Drupal Release: 10.2.0-alpha1

TL;DR

Drupal 10.2.0-alpha1 introduces significant improvements with PHP 8.2 now recommended, GitLab CI integration, OpenTelemetry for performance monitoring, and Symfony 6.4 upgrade. Key enhancements include CKEditor 5 updates, new SDC components for Umami, improved field management with combined field forms, and better accessibility. This release also adds PHP attributes support, Fiber integration for improved performance, and numerous bug fixes across core functionality.

This alpha release represents a substantial step forward in Drupal's development with a focus on modernizing the codebase, improving developer experience, and enhancing performance.

Highlight of the Release

• PHP 8.2 is now the recommended PHP version for Drupal 10.2
• GitLab CI integration for improved testing workflows
• OpenTelemetry integration for application performance monitoring
• Symfony 6.4 upgrade with its new features and improvements
• PHP attributes support instead of doctrine annotations
• Fibers support in BigPipe and Renderer for improved performance
• Combined field storage and field instance forms for better field management
• New SDC components for Umami theme (Common Card, Badge, Footer Block)
• CKEditor 5 updated to version 40.0.0 with 'Show Blocks' functionality
• Improved accessibility with better contrast for required field indicators

Migration Guide

PHP 8.2 Recommended

PHP 8.2 is now the recommended PHP version for Drupal 10.2. While Drupal 10 continues to support PHP 8.1, it's recommended to upgrade to PHP 8.2 for optimal performance and security.

PHP Attributes

Drupal 10.2 introduces support for PHP attributes instead of doctrine annotations. If you have custom code that extends or interacts with core classes using annotations, you should review and update your code to use PHP attributes instead.

// Old way with annotations
/**
 * @EntityType(
 *   id = "example",
 *   label = @Translation("Example"),
 * )
 */

// New way with PHP attributes
#[EntityType(
  id: "example",
  label: new TranslatableMarkup("Example"),
)]

Symfony 6.4 Upgrade

Drupal 10.2 has been updated to use Symfony 6.4. Review any custom code that directly interacts with Symfony components to ensure compatibility with Symfony 6.4.

Combined Field Forms

Field storage and field instance forms have been combined. If you have custom code that programmatically interacts with field creation forms, you may need to update your code to work with the new combined form structure.

Twig Template Deprecation

A new mechanism has been added to mark entire Twig templates as deprecated. If you're maintaining custom themes or modules that override core templates, check for any deprecation notices and plan to update your templates accordingly.

Transaction Management Changes

The TransactionManager has been strengthened with improved entropy and better handling of savepoints. If you have custom code that directly interacts with database transactions, review it to ensure compatibility with the updated transaction management.

CKEditor 5 Updates

CKEditor 5 has been updated to version 40.0.0. If you have custom CKEditor 5 plugins or configurations, test them thoroughly with the new version to ensure compatibility.

Upgrade Recommendations

Recommendation Level: Wait for stable release for production sites

As this is an alpha release (10.2.0-alpha1), it is primarily intended for testing and development purposes. Production sites should wait for the stable 10.2.0 release before upgrading.

For development and testing environments:

• This alpha release provides an excellent opportunity to test your custom modules and themes against the upcoming changes in Drupal 10.2.
• Pay particular attention to testing any code that interacts with fields, CKEditor 5, or database transactions, as these areas have seen significant changes.
• If you're using PHP 8.1, consider testing with PHP 8.2 as it's now the recommended version.

Testing recommendations:

1. Create a clone of your production site for testing
2. Update to Drupal 10.2.0-alpha1
3. Run update.php
4. Test all critical site functionality, especially custom modules and themes
5. Pay special attention to forms, fields, and content editing workflows
6. Report any issues to the Drupal issue queue

Module and theme developers:

• Begin testing your projects against this alpha release
• Update any code that uses doctrine annotations to use PHP attributes instead
• Test thoroughly with Symfony 6.4
• Review your code for compatibility with the combined field forms

When the stable release of Drupal 10.2.0 becomes available, a standard upgrade process will be recommended for production sites, following Drupal's documented update procedures.

Bug Fixes

Security and XSS Protection

• Fixed an issue where the Toolbar username lazy builder only XSS filters but doesn't escape user display name, addressing a potential stored remote request vulnerability.
• Fixed a security issue addressed in SA-CORE-2023-006.

Form and UI Fixes

• Fixed a focus state bug on text field AJAX calls that was affecting user experience.
• Fixed an issue where removed values in multi-value fields would reappear.
• Fixed a bug where clicking X in input type search on module page in Chrome did nothing.
• Fixed a regression in fieldset legend positioning.
• Fixed Javascript errors in entity-form.js when retranslate checkbox does not exist.
• Fixed Javascript breaking on block layout page after drag or select new region.
• Fixed an issue where the "Add another item" field button was incorrectly displayed as a modal action.

Entity and Field Management

• Fixed an issue where $entity->isDefaultTranslation() behaves incorrectly when changing default translation, causing file/image field usage to be set to zero and files to be deleted.
• Fixed a bug where creating a new translation may delete translations with drafts.
• Fixed a bug where adding or editing a block through the UI saves the entity twice.
• Fixed an issue where config saved during import does not have correct initial values set.
• Fixed a bug where BaseFieldOverride didn't inherit internal property from the base field.

Performance and Database

• Fixed an issue where committing a transaction while there are still active savepoints leaves the stack in inconsistent state.
• Fixed a bug where rolling back to a savepoint should leave the savepoint in the transaction stack.
• Fixed an issue where chunk multiple cache sets into groups of 100 to avoid OOM/max_allowed_packet issues.
• Fixed a bug where the latest_revision ViewsFilter has poor performance.

CKEditor and Media

• Fixed an issue where ckeditor5.dialog.fix.js throws "Uncaught TypeError: event.target.classList is undefined" in Firefox in Drupal 10 with the editor in a modal.
• Fixed a bug where formatting was lost when attempting to edit media within a list item in CKEditor 5.
• Fixed an issue where large placeholders are not processed.

Accessibility

• Fixed a contrast issue where disabled primary button in views area has grey text on blue background.
• Fixed a skipped heading level on search "no results" text.
• Fixed the red asterisk for required fields to meet WCAG contrast minimum requirements.

Other Fixes

• Fixed an issue where Node Access Rebuild never finishes (infinite loop).
• Fixed a bug where block name collision occurs on theme creation.
• Fixed an issue where the password is null if user has never logged in which causes PHP 8 warning.
• Fixed a bug where AccessAwareRouter does not respect HTTP method.
• Fixed an issue where counts for singulars in DateFormatter::formatInterval() are hardcoded to 1.
• Fixed a bug where dialog options are not honored when opening a dialog using GET.
• Fixed an issue where "Enforced" Dependencies of Optional Configs Overwrite Other Dependencies.

New Features

PHP 8.2 Recommended

PHP 8.2 is now the recommended PHP version for Drupal 10.2, bringing performance improvements and new language features.

GitLab CI Integration

A comprehensive GitLab CI integration has been added to core, providing improved testing workflows, parallel test execution, and better reporting.

OpenTelemetry Integration

Added OpenTelemetry Application Performance Monitoring to core performance tests, enabling better insights into application performance.

Symfony 6.4 Upgrade

Drupal has been updated to use Symfony 6.4, bringing in the latest features and improvements from the Symfony ecosystem.

PHP Attributes Support

Added support for PHP attributes instead of doctrine annotations, modernizing the codebase and improving developer experience.

Fibers Support

Added PHP Fibers support to BigPipe and Renderer, improving performance by allowing better concurrency handling.

Combined Field Forms

Field storage and field instance forms have been combined, streamlining the field creation process and improving the user experience.

New SDC Components for Umami

Several new Site Design Components have been added to the Umami theme:

• Common Card component
• Badge component for recipes
• Common footer block component

CKEditor 5 Updates

CKEditor 5 has been updated to version 40.0.0 and now includes the "Show Blocks" functionality that existed in CKEditor 4.

New Form API Property

Introduced a new #config_target Form API property to simplify using validation constraints on simple config forms.

Controller Service Wiring via Attributes

Added support for controller service wiring via constructor parameter attributes, improving developer experience.

Autoconfigure for Module Loggers

Added autoconfigure support for module loggers, making it easier to set up logging in modules.

Announcement Feed Block

Added a block to provide announcement feeds, improving communication capabilities.

Twig Template Deprecation

Added a mechanism to mark entire Twig templates as deprecated, helping with code maintenance and upgrades.

Exact Link Matching in Tests

Added linkByHrefExistsExact and linkByHrefNotExistsExact methods for matching links by href exactly in tests.

CORS Regex Pattern Support

Added allowedOriginsPatterns in default.services.yml for regex matching in CORS configuration.

Security Updates

Toolbar Username XSS Protection

Fixed an issue where the Toolbar username lazy builder only XSS filters but doesn't escape user display name properly, addressing a potential stored remote request vulnerability (Issue #3380624).

SA-CORE-2023-006 Security Update

Implemented security fixes as part of SA-CORE-2023-006, addressing critical security vulnerabilities (specific details not provided in the commit messages for security reasons).

for Dependencies

• Updated get-func-name to address CVE-2023-43646
• Updated postcss to address CVE-2023-44270
• Updated composer/composer to address CVE-2023-43655

Improved Error Logging

ExceptionLoggingSubscriber was modified to not log HTTP 4XX errors using PHP logger channel, reducing log noise and potential information disclosure.

AccessAwareRouter HTTP Method Respect

Fixed an issue where AccessAwareRouter does not respect HTTP method, which could potentially lead to security issues with REST endpoints.

Performance Improvements

PHP Fibers Support

Added PHP Fibers support to BigPipe and the Renderer, allowing for improved concurrency handling and better performance, especially for complex pages with multiple placeholders.

Transaction Management

Strengthened TransactionManager with improved entropy and better handling of savepoints, reducing the likelihood of database-related performance issues.

Cache Optimization

Implemented chunking of multiple cache sets into groups of 100 to avoid out-of-memory and max_allowed_packet issues, improving performance and stability for sites with large cache operations.

GitLab CI Optimization

Optimized GitLab CI resource requests and test execution, including:

• Running jobs in parallel
• Distributing slow tests between test runners
• Using artifacts from parent pipeline
• Optimizing git fetching to reduce build times

Views Performance

Fixed performance issues with the latest_revision ViewsFilter, which previously had poor performance on sites with large numbers of revisions.

Node Access Rebuild

Fixed an infinite loop issue in Node Access Rebuild, significantly improving performance for sites that need to rebuild node access permissions.

Component Testing

Improved ComponentsIsolatedBuildTest to copy fewer files around, reducing test execution time.

Pagination for Version History

Added pagination to VersionHistoryController, improving performance when viewing entities with many revisions.

Impact Summary

Drupal 10.2.0-alpha1 represents a significant step forward in Drupal's evolution, focusing on modernizing the codebase, improving developer experience, and enhancing performance and security.

The introduction of PHP 8.2 as the recommended PHP version and the upgrade to Symfony 6.4 demonstrate Drupal's commitment to staying current with modern web technologies. The addition of PHP attributes support instead of doctrine annotations modernizes the codebase and improves developer experience.

Performance improvements are a key focus in this release, with the integration of OpenTelemetry for application performance monitoring and the addition of PHP Fibers support in BigPipe and Renderer. These changes, along with optimized transaction management and cache handling, should result in better performance for Drupal sites, especially those with complex pages or high traffic.

For site builders and content editors, the combined field storage and field instance forms provide a more streamlined experience when creating and managing fields. The addition of new SDC components in the Umami theme showcases Drupal's continued investment in component-based theming.

Security improvements include better XSS protection for user display names and several security updates for dependencies. Accessibility enhancements, such as improved contrast for required field indicators, demonstrate Drupal's ongoing commitment to creating inclusive web experiences.

The GitLab CI integration represents a significant improvement for the Drupal development workflow, providing better testing capabilities and reporting. This should lead to higher quality code and fewer regressions in future releases.

As an alpha release, 10.2.0-alpha1 is not recommended for production sites, but it provides an excellent opportunity for developers and site builders to test their custom code and configurations against the upcoming changes in Drupal 10.2.