Drupal Release: 8.2.2

TL;DR

Drupal 8.2.2 is a maintenance release that addresses numerous bugs and issues across various components of Drupal core. This update includes important fixes for file handling, REST API functionality, migration tools, views, entity handling, and accessibility improvements. While there are no major new features, this release significantly improves stability and resolves several critical issues that could cause errors or unexpected behavior in production environments.

Highlight of the Release

• Fixed critical file handling issues including proper private file support for images uploaded via EditorImageDialog
• Resolved REST API problems with better error handling for missing headers and CSRF tokens
• Improved migration tools with better error logging and handling of multilingual content
• Fixed several AJAX-related issues in views and forms
• Enhanced accessibility for toolbar and module filter components

Migration Guide

This is a maintenance release containing bug fixes and minor improvements. No specific migration steps are required when updating from Drupal 8.2.1 to 8.2.2.

Update Process:

1. Back up your database and site files
2. Put your site into maintenance mode
3. Update Drupal core codebase:
   • Via Composer: composer update drupal/core --with-dependencies
   • Via Drush: drush pm-update drupal
   • Manual update: Replace your existing Drupal files with the new version
4. Run database updates: drush updatedb or visit /update.php
5. Clear caches: drush cache-rebuild or clear via the admin interface
6. Take your site out of maintenance mode

Special Considerations:

• If you've been experiencing issues with file handling, entity references, or AJAX functionality, test these areas thoroughly after updating.
• If you're using migration tools to import content from Drupal 6 or 7, this update includes several important fixes that may resolve issues you've been experiencing.

Upgrade Recommendations

Recommendation Level: High

This release contains numerous bug fixes that improve stability and resolve issues across multiple components of Drupal core. While it doesn't address critical security vulnerabilities, it fixes several bugs that could impact site functionality and user experience.

Who should upgrade immediately:

• Sites experiencing any of the specific issues fixed in this release
• Sites using migration tools to import content from Drupal 6 or 7
• Sites with heavy reliance on AJAX functionality or views
• Sites with multilingual content

Upgrade Priority:

• Production sites: Medium-High priority - plan to upgrade within your next maintenance window
• Development sites: High priority - upgrade to ensure you're developing against the most stable version

This is a maintenance release with minimal risk of introducing new issues. The benefits of the bug fixes outweigh the minimal risks associated with the update process.

Bug Fixes

File Handling

• Fixed proper private file support for images uploaded via EditorImageDialog
• Resolved issues with FileSystem::mkdir() returning false negatives with trailing slashes
• Fixed MIME type mapping for JavaScript files

Entity and Field Handling

• Fixed entity reference field "Autocomplete matching: Starts with" option
• Resolved issues with denormalization of entities with translations
• Fixed boolean field with #access FALSE causing EntityStorageException
• Corrected handling of date-only fields when UTC date differs from user's current date
• Fixed error in ListNormalizer failing to pass context variable to field items

Views

• Fixed AJAX issues in glossary view arguments when Language URL detection is enabled
• Resolved problems with views ajax modals in certain scenarios
• Fixed "More Link" handling with external URLs
• Corrected views result summary to avoid returning float numbers with mini pager

REST API

• Improved error messages for missing Content-Type headers
• Fixed REST requests with invalid X-CSRF-Token header
• Corrected link title double escaping in Link::preRenderLink

Migration

• Added better error logging for skipped rows during migration
• Fixed migration of multilingual content from Drupal 6 and 7
• Improved handling of field migrations from previous Drupal versions
• Fixed role migration to update existing roles instead of duplicating them

Performance

• Improved User::getAnonymousUser() performance which previously took 13ms due to ContentEntityBase::setDefaultLangcode()

Accessibility

• Fixed module filter to properly announce number of results for screenreaders
• Corrected handling of HTML tags in shortcut labels in the toolbar tray

Other

• Fixed Internet Explorer adding excessive padding to body when toolbar is present
• Resolved issues with book navigation for unpublished parent items
• Fixed CKEditor not showing elements in styles dropdown when input filter alters them
• Corrected various typos and documentation issues

New Features

No major new features were introduced in this maintenance release. Drupal 8.2.2 focuses on bug fixes and stability improvements across various components of Drupal core.

Security Updates

• Session ID Handling: Improved security by hashing session IDs before using them as cache contexts, reducing the risk of session-related vulnerabilities.

• Private File Support: Enhanced security for private files by fixing proper private file support for images uploaded via EditorImageDialog, ensuring that access restrictions are properly enforced.

No critical security vulnerabilities were addressed in this release. For critical security updates, Drupal provides separate security releases with corresponding security advisories.

Performance Improvements

• Anonymous User Performance: Fixed a performance issue in User::getAnonymousUser() which previously took 13ms due to ContentEntityBase::setDefaultLangcode(), significantly improving performance for anonymous users.

• AJAX Response Optimization: Resolved issues with JavaScript settings caching that could cause AJAX responses to set wrong ajaxPageState.libraries, improving the reliability and performance of subsequent AJAX requests.

• Entity Handling: Various optimizations in entity handling, including improvements to entity reference fields and entity display handling that reduce unnecessary processing.

• Field UI Optimization: Fixed an issue where Field UI was needlessly resaving each enabled entity display, reducing database operations during configuration.

Impact Summary

Drupal 8.2.2 is a maintenance release that addresses over 80 bugs across various components of Drupal core. While it doesn't introduce new features, it significantly improves stability and fixes several critical issues that could cause errors or unexpected behavior.

Key improvements include fixes for file handling (particularly private files), REST API functionality, migration tools, views handling, entity reference fields, and accessibility enhancements. The release also addresses performance issues, particularly with anonymous user handling and AJAX responses.

For developers, the fixes to REST API error handling, entity reference fields, and migration tools will improve development experience and reduce debugging time. Content editors will benefit from fixes to CKEditor, date fields, and book navigation. Site administrators will see improved stability for file handling and multilingual content.

This release represents an important maintenance update that resolves numerous pain points reported by the Drupal community. The large number of bug fixes (over 80 issues addressed) demonstrates the active maintenance of Drupal core and the community's commitment to stability and quality.