Drupal Release: 10.1.0-alpha1

TL;DR

Drupal 10.1.0-alpha1 introduces significant improvements to the developer experience, performance, and user interface. Key highlights include the addition of Single Directory Components as an experimental module, improved database performance with READ COMMITTED as the default MySQL transaction isolation level, enhanced CKEditor 5 capabilities, and the new Project Messaging Channel experimental module. This release also features numerous accessibility improvements, better field reuse workflows, and modernized JavaScript code. With over 8,800 changes across 300 files, this alpha release sets the foundation for the upcoming stable 10.1.0 version.

Highlight of the Release

• Added Single Directory Components as a new experimental module for component-based development
• Improved database performance with READ COMMITTED as the default MySQL transaction isolation level
• Enhanced CKEditor 5 with support for additional code block languages and updated to version 37.1.0
• Added Project Messaging Channel as an experimental module for important Drupal announcements
• Introduced new Twig filters: |add_class and |set_attribute for easier template manipulation
• Improved field reuse workflow with better UX when selecting existing fields
• Enhanced block permissions with more granular control options
• Modernized password hashing by replacing custom library with PHP's native password_hash()
• Allowed AJAX to use GET requests, improving performance for read-only operations
• Improved block content management with better IA for editors and fixed breadcrumbs

Migration Guide

Deprecated Functions and Methods

Several functions and methods have been deprecated in this release and will be removed in future versions:

• watchdog_exception(): Use the logger service instead
• drupal_theme_rebuild(): Use the theme registry service instead
• theme_get_registry(): Use the theme registry service instead
• user_role_permissions(): Use the RoleStorage service instead

JavaScript Changes

• AJAX requests can now use GET instead of POST. If you have custom AJAX implementations, ensure they work with both methods.
• The jQuery ready function usage has been refactored to use VanillaJS. Update your custom JavaScript accordingly.
• For AJAX requests, use httpMethod instead of type for specifying GET/POST request property.

Database Changes

• MySQL now uses READ COMMITTED as the default transaction isolation level. Test your application thoroughly if you rely on specific transaction isolation behavior.
• If you're using PostgreSQL with non-public schema, several fixes have been implemented that may affect your application.

Theme Changes

• CSS has been updated to use double-colon for pseudo elements (e.g., ::before instead of :before). Update your custom CSS accordingly.
• New Twig filters |add_class and |set_attribute are available for template manipulation.
• Many Claro theme stylesheets have been refactored. If you extend Claro, review your theme for compatibility.

Block Content Changes

• Block content edit and delete routes have been moved under admin/content/block. Update any custom links or bookmarks.
• The terminology for Custom Blocks has been updated in the admin UI. Review your documentation or training materials.

Password Hashing

• The custom password hashing library has been replaced with PHP's native password_hash() function. No action is required, but be aware of this change if you interact with password hashing directly.

Upgrade Recommendations

As this is an alpha release (10.1.0-alpha1), it is not recommended for production sites. This release is intended for testing and development purposes only.

For developers and site builders who want to test this release:

1. Create a test environment: Set up a separate development or staging environment to test this alpha release.

2. Back up your site: Always create a complete backup of your site before testing any new version.

3. Review deprecated functionality: Check if your site or custom modules use any of the deprecated functions mentioned in the migration guide.

4. Test thoroughly: Pay special attention to custom modules, themes, and any functionality that interacts with the database, especially if using PostgreSQL or relying on specific MySQL transaction behavior.

5. Report issues: If you encounter any bugs or issues, report them on Drupal.org to help improve the final release.

For production sites, it is recommended to wait for the stable release of Drupal 10.1.0 before upgrading from Drupal 10.0.x.

If you're currently on Drupal 9.x, consider upgrading to Drupal 10.0.x first before planning a move to 10.1.x when it becomes stable.

Bug Fixes

Database and Query Handling

• Fixed memory usage regression in database statement classes by implementing \Iterator to prevent rewinding
• Fixed inconsistent behavior between fetchAllAssoc() and fetchAllKeyed()
• Fixed PostgreSQL schema support for unique indexes with keylength
• Fixed batch process race conditions
• Fixed database condition handling with arrays
• Added informative error messages for 'Connection refused' errors in MySQL

UI and Accessibility

• Fixed modal dialog button alignment in the Olivero theme
• Fixed machine name field expansion after failing validation
• Fixed contextual links not being sorted by weight
• Fixed mobile menu positioning when side canvas is open
• Fixed secondary tabs accessibility when there are many tabs
• Fixed select form field values being hidden at narrow screen widths in Claro theme
• Fixed vertical tab focus on form validation
• Fixed z-index issues with fullscreen AJAX progress indicators in modals

Language and Translation

• Fixed issue where installing a module caused translations to be overwritten
• Fixed missing URL prefix on language-neutral content
• Fixed language switcher block throwing exceptions when no route is matched
• Fixed inaccessible language switcher links being removed before alternatives could be provided

Fields and Forms

• Fixed multiple usages of FieldPluginBase::getEntity not checking for NULL
• Fixed validation for managed files not accounting for null triggering elements
• Fixed readonly attribute not working with #States
• Fixed required summary element being hidden when other text-with-summary fields do not require summary

Views

• Fixed exposed term filter not being updated when terms are added, deleted, or rearranged
• Fixed 'Is not equal to' operator being ignored on exposed, grouped filter
• Fixed views more link container theme suggestions being in the wrong order
• Fixed warning on AJAX call when changing the breakpoint_group field value of a responsive image style

Media and Files

• Fixed setting media field to loading="eager" not working with the media_thumbnail field formatter
• Fixed duplicated summary item when linking to content with the MediaThumbnailFormatter
• Fixed .m4a files using incorrect MIME type

Other

• Fixed Link HTTP header being HTML-encoded
• Fixed htaccess rewrite rules for gzipped CSS and JavaScript aggregates
• Fixed maintenance mode message being shown at multiple places on the page on Form API Ajax callbacks
• Fixed JSON mime type guesser returning application/octet-stream instead of application/json

New Features

Single Directory Components (Experimental)

A new experimental module has been added that introduces component-based development to Drupal. This allows developers to create self-contained UI components with all related assets in a single directory.

Project Messaging Channel (Experimental)

A new experimental module has been added that provides a channel for important Drupal project announcements directly in the admin interface, improving communication with site administrators.

New Twig Filters

Two new Twig filters have been added to make template manipulation easier:

• |add_class: Adds CSS classes to an element
• |set_attribute: Sets attributes on an element

Enhanced CKEditor 5

CKEditor 5 has been updated to version 37.1.0 and now supports configuring additional languages (e.g., "bash" or "SQL") for the CodeBlock plugin.

More Granular Block Permissions

Block permissions have been enhanced to provide more fine-grained control over who can manage blocks, improving security and access control.

Database Query Logging as Events

The database query log can now be dispatched as log events, providing better integration with logging systems and improved debugging capabilities.

GET Requests for AJAX

AJAX operations can now use GET requests instead of being limited to POST, which improves performance for read-only operations and better follows HTTP standards.

Security Updates

Password Hashing Improvements

• Replaced the custom password hashing library with PHP's native password_hash() function, ensuring that Drupal uses modern, secure password hashing algorithms maintained by the PHP core team.

Security Advisory Fix

• Included fix for SA-CORE-2023-005, addressing a security vulnerability (specific details not provided in the commit messages).

Block Permissions Enhancement

• Added more granular block permissions, allowing administrators to define more precise access controls for block management, reducing the risk of unauthorized access.

User Management Security

• Added safeguards against UnblockUser::execute()'s method unblocking the anonymous user, preventing potential security issues.

Form Validation Security

• Fixed block page visibility paths validation, ensuring paths without leading forward slashes are properly validated.

API Security

• Improved error handling for language negotiation plugins, preventing site breakage when plugins are not found.

Performance Improvements

Database Performance Improvements

• Changed the default MySQL transaction isolation level to READ COMMITTED, which can significantly improve performance by reducing lock contention
• Implemented statement classes using \Iterator to fix memory usage regression and prevent rewinding
• Fixed batch process race conditions by improving handling of batch IDs

JavaScript and Asset Optimization

• Made CSS/JS optimized assets path configurable, allowing for better CDN integration
• Updated htaccess rewrite rules for gzipped CSS and JavaScript aggregates to ensure they match correctly
• Improved toolbar tray rendering to prevent content "flickering" when resizing to accommodate open trays
• Allowed AJAX to use GET requests, which can improve performance for read-only operations

Caching Improvements

• Fixed caching issues with exposed term filters in Views
• Fixed issue where EntityTypeInterface was overly prescriptive about 'required' link relationships, improving caching
• Fixed issue where ToolbarController::preRenderGetRenderedSubtrees() deleted parent's cacheability

Modernized Code

• Refactored numerous Claro theme stylesheets for better performance and maintainability
• Replaced custom password hashing library with PHP's native password_hash() functions
• Replaced strpos() !== FALSE or === FALSE with str_contains() for better performance and readability
• Refactored uses of the jQuery ready function to use VanillaJS

Impact Summary

Drupal 10.1.0-alpha1 represents a significant step forward in Drupal's evolution with several impactful changes that benefit developers, site builders, and content editors alike.

The introduction of Single Directory Components as an experimental module marks an important shift toward component-based development in Drupal, aligning with modern frontend development practices. This will enable developers to create more maintainable and reusable UI components.

Database performance sees substantial improvements with the adoption of READ COMMITTED as the default MySQL transaction isolation level, which can significantly reduce lock contention in high-traffic sites. Combined with memory usage optimizations in database statement classes, these changes should result in better overall performance.

The user experience receives considerable attention with enhanced field reuse workflows, improved block content management, and better accessibility for various UI elements. Content editors will appreciate the updated CKEditor 5 with support for additional code languages and improved modal dialogs.

Security is strengthened by replacing the custom password hashing library with PHP's native functions, ensuring Drupal stays current with modern security practices. The addition of more granular block permissions provides administrators with finer control over access management.

For theme developers, new Twig filters and refactored stylesheets in the Claro theme offer improved tools for template manipulation and better maintainability.

The new Project Messaging Channel experimental module introduces a direct communication channel between the Drupal project and site administrators, which will be valuable for security announcements and other important communications.

Overall, this alpha release lays a solid foundation for Drupal 10.1.0, with significant improvements across performance, developer experience, security, and user interface.