10.5.0-rc1

TL;DR

Drupal 10.5.0-rc1: Security Enhancements, CKEditor 5 Update, and Bug Fixes

This release candidate for Drupal 10.5.0 brings important updates to CKEditor 5 (now at version 45.2.0), adds a formal SECURITY.md file to improve vulnerability reporting, fixes several bugs including issues in the navigation module, and updates various JavaScript and development dependencies. This release also recognizes Cristina Chumillas as UX Manager and Emma Horrell as provisional UX Manager to the Drupal core team.

Highlight of the Release

• Update of CKEditor 5 to version 45.2.0
• Addition of SECURITY.md file for proper security vulnerability reporting
• Fix for invalid render array in the navigation module
• Updated JavaScript and development dependencies
• Recognition of Cristina Chumillas as UX Manager and Emma Horrell as provisional UX Manager

Migration Guide

This release candidate does not introduce any breaking changes that would require specific migration steps. However, as with any update:

1. Test thoroughly in a non-production environment before upgrading production sites
2. Review your custom code that might interact with the navigation module or the access_policy_processor service
3. Test content creation and editing workflows with the updated CKEditor 5 to ensure compatibility with your site's configuration

If you encounter any issues with the updated CKEditor 5, you may need to adjust any custom configurations or plugins you have implemented.

Upgrade Recommendations

As this is a release candidate (10.5.0-rc1), it is recommended for:

• Testing environments to validate compatibility with your site's functionality
• Development environments to ensure your custom code works with the updated dependencies
• Staging environments to perform final pre-production testing

Production sites should wait for the final 10.5.0 release unless you are specifically testing this RC to provide feedback to the Drupal community.

When upgrading:

1. Back up your database and files
2. Update your composer.json to require drupal/core:10.5.0-rc1
3. Run composer update drupal/core --with-all-dependencies
4. Run database updates via Drush or the web interface
5. Clear caches thoroughly

Bug Fixes

• Navigation Module Render Array: Fixed an issue where the 'settings' was not a valid render array in the navigation module, which could cause rendering problems on sites using this module.

• Service Alias Correction: Fixed the wrong alias for the access_policy_processor service in core.services.yml, ensuring proper dependency injection and service resolution.

New Features

• SECURITY.md File: Added a formal SECURITY.md file that explains the proper process for reporting security vulnerabilities in Drupal. This helps ensure that security issues are handled appropriately and discreetly before public disclosure.

• Core Team Updates: Cristina Chumillas has been officially recognized as UX Manager and Emma Horrell as provisional UX Manager to the Drupal core team, strengthening the project's focus on user experience.

Security Updates

While no specific security vulnerabilities were addressed in this release, the addition of the SECURITY.md file represents an important enhancement to Drupal's security practices by formalizing and documenting the proper channels for reporting security vulnerabilities.

The update to CKEditor 5 version 45.2.0 may include security improvements from the CKEditor project, though specific security fixes were not detailed in the commit messages.

Performance Improvements

No specific performance improvements were highlighted in this release candidate. The focus appears to be on security enhancements, dependency updates, and bug fixes rather than performance optimizations.

Impact Summary

Drupal 10.5.0-rc1 represents a moderate update focused on dependency updates, bug fixes, and security practice improvements. The most notable change is the update to CKEditor 5 version 45.2.0, which may bring UI improvements and bug fixes to the content editing experience.

The addition of the SECURITY.md file formalizes the security vulnerability reporting process, which is an important step for the project's security practices but doesn't directly impact day-to-day site operations.

Bug fixes in the navigation module and service alias correction address specific issues that could affect site functionality in certain configurations. These fixes improve stability but are targeted rather than broad in their impact.

Overall, this release candidate continues Drupal's commitment to regular updates and maintenance while preparing for the stable 10.5.0 release. Site administrators should test this RC in non-production environments to ensure compatibility with their specific site configurations and customizations.