Drupal Release: 11.1.0

TL;DR

Drupal 11.1.0 introduces significant enhancements with a focus on developer experience, performance improvements, and new features. Key additions include OOP hooks using PHP attributes, a new Navigation system, improved recipe functionality, workspace enhancements, and the experimental Package Manager module. This release also includes important bug fixes, security updates, and performance optimizations that make Drupal more robust and efficient.

Highlight of the Release

• Introduction of OOP hooks using PHP attributes and event dispatcher
• New Navigation system with dedicated blocks and improved UI
• Experimental Package Manager module for better site updates
• Enhanced recipe functionality with more flexible configuration options
• Improved workspaces with UI split into a separate module
• New Icon Management API for consistent icon handling
• Performance improvements for large workspaces and path alias queries
• Multiple security fixes including SA-CORE-2024-002, SA-CORE-2024-003, SA-CORE-2024-004, SA-CORE-2024-006, and SA-CORE-2024-007

Migration Guide

OOP Hooks Migration

If you've implemented custom hooks in your modules, consider migrating them to the new OOP hooks system using PHP attributes:

// Old way
function mymodule_form_alter(&$form, $form_state, $form_id) {
  // Implementation
}

// New way
namespace Drupal\mymodule\Hook;

use Drupal\Core\Form\FormStateInterface;
use Drupal\core\Attribute\Hook;

#[Hook('form_alter')]
class FormAlter {
  public function alter(array &$form, FormStateInterface $form_state, string $form_id): void {
    // Implementation
  }
}

Workspaces UI Module

The Workspaces UI has been split into a separate module. If you're using workspaces, you'll need to enable the new workspaces_ui module to maintain the same functionality:

drush en workspaces_ui

Return Type Declarations

Many hook implementations now require specific return types. Review your custom hook implementations and add appropriate return type declarations:

• hook_form_alter, hook_form_FORM_ID_alter, hook_form_BASE_FORM_ID_alter: void
• hook_theme: array
• hook_update_last_removed: int
• hook_removed_post_updates: array
• hook_entity_type_alter: void
• hook_cron: void
• hook_schema: array
• hook_views_data and hook_field_views_data: array
• hook_pageAttachments, hook_pageTop, hook_pageBottom: void

Navigation System

If you've customized the toolbar or navigation elements, you may need to update your code to work with the new Navigation system. Review the new NavigationLinkBlock plugin and consider using the 'navigation safe' flag for your block plugins.

Recipe Configuration

If you're using recipes, be aware that the validation has changed to treat required modules as installed and to prevent imported config from being compared too strictly to active config. This may affect how your recipes behave during installation.

Upgrade Recommendations

Recommended for: All Drupal 11.0.x sites should upgrade to this version to benefit from security fixes, bug fixes, and new features.

Testing: As with any minor version update, thorough testing in a development or staging environment is strongly recommended before upgrading production sites.

Custom Code Review: If you have custom modules that implement hooks, review them for compatibility with the new OOP hooks system and return type declarations. While procedural hooks still work, you may want to gradually migrate to the new approach.

Workspace Users: If you use workspaces, be aware that the UI has been split into a separate module. You'll need to enable the workspaces_ui module after upgrading.

Module Compatibility: Check that your contributed modules are compatible with Drupal 11.1.0. Some modules may need updates to work with the new features and changes.

Update Path: The recommended update path is to update directly from Drupal 11.0.x to 11.1.0. If you're on an earlier version, update to the latest 11.0.x release first, then to 11.1.0.

Composer Update: If using Composer, update with:

composer require drupal/core:^11.1.0 drupal/core-recommended:^11.1.0 --update-with-dependencies

Database Backup: Always back up your database before performing an update.

Post-Update: Run database updates (drush updatedb) and clear caches (drush cache:rebuild) after upgrading.

Bug Fixes

Workspace Improvements

• Fixed an issue where workspaces with thousands of items couldn't be published
• Improved performance for path_alias queries in a workspace
• Fixed workspace association with entities having non-numeric IDs
• Ensured creating a published moderated entity in a workspace doesn't make it published in Live
• Made user login and password reset forms workspace-safe

Form and UI Fixes

• Fixed spacing issue between checkbox label and button
• Fixed inconsistencies in system-status-counter RTL styles
• Fixed CSS "form-item__label" inconsistency on node edit forms
• Fixed password_confirm children not picking up #states or #attributes
• Fixed CKEditor 5 border color not using Claro's colors
• Fixed incorrect message after resetting password
• Fixed field:not(:last-child) not working with layout builder in Olivero

Entity and Content Handling

• Fixed sub workspace not clearing properly
• Fixed media image thumbnail incorrectly ending up as NULL when it should be an empty string
• Fixed entity link label formatter not checking URL access
• Fixed access cacheability when "view own unpublished content" is in use
• Fixed term view access check before redirecting after an update

Performance and Caching

• Fixed ResourceObjectNormalizer::getNormalization resulting in max-age drift
• Fixed performance degradation after update to Twig 3.14.2
• Fixed DefaultExceptionHtmlSubscriber cloning the request for 400/BadRequestException

Other Fixes

• Fixed LoadJS to ensure uniqueBundleId is unique
• Fixed DateHelper::dayOfWeekName() returning untranslated name
• Fixed contact_menu_local_tasks_alter() not checking whether ['tabs'][0] is set
• Fixed automatically included .inc files no longer being included
• Fixed hook_module_implements_alter and hook_cache_flush only being procedural
• Fixed PathValidator breaking with symfony/http-foundation commit

New Features

OOP Hooks Using PHP Attributes

Drupal 11.1.0 introduces a modern approach to hooks using PHP attributes and event dispatcher. This allows developers to implement hooks as classes with attributes rather than procedural functions, making code more maintainable and object-oriented.

Navigation System

A new Navigation system has been added with dedicated blocks and improved UI. This includes:

• NavigationLinkBlock Plugin with Help as a usage example
• Ability for modules to flag block plugin implementations as 'navigation safe'
• Three defined areas for the Top Bar

Experimental Package Manager Module

The new Package Manager module (alpha stability) provides improved site update capabilities. It's designed to make Drupal core and module updates more reliable and safer.

Icon Management API

A new Icon Management API has been added to provide consistent icon handling across Drupal. This API allows for better management and standardization of icons used throughout the system.

Enhanced Recipe Functionality

Recipes have been significantly enhanced with:

• A way to prevent imported config from being compared too strictly to active config
• InputConfigurator exposing input data definitions
• Ability to enable Layout Builder via config actions
• Config actions to clone config entities and create entities for every bundle of another entity type
• A trait for forms that want to collect input on behalf of a recipe

UUID as Entity ID

Support has been added to use UUID as entity ID, providing more consistent and reliable entity identification.

Token Enhancements

UUID tokens are now exposed for all content entities in Drupal core, providing more flexibility for token-based operations.

Security Updates

Security Advisory Fixes

Drupal 11.1.0 includes fixes for multiple security advisories:

• SA-CORE-2024-002: Fixed security vulnerabilities (details not fully disclosed in the commit messages)
• SA-CORE-2024-003: Security fix by jrb, larowlan, catch, mingsong, poker10, longwave, benjifisher
• SA-CORE-2024-004: Security fix by zengenuity, cilefen, kristiaanvandeneynde, mcdruid, larowlan
• SA-CORE-2024-006: Security fix by mcdruid, larowlan
• SA-CORE-2024-007: Security fix by mcdruid, larowlan

Password Handling Improvements

• Improved failed password hashing exception message for better security
• Enhanced password reset functionality, making password and confirm password mandatory fields when setting up a password using a one-time link

Access Control Enhancements

• Fixed access cacheability when "view own unpublished content" is in use
• Improved entity link label formatter to check URL access
• Fixed term view access check before redirecting after an update

Other Security Improvements

• Removed oEmbed security warning that was no longer necessary
• Added password option to Drupal\Core\Command\InstallCommand for more secure installations

Performance Improvements

Workspace Performance

• Significantly improved performance for workspaces with thousands of items
• Enhanced path_alias queries in a workspace for better performance

Caching and Memory Management

• Added filecache to OOP hook attribute parsing for better performance
• Fixed memory leak in DrupalKernel when installing modules
• Form tokens are now rendered lazily, allowing forms to opt in to be cacheable

Dependency Optimization

• Reduced yarn dependencies that had mushroomed in 11.0.x
• Updated various dependencies to more efficient versions

Query Optimization

• Improved entity queries, particularly for workspaces and path aliases
• Better handling of large data sets in various components

Build and Testing Improvements

• Changed run-tests.sh to use Symfony Process instead of proc_open for better performance
• Ensured tests don't run twice, improving test execution time

Impact Summary

Drupal 11.1.0 represents a significant step forward in Drupal's evolution, particularly for developers and site builders. The introduction of OOP hooks using PHP attributes modernizes Drupal's hook system, making code more maintainable and aligned with modern PHP practices. This change alone represents one of the most significant architectural improvements in recent Drupal history.

The new Navigation system provides a more structured and flexible approach to site navigation, benefiting both site builders and end users with improved UI and dedicated navigation blocks. This lays groundwork for better user experiences across Drupal sites.

For site administrators, the experimental Package Manager module (though still in alpha) signals Drupal's commitment to improving the update experience, which has historically been a pain point for many Drupal users.

Performance improvements, particularly for workspaces with large amounts of content, address scaling issues that affected larger sites. The memory leak fix in DrupalKernel when installing modules and the optimization of path alias queries will result in more efficient Drupal installations.

Security remains a priority with multiple security advisories addressed in this release. The improvements to password handling and access control enhance Drupal's already strong security posture.

For developers, the extensive type hinting and return type additions throughout the codebase improve code quality and IDE integration, while the new Icon Management API provides a standardized way to handle icons across the platform.

Overall, Drupal 11.1.0 balances forward-looking architectural improvements with practical enhancements that benefit all types of Drupal users, continuing the project's trajectory toward a more modern, flexible, and user-friendly content management framework.