Drupal Release: 7.101

TL;DR

Drupal 7.101 is a maintenance release that addresses several bugs, improves error handling, and enhances security. This update focuses on fixing issues with error logging, form validation, entity controllers, and file handling. It also includes improvements to cron logging and updates the Archive_Tar library to version 1.5.0.

Highlight of the Release

• Fixed CLI error logging to return proper non-zero exit codes
• Updated Archive_Tar library to version 1.5.0
• Improved handling of duplicate email addresses in the users table
• Enhanced security with proper X-Content-Type-Options header implementation
• Fixed entity controller handling to prevent NULL controller class errors

Migration Guide

No specific migration steps are required for this maintenance release. This is a standard update that fixes bugs and improves functionality without introducing breaking changes.

To update to Drupal 7.101:

1. Back up your database and site files
2. Put your site into maintenance mode
3. Replace your existing Drupal core files with the new version
4. Run the update script by navigating to /update.php in your browser
5. Take your site out of maintenance mode

As always, test the update on a staging environment before applying it to your production site.

Upgrade Recommendations

This release contains important bug fixes and security improvements, making it a recommended update for all Drupal 7 sites. The fixes for entity controller handling, form validation, and security headers address issues that could affect site stability and security.

Priority: Medium

While there are no critical security fixes in this release, the cumulative improvements to error handling, security headers, and the Archive_Tar library update make this an important maintenance release.

Sites experiencing issues with entity handling, form validation errors, or problems with user account management should prioritize this update.

Bug Fixes

Entity Controller Handling

Fixed a critical issue where entity_get_controller() could return a NULL controller class, causing various downstream errors. This long-standing bug (Issue #1982810) affected entity handling throughout the system.

Form Validation

Resolved an issue in _form_validate() that was sending null to drupal_strlen(), triggering deprecation notices. This fix improves form handling stability and eliminates unnecessary warnings.

AJAX Form Handling

Fixed a notice about undefined index 'form_build_id' in ajax_get_form(), improving the reliability of AJAX-based form submissions.

File Download Hook

Corrected the behavior of hook_file_download to prevent it from triggering when no file is requested, eliminating unnecessary processing.

User Settings Updates

Fixed an issue that prevented users from updating their settings when duplicate email addresses existed in the users table, improving user experience for account management.

Test Exception Handling

Improved the handling of exceptions during the setUp() or tearDown() methods of tests, ensuring that test failures are properly reported and easier to debug.

New Features

External Template Files in Core

Drupal 7.101 brings external template files into core, improving the organization and maintainability of the codebase. This change helps separate presentation logic from business logic, making the system more modular.

Improved Cron Logging

The release enhances cron logging capabilities, providing administrators with more detailed information about scheduled task execution. This improvement makes it easier to monitor and troubleshoot cron jobs, with better visibility into what's happening behind the scenes.

Better CLI Error Handling

The _drupal_log_error() function now returns a non-zero exit code when errors occur in the command line interface, following standard Unix/Linux practices for error reporting. This makes it easier to detect and handle errors in automated scripts and CI/CD pipelines.

Security Updates

X-Content-Type-Options Headers

Fixed an issue with duplicate X-Content-Type-Options headers both with the value 'nosniff'. This security header helps prevent MIME type sniffing attacks, and the fix ensures it's properly implemented without duplication.

Archive_Tar Library Update

Updated the bundled Archive_Tar library to version 1.5.0, addressing potential security vulnerabilities in the previous version. This library is used for handling tar archives in Drupal's update and installation processes.

Performance Improvements

Optimized Code Base

Several code optimizations have been implemented in this release:

• Removed dead code from node_filter_form(), reducing unnecessary processing
• Improved handling of file downloads by preventing hook_file_download from triggering when no file is requested
• Better exception handling in test environments, preventing resource leaks

More Efficient Error Handling

The improvements to error logging and handling, particularly in CLI environments, help prevent processes from continuing after encountering errors, which can save server resources and prevent cascading failures.

Impact Summary

Drupal 7.101 is primarily a maintenance release that focuses on bug fixes, code improvements, and minor enhancements. The most significant impacts include:

1. Improved stability through fixes to entity controller handling, form validation, and AJAX form processing
2. Enhanced security with proper implementation of security headers and an updated Archive_Tar library
3. Better developer experience with improved error handling in CLI and test environments
4. Improved administration through enhanced cron logging and user settings management

This release represents Drupal 7's continued commitment to maintaining stability and security for sites still running on this version, even as Drupal 7's end-of-life approaches. The fixes address several long-standing issues, some dating back many years, providing important quality-of-life improvements for developers and site administrators.