Drupal Release: 8.0.0-alpha15

TL;DR

Drupal 8.0.0-alpha15 brings significant architectural improvements and code modernization. This release focuses on enhancing performance with better caching mechanisms, improving entity handling, converting procedural code to object-oriented approaches, and standardizing route names. Key highlights include the implementation of third-party settings for configuration entities, improved language handling, template conversions to Twig, and numerous security fixes. This alpha release continues Drupal 8's evolution toward a more modern, object-oriented framework with better performance and developer experience.

Highlight of the Release

• Improved caching with fast, local cache back-end (APCu) for bootstrap, discovery, and config
• Added ThirdPartySettingsInterface for configuration entities to store third-party module data
• Converted many theme functions to Twig templates and moved classes from preprocess to templates
• Standardized entity route names for consistency
• Fixed security issues in link fields and menu links to prevent information leakage
• Improved language handling with native language names in language switcher block
• Converted taxonomy listing to Views for better customization

Migration Guide

Procedural to Object-Oriented Conversion

• Element Classes: system_element_info() has been converted to Element classes. Update any custom form elements to use the new class-based system.

• FormState Methods: Many form state functions have been moved to the FormStateInterface:

  • Replace form_state_values_clean() with $form_state->cleanValues()
  • Stop using form_get_errors() and form_error() - use FormState methods instead
  • FormState no longer supports ArrayAccess - update any code that accesses form state as an array

• Theme System: Replace _theme() calls with \Drupal::theme()->render().

API Changes

• Entity API:

  • EntityDatabaseStorage has been removed - use SqlContentEntityStorage instead
  • ContentEntityDatabaseStorage has been renamed to SqlContentEntityStorage
  • Table mapping functions have moved from ContentEntityDatabaseStorage to public API of DefaultTableMapping
  • Entity schema information has moved from storage classes to schema handlers

• Path and URL Handling:

  • Replace drupal_valid_path() with PathValidator
  • A new #type => 'path' form element is available that accepts paths but can store URL objects or route names

• Removed Functions:

  • drupal_write_record() has been removed
  • drupal_render_page() has been removed
  • drupal_classloader() has been removed
  • form_load_include() has been replaced with FormState::loadInclude()
  • path_inc and menu_inc settings have been removed

Theme System Changes

• Classes in Templates:

  • Many classes have been moved from preprocess functions to templates
  • Update custom themes to use the Attribute object in templates instead of relying on preprocess functions

• Twig Templates:

  • Many theme functions have been converted to Twig templates
  • If you've overridden any of these theme functions, you'll need to convert your overrides to Twig templates

• Deprecated Properties:

  • The 'class' property from #theme 'links' and #theme 'menu_tree' heading arrays has been removed
  • Use the 'attributes' property with a 'class' key instead

Field System

• Text Processing:

  • The text_processing option has been removed from text fields
  • Existing string field types are now exposed as plain text in the UI

• Entity Reference:

  • Taxonomy parents now use entity reference
  • User roles have been converted to entity_reference_field

Upgrade Recommendations

This release (8.0.0-alpha15) represents a significant step in Drupal 8's development but is still an alpha version. It contains major architectural changes and API improvements that are not yet stable.

For Production Sites:

• Do not upgrade production Drupal 7 sites to this alpha release.
• Continue using Drupal 7 for production sites until Drupal 8 reaches at least RC status.

For Development and Testing:

• This alpha release is suitable for developers who want to start preparing modules and themes for Drupal 8.
• Testing sites can be upgraded to explore new features and provide feedback to the community.
• Be prepared for significant API changes in future alpha and beta releases.

For Module Developers:

• Begin updating custom modules to use the new object-oriented APIs.
• Pay special attention to the conversion from procedural functions to classes.
• Test modules with this release to identify compatibility issues early.

For Theme Developers:

• Start adapting themes to use Twig templates instead of PHPTemplate.
• Update theme preprocess functions to account for classes being moved to templates.
• Use the new Attribute objects in templates.

Installation Notes:

• A clean installation is recommended rather than upgrading from previous alpha releases.
• If upgrading from a previous alpha, carefully review the change log and be prepared for potential data migration issues.

Timeline Expectations:

• More alpha and beta releases will follow before a stable release.
• Major API changes are still possible in future releases.
• Wait for at least a release candidate before considering use in any production-adjacent environment.

Bug Fixes

Security and Access Control

• Link Field Information Leakage: Fixed security issue where link field item and menu link information could be leaked.
• Inline Templates Security: Fixed security hole where inline templates passed through unsafe strings.
• Basic Authentication: Fixed basic authentication for non-English sites.
• Node Access Optimization: Brought back node access optimization to menu trees.

UI and Display Issues

• In-place Editing: Fixed cursor visibility when editing titles in-place.
• CSS Issues:
  • Fixed RTL CSS for admin configuration page and config translation form.
  • Fixed white top corners in dialog boxes.
  • Fixed misaligned icons.
  • Fixed form required marker "\204E" that was broken in Google Chrome 35 / Internet Explorer 9.
  • Fixed insufficient space at page bottom.
  • Fixed active hover state add button in views with insufficient contrast.

Language and Translation

• Translate Local Task: Fixed "Translate" tab that was always visible and led to WSOD.
• Language Condition: Fixed language condition / block language visibility that included useless options.
• Translation Downloads: Fixed translations not being downloaded when adding a new language.
• Theme Missing: Fixed issue where theme was missing when installing in non-English language.

Form and Field Issues

• User Signatures: Fixed "Use signatures" checkbox on User config page that didn't appear.
• Permission Page Order: Fixed permission page ordering that was inconsistent.
• User Page: Fixed user creation page remembering values when it should not.
• Shortcut Links: Fixed missing "Save" button on shortcut links list.
• Image Processing:
  • Fixed crop anchor selector that didn't work.
  • Fixed default behavior to not upscale images.

System and Performance

• CSS Aggregator: Fixed CSS aggregator prepending data URLs with paths.
• Cron Lock: Fixed cron lock time limit that was too short and did not prevent multiple concurrent cron runs.
• Comment Parent: Fixed Comment::hasParentComment() trying to load comment with ID 0.
• Unicode Check: Fixed Unicode requirement check not working with PHP 5.6.
• Theme System: Fixed issue where themes could not be uninstalled.

New Features

Entity System Improvements

• ThirdPartySettingsInterface: Added to configuration entities, allowing modules to store their settings on entities they don't own.
• EntityDefinitionUpdateManager: New system to handle entity schema updates in a controlled way.
• Base Field Formatters and Widgets: Applied formatters and widgets to Node base fields.
• Entity Reference for Taxonomy Parents: Replaced the custom taxonomy parent field with entity reference.

Language and Internationalization

• Native Language Names: Language names now display in their native names in the language switcher block.
• Language Alternate Links: Added link tags to alternate languages (hreflang) in HTML head.
• Third-party Configuration: Added generic way to add third party configuration on configuration entities.

Field and Form Improvements

• Path Field Type: New #type => 'path' that accepts path but optionally stores URL object or route name and parameters.
• Default Images: Added ability to show default image on image fields.
• User Roles: Converted user roles to entity_reference_field.

Views and UI Improvements

• Taxonomy Term Views: Converted the taxonomy listing and feed at /taxonomy/term/%term to Views.
• System Menu Block Options: Added options to system menu block so primary and secondary menus can be blocks.
• Mouseover Title for dblog Entries: Added title attribute to watchdog entries.

Performance Enhancements

• Fast Local Cache: Using APCu (if available) for bootstrap, discovery, and config caches.
• Role Entity Caching: Statically caching Role entities to speed up permission checks.

Theme System

• Twig Templates: Converted many theme functions to Twig templates, including menus, task lists, and more.
• Theme Info Files: Added ability to add information to theme info files during development.
• CSS Standards: Added a .csslintrc file that's in line with Drupal CSS standards.

Security Updates

Critical Security Fixes

• Link Field Information Leakage: Fixed a security vulnerability where link field item and menu link information could be leaked to unauthorized users. This issue was identified as [sechole] in the commit messages, indicating its security-critical nature.

• Inline Templates Security: Fixed a security hole where inline templates were passing through unsafe strings, potentially allowing XSS attacks. This vulnerability could have allowed attackers to inject malicious code through template rendering.

• Session Security in Mixed SSL Mode: Fixed an issue where data from anonymous non-HTTP sessions was still available after login when operating in mixed mode SSL. This could potentially expose sensitive information across session boundaries.

Access Control Improvements

• URL Access Checking: Fixed access checking for URL objects, ensuring proper permission validation for all URL types.

• Node Access Optimization: Restored node access optimization to menu trees while maintaining security, ensuring that users only see menu items they have access to.

• Basic Authentication: Fixed basic authentication for non-English sites, which was previously broken and could potentially allow unauthorized access.

Other Security Enhancements

• Cacheability Metadata: Added cacheability metadata to access checks, improving the security of cached content by ensuring proper access control.

• Permission Page Improvements: Fixed permission page ordering issues, making it easier for administrators to correctly configure user permissions.

• Test Security Improvements: Removed unused and potentially insecure WebTestBase::drupalGetToken() method.

Performance Improvements

Caching Improvements

• Fast Local Cache Backend: Implemented use of fast, local cache back-end (APCu, if available) for low-write caches including bootstrap, discovery, and config. This significantly improves performance for these frequently accessed caches.

• Role Entity Caching: Statically caching Role entities to speed up (User|UserSession)::hasPermission() calls, which are frequently used throughout the system for access checks.

• Node Access Optimization: Brought back node access optimization to menu trees, improving performance when rendering menus with many node links.

Architectural Improvements

• Stackphp Implementation: Implemented stackphp and cleaned up handlePageCache() and preHandle() methods, improving the HTTP request handling pipeline.

• Ban System Refactoring: Replaced ban event subscriber with a ban stack for more efficient handling of banned IPs.

• Cron Lock Improvement: Fixed cron lock time limit that was too short, preventing unnecessary concurrent cron runs which could impact performance.

Code Optimization

• Removal of Static Caches: Removed several drupal_static() calls and replaced with more efficient object-oriented approaches.

• Render System Optimization: Fixed problematic interaction between the render system and the theme system when using #pre_render callbacks.

• Views Rendering: Cleaned up views rendering by moving code from template_preprocess_views_view() into a #pre_render callback.

• Entity Loading Optimization: Improved entity loading with better caching and more efficient database queries.

Impact Summary

Drupal 8.0.0-alpha15 represents a significant milestone in Drupal 8's development journey, focusing on architectural improvements, performance optimization, and developer experience enhancements. This release continues the transformation of Drupal's codebase from procedural to object-oriented programming, with numerous functions converted to classes and methods.

The most impactful changes include the implementation of fast local caching with APCu support, which significantly improves performance for bootstrap, discovery, and configuration operations. The addition of ThirdPartySettingsInterface allows modules to store their settings on configuration entities they don't own, enabling better integration between modules. Security has been strengthened with fixes for information leakage in link fields and menu links, as well as improved handling of inline templates.

For theme developers, this release brings major improvements with many theme functions converted to Twig templates and classes moved from preprocess functions to templates, promoting cleaner separation of concerns. Site builders will appreciate the conversion of taxonomy term listings to Views, providing greater flexibility in customizing taxonomy term pages.

Language handling has been enhanced with native language names in the language switcher block and better support for translations. The entity system continues to evolve with standardized route names, improved field handling, and a new EntityDefinitionUpdateManager for controlled schema updates.

While this alpha release brings Drupal 8 closer to stability, it still contains significant API changes that may require updates to custom modules and themes. Developers should begin adapting their code to these changes, but production sites should continue using Drupal 7 until Drupal 8 reaches at least RC status.