Drupal Release: 8.0.0-beta4

TL;DR

Drupal 8.0.0-beta4 brings significant improvements to the development version of Drupal 8. This release focuses on bug fixes, performance improvements, and developer experience enhancements. Key updates include configuration schema improvements, field UI redesign, security fixes, and better theme handling with the new asset library system. This beta represents continued progress toward a stable Drupal 8 release with improved stability and developer tools.

Highlight of the Release

• Redesigned Field UI that makes adding fields a separate, more intuitive task
• New asset library system for themes and modules, replacing individual CSS/JS assets
• Improved configuration schema validation and debugging
• Security fixes including denial of service protection
• Upgraded to Symfony 2.6.1
• Fixed CKEditor issues including right-aligned images and image captions
• Improved error handling and developer experience
• Better handling of module installation and uninstallation
• Fixed responsive layout issues in Bartik theme
• Added print styling for Seven theme

Migration Guide

Asset Library System

If you have custom themes or modules that add individual CSS or JS files, you'll need to update them to use the new asset library system:

// Old way
$element['#attached']['css'][] = drupal_get_path('module', 'mymodule') . '/css/mymodule.css';
$element['#attached']['js'][] = drupal_get_path('module', 'mymodule') . '/js/mymodule.js';

// New way
$element['#attached']['library'][] = 'mymodule/mymodule';

And define your library in mymodule.libraries.yml:

mymodule:
  version: VERSION
  css:
    theme:
      css/mymodule.css: {}
  js:
    js/mymodule.js: {}

Deprecated Functions

The following functions have been removed and should be replaced:

• drupal_process_form() - Use Form API directly
• form_execute_handlers() - Use Form API directly
• drupal_truncate_bytes() - Use appropriate string handling functions
• drupal_match_path() - Use PathMatcher service
• drupal_mail() - Use MailManager service
• drupal_html_class() and drupal_clean_css_identifier() - Use Html::getClass() and Html::cleanCssIdentifier()
• form_options_flatten() - Use appropriate array handling
• path_is_admin() - Use RouteMatch service
• _update_create_fetch_task() - Use Update service
• drupal_mail_system() - Use MailManager service
• current_path() - Use current_route_match service

Configuration

Custom modules with configuration should ensure they comply with the improved configuration schema validation. Test your configuration against the schema to identify and fix any issues.

Upgrade Recommendations

For Developers Working on Drupal 8 Sites

This beta release contains significant improvements and bug fixes that enhance stability and developer experience. If you're actively developing with Drupal 8, upgrading to beta4 is strongly recommended to take advantage of these improvements.

For Production Sites

As this is still a beta release, it is not recommended for production websites. Continue using Drupal 7 for production sites until Drupal 8.0.0 stable is released.

Upgrade Process

When upgrading from beta3 to beta4:

1. Back up your site and database
2. Put the site in maintenance mode
3. Replace all core files and directories
4. Run update.php
5. Rebuild the cache
6. Take the site out of maintenance mode

Pay special attention to custom modules and themes that might need updates to work with the new asset library system and configuration schema improvements.

Bug Fixes

CKEditor Issues

• Fixed right-aligned images appearing to the right of other fields in CKEditor
• Fixed image captions in CKEditor that were broken due to missing iframe stylesheet
• Fixed state toggles for Enable alt/title and Require alt/title not functioning
• Fixed variable name typo in ckeditor.js

Views Issues

• Fixed Views setting access to ANY on routes, which could result in information disclosure
• Fixed ViewsAjaxController resulting in fatal error for empty optional arguments
• Fixed Views wizard creating invalid views out of the box with missing plugin_ids and insecure permissions
• Fixed issues with Views display plugins and handlers not being properly filtered by access
• Fixed aggregation not working in simple test cases

Field and Entity Issues

• Fixed fatal error in FieldConfigBase::calculateDependencies() with more helpful error messages
• Fixed fields of type 'Text (formatted)' not saving values
• Fixed EntityDisplayBase::calculateDependencies() fatal error
• Fixed population of default field values in entity translation
• Fixed FieldItemList::filterEmptyItems() renumbering deltas but not updating the Items
• Fixed path field not respecting settings in form display

Theme and Layout Issues

• Fixed Bartik layout that was broken in certain viewport sizes
• Fixed CSS definition for one sidebar and 560 to 850 px
• Fixed vertical toolbar menu broken in narrow viewports
• Fixed missing border around image upload widget when creating content in Bartik

Installation and Module Management Issues

• Fixed module install that couldn't save FTP settings
• Fixed installer generating unthemed pages
• Fixed profile selection form not being skipped when only one visible profile exists
• Prevented installation over an already installed database

Other Fixes

• Fixed database cache backend not treating cid as case sensitive
• Fixed early error handling that could result in fatal error
• Fixed uninstalling a filter plugin removing text formats
• Fixed forum index links heading to taxonomy/term/{term} instead of forum/{term}
• Fixed responsive image mappings throwing fatal exception if no image style is set
• Fixed preview functionality when preview is required for content creation

New Features

Asset Library System

The asset library system has been completely overhauled, with all themes and modules now using libraries instead of individual stylesheets and scripts. This provides better organization and dependency management for CSS and JavaScript assets.

Field UI Redesign

The Field UI has been redesigned to make adding a field a separate task, improving the user experience and making the process more intuitive. This change addresses long-standing usability issues with field management.

Print Styling for Seven

The Seven administrative theme now includes print styling, making it easier to print administrative pages with appropriate formatting.

Improved Configuration Schema

Configuration schema has been significantly improved with better validation and debugging capabilities, helping developers identify and fix configuration issues more easily.

Security Updates

Denial of Service Protection

• Ported denial of service fixes from SA-CORE-2014-006 to Drupal 8

Access Control Improvements

• Fixed Views setting access to ANY on routes, which could result in information disclosure
• Improved entity normalization to check field access to avoid leaking data
• Fixed issue where returning TRUE from hook_entity_access()/hook_ENTITYTYPE_access() could bypass EntityAccessController::checkAccess()

CKEditor Security Update

• Updated CKEditor library to version 4.4.6 to address security vulnerabilities

Twig Security

• Ensured twig_debug output has needed sanitization to prevent potential security issues

SSL Handling

• Removed mixed SSL support from core to improve security consistency

Performance Improvements

Cache System Improvements

• Improved ChainedFastBackend to properly set 'expires' and 'tags' when writing to fastBackend
• Avoided key value expire garbage collection on actual requests, improving performance
• Enhanced SqlContentEntityStorage::countFieldData() performance for large datasets when getting the result as a boolean

Entity System Optimizations

• Improved Entity::onUpdateBundleEntity() with correct type safe check to reduce unnecessary cache clears
• Enhanced entity field handling for better performance with large datasets

Database Optimizations

• Fixed database-related issues that could impact performance, including case sensitivity in queries
• Improved handling of aggregation in database queries

Impact Summary

Drupal 8.0.0-beta4 represents a significant step forward in the development of Drupal 8, focusing on stability, security, and developer experience. The introduction of the asset library system fundamentally changes how themes and modules manage CSS and JavaScript, providing better organization and dependency management. The redesigned Field UI improves usability for site builders by making field management more intuitive.

Security improvements include denial of service protection, better access control, and an updated CKEditor library. Performance enhancements to the cache system and entity handling will benefit sites with large datasets.

For developers, the improved configuration schema validation and better error messages make development and debugging more efficient. The upgrade to Symfony 2.6.1 keeps Drupal current with its underlying framework.

Theme developers will need to adapt to the new asset library system, but will benefit from improved Twig templates and fixed layout issues in core themes. Content editors will appreciate fixes to CKEditor and the content preview functionality.

While this is still a beta release not recommended for production sites, it demonstrates continued progress toward a stable, feature-rich Drupal 8 release with improved architecture and user experience.