Drupal Release: 8.1.9

TL;DR

Drupal 8.1.9: Bug Fixes and Documentation Improvements

What's New: Drupal 8.1.9 is a maintenance release that addresses numerous bugs and improves documentation across the system. Key fixes include resolving issues with file handling for private files and translations, fixing migration rollbacks, and addressing configuration system problems.

Why It Matters: This release enhances stability and security while providing clearer documentation for developers. The fixes for file handling prevent potential data loss, while improvements to migration tools ensure smoother upgrades.

Who Should Care: Site administrators should update to this version to benefit from security and bug fixes. Developers will appreciate the improved documentation and fixed API behaviors.

Highlight of the Release

• Fixed security issue with one-time login links potentially being leaked to third parties
• Resolved data loss issue when deleting translations of entities with file references
• Fixed private file handling for image styles and editor uploads
• Improved migration rollback functionality
• Enhanced documentation across multiple APIs and hooks

Migration Guide

This is a maintenance release with bug fixes and documentation improvements. No specific migration steps are required when upgrading from Drupal 8.1.8 to 8.1.9.

However, if you're using any of the following features, you should be aware of these changes:

Private Files

If you're using private files with image styles or in the editor, this release fixes issues with serving derivatives and handling file usage. No action is required, but you may notice improved behavior after upgrading.

Configuration Management

If you've experienced issues with importing configuration from non-default collections or with field data loss when creating fields with the same name as purged fields, these issues are now fixed. No specific migration steps are needed.

Migration System

If you've encountered problems with migration rollbacks, particularly for views, fields, or field instances, these issues have been resolved. Existing migrations should work more reliably after upgrading.

Upgrade Recommendations

Recommendation: It is highly recommended to upgrade to Drupal 8.1.9 as soon as possible.

Priority: Medium-High

This release contains important bug fixes and security improvements that address potential data loss issues and security vulnerabilities. The fixes for file handling in translated content and private files are particularly important for sites using these features.

Upgrade Path:

1. Back up your database and files before upgrading
2. Update your codebase to Drupal 8.1.9 using Composer (recommended) or by downloading the new release
3. Run the database updates by visiting /update.php or using Drush: drush updatedb
4. Clear caches: drush cache-rebuild or via the admin interface

Special Considerations:

• If you're using private files with image styles or multilingual content with file attachments, this update is particularly important to prevent potential data loss
• If you've experienced issues with configuration imports or migration rollbacks, this update addresses several of those problems

Bug Fixes

File Handling

• Fixed issue where image styles for private files were serving the original instead of derivative
• Resolved data loss issue where deleting a translation of an entity deleted all file_usage entries for files referenced by the entity
• Fixed proper private file support for images uploaded via EditorImageDialog

Configuration System

• Fixed issue where configuration system didn't allow importing a single item from a non-default collection
• Resolved problem where config directories weren't being created by installer if present in settings.php
• Fixed issue where creating a field with the same name as one being purged resulted in data destruction of the new field

Migration

• Fixed issue where migrate rollback did not rollback failed items
• Resolved problems with view mode, field, and field instance migration rollbacks
• Fixed issue where MigrateCckFieldPluginManager mixed up its behavior for creating and loading definitions
• Improved handling of missing filters during migration with filter_null

Entity and Field Handling

• Fixed issue where LinkItem::getUrl() failed if options were NULL
• Resolved problem where VIews field relationships broke when the field name was too long
• Fixed issue where FormattedDateDiff::$maxAge was never applied to caches
• Corrected Entity Reference error message that displayed "@value (@id)"

User Interface

• Fixed issue where deleted blocks were not removed from the block list
• Resolved problem where links styled as buttons were not placed inside Dialog's button pane
• Fixed issue with comments with no subject causing failures

Other

• Fixed issue where _user_mail_notify() always sent emails even if $notify was FALSE
• Resolved problem where a valid one-time login link could be leaked by the referer header to 3rd parties
• Fixed issue where class "Drupal\user\UserServiceProvider" was not found
• Corrected issue where _node_access_rebuild_batch_operation used queries that check access
• Fixed issue where edit-form, delete-form etc. <link> tags added on /node/{node} were invalid according to W3C Validator
• Resolved issue where sys_get_temp_dir() could return a path with a trailing slash

New Features

This maintenance release focuses primarily on bug fixes and documentation improvements rather than introducing new features. However, there are some notable enhancements:

• Team Updates: Added dixon_ as Workflow Initiative coordinator and Scott Reeves (Cottser) as a full core committer for Drupal 8
• Documentation Improvements: Added "composer install" step to install.txt file for when Drupal is downloaded using git
• Migration Tools: Added a translated node to d7_dump for better testing of translation migrations
• API Documentation: Improved documentation for hook_entity_field_access() with details on possible values of $operation parameter

Security Updates

• One-time Login Link Protection: Fixed an issue where a valid one-time login link may be leaked by the referer header to 3rd parties. This prevents potential unauthorized access to user accounts through leaked login links.

• File Access Protection: Resolved issues with private file handling for image styles and editor uploads, ensuring that access restrictions are properly enforced for private files.

• Node Access Rebuilding: Fixed an issue where _node_access_rebuild_batch_operation was using queries that check access, which could lead to incomplete node access rebuilds and potential security gaps.

Performance Improvements

This maintenance release doesn't include significant performance-focused changes. The primary focus was on bug fixes, security improvements, and documentation enhancements. However, some of the fixes may indirectly improve performance:

• Fixed caching issue with FormattedDateDiff::$maxAge never being applied to caches, which should improve caching effectiveness
• Improved handling of queries in _node_access_rebuild_batch_operation to avoid unnecessary access checks, potentially improving performance during node access rebuilds

Impact Summary

Drupal 8.1.9 is a maintenance release that focuses on bug fixes, documentation improvements, and security enhancements. While it doesn't introduce major new features, it addresses several critical issues that could lead to data loss or security vulnerabilities.

The most significant impacts include:

1. File Handling Improvements: Fixed critical issues with private files and file usage tracking in translated content, preventing potential data loss when deleting translations.

2. Security Enhancements: Addressed a security vulnerability where one-time login links could be leaked through referer headers, improving account security.

3. Configuration System Fixes: Resolved issues with configuration imports and field data handling that could lead to data loss in specific scenarios.

4. Migration System Reliability: Fixed several issues with migration rollbacks, making the migration system more reliable for site upgrades.

5. Documentation Enhancements: Improved documentation across multiple APIs and hooks, making development with Drupal more accessible and reducing potential errors.

For most users, this update provides important stability improvements without requiring significant changes to existing workflows. Site administrators should prioritize this update, especially if using multilingual content with file attachments or private file systems.