Drupal Release: 11.1.7

TL;DR

Drupal 11.1.7 is a maintenance release that addresses several critical bugs, improves security, enhances documentation, and updates maintainer information. Key fixes include resolving issues with contextual links, Single Directory Components (SDC) validation, node revision caching, and media library functionality. This release also includes important security improvements by removing potentially unsafe HTML attributes and fixing URL parsing vulnerabilities.

Highlight of the Release

• Fixed contextual links disappearing intermittently which caused console errors
• Resolved issue with node revision overview being uncacheable, improving performance
• Fixed SDC slots validation against JSON config schema
• Enhanced security by removing srcdoc attributes in Xss::filter()
• Fixed media library form submission issues in workspaces
• Improved documentation for several components and functions

Migration Guide

No specific migration steps are required for this maintenance release. This is a bugfix release that maintains backward compatibility with Drupal 11.1.x.

For those using Single Directory Components (SDC), the fixes to validation should improve reliability without requiring changes to your code. Similarly, the fixes to contextual links, media library, and node revision handling should work automatically after updating.

Upgrade Recommendations

This is a recommended upgrade for all Drupal 11.1.x sites. The release contains important bug fixes and security improvements that enhance site stability and performance.

To upgrade:

1. Back up your database and site files
2. Update your codebase to Drupal 11.1.7 using Composer:

   composer update drupal/core --with-all-dependencies
   

3. Run database updates:

   drush updatedb
   

4. Clear caches:

   drush cache:rebuild
   

No special steps are required beyond the standard update procedure.

Bug Fixes

• Contextual Links: Fixed issue where contextual links disappear intermittently leading to console errors (#3458067)
• Single Directory Components:
  • Fixed SDC slots not being validated against JSON config schema (#3517317)
  • Fixed ComponentValidator ignoring the set validator and creating a new one (#3516359)
• Node Module:
  • Fixed NodeController::revisionOverview being uncacheable, improving performance (#3227637)
  • Fixed node add/edit error when author is NULL (#3161212)
• Media Library:
  • Fixed media library form submission issues in workspaces (#3147148)
  • Fixed media library currentSelection not resetting properly (#3511186)
  • Fixed media library item styles that assumed contextual module was present (#3502895)
• URL Handling:
  • Fixed undefined array key warning in UrlHelper::parse() (#3442833)
  • Fixed LanguageNegotiationUrl unnecessarily adding domain to outbound URLs (#3424720)
• Layout Builder: Fixed issue where removing field from LB content type edits associated roles (#3504368)
• Navigation Module: Fixed invalid render array in navigation module settings (#3516558)
• Migration: Fixed sourceless migration plugins (#2797421)

New Features

New Maintainers and Roles

• Added mogtofu33 as a SDC and new theme system's Icon API maintainer
• Added acbramley as co-maintainer for node module
• Added pdureau as provisional Frontend Framework Manager
• Added lostcarpark as Mentoring Coordinator
• Updated mentoring coordinators section in MAINTAINERS.txt

Security Updates

• Removed potentially unsafe srcdoc attributes in Xss::filter() to prevent XSS vulnerabilities (#3511566)
• Fixed possible Non-GPLv2 compatible code in ExpectDeprecationTrait (#3517614)
• Addressed undefined array key warning in UrlHelper::parse() which could potentially expose system information (#3442833)

Performance Improvements

• Fixed NodeController::revisionOverview being uncacheable, which significantly improves performance for sites with many node revisions (#3227637)
• Improved URL handling by preventing LanguageNegotiationUrl from unnecessarily adding domain to outbound URLs, reducing processing overhead (#3424720)

Impact Summary

Drupal 11.1.7 is primarily a bugfix and maintenance release that addresses several important issues across different areas of the CMS. The most significant impacts include:

1. Improved Stability: Fixes to contextual links, media library functionality, and node handling improve the overall stability of the system.

2. Better Performance: The fix for uncacheable node revision overviews will significantly improve performance for sites with many revisions.

3. Enhanced Security: Removal of potentially unsafe HTML attributes and fixes to URL parsing help protect sites from potential vulnerabilities.

4. Developer Experience: Improved documentation and fixes to SDC validation make development more straightforward and less error-prone.

5. Content Management: Fixes to media library and node editing resolve frustrating issues for content editors.

This release demonstrates Drupal's commitment to maintaining a stable, secure, and performant CMS through regular maintenance updates. While it doesn't introduce new features, it strengthens the foundation of the 11.1.x branch.