes:
  • Fixed a regression in Drupal 7.36 which caused certain kinds of content types to become disabled if they were defined by a no-longer-enabled module.
  • Removed a confusing description regarding automatic time zone detection from the user account form (minor UI and data structure change).
  • Allowed custom HTML tags with a dash in the name to pass through filter_xss() when specified in the list of allowed tags.
  • Allowed hook_field_schema() implementations to specify indexes for fields based on a fixed-length column prefix (rather than the entire column), as was already allowed in hook_schema() implementations.
  • Fixed PDO exceptions on PostgreSQL when accessing invalid entity URLs.
  • Added a sites/all/libraries folder to the codebase, with instructions for using it.
  • Added a description to the "Administer text formats and filters" permission on the Permissions page (string change).

All changes:
  • #2465159 by David_Rothstein, NancyDru: Fixed a regression in Drupal 7.36 which caused certain kinds of content types to become disabled if they were defined by a no-longer-enabled module.
  • #1863290 by woprrr, vomiand, dcam, vegantriathlete: poll_node_info() has unused 'has_body' attribute that is left over from Drupal 6
  • #2364047 by JvE, dcam: Fix missing file definitions in hook_theme() in the Update Manager module
  • #2331151 by David_Rothstein, Devin Carlson: Remove leftover code in testFileValidateSize() which runs the tests as a specific user
  • #1055150 by Devin Carlson, rootwork, yoroy, brianV, JimmyAx: Time zone description is confusing on user register form
  • #2315255 by Dave Reid, Devin Carlson: Allow custom HTML tags with a dash in the name to pass through filter_xss() when specified in the list of allowed tags
  • #1812056 by chx, byrond: Allow hook_field_schema() implementations to specify indexes for fields based on a column prefix (field sql storage test failing on various MySQL engines due to indexing unbound text fields)
  • #1003788 by stefan.r, Alan D., JimmyAx, Josh Waihi, john_brown, twistor, bellHead, bzrudi71, pwolanin, gaas, wiifm, robhardwick, gngn: PostgreSQL PDOException: Invalid text representation when attempting to load an entity with a string or non-scalar ID
  • #2208649 by areke, David_Rothstein, joachim, er.pushpinderrana, TravisCarden: Followup fixes to the documentation of the queue worker callback
  • #2428399 by joshi.rohit100, SkidNCrashwell, Sagar Ramgade, er.pushpinderrana, Dom.: Default empty option label text different in documentation than in reality
  • #2386903 by pfrenssen, dcam: Fixed DOMDocument::importNode() warning due to IDs already being defined when running tests
  • #2399657 by klausi: Add session hijacking test cases for SA-CORE-2014-006
  • #2457743 by skein: translation_remove_from_set() runs unnecessary queries to fetch and update every single node with tnid 0
  • #2014851 by hlieberman, Wim Leers, bradjones1, markcarver: Drupal CSS preprocessing breaks protocol-relative paths
  • #2356983 by bzrudi71, Dave Reid, jaredsmith: SystemQueue::claimItem() sometimes returns items in the wrong order (resolves locale test failures on PostgreSQL)
  • #667058 by greggles, DamienMcKenna, cweagans, travelertt, Dave Reid, tstoeckler, geerlingguy: Add a sites/all/libraries folder and encourage people to use it properly
  • #1684930 by amontero, David_Rothstein, joshi.rohit100, jthorson, dcam, rpayanm, jackbravo, yoroy: Add description to "administer filters" permission
  • #2392221 by joegraduate, er.pushpinderrana, zealfire, ClientGuy: install_run_task() and install_tasks() don't document the task structure

Read more: http://drupal.org/drupal-7.37-release-notes


1 April 2015 - 24MBThis release is a maintenance release with numerous bug fixes (no security fixes).

Major changes:
  • Prevented the form API from allowing arrays to be submitted for various form elements, such as textfields, textareas, and password fields (API change: https://www.drupal.org/node/2462723).
  • Added a 'javascript_always_use_jquery' variable which can be set to FALSE by sites that may not need jQuery loaded on all pages, and a 'requires_jquery' option to drupal_add_js() which modules can set to FALSE when adding JavaScript files that have no dependency on jQuery (API addition: https://www.drupal.org/node/2462717).
  • Added a user_has_role() function to check whether a user has a particular role (API addition: https://www.drupal.org/node/2462411).
  • Added a 'file_public_schema' variable which allows modules that define publicly-accessible streams in hook_stream_wrappers() to bypass file download access checks when processing managed file upload fields.
  • Fixed a bug that caused database query tags not to be added to search-related database queries under many circumstances, and which prevented the corresponding hook_query_TAG_alter() implementations from being called.
  • Fixed the "for" attribute on managed file upload field labels to improve accessibility (minor markup change).
  • Fixed incorrect foreign keys in the User module's role_permission and users_roles database tables.
  • Changed permission descriptions throughout Drupal core to consistently link to relevant administrative pages, regardless of whether the user viewing the Permissions page can view the page being linked to (minor UI change).
  • Fixed the drupal_add_region_content() function so that it actually adds content to the page.
  • Added an 'image_suppress_itok_output' variable to allow sites already using the existing 'image_allow_insecure_derivatives' variable to also prevent security tokens from appearing in image derivative URLs.
  • Fixed double-escaping of theme names in the Block module administrative interface (minor string change).
  • Added basic support for Xdebug when running automated tests.
  • Fixed a bug which caused previewing a node to remove elements from the node being edited. With this fix, calling node_preview() will no longer modify the passed-in node object (minor API change).
  • Fixed installation failures when an opcode cache is enabled.
  • Fixed a bug in the Drupal 6 to Drupal 7 upgrade path which caused private files to be inaccessible.
  • Fixed a bug in the Drupal 6 to Drupal 7 upgrade path which caused user pictures to be lost.
  • Fixed missing language code in hook_field_attach_view_alter() when it is invoked from field_view_field().
  • Stopped sending ETag and Last-Modified headers for uncached page requests, since they break caching for certain Varnish and Nginx configurations.
  • Changed the Simpletest module to allow PSR-4 test classes to be used in Drupal 7.
  • Fixed a fatal error that occurred when using the Comment module's "Unpublish comment containing keyword(s)" action.
  • Changed the "lang" attribute on language links to "xml:lang" so it validates as XHTML (minor markup change).
  • Fixed a bug in the Contact module which caused the global user object to have the incorrect name and e-mail address during the remainder of the page request after the contact form is submitted.

All changes:
  • #2305017 by David_Rothstein, slashrsm, marcingy: Add a 'file_public_schema' variable to allow bypassing file download access checks in managed file upload fields
  • #2364069 by damiankloip: Search specific tags are not available and hook_query_TAG_alter hooks are not invoked
  • #1734716 by larowlan, dcam, mgifford: Managed file form label has incorrect "for" attribute
  • #1279226 by attiks, ericduran, Wim Leers, sun, David_Rothstein, nod_: Allow sites and modules to skip loading jQuery and Drupal JavaScript libraries on pages where they won't be used
  • #1946240 by hampercm, eiriksm, David_Rothstein, rpayanm, rszrama, Yaron Tal, dgtlife, madhusudanmca, er.pushpinderrana, Cottser: Remove the hardcoded 0 index in theme_status_messages()
  • #2432619 by vbouchet, jhodgdon, joachim: block_load() should state it's not suitable for general consumption
  • #1201452 by mgifford, Heine, ircmaxell: Improve security on newer versions of PHP by setting an additional charset DSN parameter when connecting to MySQL via PDO
  • #197641 by herom, good_man, elcuco: Drag and drop does not work correctly on RTL languages
  • #1828530 by cam8001: Remove unused $default_method variable in user_cancel_confirm_form()
  • #1051872 by boombatower, jdillick, marvil07: Add documentation concerning modified property flag on node_type_save()
  • #1483736 by stefan.r, bfcam, jrigby: field_attach_update deletes file fields (content & file) in entity regardless of if they are included in the entity object
  • #2386037 by gobinathm: Incorrect foreign key tables in users.install
  • #2462223 by helmo: Typo in comment in node_access_test.module
  • #2425259 by catch, sidharrell, nlisgo, Josh Waihi, Fabianx, Berdir, martin107: Router rebuild lock_wait() condition can result in rebuild later in the request (race condition)
  • #2283717 by joshi.rohit100, amitgoyal, g3r4, er.pushpinderrana: Remove user_access function calls on hook_permission functions so the Permissions page consistently links to other admin pages for all users
  • #1018618 by manfer, joshi.rohit100: Wrong assertions in block.test
  • #2446657 by rpayanm, er.pushpinderrana: Remove dead link from robots.txt
  • #2453321 by TravisCarden: Typo in @see reference: drupal_decode_exception() should be _drupal_decode_exception()
  • #2453311 by TravisCarden: Fix a couple more "the the"s in the codebase
  • #2453389 by rpayanm, joshi.rohit100: hook_view() does not document $langcode
  • #713462 by jwilson3, Paul B, casey, sivaji@knackforge.com, dcam: Content added via drupal_add_region_content() is not added to pages
  • #1934498 by attiks, David_Rothstein, KhaledBlah, tstoeckler, julien_acti, helmo, effulgentsia, Jelle_S, jcisio: Allow the image style 'itok' token to be suppressed in image derivative URLs
  • #1995058 by TravisCarden, acbramley, vbouchet: Tableselect "select all" checkbox should be checked on page load if all checkboxes are ticked
  • #413270 by Jody Lynn, Daniel Korte: Block settings for theme menu title getting double escaped
  • #889338 by dawehner, das-peter, yched, heddn, frankcarey: Add support for Xdebug in DrupalWebTestCase
  • #2001308 by stefan.r, David_Rothstein, marthinal, helmo: Node preview removes file values from node edit form for non-displayed items
  • #1441950 by hefox: Node types removed from hook_node_info with base = 'node_content' cannot be deleted
  • #1883058 by cilefen, aendrew: Default Drupal "drop" favicon needs a retina-quality version
  • #2342243 by martin107, serundeputy: Rename a variable in theme_system_modules_fieldset() to avoid colliding index variable names in a nested foreach loop
  • #2371759 by Valentine94, angel.angelio: The docblock for user_help() should read "Implements hook_help()."
  • #2394517 by opdavies: Add a function to check if a user has a certain role
  • #365241 by bcn, paulmarbach, xjm, chuckdeal97, skruf: Add select event to autocomplete feature
  • #2428915 by pfrenssen: Remove mention of non-existing function in conf_path() documentation
  • #375062 by cs_shadow, David_Rothstein, mondrake, juampy, theunraveler, hswong3i, smk-ka, fietserwin: "imagecolorsforindex() Color index nnn out of range in GDToolkit" message sometimes appears
  • #779482 by mikeytown2, sun, dalin, cam8001, segi, alexpott, Boobaa, Sweetchuck, jbrown, quicksketch: Installation failure when opcode cache is enabled
  • #2170453 by Darren Oh, mikeryan, Fabianx: Ignore case in code registry lookups
  • #1404050 by JamesOakley, David_Rothstein: system_update_7061 breaks private files by leaving one too many forward slashes in protocol of migrated URIs
  • #1882774 by David_Rothstein, iva2k: User pictures are lost when system_update_7061 merges files into {file_managed}.
  • #495930 by fietserwin: Translated strings not correctly marked in the administrative interface when the default language is not English
  • #1823306 by mkalkbrenner, p-neyens, webflo, swentel, zuuperman: Language code is missing from $context when hook_field_attach_view_alter() is invoked from field_view_field()
  • #1303412 by nod_, droplet, Valentine94, KarenS, sahuni: Cannot drag in or out of 'Hidden' on the 'Manage Display' page under certain circumstances
  • #2381839 by klausi, Damien Tournoud: Changed date format for Last-Modified header breaks caching for certain Varnish/Nginx configurations.
  • #2067323 by Valentine94, geerlingguy, jessebeach, vlad.dancer: Don't show empty vertical tabs area if all vertical tabs are hidden
  • #2439287 by jmsv23, jonathan_hunt: Fix typo in inline docs for field_sql_storage_field_storage_write().
  • #2293767 by tstoeckler: Allow PSR-4 test classes to be used in Drupal 7.
  • #1461732 by filijonka, Cottser, dcam, marcingy, swentel, udaksh: Fatal error when using the Comment module's "Unpublish comment containing keyword(s)" action
  • #1904528 by Heine, GoddamnNoise: Language switcher (User interface text) Block generates invalid XHTML+RDFa 1.0
  • #2417983 by jacob.embree: Change docs instances of "the the" to "the"
  • #1081902 by zealfire: DrupalEntityControllerInterface::load - doc needs to clarify $conditions
  • #2407175 by zealfire: Documentation error in default.settings.php
  • #2392543 by awm: Fix documentation for hook_taxonomy_term_view_alter
  • #2411227 by chx: Remove chx from the Drupal 7 MAINTAINERS.txt file.
  • #2208649 by joachim, er.pushpinderrana: document queue worker callback
  • #2377879 by er.pushpinderrana, yakoub: hook_user_view documentation has incorrect piece
  • #2382801 by er.pushpinderrana, Liam Morland: Improve documentation for module_exists()
  • #2383491 by er.pushpinderrana, Sweetchuck: Inaccurate documentation - hook_image_toolkits()
  • #2380053 by klausi, pwolanin, tsphethean, sun, David_Rothstein: Posting an array as value of a form element is allowed even when a string is expected (and bypasses #maxlength constraints) - first step: text fields
  • #2380143 by Lendude, pwolanin: Contact forms set an incorrect name and e-mail address on the global user object after the form is submitted.

Read more: http://drupal.org/drupal-7.36-release-notes


(security release)
18 March 2015 - 24MBThis release fixes moderately critical security vulnerabilities.

  • Access bypass (Password reset URLs - Drupal 6 and 7): Password reset URLs can be forged under certain circumstances, allowing an attacker to gain access to another user's account without knowing the account's password. In Drupal 7, this vulnerability is mitigated by the fact that it can only be exploited on sites where accounts have been imported or programmatically edited in a way that results in the password hash in the database being the same for multiple user accounts. In Drupal 6, it can additionally be exploited on sites where administrators have created multiple new user accounts with the same password via the administrative interface, or where accounts have been imported or programmatically edited in a way that results in the password hash in the database being empty for at least one user account. Drupal 6 sites that have empty password hashes, or a password field with a guessable string in the database, are especially prone to this vulnerability. This could apply to sites that use external authentication so that the password field is set to a fixed, invalid value.
  • Open redirect (Several vectors including the "destination" URL parameter - Drupal 6 and 7): Drupal core and contributed modules frequently use a "destination" query string parameter in URLs to redirect users to a new destination after completing an action on the current page. Under certain circumstances, malicious users can use this parameter to construct a URL that will trick users into being redirected to a 3rd party website, thereby exposing the users to potential social engineering attacks. In addition, several URL-related API functions in Drupal 6 and 7 can be tricked into passing through external URLs when not intending to, potentially leading to additional open redirect vulnerabilities. This vulnerability is mitigated by the fact that many common uses of the "destination" parameter are not susceptible to the attack. However, all confirmation forms built using Drupal 7's form API are vulnerable via the Cancel action that appears at the bottom of the form, and some Drupal 6 confirmation forms are vulnerable too.

Read more: http://drupal.org/drupal-7.35-release-notes


(security release)
20 November 2014 - 24MBThis release fixes moderately critical security vulnerabilities.

  • Session hijacking (Drupal 6 and 7): A specially crafted request can give a user access to another user's session, allowing an attacker to hijack a random session. This attack is known to be possible on certain Drupal 7 sites which serve both HTTP and HTTPS content ("mixed-mode"), but it is possible there are other attack vectors for both Drupal 6 and Drupal 7.
  • Denial of service (Drupal 7 only): Drupal 7 includes a password hashing API to ensure that user supplied passwords are not stored in plain text. A vulnerability in this API allows an attacker to send specially crafted requests resulting in CPU and memory exhaustion. This may lead to the site becoming unavailable or unresponsive (denial of service). This vulnerability can be exploited by anonymous users.

Read more: http://drupal.org/drupal-6.34-release-notes


7 November 2014 - 24MBThis release is a maintenance release with numerous bug fixes (no security fixes).

Major changes:
  • Added an entity_view_mode_prepare() API function to allow entity-defining modules to properly invoke hook_entity_view_mode_alter(), and used it throughout Drupal core to fix bugs with the invocation of that hook (API change: https://www.drupal.org/node/2369141).
  • Added a "theme_hook_original" variable to templates and theme functions and an optional sitewide theme debug mode, to provide contextual information in the page's HTML to theme developers. The theme debug mode is based on the one used with Twig in Drupal 8 and can be accessed by setting the "theme_debug" variable to TRUE (API addition).
  • Began storing the file modification time of each module and theme in the {system} database table so that contributed modules can use it to identify recently changed modules and themes (minor data structure change to the return value of system_get_info() and other related functions).
  • Added a "Did you mean?" feature to the run-tests.sh script for running automated tests from the command line, to help developers who are attempting to run a particular test class or group.
  • Changed the date format used in various HTTP headers output by Drupal core from RFC 1123 format to RFC 7231 format.
  • Added a "block_cache_bypass_node_grants" variable to allow sites which have node access modules enabled to use the block cache if desired (API addition).
  • Made image derivative generation HTTP requests return a 404 error (rather than a 500 error) when the source image does not exist.
  • Fixed a bug which caused user pictures to be removed from the user object after saving, and resulted in data loss if the user account was subsequently re-saved.
  • Fixed a bug in which field_has_data() did not return TRUE for fields that only had data in older entity revisions, leading to loss of the field's data when the field configuration was edited.
  • Fixed a bug which caused the Ajax progress throbber to appear misaligned in many situatons (minor styling change).
  • Prevented the Bartik theme from lower-casing the "Permalink" link on comments, for improved multilingual support (minor UI change).
  • Added a "preferred_menu_links" tag to the database query that is used by menu_link_get_preferred() to find the preferred menu link for a given path, to make it easier to alter.
  • Increased the maximum allowed length of block titles to 255 characters (database schema change to the {block} table).
  • Removed the Field module's field_modules_uninstalled() function, since it did not do anything when it was invoked.
  • Security improvement: Made the database API's orderBy() method sanitize the sort direction ("ASC" or "DESC") for queries built with db_select(), so that calling code does not have to.
  • Changed the RDF module to consistently output RDF metadata for nodes and comments near where the node is rendered in the HTML (minor markup and data structure change).
  • Added an HTML class to RDFa metatags throughout Drupal to prevent them from accidentally affecting the site appearance (minor markup change).
  • Fixed a bug in the Unicode requirements check which prevented installing Drupal on PHP 5.6.
  • Fixed a bug which caused drupal_get_bootstrap_phase() to abort the bootstrap when called early in the page request.
  • Renamed the "Search result" view mode to "Search result highlighting input" to better reflect how it is used (UI change).
  • Improved database queries generated by EntityFieldQuery in the case where delta or language condition groups are used, to reduce the number of INNER JOINs (this is a minor data structure change affecting code which implements hook_query_alter() on these queries).
  • Removed special-case behavior for file uploads which allowed user #1 to bypass maximum file size and user quota limits.

All changes:
  • #2282541 by David_Rothstein, nod_: Followup to restore previous behavior in which the "Hide summary" click handler in text.js returned FALSE.
  • #2307505 by Cottser, David_Rothstein, Fabianx: Followup to ensure all theme debug output is properly sanitized.
  • #2305291 by scor: Fixed Poll title should have same length as regular content type (255).
  • #1355526 by cafuego, jenlampton: Added a way to determine the date a module was added so the modules page can use it for sort.
  • #892344 by amitgoyal, tstoeckler, hussainweb, pcambra, LaurentAjdnik: Fixed Wrong schema description for {cache_field}.
  • #2282541 by Mark Carver | gge: Fixed Hide summary in text.js not working in jQuery 1.9+.
  • #2147321 by manfer: Fixed Unnecessary space in session-active class.
  • #393538 followup by David_Rothstein: Fixed code style error in check_plain() documentation.
  • #2310415 by cilefen, ednawig, TravisCarden: Fixed run-tests.sh does not handle the error when invalid test groups/classes are specified.
  • #393538 by Liam Morland, valthebald, dmitrig01, David_Rothstein: Document that check_plain() can issue PHP messages on invalid UTF-8 input.
  • #1338966 by geerlingguy, loganfsmyth, lokapujya: Fixed Introduce _rdf_mapping_load_multiple to reduce queries.
  • #1069152 by droplet, alexandrezia, Mixologic, jhedstrom, David_Rothstein | ogi: Fixed Throbber in textfield is misaligned when browser hardware acceleration enabled (followup for Bartik RTL styling).
  • #863594 by David_Rothstein, smussbach, mbrett5062: Fixed Strange first paragraph in the installer database error message.
  • #1918820 by neclimdul, typhonius, girishmuraly, pwolanin | 0x534B41: Fixed HTTP header date formats to follow RFC 7231 rather than RFC 1123.
  • #1930960 by pounard, iamEAP, pjcdawkins, msonnabaum, David_Rothstein: Fixed Block caching disable hardcoded on sites with hook_node_grant() causes serious performance troubles when not necessary.
  • #779374 by helmo, joshi.rohit100, meba, sun | coltrane: Fixed XSS via text format names.
  • #927138 by manarth, handrus, rasmusluckow, douggreen, .John, Taz, David_Rothstein, droplet, webchick, marcingy: Fail image generation with 404 instead of 500, when source file is missing.
  • #1433288 by haggins, fago, David_Rothstein, marcin.wosinek: Fixed Integrity constraint violation when saving a user account after creation.
  • #935592 by pillarsdotnet, lokapujya, David_Rothstein, John Franklin, amitgoyal, joshi.rohit100, sivaji, mgifford, peximo, wodenx, Romlam, Owen Barton, alpritt, beejeebus | macgirvin: Fixed User picture is deleted after calls to user_save().
  • #2356055 by bdlangton: Fixed Notice in includes/mail.inc define.
  • #2278583 by nlisgo, Berdir, joshi.rohit100 | Fabianx: Fixed field_has_data looks at current data instead of revisioning data: this can lead to data loss.
  • #1443070 by CrashTest_, bluegriff | Dave Reid: Added support for popular e-book formats, Google web formats, mkv and mka in file_default_mimetype_mapping().
  • #1231710 by cs_shadow, Hydra, dcam, kathyh, klausi, mlncn: Fixed Field exceptions should return the name of the field that has exceptions.
  • #2142441 by Garrett Albright: Fixed CSS aggregator prepends data: URLs with paths.
  • #2193149 by mikeytown2: Fixed Deadlocks occur in cache_field table.
  • #2112247 by sihv, mitsuroseba, dgroene, aalamaki, Dennis Walgaard, mErilainen: Fixed Valid file extensions in file names are not properly enforced when uploading files with non-lowercase names.
  • #2357311 by penyaskito: Fixed Follow-up to SA-CORE-2014-005 (tests don't work correctly on non-MySQL databases).
  • #1069152 by droplet, alexandrezia, Mixologic, jhedstrom | ogi: Fixed Throbber in textfield is often misaligned.
  • #1913958 by hass, YesCT: Fixed Bartik theme shouldn't change capitalization of translatable strings with CSS.
  • #1071818 by JeremyFrench, nod_, Cottser, gielfeldt, xjm, anthbel, reglogge, NROTC_Webmaster, kristofferwiklund, lliss, sun | sepgil: Fixed Lazy-loading CSS fails in IE.
  • #1823906 by joshi.rohit100, amitgoyal, rahulbile | gargsuchi: Fixed Incorrect error message when poll is submitted with no option selected.
  • #2324821 by rpayanm, er.pushpinderrana | Elijah Lynn: Remove reference to nonexistent theme_poll_bar() function in template_preprocess_poll_bar() documentation.
  • #1640404 by er.pushpinderrana, dcam, amit.drupal, hass | versvs: Fixed Use format_username() in node_feed().
  • #849624 by brad.bulger, dcam, Alan Evans, oriol_e9g, Stevel | tsvenson: Fixed wrong permission for admin/structure/menu/parents.
  • #1195358 by Liam Morland, droplet: Fixed Multiple "Edit/Hide summary" links appear.
  • #1824820 by crevillo, muriqui, a.milkovsky, Phizes: Fixed String offset cast notice in field_invoke_method_multiple().
  • #1854134 by EtienneRd, jeffam | dolu: Added a query tag to the query in menu_link_get_preferred() to allow modules to alter the query.
  • #1221772 by pounard, colan, jcisio | sivaji: Fixed Transaction database settings is misleading in settings.php.
  • #908822 by jmking, asimmonds | salvis: Fixed Dashboard discards elements.
  • #2058761 by kirby14, thedavidmeister: PHP notice when #attributes is not set with #theme_wrappers 'container'.
  • #466576 by gagarine, jackbravo, tim.plunkett, sheise, Rob C, jamesm6162 | daemon: Increased the maximum allowed length of block titles to 255 characters.
  • #366152 by Mile23, bjaspan: Removed the Field module's field_modules_uninstalled() function, since it did not do anything when it was invoked.
  • #1775488 by mgifford, vijaycs85, amateescu | chx: Fixed drupal_cron_cleanup is not converted to lock.
  • #1679570 by mgifford, lucascaro, sun: Fixed TestBase does not always use the correct database connection for handling assertions.
  • #1099732 by joshi.rohit100, droplet | Chi: Fixed Incorrect encoding for error pages in image_style_deliver().
  • #2228825 by donquixote | pingwin4eg: Fixed drupal_get_filename() does not search the filesystem when the file isn't yet listed in the {system} table in the database.
  • #1891728 by gielfeldt: Fixed Database schema methods like getComment() and findTables() always query the "default" target on MySQL.
  • #780304 by dcam, naxoc, Crell | zyxware: Fixed HTML encoding of em wrappers for database table names while showing schema errors.
  • #1120440 by er.pushpinderrana | skwashd: Fixed user.api.php hook summary lines should be more consistent with other entity hooks.
  • #2231693 by helmo, amitgoyal, joshi.rohit100, LinL, iS: Update Powered by Drupal link.
  • #1452896 by Mile23, marthinal, Freso, kid_icarus, joshi.rohit100, alexpott, tim.plunkett, jhodgdon: Fixed PHP notice in clickLink if link does not exist.
  • #205969 by Mile23, oadaeh, twistor, ssm2017 Binder, barraponto, superspring: Fixed drupal_http_request() assumes presence of Reason-Phrase in response Status-Line.
  • #1790612 by carwin, Eric_A, mgifford: Fixed Sanitize the trim_length variable before printing it.
  • #2224917 by m1r1k, Steven Jones, drumm: Fixed Tracker page doesn't order results properly.
  • #28175 by dcam, bleen18 | bertboerland: Fixed Ordering by 'Visitor' in access log pages does not sort IP addresses.
  • #1988456 by gaurav.goyal, eltermann, pvmchau: Non-standard indentation on user_register_form().
  • #2307505 by Cottser, Fabianx: Port twig_debug output to Drupal 7.
  • #1968348 by znerol, David_Rothstein, peximo, DuaelFr: Fixed hook_field_formatter_prepare_view does not make use of hook_entity_view_mode_alter causing major errors.
  • #1936942 by jweowu: Fixed translation_node_insert() updates the node table directly without also flushing the entity load cache.
  • #208611 by p.brouwers, mgifford, tstoeckler, DougKress, Jody Lynn, ksenzee | walkah: Made the Ajax system use drupal_array_merge_deep_array() to stop JavaScript settings from being added twice.
  • #1183708 by Liam Morland | onair1: Fixed Notice: Undefined index: favicon_path in system_theme_settings_validate().
  • #1182374 by lyricnz, xendil, sivaji, brianV: Code style fixes for includes/filetransfer.
  • #2291081 by pounard: forum_node_view attempt an unnecessary vocabulary_load() under certain circumstances.
  • #829464 by Berdir, klausi, sepgil | Heine: Fixed orderby() should verify that the sort direction is always ASC or DESC.
  • #2130673 by lokapujya, cwells | scor: Place number of comments metadata inside node template.
  • #1323830 by cwells, scor, mgifford, er.pushpinderrana, kay_v: Place title RDFa metadata inside entity HTML element.
  • #2301955 by er.pushpinderrana, lokapujya | scor: Ensure RDFa metadata tags are hidden.
  • #2332295 by sanduhrs, klausi, er.pushpinderrana, Berdir | jfha73: Fixed Unicode requirements check not working with PHP 5.6.
  • #667098 by catch, chx, plach, Fabianx: Fixed a bug which caused drupal_get_bootstrap_phase() to abort the bootstrap when called early in the page request.
  • #2329189 by nlisgo, joachim, Mirroar, opdavies: Fix up docs and example code for hook_field_attach_validate()
  • #2283675 by er.pushpinderrana, amitgoyal, mparker17, joachim, mmarquez: Document how optgroups are generated in form_select_options()
  • #2340675 by er.pushpinderrana, David Hernández: Clarify first, unused argument docs in update_calculate_project_update_status()
  • #2314181 by roderik, er.pushpinderrana, hefox: Fix docs for drupal_static
  • #2334689 by er.pushpinderrana, joachim: Document character limit on lock_aquire() for lock name
  • #1166114 by jhodgdon, tomogden, Rajendar Reddy, larowlan, swentel, splatio, erics14, MF82 | RobLoach: Renamed the "Search result" view mode to "Search result highlighting input" to better reflect how it is used.
  • #2277281 by dobe, amitgoyal, michaelfavia, er.pushpinderrana, dcam | drumm: Increase the maximum number of characters on the file field allowed extensions setting from 128 to 256.
  • #1859084 by Jorrit, David_Rothstein, attiks: Improved database queries generated by EntityFieldQuery in the case where delta or language condition groups are used, to reduce the number of INNER JOINs.
  • #1890980 by amitgoyal, robinvdvleuten: Fixed Unnecessary extra output variable in theme_links.
  • #1468210 by marthinal, quicksketch, tstoeckler, Devin Carlson, David_Rothstein, Eric_A: Fixed Remove special $user->uid == 1 check in file_validate_size().
  • #993186 by joshi.rohit100, moshe weitzman | webchick: Node access rebuilds should go newest to oldest (fix for direct node access rebuilds only, not rebuilds done via a batch).
  • #2324083 by er.pushpinderrana, martin_q: Fix up description of return value from drupal_array_get_nested_value()
  • #2318981 by grisendo: Make hook_node_grants and hook_node_access_records sample function bodies consistent
  • #2309687 by eriksm: Fix typo in docs for verbose test class method
  • #2309549 by Bevan, er.pushpinderrana: Fix incorrect documentation of node-type-specific hooks
  • #1261846 by catch, dawehner, brianV, Berdir, sun, xjm, sandipmkhairnar, marvil07, chrisjlee, Cottser, amitgoyal, Elijah Lynn, er.pushpinderrana: Document 1 MB cache limit in cache functions

Read more: http://drupal.org/drupal-7.33-release-notes


15 October 2014 - 24MBThis release fixes one highly critical security vulnerability.

  • Drupal 7 includes a database abstraction API to ensure that queries executed against the database are sanitized to prevent SQL injection attacks. A vulnerability in this API allows an attacker to send specially crafted requests resulting in arbitrary SQL execution. Depending on the content of the requests this can lead to privilege escalation, arbitrary PHP execution, or other attacks.

Read more: http://drupal.org/drupal-7.32-release-notes


(security release)
6 August 2014 - 24MBThis release fixes security vulnerabilities.

  • As of this release, the XML-RPC system in Drupal core will ignore information in declarations contained within XML-RPC messages (for example, XML version or character encoding information). This is not expected to matter for the vast majority of use cases.
  • The XML-RPC system and OpenID XRDS parser will also reject messages that contain over 30,000 XML tags within them. This limit is not expected to matter for the vast majority of use cases. If you need to process an XML-RPC message that is larger than that, you can change the limit by setting the "xmlrpc_message_maximum_tag_count" variable to a higher value. Do not set the value higher than you need, since allowing too many XML tags per XML-RPC message increases your site's vulnerability to denial of service attacks. The OpenID XRDS parser has a similar variable ("openid_xrds_maximum_tag_count") which can be used in a similar way.

Read more: http://drupal.org/drupal-7.31-release-notes


24 July 2014 - 24MBMajor changes:
  • Fixed a regression introduced in Drupal 7.29 that caused files or images attached to taxonomy terms to be deleted when the taxonomy term was edited and resaved (and other related bugs with contributed and custom modules; see this issue or the Drupal 7.29 release notes for more details).
  • Added a warning on the permissions page to recommend restricting access to the "View site reports" permission to trusted administrators. See DRUPAL-PSA-2014-002.

All changes:
  • #2305017 by David_Rothstein, pwolanin | beech: Fixed Regression: Files or images attached to certain core and non-core entities are lost when the entity is edited and saved.
  • #2249025 by xjm, clintrandall777@gmail.com: Update Security topic coordinators section in MAINTAINERS.txt.
  • #2012468 by joshi.rohit100, blueminds, David_Rothstein, plach | catch: Add trusted roles recommendation to 'access site reports'.
  • #1369822 by amitgoyal, Cottser, er.pushpinderrana: Fix docs for template_preprocess_user_profile()
  • #2267411 by er.pushpinderrana, amitgoyal, klausi, David_Rothstein: Document that field_access() does not check entity access
  • #2098129 by er.pushpinderrana, drupal_sensei, Berdir, joachim: Fix docs for DrupalDefaultEntityController entityCache variable
  • #2054189 by ShaunDychko, pc-wurm, joachim: Fix docs for field_info_instance()
  • #2141221 by joshi.rohit100, dcam, thedavidmeister, joachim, anemes: Add docs to hook_update_N() about sandbox parameter
  • #2039449 by joshi.rohit100, joachim, lokapujya, Jalandhar, paulh, yaworsk: Fix up docs for assertField and assertNoField methods
  • #2290435 by PQ: Fix broken link in robots.txt file
  • #1956782 by joshi.rohit100, bdimaggio, tanmayk, chertzog: Document parameter to xmlrpc_server()
  • #2263047 by joshi.rohit100, lostkangaroo, sachin_s, martin107: Fix up hook_help docs and move to system module
  • #2277623 by mparker17: Fix up docs for drupal_parse_url function
  • #2248799 by amitgoyal, c31ck, Wim Leers: Fix docs for system_sort_themes
  • #2267159 by juampy, xjm, alexpott: Remove nonexistent parameter from DrupalWebtestCase::assertNoLink docs
  • #2273337 by vegantriathlete, ducktape, joachim: Fix up docs for db_add_field and related functions
  • #2276469 by decibel.places: Fixed robots.txt syntax checking link broken.
  • #2268947 by sachin_s, joachim: Add note to hook_field_formatter_settings_form() about when it is invoked

Read more: http://drupal.org/drupal-7.30-release-notes


(security release)
17 July 2014 - 24MBThis release fixes multiple security vulnerabilities.

  • Denial of service with malicious HTTP Host header (Base system) [Critical]
  • Access bypass (File module) [Critical]
  • Cross-site scripting (Form API option groups) [Moderately critical]
  • Cross-site scripting (Ajax system) [Moderately critical]

Read more: http://drupal.org/drupal-7.29-release-notes


8 May 2014 - 24MBThis release includes bug fixes and small API/feature improvements only (no major new functionality or security fixes are included). Significant new features are only being added to the forthcoming Drupal 8.0 release.

Major changes:
  • Fixed a regression introduced in Drupal 7.27 that caused JavaScript to break on older browsers (such as Internet Explorer 8 and earlier) when Ajax was used.
  • Increased the timeout used by the Update Manager module when it fetches data from drupal.org (from 5 seconds to 30 seconds), to work around a problem which causes incomplete information about security updates to be presented to site administrators. This fix may lead to a performance slowdown on the Update Manager administration pages, when installing Drupal distributions, and (for sites that use the automated cron feature) on occasional page loads by site visitors.
  • Fixed the behavior of the token system's "[node:summary]" token when the body field does not have a manual summary.
  • Changed the behavior of db_query_temporary() so that it works on SELECT queries even when they have leading comments/whitespace. A side effect of this fix is that db_query_temporary() will now fail with an error if it is ever used on non-SELECT queries.
  • Added a "node_admin_filter" tag to the database query used to build the list of nodes on the content administration page, to make it easier to alter.
  • Made the cron queue system log any exceptions that are thrown while an item in the queue is being processed, rather than stopping the entire PHP request.
  • Improved screen reader support by adding an aria-live HTML attribute to file upload fields when there is an error uploading the file (minor markup change).
  • Made the pager on the Tracker module listing pages show the same number of items as other pagers throughout Drupal core (minor UI change).
  • Fixed a bug which caused caches not to be properly cleared when a file entity was saved or deleted.
  • Added several missing countries to the default list returned by country_get_list() (string change).
  • Replaced the term "weight" with "influence" in the content ranking settings for search, and added help text for administrators (string change).
  • Fixed untranslatable text strings in the administrative interface for the "Crop" effect provided by the Image module (minor string change).
  • Fixed a bug in the Taxonomy module update function introduced in Drupal 7.26 that caused memory and CPU problems on sites with very large numbers of unpublished nodes.

Read more: http://drupal.org/drupal-7.28-release-notes


(security release)
16 April 2014 - 24MBModerately critical security release of the Drupal 7 series. A vulnerability was found in the handling of temporary storage of form states which could result in form states leaking between anonymous users (SA-CORE-2014-002).

Major changes:
  • Modules which use custom Ajax form page callbacks require updates for Drupal 7.27. This is expected to affect several popular modules such as Field Collection and Hierarchical Select, although only in cases where the form widgets provided by those modules are exposed to anonymous users.
  • Modules which provide alternative page cache implementations require updates for Drupal 6.31 and Drupal 7.27 This is expected to affect modules such as Boost and Authcache.
  • form_set_cache() now validates the passed-in form build ID This is not expected to affect most sites.

Read more: http://drupal.org/drupal-7.27-release-notes


(security release)
15 January 2014 - 24MBCritical security release of the Drupal 7 series. A vulnerability was found in the OpenID module that allows a malicious user to log in as other users on the site, including administrators, and hijack their accounts.

Major changes:
  • The database schema of the OpenID module's "openid_association" table has changed in this release (the "idp_endpoint_uri" column is now the primary key, rather than the "assoc_handle" column). During the update all existing entries in this table will be removed, but the table only stores temporary data and therefore the change is not expected to affect site operation or OpenID logins.
  • A new, optional $form_state['programmed_bypass_access_check'] element has been added to the form API, for use with drupal_form_submit(). If this is provided and set to FALSE, drupal_form_submit() will perform the normal form access checks against the current user while submitting the form, rather than bypassing them like it normally does for programmatic form submissions. Any code which passes untrusted data (provided by the current user) to drupal_form_submit() is recommended to use this parameter for security reasons.

Read more: http://drupal.org/drupal-7.26-release-notes


2 January 2014 - 24MBMaintenance release of the Drupal 7 series. Includes bugfixes and small API/feature improvements only (no major new functionality). No security fixes are included in this release.
  • Added an optional feature to the Statistics module to allow node views to be tracked by Ajax requests rather than during the server-side generation of the page. This allows the node counter to work on sites that use external page caches (string change and new administrative option: https://drupal.org/node/2164069).
  • Fixed a bug in node_save() which prevented the saved node from being updated in hook_node_insert() and other similar hooks.
  • Added a meta tag to install.php to prevent it from being indexed by search engines even when Drupal is installed in a subfolder (minor markup change).
  • Fixed a bug in the database API that caused frequent deadlock errors when running merge queries on some servers.
  • Performance improvement: Prevented block rehashing from writing blocks to the database on every cache clear and cron run when the blocks have not changed. This fix results in an extra 'saved' key which is added and set to TRUE for each block returned by _block_rehash() that actually is saved to the database (data structure change).
  • Added an optional 'skip on cron' parameter to hook_cron_queue_info() to allow queues to avoid being automatically processed on cron runs (API addition).
  • Fixed a bug which caused hook_block_view_MODULE_DELTA_alter() to never be invoked if the block delta had a hyphen in it. To implement the hook when the block delta has a hyphen, modules should now replace hyphens with underscores when constructing the function name for the hook implementation.
  • Fixed a bug which caused cached pages to sometimes be sent to the browser with incorrect compression. The fix adds a new 'page_compressed' key to the $cache->data array returned by drupal_page_get_cache() (minor data structure change).
  • Fixed broken tests on PHP 5.5.
  • Made the File and Image modules more robust when saving entities that have deleted files attached. The code in file_field_presave() will now remove the record of the deleted file from the entity before saving (minor data structure change).
  • Standardized menu callback functions throughout Drupal core to return MENU_NOT_FOUND and MENU_ACCESS_DENIED rather than printing their own "page not found" or "access denied" pages (minor API change in the return value of these functions under some circumstances).
  • Fixed a bug in which caches were not properly cleared when a node was deleted via the administrative interface.
  • Changed the Bartik theme to render content contained in pre, code and similar tags in a larger font size, so it is easier to read.
  • Fixed a bug in the Search module that caused exceptions to be thrown during searches if the server was not configured to represent decimal points as a period.
  • Fixed a regression in the Image module that made image_style_url() not work when a relative path (rather than a complete file URI) was passed to it.
  • Added a link to the drupal.org documentation page for cron to the Cron settings page (string change).
  • Added a 'drupal_anonymous_user_object' variable to allow the anonymous user object returned by drupal_anonymous_user() to be overridden with a classed object (API addition).
  • Changed the database API to allow inserts based on a SELECT * query to work correctly.
  • Changed the database schema of the {file_managed} table to allow Drupal to manage files larger than 4 GB.
  • Changed the File module's hook_field_load() implementation to prevent file entity properties which have the same name as file or image field properties from overwriting the field properties (minor API change).

Read more: http://drupal.org/drupal-7.25-release-notes


(security release)
20 November 2013 - 24MBThis is a security release only fixing two issues:
  • This release contains a small change to the form API. It will have no effect on standard form API usage, but could affect code which does highly custom form processing; in particular, any code which calls functions like drupal_process_form() or drupal_validate_form() to process a form directly should be aware that when the form is validated, validation will now stop immediately in the case where the form's cross-site request forgery (CSRF) token fails validation. Previously all subsequent validation handlers would still be executed in this case.
  • There is a new drupal_random_key() API function. Its usage is recommended for any code that needs to obtain a permanent, randomly-generated string which is safe to insert in HTML pages and URLs.

Read more: http://drupal.org/drupal-7.24-release-notes


8 August 2013 - 24MBMaintenance release of the Drupal 7 series. Includes bugfixes and small API/feature improvements only (no major new functionality). No security fixes are included in this release.
  • Added human-readable labels to image styles, in addition to the existing machine-readable name (API change: https://drupal.org/node/2058503).
  • Fixed the default ordering of CSS files for sites using right-to-left languages, to consistently place the right-to-left override file immediately after the CSS it is overriding (API change: https://drupal.org/node/2058463).
  • Fixed a fatal error on PostgreSQL databases when updating the Taxonomy module from Drupal 6 to Drupal 7.
  • Added a drupal_check_memory_limit() API function to allow the memory limit to be checked consistently (API addition).
  • Changed the default web.config file for IIS servers to allow favicon.ico files which are present in the filesystem to be accessed.
  • Fixed inconsistent support for the 'tel' protocol in Drupal's URL filtering functions.
  • Performance improvement: Allowed all hooks to be included in the module_implements() cache, even those that are only invoked on HTTP POST requests.
  • Made the database system replace truncate queries with delete queries when inside a transaction, to fix issues with PostgreSQL and other databases.
  • Fixed a bug which caused nested contextual links to display improperly.
  • Fixed a bug which prevented cached image derivatives from being flushed for private files and other non-default file schemes.
  • Fixed drupal_render() to always return an empty string when there is no output, rather than sometimes returning NULL (minor API change).
  • Added protection to cache_clear_all() to ensure that non-cache tables cannot be truncated (API addition: a new isValidBin() method has been added to the default database cache implementation).
  • Changed the default .htaccess file to support HTTP authorization in CGI environments.
  • Changed the password reset form to pre-fill the username when requested via a URL query parameter, and used this in the error message that appears after a failed login attempt (minor data structure and behavior change).
  • Fixed broken support for foreign keys in the field API.
  • Fixed "No active batch" error when a user cancels their own account.
  • Added a description to the "access content overview" permission on the permissions page (string change).
  • Added a drupal_array_diff_assoc_recursive() function to allow associative arrays to be compared recursively (API addition).
  • Moved the drupal_get_hash_salt() function to bootstrap.inc and used it in additional places in the code, for added security in the case where there is no hash salt in settings.php.
  • Fixed a regression in Drupal 7.22 that caused internal server errors for sites running on very old Apache 1.x web servers.

Read more: http://drupal.org/drupal-7.23-release-notes


4 April 2013 - 24MBMaintenance release of the Drupal 7 series. Includes bugfixes and small API/feature improvements only (no major new functionality); significant new features are only being added to the forthcoming Drupal 8.0 release. No security fixes are included in this release.
  • Allowed the drupal_http_request() function to be overridden so that additional HTTP request capabilities can be added by contributed modules.
  • Changed the Simpletest module to allow PSR-0 test classes to be used in Drupal 7.
  • Removed an unnecessary "Content-Disposition" header from private file downloads; it prevented many private files from being viewed inline in a web browser.
  • Changed various field API functions to allow them to optionally act on a single field within an entity (API addition: http://drupal.org/node/1825844).
  • Fixed a bug which prevented Drupal's file transfer functionality from working on some PHP 5.4 systems.
  • Fixed incorrect log message when theme() is called for a theme hook that does not exist (minor string change).
  • Fixed Drupal's token-replacement system to allow spaces in the token value.
  • Changed the default behavior after a user creates a node they do not have access to view. The user will now be redirected to the front page rather than an access denied page.
  • Fixed a bug which prevented empty HTTP headers (such as "0") from being set. (Minor behavior change: Callers of drupal_add_http_header() must now set FALSE explicitly to prevent a header from being sent at all; this was already indicated in the function's documentation.)
  • Fixed OpenID errors when more than one module implements hook_openid(). The behavior is now changed so that if more than one module tries to set the same parameter, the last module's change takes effect.
  • Fixed a serious documentation bug: The $name variable in the taxonomy-term.tpl.php theme template was incorrectly documented as being sanitized when in fact it is not.
  • Fixed a bug which prevented Drupal 6 to Drupal 7 upgrades on sites which had duplicate permission names in the User module's database tables.
  • Added an empty "datatype" attribute to taxonomy term and username links to make the RDFa markup upward compatible with RDFa 1.1 (minor markup addition).
  • Fixed a bug which caused the denial-of-service protection added in Drupal 7.20 to break certain valid image URLs that had an extra slash in them.
  • Fixed a bug with update queries in the SQLite database driver that prevented Drupal from being installed with SQLite on PHP 5.4.
  • Fixed enforced dependencies errors updating to recent versions of Drupal 7 on certain non-MySQL databases.
  • Refactored the Field module's caching behavior to obtain large improvements in memory usage for sites with many fields and instances (API addition: http://drupal.org/node/1915646).
  • Fixed entity argument not being passed to implementations of hook_file_download_access_alter(). The fix adds an additional context parameter that can be passed when calling drupal_alter() for any hook (API change: http://drupal.org/node/1882722).
  • Fixed broken support for translatable comment fields (API change: http://drupal.org/node/1874724).
  • Added an assertThemeOutput() method to Simpletest to allow tests to check that themed output matches an expected HTML string (API addition).
  • Added a link to "Install another module" after a module has been successfully downloaded via the Update Manager (UI change).
  • Added an optional "exclusive" flag to installation profile .info files which allows Drupal distributions to force a profile to be selected during installation (API addition).
  • Fixed a bug which caused the database API to not properly close database connections.
  • Added a link to the URL for running cron from outside the site to the Cron settings page (UI change).
  • Fixed a bug which prevented image styles from being reverted on PHP 5.4.
  • Made the default .htaccess rules protocol sensitive to improve security for sites which use HTTPS and redirect between "www" and non-"www" versions of the page.

Read more: http://drupal.org/drupal-7.22-release-notes


7 March 2013 - 24MBIncludes fixes for incompatibilities introduced in the Drupal 7.20 security release only.
Read more: http://drupal.org/drupal-7.21-release-notes


21 February 2013 - 24MBThis release fixes security vulnerabilities.
Read more: http://drupal.org/drupal-7.20-release-notes


16 January 2013 - 24MB


19 December 2012 - 24MB


7 November 2012 - 24MB


17 October 2012 - 24MB


1 August 2012 - 24MB


3 May 2012 - 24MB


1 February 2012 - 24MB


6 December 2011 - 24MB


26 October 2011 - 24MB


31 August 2011 - 24MB


28 July 2011 - 24MB


27 July 2011 - 24MB


30 June 2011 - 24MB


25 May 2011 - 24MB


(major version)
5 January 2011 - 24MB

Our Web hostings are compatible with


Only the Web hosting

100% SSD Web Hosting
100 GB and +
Multisite management
Free SSL certificates
Anti-DDoS protection
10 GB of VOD

Learn more

from 5.75 € / month


The complete Web+Mail offer

100% SSD Web Hosting
100 GB and +
Multisite management
Free SSL certificates
Anti-DDoS protection
10 GB of VOD

Professional messaging
25 email addresses with unlimited storage

Online messaging
Instant messaging
Syncing contacts and calendars

Learn more

from 7.42 € / month

Cloud Server


100% SSD Web Hosting
100 GB and +
Multi-hostings and multisites
Free SSL certificates
Anti-DDoS protection
10 GB of VOD

2 CPU and +
6 Gb (RAM) and +
100% SSD
100% dedicated resources

Infomaniak manages your server

Learn more

from 29 € / month

Prices in EUR incl. tax