Drupal Release: 7.9

TL;DR

Drupal 7.9 is a maintenance release that includes numerous bug fixes, documentation improvements, and minor enhancements. This update addresses over 100 issues including file handling problems, security improvements, performance optimizations, and UI refinements. While there are no major new features, the release significantly improves stability and usability through better error handling, more consistent APIs, and clearer documentation. This update is recommended for all Drupal 7 sites to ensure optimal performance and security.

Highlight of the Release

• Fixed critical file handling issue where files could be lost when adding multiple files to multiple fields simultaneously
• Improved database compatibility with standardized not-equal operator syntax
• Added Content-Language HTTP header to improve accessibility and standards compliance
• Fixed EntityFieldQuery count query for translatable fields
• Added format_string() function as a standalone version of the t() formatter
• Improved performance with faster theme registry rebuilds when multiple themes are enabled

Migration Guide

Drupal 7.9 is a maintenance release with no major API changes that would require migration steps. However, there are a few items to note:

For Database Queries

• The not-equal operator has been standardized to use <> instead of != for better cross-database compatibility. If you have custom modules using != in database queries, consider updating them to use <> instead.

For OpenID Implementation

• If your site uses OpenID authentication, this release includes fixes for accounts with incompletely stored OpenIDs. No manual action is required, but you may want to monitor user login activity after upgrading.

For Custom Field Implementations

• If you've implemented custom field types, note that the handling of field updates has been improved. Review your code if you've encountered issues with field updates in the past.

For Theme Developers

• The theme registry rebuild process has been optimized. If you've implemented custom theme registry alterations, test them thoroughly after upgrading.

For Module Developers

• The format_string() function is now available as a standalone version of the t() formatter. Consider using it where string formatting without translation is needed.
• Review your usage of hook_options_list() as it now can receive field instance information.

Upgrade Recommendations

Recommendation Level: Recommended for all sites

Drupal 7.9 is a maintenance release containing numerous bug fixes, documentation improvements, and minor enhancements that improve the stability, security, and performance of Drupal 7 sites. While there are no critical security fixes that would make this an urgent update, the cumulative improvements make this a worthwhile upgrade for all Drupal 7 sites.

Timing:

• For sites with custom modules: Test the update in a development environment before deploying to production.
• For sites using the affected features (especially file handling with multiple uploads, EntityFieldQuery with translatable fields, or OpenID authentication): Update as soon as convenient.
• For all other sites: Schedule the update during your next regular maintenance window.

Preparation:

1. Back up your database and files before upgrading
2. Review the full list of changes to identify any that might affect your custom code
3. Test the update on a staging environment if possible
4. Update any contributed modules that have been updated to support Drupal 7.9

The update process follows the standard Drupal minor version update procedure and should not require any special steps beyond the normal update process.

Bug Fixes

• File Handling: Fixed critical issue where files were lost when adding multiple files to multiple fields simultaneously (#1059268).

• Database Compatibility: Fixed not-equal operator usage from '!=' to '<>' for better cross-database compatibility (#1226796).

• EntityFieldQuery: Fixed broken count query functionality for translatable fields (#1292922).

• Form Handling:

  • Fixed errors when submitting the shortcut set configuration page after deleting all shortcuts (#937380).
  • Fixed 'This form is outdated' message that was confusing users (#240828).
  • Fixed tableselect to only select enabled checkboxes (#363354).

• OpenID Authentication:

  • Fixed OpenID discovery spec violation by following redirects (#575810).
  • Fixed mis-encoding of # in OpenID login links (#160163).
  • Added transition for accounts with incompletely stored OpenIDs (#1120290).

• User Interface:

  • Fixed 'Add to shortcuts' link appearing on 403/404 pages (#790770).
  • Fixed secondary tabs order in LTR layouts (#1299046).
  • Fixed taxonomy term menu link title overriding term page title (#1041906).

• Field and Content Management:

  • Fixed node revision log of '0' being ignored (#1282956).
  • Fixed password of '0' being ignored in drupal_http_request() (#1282986).
  • Fixed feed items with titles longer than 255 characters failing to insert (#1244116).
  • Fixed 'Manage fields' screens broken table layout (#1248940).

• Performance and Caching:

  • Fixed SchemaCache generating empty cache IDs (#1289364).
  • Fixed menu_update_7001() breaking if block module was disabled (#1231856).

• Other Fixes:

  • Fixed file_usage_list() returning incomplete results (#1222576).
  • Fixed MySQL 5.5 compatibility issues with testing (#1136854).
  • Fixed pagination for aggregator pages (#743234).
  • Fixed ambiguous 'nid' column when using node access modules (#766382).

New Features

and Enhancements

• New format_string() Function: Added as a standalone version of the t() formatter, allowing string formatting without translation processing.

• Enhanced Field Options API: Added support for hook_options_list() to pass field instance information, providing more context for option generation.

• Improved Language Detection: Fixed browser language detection to properly parse language tags according to standards.

• Content-Language HTTP Header: Added this header to generated pages for better accessibility and standards compliance.

• Enhanced Image Handling: Populated HTML image tags with dimension attributes without introducing additional I/O operations.

• Taxonomy Term Entity Info: Added node type/bundle information in comment_entity_info() for better integration.

Security Updates

• Reverse Proxy Handling: Improved reverse proxy IP address handling with better documentation and more robust implementation (#1310250), helping to prevent potential IP spoofing attacks.

• Password Handling: Fixed an issue where non-MD5 password hashes were being overwritten during updates (#1205138), preserving stronger password hashing methods.

• OpenID Security: Fixed several OpenID-related issues including proper redirect handling and transition for accounts with incompletely stored OpenIDs (#575810, #1120290), improving authentication security.

• HTTP Request Handling: Fixed an issue where passwords of '0' were being ignored in drupal_http_request() (#1282986), ensuring all valid credentials are properly processed.

• Form Security: Improved handling of outdated forms with clearer error messages (#240828), helping to prevent potential CSRF issues.

Performance Improvements

• Theme Registry Optimization: Improved speed of theme registry rebuilds when multiple themes are enabled (#1177738), resulting in faster page loads after cache clears or when using multiple themes.

• Taxonomy Performance: Added static caching to taxonomy_vocabulary_get_names() (#1274674), reducing database queries for sites with many taxonomy vocabularies.

• Module Loading: Optimized module directory scanning to avoid re-scanning when multiple modules are missing (#1081266), improving performance during module dependency checks.

• CSS Optimization:

  • Removed duplicated CSS in the Contextual module (#1290562).
  • Removed duplicated CSS in the Seven theme (#1290512).

• Resource Loading: Improved block administration form by using #attached for CSS instead of drupal_add_css() (#1122584), providing better front-end performance through aggregation.

Impact Summary

Drupal 7.9 delivers significant improvements to stability, documentation, and performance without introducing breaking changes. The most impactful fixes address file handling issues that could cause data loss when uploading multiple files, database compatibility improvements for cross-database deployments, and performance optimizations for theme registry rebuilds.

For developers, the release provides clearer API documentation, standardized database operators, and a new format_string() function. Site administrators will benefit from improved UI elements, better error handling, and enhanced shortcut management. Content editors gain more reliable file handling and improved revision logging capabilities.

The release also includes important accessibility improvements with the addition of the Content-Language HTTP header and better language detection from browsers. Performance gains come from optimized theme registry rebuilds, static caching for taxonomy functions, and removal of duplicated CSS.

While not containing critical security fixes, the release includes several security improvements related to password handling, OpenID authentication, and reverse proxy configuration. Overall, this maintenance release represents a solid improvement to the Drupal 7 platform that enhances stability and user experience without disrupting existing functionality.