Drupal Release: 7.14

TL;DR

Drupal 7.14 brings significant improvements to performance, security, and user experience. This release includes over 100 bug fixes and enhancements, with notable improvements to database handling, JavaScript functionality, and field management. Key updates include better PostgreSQL support, enhanced form validation, improved caching mechanisms, and fixes for several security vulnerabilities. This maintenance release is recommended for all Drupal 7 sites to ensure stability and security.

Highlight of the Release

• Fixed database case sensitivity issues that could cause problems with file handling
• Improved performance with optimized caching mechanisms and database queries
• Enhanced form validation to prevent data loss and SQL errors
• Better PostgreSQL support with fixes for constraints and query handling
• Improved JavaScript functionality with cleaner code and better event handling

Migration Guide

No major migration steps are required for this maintenance release. However, there are a few items to note when upgrading:

Database Schema Changes

• If you're using PostgreSQL, the update includes fixes for constraints that weren't being renamed properly by db_rename_table(). The update will handle this automatically.
• An index has been added to the {users}.picture field to improve performance.
• The {trigger_assignments}.hook field has been expanded from 32 to 64 characters. This will be updated automatically.

JavaScript Changes

• Several JavaScript files have been updated. If you've modified any core JavaScript files, you should review the changes, particularly in tabledrag.js and tableselect.js.
• The fix for Drupal.settings.ajaxPageState.css getting overwritten may affect custom modules that manipulate this object.

Field API Changes

• The field_bundle_settings() function has been split out per bundle. If you're using this function directly, you may need to update your code.
• Support for dynamic allowed list values function with additional context has been added. This shouldn't break existing code but provides new functionality.

Theme Changes

• If you've implemented custom themes with preprocess functions in include files, the fix for these functions not being called when the theme implements suggestion override may affect your theme.
• The fix for non-resettable theme_get_registry() cache may impact custom themes during installation.

To upgrade:

1. Back up your database and files
2. Put your site in maintenance mode
3. Replace your existing Drupal core files with the new Drupal 7.14 files, leaving your sites directory intact
4. Run update.php
5. Take your site out of maintenance mode

Upgrade Recommendations

This is a recommended upgrade for all Drupal 7 sites. Drupal 7.14 contains numerous bug fixes and performance improvements that enhance the stability, security, and functionality of your site.

Priority Level: Medium-High

Who should upgrade immediately:

• Sites experiencing issues with PostgreSQL database handling
• Sites with performance problems related to caching or database queries
• Sites with form validation errors or field management issues
• Sites concerned about the security fixes included in this release

Upgrade Difficulty: Low to Medium The upgrade process follows the standard Drupal minor version update procedure and should not present significant challenges for most sites.

Preparation Steps:

1. Review the full list of changes to identify any that might affect custom code
2. Pay special attention if you've modified core JavaScript files
3. Test the upgrade on a staging environment before applying to production
4. Ensure you have a complete backup of your site and database

This release does not contain any known breaking changes, but as with any update, testing in a non-production environment is recommended before upgrading your live site.

Bug Fixes

Database and Query Fixes

• Fixed PostgreSQL constraints not getting renamed by db_rename_table()
• Fixed race condition in _update_create_fetch_task() that caused PDO Exceptions
• Fixed EntityFieldQuery::pager(0) generating PHP error 'divide by zero'
• Fixed testHavingCountQuery() failing on PostgreSQL and SQLite
• Fixed DB case sensitivity issues with file handling
• Fixed number field validation failing to block invalid input causing SQL fatal errors

JavaScript and UI Fixes

• Fixed multiple execution of tableselect.js with nested tables
• Fixed leaking variables in tabledrag.js
• Fixed toolbar layout error in IE
• Fixed focus jumping to tab when pressing enter on a form element within tab
• Fixed sticky table headers not reacting properly to 'show/hide weights column' link
• Fixed Drupal.settings.ajaxPageState.css getting overwritten

Form and Field Fixes

• Fixed machine name not being editable if every character is replaced
• Fixed fieldsets inside vertical tabs having no title and not being collapsible
• Fixed required radios throwing illegal choice error when none selected
• Fixed label being cleared when exiting field during field addition
• Fixed missing 'Default image' per field instance

Content and Display Fixes

• Fixed user picture not appearing in comment preview
• Fixed user signatures not appearing in comment preview
• Fixed links in update results page leading to 403s
• Fixed taxonomy_autocomplete() producing SQL error for nonexistent fields
• Fixed empty tokens not getting replaced in welcome emails
• Fixed no way to get taxonomy tags into RSS feeds

System and Performance Fixes

• Fixed cache_menu() huge table size issue
• Fixed HTTPS sessions not working in all cases
• Fixed unnecessary aggregation of CSS/JS
• Fixed non-resettable theme_get_registry() cache causing problems for non-interactive installations
• Fixed preprocess functions in include files failing to get called when theme implements suggestion override
• Fixed overlay not working with prefixed URL paths
• Fixed menu_masks() variable being empty (race condition)

User Management Fixes

• Fixed user pictures not being removed properly
• Fixed deleting a taxonomy vocabulary leaving term reference fields still pointing to it
• Fixed access check in user_register_submit()

Other Fixes

• Fixed double CDATA section escaping in filter_dom_serialize_escape_cdata_element()
• Fixed image_file_move() flushing new URI not source URI
• Fixed path_form_element_validate() executing unnecessary db_select() query
• Fixed plural formula information being blanked when importing poorly-formed .po files
• Fixed HTML filter not running first by default despite default weight

New Features

Enhanced Field Management

• Added ability to split field bundle settings per bundle with field_bundle_settings() for better field configuration management
• Added support for dynamic allowed list values function with additional context, improving flexibility in form elements
• Added language direction to book-export-html.tpl.php for better multilingual support
• Added ability to pass attributes to theme_image_formatter() for more flexible theming

Improved Language Handling

• Added ability to remember the provider that selected the language for later use
• Fixed language domain functionality to work regardless of ports or protocols
• Enhanced locale_language_from_browser() to correctly match language strings

Better Taxonomy Management

• Added optional vocabulary argument for taxonomy_get_term_by_name() for more precise term lookups
• Added menu name to breadcrumb on List Links page for better navigation

Performance Enhancements

• Added index to {users}.picture to improve performance of user_file_delete()
• Improved performance of update_fix_d7_block_deltas() for faster updates

Security Updates

User Access and Permissions

• Made 'translate interface' permission restricted after DRUPAL-PSA-2012-001 to prevent Cross Site Scripting vulnerabilities
• Fixed access check in user_register_submit() to improve security
• Improved IP-blocking table with 'Empty table pattern' for better security management

Data Handling Security

• Fixed number field validation to block invalid input that could cause SQL fatal errors
• Improved random number generation for better security
• Enhanced file path handling to prevent security issues with absolute local file paths
• Fixed system_update_7061() to prevent converting filepaths too aggressively

Session Security

• Fixed HTTPS sessions not working in all cases
• Improved session handling by eliminating ->cache and {session}.cache in favor of ['cache_expiration']

Input Validation

• Enhanced form validation to prevent potential security issues
• Improved handling of machine names and special characters in forms
• Fixed autocompletion requests to properly include slashes while maintaining security

Performance Improvements

Database Performance

• Improved performance of block_list() and _block_render_blocks() functions
• Added index to {users}.picture so user_file_delete() isn't insanely slow
• Optimized update_fix_d7_block_deltas() for faster execution
• Improved node_access() table joins to eliminate duplicates and enhance performance
• Added static cache to trigger_get_assigned_actions() to reduce database queries

Caching Improvements

• Fixed cache_menu() huge table size issue
• Improved drupal_valid_test_ua() with static caching for non-positive matches
• Eliminated ->cache and {session}.cache in favor of ['cache_expiration'] for better session handling
• Fixed non-resettable theme_get_registry() cache for better performance during installations

JavaScript Optimization

• Improved JavaScript code with better variable handling and reduced redundancy
• Fixed unnecessary aggregation of CSS/JS to improve page load times
• Optimized tabledrag.js and tableselect.js for better performance

Query Optimization

• Fixed path_form_element_validate() executing unnecessary db_select() query
• Improved performance of locale-related queries
• Enhanced database query handling for PostgreSQL and SQLite compatibility
• Optimized menu-related queries to reduce database load

Impact Summary

Drupal 7.14 is a substantial maintenance release that addresses over 100 issues across various aspects of the CMS. The primary focus areas are performance optimization, security enhancements, bug fixes, and improved developer experience.

The performance improvements are particularly noteworthy, with optimizations to database queries, caching mechanisms, and JavaScript functionality. Sites experiencing slow performance with large menu tables, user picture handling, or block rendering should see noticeable improvements.

Security has been enhanced with better form validation, improved session handling for HTTPS, and restricted permissions for interface translation to prevent cross-site scripting vulnerabilities. While none of these were critical security issues, they collectively strengthen the platform's security posture.

For developers, the release offers cleaner code, better API documentation, and enhanced compatibility across different database systems. The improvements to PostgreSQL support are especially valuable for sites using this database backend.

Content editors will benefit from fixes to form validation, taxonomy handling, and file management. The fixes for user pictures in comment previews and taxonomy tags in RSS feeds improve the content creation and management experience.

End users may notice improved accessibility, better multilingual support, and a more consistent experience across different browsers. The fixes for HTTPS sessions ensure a smoother experience for sites using secure connections.

Overall, this release represents a significant step forward in Drupal 7's stability, performance, and security, making it a recommended upgrade for all Drupal 7 sites.