Drupal Release: 7.55

TL;DR

Drupal 7.55 is a maintenance release that addresses compatibility issues with PHP 7.0 and 7.1, fixes several security vulnerabilities, improves Apache 2.4 compatibility, and resolves various bugs in core functionality. This release is important for sites running on newer PHP versions and Apache 2.4 servers, ensuring continued stability and security. Site administrators should upgrade to maintain compatibility with modern hosting environments.

Highlight of the Release

• Improved compatibility with PHP 7.0 and 7.1
• Fixed Apache 2.4 compatibility issues without requiring mod_access_compat
• Added support for RFC 5785 by whitelisting the .well-known directory
• Fixed several JavaScript issues including Drupal.formatPlural and Drupal.t() functions
• Resolved password reset functionality that was broken by Ajax calls

Migration Guide

No specific migration steps are required for this maintenance release. This is a standard update that fixes bugs and improves compatibility with modern PHP versions and Apache 2.4.

To update:

1. Back up your database and site files
2. Put your site in maintenance mode
3. Update your Drupal core files (excluding any custom modifications)
4. Run the update script by visiting update.php
5. Take your site out of maintenance mode

If you're running PHP 7.0 or 7.1, this update is particularly important as it addresses several compatibility issues with these PHP versions.

Upgrade Recommendations

This update is highly recommended for all Drupal 7 sites, especially those:

• Running on PHP 7.0 or 7.1
• Hosted on Apache 2.4 servers without mod_access_compat
• Using password reset functionality
• Utilizing feed categories

The fixes in this release address important compatibility issues with modern PHP versions and Apache configurations, as well as several functional bugs that could affect site operation. There are no known breaking changes in this release, making it a safe update for all Drupal 7 sites.

Bug Fixes

PHP 7.x Compatibility Fixes

• Fixed issue where DATE_RFC7231 constant was already defined in PHP 7.0.19 and 7.1.5
• Fixed UserTimeZoneFunctionalTest failures on recent versions of PHP 7 and 7.1
• Fixed tempnam() usage in PHP 7.1
• Fixed issue where Statistics module subtracted an empty string from an integer, causing PHP 7.1 test failures

JavaScript Fixes

• Fixed console error in Firefox due to redeclared function argument in Drupal.formatPlural
• Fixed malformed Drupal.settings caused by file_ajax_upload()
• Fixed Drupal.t() placeholder substitution that didn't always work correctly
• Fixed W3C HTML5 validation errors with PHP array-based query-strings built with url() containing [ ] characters

Core Functionality Fixes

• Fixed password reset functionality that was broken by Ajax calls
• Fixed issue where a user's contact setting reverts to default when saving
• Fixed handling of feed categories when a category is deleted
• Fixed notice: Undefined index: status in _block_rehash()
• Fixed unused $original_destination variable in file_unmanaged_copy()
• Fixed unused $name variable in file_get_content_headers()

Testing and Documentation

• Fixed unit tests that don't work when default site language is not English
• Fixed verbose debug output in unit tests that relies on the database
• Updated documentation in field.tpl.php to clarify reference to theme_field
• Added class documentation block for DatabaseSchema class
• Fixed incorrect documentation link for PDO drivers in installation message
• Fixed DeleteQuery::execute() return value documentation

New Features

Support for RFC 5785 (.well-known directory)

Added support for RFC 5785 by whitelisting the .well-known directory in Drupal's .htaccess file. This allows for proper functioning of services that rely on the .well-known URL path, such as Let's Encrypt certificate validation, security tokens, and other standardized discovery mechanisms.

Security Updates

Security Improvements

• Fixed an issue where Drupal would fail to boot with a 503 error on Apache 2.4 without mod_access_compat, which could expose sensitive files
• Improved URL handling for array-based query strings containing special characters, preventing potential security issues
• Added support for RFC 5785 by whitelisting the .well-known directory, enabling better security certificate management

Performance Improvements

Apache 2.4 Compatibility

Improved compatibility with Apache 2.4 servers by fixing an issue where Drupal would fail to boot with a 503 error and .htaccess protections would not work without mod_access_compat. This change improves performance and reliability on modern Apache servers without requiring additional modules.

Impact Summary

Drupal 7.55 is primarily a compatibility and bug fix release that ensures Drupal 7 continues to work properly with PHP 7.0 and 7.1, as well as Apache 2.4 servers. The most significant improvements include:

1. PHP 7.x Compatibility: Multiple fixes for issues with PHP 7.0.19, 7.1.5 and other recent PHP 7 versions, ensuring tests pass and core functionality works correctly.

2. Apache 2.4 Support: Fixed critical issue where Drupal would fail with a 503 error on Apache 2.4 without mod_access_compat, improving compatibility with modern server configurations.

3. JavaScript Improvements: Fixed several JavaScript issues including problems with Drupal.formatPlural, Drupal.t() placeholder substitution, and malformed Drupal.settings.

4. Core Functionality: Fixed password reset functionality, user contact settings persistence, and feed category handling.

5. RFC 5785 Support: Added support for the .well-known directory standard, enabling better integration with services like Let's Encrypt.

This release contains no known breaking changes and is a recommended update for all Drupal 7 sites to maintain compatibility with modern hosting environments.