11.2.0

TL;DR

Drupal 11.2.0 introduces significant enhancements with a focus on developer experience, performance, and modernization. Key improvements include the new Navigation module replacing Toolbar, HTMX integration for dynamic content without JavaScript, Single Directory Components (SDC) enhancements, and attribute-based hooks replacing annotations. The release also brings improved image handling with AVIF support, better caching, and numerous bug fixes and performance optimizations. This update represents a substantial step forward in Drupal's evolution toward a more modern, efficient, and developer-friendly CMS.

Highlight of the Release

• New Navigation module replacing the Toolbar with improved UI and customization options
• HTMX integration for dynamic content without JavaScript
• Enhanced Single Directory Components (SDC) with component variants and translatable enum properties
• Attribute-based hooks replacing annotations for better code organization
• Better image handling with AVIF format support and WebP fallback
• Improved caching mechanisms for better performance
• New validation constraints for configuration schemas
• Renamed Update Manager module to Update Status for clarity

Migration Guide

Updating to Attribute-based Hooks

If you're using annotations for plugins or hooks, you should start migrating to the new attribute-based system:

// Old annotation style
/**
 * @Hook("form_alter")
 */
function mymodule_form_alter(&$form, $form_state, $form_id) {
  // Code
}

// New attribute style
#[FormAlter]
function mymodule_form_alter(&$form, $form_state, $form_id) {
  // Code
}

Navigation Module Replaces Toolbar

The Toolbar module has been replaced by the Navigation module. If your site or modules depend on Toolbar, you'll need to update them to work with Navigation instead. Custom toolbar items will need to be adapted to the new Navigation system.

Update Manager Renamed to Update Status

The Update Manager module has been renamed to Update Status for clarity. Update any references in your code:

// Old
\Drupal::moduleHandler()->moduleExists('update');

// Still works, but consider updating variable names and comments
\Drupal::moduleHandler()->moduleExists('update');

SDC Component Updates

If you're using Single Directory Components, update your components to take advantage of new features:

1. For component variants:

// In your component's metadata
"variants": {
  "primary": {
    "props": {
      "buttonStyle": "primary"
    }
  },
  "secondary": {
    "props": {
      "buttonStyle": "secondary"
    }
  }
}

2. For translatable enum properties:

"props": {
  "size": {
    "type": "string",
    "enum": ["small", "medium", "large"],
    "meta:enum": {
      "small": "Small",
      "medium": "Medium",
      "large": "Large"
    }
  }
}

HTMX Integration

To use the new HTMX integration:

// Attach the HTMX library
$build['#attached']['library'][] = 'core/htmx';

// Use HTMX attributes in your markup
$build['content'] = [
  '#type' => 'html_tag',
  '#tag' => 'button',
  '#attributes' => [
    'hx-get' => '/some/endpoint',
    'hx-target' => '#result',
    'hx-swap' => 'outerHTML',
  ],
  '#value' => t('Load Content'),
];

Upgrade Recommendations

This release contains significant improvements and new features that benefit all Drupal 11 sites. We recommend upgrading to Drupal 11.2.0 as soon as possible, especially if you want to take advantage of:

1. Performance improvements - Better caching mechanisms and optimizations
2. New Navigation module - Improved administrative experience
3. HTMX integration - For building dynamic interfaces without JavaScript
4. Enhanced SDC - For better component-based development
5. Security updates - Latest security fixes and dependency updates

Before Upgrading:

1. Create a complete backup of your site, including files and database
2. Update to the latest minor version of your current Drupal release first
3. Test the upgrade on a staging environment before applying to production
4. Review your custom and contributed modules for compatibility with the new attribute-based hooks system
5. Check theme compatibility with the new Navigation module
6. Update your development workflow to use the new tools and features

After Upgrading:

1. Clear caches thoroughly after the upgrade
2. Test all critical site functionality
3. Review site performance with the new caching improvements
4. Consider migrating custom code to use the new attribute-based hooks
5. Update your theme to take advantage of AVIF image support

For sites with custom modules that heavily rely on annotations or the Toolbar module, plan for additional testing and development time to adapt to the new systems.

Bug Fixes

Menu and Navigation Fixes

• Fixed issue where second-level menu items with children couldn't be reached
• Fixed issue where <front> menu links were missing active trail classes
• Fixed alignment issues on the comments tab
• Fixed issue where Navigation items weren't clickable on the navigation layout page
• Menu Local Tasks now sort alphabetically when no weight is set

Content Management Fixes

• Fixed issue where translations created in Live workspace weren't properly handled
• Fixed node preview modal to use Drupal API properly
• Fixed issue where removing a field from Layout Builder content type incorrectly edited associated roles
• Fixed issue where uninstalling a module deleted all views with third-party settings by that module
• Fixed issue where the site slogan didn't show with Olivero theme

Form and UI Fixes

• Fixed input and filter alignment issue on the comments tab
• Fixed duplicate summary on some admin pages using vertical tabs
• Fixed issue where aria-pressed attribute wasn't updated correctly
• Fixed issue where aria-required attribute was redundantly used with required attribute
• Fixed issue where Media Library currentSelection wasn't reset properly
• Fixed undefined array key warning in UrlHelper::parse()
• Fixed issue where upload progress extension settings weren't properly handled

Caching and Performance Fixes

• Fixed issue where cache tags could grow endlessly
• Fixed cache redirect error when using 'view own unpublished content' permission with node grants
• Fixed issue where cache tags added by hook_block_view_BASE_BLOCK_ID_alter were ignored on certain blocks
• Improved handling of placeholders in CachedStrategy

Multilingual Fixes

• Fixed issue where LanguageNegotiationUrl unnecessarily added domain to outbound URLs
• Fixed issue when saving the administrator role setting with no success message

New Features

New Navigation Module

The new Navigation module replaces the Toolbar module with an improved UI and customization options. It provides a more modern and user-friendly navigation experience with better organization of menu items and support for icons.

HTMX Integration

Drupal now includes HTMX as a core dependency, allowing developers to create dynamic content without writing JavaScript. This enables building interactive interfaces with simple HTML attributes that trigger server requests and update page content.

Enhanced Single Directory Components (SDC)

SDC now supports component variants, allowing developers to create variations of components with different properties. Additionally, enum properties now support translatable labels using meta:enum, making component options more user-friendly.

Attribute-based Hooks

Drupal continues its modernization with attribute-based hooks replacing annotations. New attributes like #[Hook], #[FormAlter], and #[Preprocess] provide better code organization and discoverability.

AVIF Image Support

Core now supports the AVIF image format with WebP fallback, providing better image compression and quality. All core image styles now use AVIF with WebP fallback by default.

AtLeastOneOf Constraint

A new validation constraint AtLeastOneOf has been added, allowing developers to specify that at least one of a set of fields must have a value.

Package Manager Direct Write Mode

Package Manager now supports direct write mode, allowing it to operate directly on the live code base without requiring rsync, making updates more efficient on certain hosting environments.

Security Updates

Security Improvements

• Updated Symfony to version 7.3.0, incorporating the latest security improvements
• Updated CKEditor 5 to version 45.2.0 with security fixes
• Added tests for SA-CORE-2024-006 to ensure security fixes are properly tested
• Updated config schema for Symfony 7.3 mailer security improvements
• Removed srcdoc attributes in Xss::filter() to prevent potential XSS vulnerabilities
• Added SECURITY.md explaining how to report security vulnerabilities properly
• Updated Composer and development dependencies with security fixes
• Improved session handling by deprecating custom keys in $_SESSION for better security

Performance Improvements

Caching Improvements

• Fixed issue where cache tags could grow endlessly, significantly improving cache performance
• Improved handling of placeholders in CachedStrategy for better rendering performance
• Added support for a placeholder strategy denylist for #lazy_builders to prevent unnecessary processing

Configuration Management Performance

• Improved configuration management performance by addressing regression in config:import operations
• Added ConfigSchemaChecker to development.services.yml for better development performance

Database Optimizations

• Improved database performance with better handling of JSON type fields
• Enhanced PoDatabaseWriter with transaction support to improve performance
• Made ViewsViewsData more efficient by preventing unnecessary loading of all actions multiple times

JavaScript and CSS Optimizations

• Replaced Contextual Links BackboneJS usage with VanillaJS equivalent for better performance
• Split tablesort.module.css out to its own library and attach it via tablesort for more efficient loading
• Moved Olivero's messages.css to its messages library for better organization and loading
• Better CSS organization with improved library management

Testing Performance

• Added FF_USE_FASTZIP to speed up composer/yarn cache network transfers
• Improved test performance by preventing setup tasks from running for tests that are always skipped
• Added @group #slow to various tests to better organize and optimize test runs

Impact Summary

Drupal 11.2.0 represents a significant step forward in Drupal's evolution toward a more modern, efficient, and developer-friendly CMS. This release focuses on four key areas: developer experience, performance, user interface, and security.

For developers, the introduction of attribute-based hooks replacing annotations provides a more structured and discoverable way to extend Drupal. The integration of HTMX allows for creating dynamic interfaces without writing JavaScript, significantly lowering the barrier to building interactive experiences. Enhanced Single Directory Components (SDC) with component variants and translatable enum properties further improve the component-based development workflow.

Site builders and administrators will appreciate the new Navigation module, which replaces the Toolbar with a more modern and customizable interface. The improved image handling with AVIF support and WebP fallback delivers better image quality with smaller file sizes. Configuration management performance improvements make site management more efficient.

Performance improvements are substantial, with better caching mechanisms that prevent cache tags from growing endlessly, more efficient CSS and JavaScript loading, and optimized database operations. These changes will result in faster page loads and better resource utilization.

Security enhancements include updates to core dependencies like Symfony and CKEditor, improved session handling, and better XSS protection. The addition of a formal SECURITY.md file also improves the security reporting process.

Overall, Drupal 11.2.0 delivers a more modern, performant, and developer-friendly platform while maintaining Drupal's commitment to security and stability. The shift toward attribute-based hooks and component-based development aligns Drupal with modern PHP practices, while HTMX integration provides a bridge to modern frontend development without the complexity of JavaScript frameworks.