Drupal Release: 7.93

TL;DR

Drupal 7.93 focuses on PHP 8.2 compatibility by fixing numerous deprecated dynamic property warnings, while also addressing several long-standing bugs and security improvements. This release enhances stability for sites running on newer PHP versions, fixes JavaScript functionality that was broken in 7.92, and improves cron handling to prevent concurrent runs.

Highlight of the Release

• Fixed PHP 8.2 compatibility by addressing numerous deprecated dynamic property warnings
• Fixed JavaScript links in contributed modules that were broken since version 7.92
• Improved cron handling to prevent multiple concurrent runs
• Added user action to allow users to unblock their own accounts
• Enhanced security by invalidating one-time login links when email addresses change
• Fixed SVG rendering in Full HTML format

Migration Guide

No specific migration steps are required for this update. This is primarily a bugfix and compatibility release that should not require any changes to your codebase.

However, if you've been working around any of the fixed issues (particularly PHP 8.2 compatibility warnings or the JavaScript issues in 7.92), you may want to review and remove those workarounds after upgrading.

If you've implemented custom email validation by modifying the valid_email_address() function directly, consider updating your code to use the new more easily overridable approach.

Upgrade Recommendations

This update is highly recommended for all Drupal 7 sites, especially those running on PHP 8.x or planning to upgrade to PHP 8.2.

The release contains important fixes for PHP 8.2 compatibility, security improvements, and resolves several long-standing bugs. Sites experiencing JavaScript issues since upgrading to Drupal 7.92 should definitely upgrade to this version.

As always with Drupal 7 updates, make sure to:

1. Back up your database and files before upgrading
2. Test the upgrade on a staging environment first
3. Run update.php after deploying the new code
4. Clear all caches

Bug Fixes

PHP 8.2 Compatibility Fixes

Multiple issues related to PHP 8.2 deprecated dynamic property warnings have been fixed:

• Fixed dynamic property creation in DrupalWebTestCase->prepareEnvironment()
• Fixed dynamic property creation in MergeQuery::$condition
• Fixed dynamic property creation in DatabaseCondition::$stringVersion
• Fixed dynamic property creation in SelectQuery class
• Fixed dynamic property creation in PDOException class
• Fixed dynamic property creation in Updater class
• Fixed dynamic property creation in FileTransfer class
• Fixed dynamic property creation in EntityFieldQuery::$alterMyExecuteCallbackPlease
• Fixed dynamic property creation in various test classes

JavaScript and UI Fixes

• Fixed JavaScript links in contributed modules that were broken since version 7.92
• Fixed incorrect image sizing due to a bug introduced in version 7.91
• Fixed SVG element rendering in Full HTML format
• Fixed tableheader.js to avoid eval() calls that could be blocked by Content Security Policy
• Fixed dblog CSS selectors that were being overridden

Other Bug Fixes

• Fixed EntityFieldQuery using incorrect ordered_results instead of orderedResults
• Fixed hook_comment_unpublish which was never being invoked
• Fixed image dimensions validation to accept only positive values
• Fixed confusing form error messages for user picture "conflicting" validators
• Fixed book_node_load() which was ignoring the 'book_allowed_types' setting and performing excessive SQL queries
• Fixed check_markup() to prevent PHP 8 deprecation warning when passing null to hash()
• Fixed random test failures in testNodeTermCreationAndDeletion()
• Fixed Simpletest not resetting the $theme* globals

New Features

New User Action: Unblock Current User

A long-requested feature has finally been added to Drupal 7 - users can now unblock their own accounts through a new "unblock current user" action in the user module. This addresses issue #512042 which has been open for many years.

Improved Email Validation Overriding

The valid_email_address() function has been modified to be more easily overridable, giving developers more flexibility when implementing custom email validation logic.

Security Updates

Enhanced Login Security

One-time login links are now invalidated when a user's email address is changed. This security improvement prevents potential account takeover scenarios where an old email address might still have valid login links.

Cookie Security Improvements

Fixed the SameSite attribute on Drupal.toolbar.collapsed and other similar cookies, improving security against cross-site request forgery attacks.

Removed Deprecated FLoC Header

The FLoC (Federated Learning of Cohorts) header has been removed from Drupal 7 as Google has abandoned this technology. This keeps Drupal's security posture current with industry standards.

Performance Improvements

Cron Performance Improvements

The cron lock time limit has been increased to prevent multiple concurrent cron runs, which could lead to performance issues and database contention. This change helps ensure that cron tasks run more reliably and efficiently.

Reduced Database Queries

Fixed book_node_load() which was performing excessive SQL queries by ignoring the 'book_allowed_types' setting, resulting in better performance when working with book nodes.

Impact Summary

Drupal 7.93 is a significant maintenance release that improves PHP 8.2 compatibility by fixing numerous deprecated dynamic property warnings. This ensures Drupal 7 sites can continue to run smoothly on newer PHP versions as PHP 7.x approaches end-of-life.

The release also fixes a critical JavaScript issue introduced in 7.92 that broke JavaScript links in contributed modules, and addresses several long-standing bugs including problems with SVG rendering, comment unpublishing, and image dimension validation.

Security is enhanced with improvements to one-time login links, cookie handling, and removal of the abandoned FLoC header. Performance improvements include better cron handling to prevent concurrent runs and reduced database queries for book nodes.

For site administrators and developers maintaining Drupal 7 sites, this update provides important compatibility fixes and quality-of-life improvements that help extend the viability of Drupal 7 installations during the extended support period.