Drupal Release: 7.37

TL;DR

Drupal 7.37 Release Overview

This release includes several bug fixes, documentation improvements, and minor enhancements to Drupal 7. Key improvements include better PostgreSQL compatibility, fixes for security test cases, improved filter handling for custom HTML tags, and a fix for a regression in Drupal 7.36 that affected certain content types. The release also adds a standardized sites/all/libraries folder structure and addresses issues with CSS preprocessing of protocol-relative paths.

Highlight of the Release

• Added a standardized sites/all/libraries folder for third-party libraries
• Fixed PostgreSQL compatibility issues with entity IDs and queue processing
• Improved filter_xss() to allow custom HTML tags with dashes
• Fixed CSS preprocessing issues with protocol-relative paths
• Added session hijacking test cases for security improvements

Migration Guide

This release doesn't require any specific migration steps. However, site administrators may want to:

1. Consider moving any third-party libraries to the new standardized sites/all/libraries folder structure
2. Review any custom modules that implement filter_xss() with custom HTML tags containing dashes
3. Check for any content types that may have been affected by the 7.36 regression if you experienced issues with disabled content types

No database updates are required for this release.

Upgrade Recommendations

This release contains important bug fixes and minor enhancements but no critical security updates. Sites currently running Drupal 7.36 or earlier should upgrade to Drupal 7.37 during regular maintenance cycles.

The upgrade process follows the standard Drupal minor version update procedure:

1. Back up your database and site files
2. Put the site in maintenance mode
3. Replace the existing Drupal core files with the 7.37 release
4. Run update.php
5. Take the site out of maintenance mode

This release is particularly important for sites using PostgreSQL databases or those experiencing issues with content types after upgrading to 7.36.

Bug Fixes

• Content Type Regression Fix: Fixed a regression in Drupal 7.36 that caused certain content types to become disabled if they were defined by a no-longer-enabled module.

• PostgreSQL Compatibility Fixes:

  • Fixed PDOException errors with invalid text representation when loading entities with string or non-scalar IDs in PostgreSQL
  • Resolved SystemQueue::claimItem() returning items in the wrong order, which fixed locale test failures on PostgreSQL

• CSS Preprocessing Fix: Fixed an issue where Drupal CSS preprocessing was breaking protocol-relative paths (URLs starting with //).

• Translation Performance: Fixed translation_remove_from_set() running unnecessary queries to fetch and update nodes with tnid 0.

• DOM Document Warning: Fixed DOMDocument::importNode() warning due to IDs already being defined when running tests.

• Update Manager Module: Fixed missing file definitions in hook_theme() in the Update Manager module.

• Poll Module Cleanup: Removed unused 'has_body' attribute in poll_node_info() that was left over from Drupal 6.

New Features

• Sites/all/libraries Folder: Added a standardized sites/all/libraries folder structure to encourage proper organization of third-party libraries. This provides a consistent location for storing external libraries used by Drupal modules.

• Improved Filter XSS Function: Enhanced filter_xss() to allow custom HTML tags with dashes in their names when specified in the list of allowed tags. This improves flexibility for developers working with modern HTML5 elements.

• Field Schema Indexing Improvements: Added support for hook_field_schema() implementations to specify indexes for fields based on a column prefix, improving database performance and flexibility, particularly for PostgreSQL environments.

Security Updates

• Session Hijacking Tests: Added test cases for session hijacking protection related to SA-CORE-2014-006, improving the test coverage for this security feature.

While this release doesn't contain new security fixes per se, it enhances the testing framework for existing security measures, which helps maintain the security posture of Drupal installations.

Performance Improvements

• Translation Query Optimization: Eliminated unnecessary database queries in translation_remove_from_set() that were fetching and updating every single node with tnid 0, resulting in improved performance for sites with translation functionality.

• Database Indexing Improvements: Added support for field indexing based on column prefixes, which improves query performance, particularly for PostgreSQL environments.

• Queue Processing Optimization: Fixed SystemQueue::claimItem() to return items in the correct order, improving the efficiency of background processing tasks.

Impact Summary

Drupal 7.37 is primarily a bugfix and enhancement release that addresses several issues across different areas of the CMS. The most significant improvements include PostgreSQL compatibility fixes, standardization of library locations, and fixes for CSS preprocessing of protocol-relative paths.

For site administrators, the addition of the sites/all/libraries folder provides a more standardized approach to managing third-party libraries. The fix for the content type regression from 7.36 is particularly important for sites that may have experienced issues with disabled content types.

For developers, the improvements to filter_xss() to handle custom HTML tags with dashes and better documentation for install tasks and queue workers will improve development workflows. The PostgreSQL fixes resolve several long-standing issues that affected sites using this database system.

While there are no new security fixes in this release, the addition of session hijacking test cases strengthens the testing framework for existing security measures. The performance improvements, particularly around translation queries and queue processing, will benefit sites with heavy workloads.