Drupal Release: 10.0.0-alpha7

TL;DR

Drupal 10.0.0-alpha7 brings significant improvements to the codebase as it prepares for the stable release. This alpha version includes important security fixes (SA-CORE-2022-012 through SA-CORE-2022-015), PHP 8.2 compatibility improvements, removal of deprecated code, theme updates replacing Bartik and Seven with Olivero and Claro, and numerous bug fixes. The release also includes documentation improvements, performance enhancements, and better CKEditor 5 integration.

Highlight of the Release

• Critical security fixes with SA-CORE-2022-012 through SA-CORE-2022-015
• PHP 8.2 compatibility improvements
• Increased recommended PHP version to 8.1.6
• Complete transition from Bartik and Seven themes to Olivero and Claro
• Removal of RDF module from Standard profile
• Improved CKEditor 5 migration experience
• Fixed fast 404 performance issues

Migration Guide

Upgrading to Drupal 10.0.0-alpha7

PHP Requirements

• PHP 8.1.6 is now the recommended minimum version
• PHP 8.2 compatibility has been improved, but may still have some issues

Theme Changes

• Bartik and Seven themes have been completely replaced with Olivero and Claro
• Tests and code that referenced Bartik and Seven have been updated
• If your custom code references these themes, update to use Olivero and Claro instead

Deprecated Code Removal

• Removed TranslationWrapper (will be removed in 11.0.0)
• Removed BC layer in Drupal\file\Plugin\rest\resource\FileUploadResource
• Removed deprecated code from FormattableMarkup
• IE11 polyfills and related libraries have been emptied and deprecated for removal in 11.0.0

Module Changes

• RDF module has been removed from the Standard profile
• If you depend on RDF functionality, you'll need to explicitly enable the module

CKEditor Changes

• CKEditor 5 has been updated to version 35.0.1
• Media CKEditor 4 integration has been moved into the CKEditor module
• Quick Edit related JavaScript has been moved from CKEditor 5 to the Quick Edit module

Upgrade Recommendations

As this is an alpha release (10.0.0-alpha7), it is not recommended for production sites. This release is intended for testing and development purposes only.

For Developers and Site Builders:

• Install in a development or testing environment to identify potential issues with custom code
• Test thoroughly with your custom modules and themes, especially if they:
  • Rely on Bartik or Seven themes
  • Use deprecated code that has been removed
  • Have PHP 8.2 compatibility issues
  • Integrate with CKEditor

For Production Sites:

• Continue using Drupal 9.x for production environments
• Begin planning your upgrade path to Drupal 10
• Review the security fixes in this release and apply any corresponding security updates to your Drupal 9 site

When to Upgrade:

Wait for the stable release of Drupal 10.0.0 before upgrading production sites. Use this alpha release to test compatibility with your custom code and to prepare for the eventual upgrade.

Bug Fixes

Critical Fixes

• Fixed security vulnerabilities (SA-CORE-2022-012 through SA-CORE-2022-015)
• Fixed fast 404s being slower than regular 404s (Issue #3292908)
• Fixed FilterHtml throwing "Unsupported operand types" error when * used in tag attribute (Issue #3268983)

UI and Functionality Fixes

• Fixed nested details element within content type's "manage display" UI changing width when opened (Issue #3291100)
• Fixed Views exposed text filter showing empty error on page load (Issue #2568889)
• Fixed disabled block's admin title getting double-escaped (Issue #3061148)
• Fixed comment being deleted instead of reassigned to Anonymous user (Issue #3166561)
• Fixed link options attributes being removed on save (Issue #3056652)

JavaScript Fixes

• Fixed BigPipe not calling attachBehaviors() after chunks are processed (Issue #3294720)
• Fixed AJAX not guaranteeing JS files have finished loading before calling said JS (Issue #1988968)
• Fixed unwanted whitespace caused by AJAX new content span (Issue #2588013)

Views Fixes

• Fixed grouped filter with multiple selections not working with defaults (Issue #2916682)
• Fixed confusing error message when adding a field with missing relationship (Issue #2796045)
• Fixed term creation failing with PHP 8 when override_selector = TRUE (Issue #3242538)

New Features

Theme System Updates

• Complete transition from Bartik and Seven themes to Olivero and Claro
• Improved Claro installer UI for better usability
• Refactored Claro's accordion stylesheet for better maintainability

PHP 8.2 Compatibility

• Added #[\\AllowDynamicProperties] attribute to base classes
• Updated dependencies to support PHP 8.2
• Replaced deprecated static::method() calls

CKEditor Improvements

• Better CKEditor 5 migration experience with less overwhelming messages
• Improved documentation for CKEditor 5 plugins needing complex conditions
• Moved Media CKEditor 4 integration into CKEditor module

Security Updates

Security Advisories

• SA-CORE-2022-012: Fixed security vulnerability related to multiple components
• SA-CORE-2022-013: Fixed security vulnerability in Form API
• SA-CORE-2022-014: Fixed security vulnerability in core system
• SA-CORE-2022-015: Fixed security vulnerability affecting multiple modules

Security Improvements

• Increased RECOMMENDED_PHP to 8.1.6
• Stopped recommending using \Drupal\Component\Assertion\Handle::register() in example.settings.local.php
• Fixed misleading and potentially dangerous "Edit own" nodes permission for anonymous users

Performance Improvements

Performance Optimizations

• Fixed fast 404s being slower than regular 404s (Issue #3292908)
• Removed redundant Link canonical/shortlink response headers (Issue #3266589)
• Support for _defaults key in service.yml files for public, tags, and autowire settings (Issue #3021898)
• Improved handling of optimized autoload files with Composer (Issue #3116405)

JavaScript Performance

• Updated terser and terser-webpack-plugin to latest versions for better JavaScript optimization
• Improved AJAX handling to ensure proper loading of JavaScript files

Impact Summary

Drupal 10.0.0-alpha7 represents a significant step toward the stable release of Drupal 10. This alpha version focuses on cleaning up deprecated code, improving PHP 8.2 compatibility, completing the transition to new core themes (Olivero and Claro), and fixing various bugs and security issues.

The most immediate impact comes from the security fixes (SA-CORE-2022-012 through SA-CORE-2022-015), which address critical vulnerabilities. For developers, the PHP 8.2 compatibility improvements and removal of deprecated code will require attention when preparing for Drupal 10.

Site builders will notice the complete transition from Bartik and Seven themes to Olivero and Claro, as well as the removal of the RDF module from the Standard profile. The CKEditor 5 migration experience has been improved with less overwhelming messages, making the transition smoother.

Performance improvements include fixing fast 404s that were paradoxically slower than regular 404s and removing redundant response headers. The support for the _defaults key in service.yml files will help streamline service definitions.

Overall, this alpha release demonstrates Drupal's commitment to modernizing its codebase, improving security, and enhancing the developer and user experience as it moves toward the stable Drupal 10 release.