Drupal Release: 10.1.5

TL;DR

Drupal 10.1.5 is a maintenance release that includes numerous bug fixes, accessibility improvements, and developer experience enhancements. Key updates include fixes for Layout Builder functionality, improved GitLab CI integration, security improvements for the toolbar username display, and various accessibility enhancements. This release primarily focuses on stability and quality-of-life improvements for both developers and end users.

Highlight of the Release

• Fixed Layout Builder jumping to top when removing sections or blocks
• Added comprehensive GitLab CI integration for improved testing workflows
• Fixed security issue with toolbar username display that was vulnerable to XSS
• Fixed critical issue where creating new translations could delete translations with drafts
• Improved accessibility with fixes for ARIA attributes and button contrast
• Added pagination to version history controller for better management of content with many revisions

Migration Guide

No significant migration steps are required for this maintenance release. The update primarily consists of bug fixes and improvements that should not require any special migration procedures.

If you are using custom code that interacts with the Layout Builder, CKEditor 5, or translation systems, you may want to test your functionality after upgrading to ensure compatibility with the fixes included in this release.

Upgrade Recommendations

This is a maintenance release containing important bug fixes, accessibility improvements, and security enhancements. It is recommended that all sites running Drupal 10.1.x upgrade to this version.

Priority: Medium

• Sites experiencing issues with Layout Builder, translations with drafts, or node access rebuilds should prioritize this update.
• Sites concerned about the security of the toolbar username display should upgrade as soon as possible.
• All other sites should plan to upgrade during their next regular maintenance window.

The update process follows the standard Drupal minor version update procedure and should not require any special steps beyond the normal update process.

Bug Fixes

Critical Bug Fixes

• Translation Management: Fixed a critical issue where creating a new translation could delete translations with drafts.

• Node Access Rebuild: Fixed an issue where node access rebuild could enter an infinite loop and never finish.

• Configuration Dependencies: Fixed a bug where "enforced" dependencies of optional configs would incorrectly overwrite other dependencies.

User Interface Fixes

• Layout Builder: Fixed an issue where Layout Builder would jump to the top of the page when removing sections or blocks.

• CKEditor 5:

  • Fixed an issue where formatting was lost when attempting to edit media within a list item.
  • CKEditor 5 now properly respects <textarea disabled> attributes.

• Revision UI: Fixed an issue where the Generic Revision UI's overview page generated incorrect operations/view links for translations.

JavaScript and API Fixes

• JavaScript Fixes:

  • Fixed Drupal.t() to properly respect locale custom strings.
  • Fixed regression in uses of jQuery trim function to use vanilla JavaScript.
  • Fixed optionExists throwing an exception with incorrect type if an option doesn't exist.

• Router Fix: Fixed an issue where AccessAwareRouter did not respect HTTP method.

Visual and Styling Fixes

• Accessibility:

  • Fixed invalid value for aria-current attribute.
  • Fixed broken flexbox after Branding component creation.
  • Fixed disabled primary button in views area having poor contrast (grey text on blue background).

• Views: Fixed an issue with indirect modification of overloaded elements with Views responsive table.

New Features

New Testing and Development Features

• GitLab CI Integration: Added comprehensive GitLab CI integration for core, including matrix testing across different PHP versions and databases, parallel test execution, and support for test-only changes.

• New Test Assertions: Added linkByHrefExistsExact and linkByHrefNotExistsExact methods for matching links by href exactly in tests.

• Improved Test Distribution: Added support for distributing slow tests between test runners and marking more tests appropriately.

User Interface Improvements

• Version History Pagination: Added pagination to the version history controller, improving the experience when managing content with many revisions.

• Recipe Display Enhancement: Improved recipe display by showing category-related recipes when viewing a recipe full page.

Security Updates

Security Improvements

• XSS Protection: Fixed a security issue where the toolbar username lazy builder only XSS filtered but didn't escape user display name, which could lead to stored remote request vulnerabilities.

• Dependency Updates: Updated the get-func-name dependency to address CVE-2023-43646.

Performance Improvements

Cache Performance Improvements

• Cache Handling: Improved cache handling by chunking multiple cache sets into groups of 100 to avoid out-of-memory (OOM) and max_allowed_packet issues.

Testing Performance Improvements

• Test Execution:
  • Improved test execution by running Nightwatch tests in parallel.
  • Better distribution of slow tests between test runners.
  • Optimized GitLab CI to fetch less from git, reducing network traffic and improving build times.

Build Performance

• Component Building: Improved performance by copying fewer files around in ComponentsIsolatedBuildTest.

Impact Summary

Drupal 10.1.5 is a maintenance release that delivers significant improvements to stability, accessibility, and developer experience. The most impactful changes address critical issues with content translation management, Layout Builder usability, and security vulnerabilities in the toolbar username display.

For site administrators and content editors, the fixes to Layout Builder's scrolling behavior, improved version history pagination, and better handling of translations with drafts will provide a more reliable content management experience. The accessibility improvements, including better ARIA attributes and button contrast, enhance the platform's usability for all users.

For developers, the comprehensive GitLab CI integration represents a major enhancement to the testing infrastructure, enabling more efficient and reliable testing across multiple environments. The fixes to JavaScript functions, cache handling, and router behavior address pain points that could previously cause unexpected behavior or performance issues.

Overall, this release demonstrates Drupal's ongoing commitment to quality, accessibility, and developer experience, with a focus on fixing issues that impact day-to-day usage of the platform.