Drupal Release: 8.1.0-rc1

TL;DR

Drupal 8.1.0-rc1 is the first release candidate for the upcoming Drupal 8.1.0 minor version. This release includes numerous bug fixes, security improvements, and enhancements to the Drupal core functionality. Key improvements include fixes for access control issues with unpublished error pages, better handling of entity revisions, improved migration tools, and various UI and form element fixes. This release candidate represents the stabilization phase before the final 8.1.0 release.

Highlight of the Release

• Fixed security issue with access bypass to unpublished custom error pages
• Improved form elements handling with proper support for '#title_display' => 'invisible'
• Fixed Ajax functionality with tableselect checkboxes
• Enhanced entity revision handling and parameter conversion
• Improved migration tools with better plugin management and i18n support
• Added plurality support for entity type labels

Migration Guide

Migration from Beta2 to RC1

This release candidate contains several important fixes but does not introduce major API changes that would require extensive migration efforts. However, developers should be aware of the following changes:

Deprecated Functions

• format_string() is deprecated. The deprecation notice incorrectly suggested using SafeMarkup::format(), which is also deprecated. Use \Drupal\Component\Render\FormattableMarkup instead.

Entity Type API Changes

• Entity types now support plurality in labels. If you've created custom entity types, consider adding plural labels to improve UI text generation.

Testing Framework Changes

• Many simpletest kernel tests have been converted to PHPUnit. If you're extending these tests, you may need to update your test classes.

Vendor Libraries

• Fixed issues with --prefer-dist and .gitattributes that were causing problems with vendor test cleanup. If you're using custom build processes, ensure they're compatible with these changes.

Upgrade Recommendations

As this is a release candidate for Drupal 8.1.0, it is recommended for:

• Testing environments: All Drupal 8 site owners should test this release candidate in non-production environments to identify any issues before the final 8.1.0 release.

• Development sites: Developers working on modules and themes should test compatibility with this release candidate.

• Production sites: Not recommended for production sites unless you are experiencing specific issues that are fixed in this release and cannot wait for the final 8.1.0 release.

The upgrade path from Drupal 8.0.x to 8.1.0-rc1 is straightforward and doesn't require major changes. However, as with any pre-release version, thorough testing is essential before deploying to production environments.

Bug Fixes

Access Control and Security

• Fixed access bypass vulnerability for unpublished custom error pages
• Improved node revision queries tagged for node access to prevent "no node table" exceptions

UI and Form Elements

• Fixed '#title_display' => 'invisible' for composite form elements
• Resolved Ajax functionality issues with tableselect checkboxes
• Fixed VerticalTabs' #default_tab broken due to wrong class name
• Corrected Views UI text overlap in older versions of Firefox
• Fixed comment date views arguments using incorrect database column

Entity and Configuration Handling

• Fixed PluginSettingsBase::getThirdPartySettings() to return array instead of null
• Resolved issues with entity revision parameter enhancers/converters
• Fixed config translation form labels not being translated
• Corrected node_field_data and search_index tables matching on langcode

User Management

• Fixed regression in user edit form that incorrectly expected password reset hash

New Features

Entity Type Label Improvements

• Added plurality support for entity type labels, allowing UI text to be generated based on whether singular or plural is needed
• Enhanced annotation inheritance across namespaces for better plugin development

Migration Enhancements

• Added i18n string and variable data to Drupal 6 migration dumps
• Improved dependency injection in migration plugins
• Added get() method to MigrationInterface

Security Updates

Security Improvements

• Fixed critical security issue with access bypass to unpublished custom error pages (Issue #2678674)
• Improved node revision access control to prevent unauthorized access to content
• Enhanced error handling for placeholder rendering to prevent potential information disclosure

Performance Improvements

Performance Optimizations

• Improved handling of entity revisions with better parameter conversion
• Enhanced dependency injection in migration plugins for more efficient processing
• Optimized compiler passes in Core/DependencyInjection for better service container compilation
• Improved rendering performance with fixes to BareHtmlPageRenderer

Impact Summary

Drupal 8.1.0-rc1 represents a significant step toward the stable 8.1.0 release, focusing primarily on bug fixes and refinements rather than introducing major new features. The most impactful changes include:

1. Security improvements: The fix for access bypass to unpublished custom error pages addresses an important security vulnerability.

2. Developer experience enhancements: Improvements to entity revision handling, migration tools, and test infrastructure make development more efficient and reliable.

3. UI and form handling fixes: Several long-standing issues with form elements, Ajax functionality, and UI rendering have been resolved, improving the user experience for content editors and site administrators.

4. Multilingual improvements: Better handling of translations in configuration forms and enhanced migration support for i18n strings benefit sites with multiple languages.

5. Entity API enhancements: The addition of plurality support for entity type labels improves UI text generation throughout the system.

These changes collectively improve the stability, security, and usability of Drupal 8, making this release candidate an important milestone in the Drupal 8.1.x development cycle.