11.1.8

TL;DR

Drupal 11.1.8 is a maintenance release that addresses several accessibility issues, fixes bugs in core functionality, and improves test coverage. This release focuses on enhancing user experience with fixes for ARIA attributes, form handling, caching mechanisms, and view management. It also adds important security documentation and updates to the core team information.

Highlight of the Release

• Fixed accessibility issue with aria-pressed attribute not updating correctly
• Added SECURITY.md file explaining how to report security vulnerabilities
• Fixed issue where uninstalling a module would delete all views with third-party settings
• Improved caching behavior with 'view own unpublished content' permission
• Added interface to allow access policies to opt out of caching

Migration Guide

This is a maintenance release with bug fixes and minor improvements. No specific migration steps are required when upgrading from Drupal 11.1.7 to 11.1.8.

If you're using custom code that interacts with:

• Access policies: Be aware of the new interface allowing access policies to opt out of caching.
• Views with third-party settings: The fix for Issue #3496867 changes how views with third-party settings are handled during module uninstallation.
• Node revision handling: If you have custom code dealing with node revisions, review the changes related to Issue #1528028.

For most sites, this update should be straightforward with no special migration steps required.

Upgrade Recommendations

It is recommended to update to Drupal 11.1.8 as soon as possible, especially if you are experiencing any of the specific issues addressed in this release. This update includes important bug fixes for accessibility, caching, and views management.

Upgrade steps:

1. Back up your database and site files
2. Update your codebase to Drupal 11.1.8 using Composer:

   composer update drupal/core --with-all-dependencies
   

3. Run database updates:

   drush updatedb
   

4. Clear caches:

   drush cache:rebuild
   

5. Test your site thoroughly, especially functionality related to:
   • Forms with ARIA attributes
   • Views with AJAX functionality
   • Node revision management
   • Access policies and permissions

This is a maintenance release with no known breaking changes, so the upgrade process should be straightforward for most sites.

Bug Fixes

• Accessibility Improvements: Fixed issue where the aria-pressed attribute wasn't updating correctly, improving accessibility for interactive elements (Issue #3085781).

• Form Handling: Fixed askHidden prompt that was failing with "Unknown named parameter $default" error (Issue #3517481).

• Language Handling: Added missing schema for default values in LanguageItem, ensuring proper validation (Issue #3516520).

• Caching: Fixed cache redirect error when using 'view own unpublished content' permission alongside node grants (Issue #3516477).

• Views Management: Fixed issue where uninstalling a module would incorrectly delete all views that have third-party settings by that module (Issue #3496867).

• Views AJAX: Fixed template_preprocess_views_view_summary_unformatted() to properly set active link when using AJAX (Issue #3360996).

• Migration: Fixed issue with highwater mark handling by ensuring it's reset before rolling back migrations (Issue #2800715).

• Form Validation: Fixed handling of invalid exposed form data to ensure it's properly excluded (Issue #2957336).

• Test Failures: Fixed failing ResolvedLibraryDefinitionsFilesMatchTest (Issue #3525090).

New Features

• Access Policy Caching Control: Added a new interface to allow access policies to opt out of caching, giving developers more control over caching behavior (Issue #3500683).

• Security Documentation: Added a SECURITY.md file that explains how to properly report security vulnerabilities, making it easier for security researchers to follow the correct procedures (Issue #3094817).

• Core Team Updates: Added Cristina Chumillas as UX Manager and Emma Horrell as provisional UX Manager to Drupal core, strengthening the UX leadership team (Issue #3524613).

Security Updates

• Security Documentation: Added a SECURITY.md file explaining how to report security vulnerabilities properly, helping ensure that security issues are handled through the appropriate channels (Issue #3094817).

• No critical security fixes were included in this release. As always, following security best practices and keeping your Drupal installation updated is recommended.

Performance Improvements

• Caching Optimization: Improved caching behavior when using 'view own unpublished content' permission alongside node grants, preventing unnecessary cache redirects (Issue #3516477).

• Test Performance: Added @group #slow to MigrateDrupal7AuditIdsTest to better manage test execution times (Issue #3522021).

• Access Policy Caching: Added interface to allow access policies to opt out of caching, providing more granular control over caching behavior where needed (Issue #3500683).

Impact Summary

Drupal 11.1.8 is a maintenance release that focuses on bug fixes and improvements to core functionality. The most significant impacts include:

1. Accessibility Improvements: Fixed ARIA attribute handling improves the experience for users with assistive technologies.

2. Better Views Management: The fix for uninstalling modules with third-party settings prevents accidental data loss when managing modules.

3. Improved Caching: Several fixes related to caching behavior, particularly with access policies and node grants, will result in more predictable and efficient caching.

4. Enhanced Developer Experience: Various test improvements and refactoring make the codebase more maintainable and testable.

5. Security Process Documentation: The addition of SECURITY.md provides clear guidance on reporting security vulnerabilities.

This release represents ongoing commitment to quality, accessibility, and security in Drupal core. While it doesn't introduce major new features, it addresses several pain points that could affect site administrators, developers, and end users.