Drupal Release: 10.3.8

TL;DR

Drupal 10.3.8 is a minor security and bug fix release that addresses critical issues including a Twig recursion limit problem, a regression in the YAML parser setting, and a vulnerability in the symfony/http-foundation component. This release ensures stability for sites running Drupal 10.3.x without introducing new features.

Highlight of the Release

• Fixed Twig recursion limit exceeded error when editing nodes or blocks with Twig v3.14.1
• Resolved regression with yaml_parser_class setting deprecation that affected sites running versions prior to 11.0
• Updated symfony/http-foundation to address security vulnerability

Migration Guide

No migration steps are required for this release. This is a standard bug fix release that can be applied through normal update procedures without any special considerations.

Upgrade Recommendations

It is strongly recommended that all sites running Drupal 10.3.x upgrade to this release as soon as possible, especially if:

1. You are using Twig v3.14.1 and experiencing issues when editing content
2. Your site is running a version prior to Drupal 11.0 and encountering YAML parser issues
3. You use the Views UI functionality

The update process follows the standard Drupal minor version update procedure and should not require any special steps or considerations.

Bug Fixes

Twig Recursion Limit Fix

Fixed an issue where users would encounter a "Recursion limit exceeded" error when using Twig v3.14.1 while editing nodes or blocks. This problem was particularly impactful for sites with complex templates or nested rendering scenarios.

YAML Parser Class Setting Regression Fix

Resolved a regression introduced in Drupal 10.3 where the deprecation of the yaml_parser_class setting was causing compatibility issues for sites running versions prior to Drupal 11.0. This fix ensures backward compatibility while maintaining the deprecation notice for future versions.

Views UI Stability Fix

Fixed an issue in the Views UI where an update to the symfony/http-foundation component combined with a trailing space was causing the Views UI to malfunction.

New Features

No new features were introduced in this release. Drupal 10.3.8 is focused on bug fixes and security updates to maintain stability.

Security Updates

This release includes an update to the symfony/http-foundation component to address a security vulnerability. While specific details about the vulnerability are not provided in the commit messages, keeping this component updated is important for maintaining the security of Drupal installations.

Performance Improvements

No specific performance improvements were included in this release. The focus was on fixing critical bugs and security vulnerabilities.

Impact Summary

Drupal 10.3.8 addresses three significant issues that were affecting site stability and functionality. The fix for the Twig recursion limit error ensures that content editors can reliably edit nodes and blocks without encountering technical errors. The resolution of the YAML parser class setting regression maintains backward compatibility for sites not yet ready to upgrade to Drupal 11. The update to symfony/http-foundation addresses both a security vulnerability and a specific issue with the Views UI. Overall, this release improves the stability and security of Drupal 10.3.x without introducing any breaking changes or requiring special migration steps.