Drupal Release: 8.5.0-rc1

TL;DR

Drupal 8.5.0-rc1 is a release candidate that brings significant improvements to Layout Builder functionality, accessibility enhancements in the Umami theme, and important security fixes. This release focuses on stabilizing features for the upcoming 8.5.0 stable release, with particular attention to content moderation workflows, migration tools, and UI improvements. The release also includes a critical security update (SA-CORE-2018-001) that all Drupal 8 site owners should apply immediately.

Highlight of the Release

• Critical security update (SA-CORE-2018-001) included
• Layout Builder improvements for better default handling
• Accessibility enhancements in Umami theme
• Content moderation workflow fixes
• Migration system improvements with better categorization
• Added JS modernization initiative to MAINTAINERS.txt

Migration Guide

Upgrading to 8.5.0-rc1

For Layout Builder Users

If you're using Layout Builder, note that defaults now work regardless of override capabilities. Review your layout configurations to ensure they behave as expected after the update.

For Migration Module Users

Migration modules have been reorganized with better categorization. If you have custom migration code that extends or references core migrations, you may need to update your code to account for the new categorization structure.

For Theme Developers

If you've extended or customized the Umami theme, be aware of the accessibility improvements that have been made to focus styles and text alternatives. You may need to update your custom themes to maintain consistency.

For Module Developers

• Check any code that interacts with content moderation, as several fixes have been applied to this system
• If you're using entity serialization, review your code against the improved safety checks for serializing blobs
• Update any custom toolbar implementations to ensure they don't break page caching

Security Update

This release includes SA-CORE-2018-001, a critical security fix. Make sure to apply this update immediately to protect your site.

Upgrade Recommendations

For Production Sites

If you're running a production Drupal 8 site, it's strongly recommended to upgrade to this release immediately due to the inclusion of the critical security fix (SA-CORE-2018-001).

For Development Sites

For sites in development, upgrading to this release candidate is recommended to test your custom code against the upcoming 8.5.0 stable release. Pay special attention to testing:

• Layout Builder functionality
• Content moderation workflows
• Migration processes
• Custom themes for accessibility compliance

Preparation Steps

1. Create a complete backup of your site before upgrading
2. Test the upgrade on a staging environment first
3. Review the full list of changes to identify any that might affect your custom code
4. Update any contributed modules that may have dependencies on changed components

This is a release candidate, so while it's more stable than beta releases, you should still be prepared for potential issues and have a rollback plan in place.

Bug Fixes

Content Moderation Fixes

• Fixed "Default Revision cannot be deleted" error when it's not actually the default revision
• Fixed EntityStorageException when using content moderation block in preview mode
• Removed content moderation exclusion from StableLibraryOverrideTest

Entity and Storage Issues

• Fixed widget validation crashes on ItemList violations for widgets with custom errorElement() implementation
• Fixed issue with entity_test entity types now properly marked as 'internal'
• Fixed revision_default properly marked as internal for REST consumers

Views Issues

• Fixed Views Table style plugin breaking dynamic cache
• Fixed issue where duplicating a Page to Block after changing the display ID destroyed the Page view

Migration Issues

• Ensured d7_url_alias migration works for paths without slashes
• Fixed path aliases generated by PathItem::generateSampleValue() to start with a slash

UI and Theme Fixes

• Fixed incorrect path to icons in stable/settings_tray CSS files
• Fixed link hover styles unintentionally applied to administration toolbar
• Fixed site email address in install profile form no longer copied to user email address
• Fixed toolbar warning message wording
• Cleaned up icons that ship with Media module

Other Fixes

• Fixed user_hook_toolbar() making all pages uncacheable
• Fixed typo in Drupal\Core\Routing\UrlGenerator
• Fixed wrong variable name in \Drupal\node\Form\DeleteMultiple
• Fixed FileTestSaveUploadFromForm incorrectly counting messages

New Features

Layout Builder Enhancements

• Layout Builder defaults now work regardless of the ability to provide overrides
• Improved handling of section components with optimized access checks

Migration System Improvements

• Migrations are now categorized according to their type, making them easier to manage and understand
• Derived migrations are properly categorized according to their type
• Enhanced API documentation for the migration system

Accessibility Improvements

• Focus styles in Umami theme now meet accessibility guidelines
• Added accessible text alternative to Umami Banner Block at wide viewport
• Tour module close button now has descriptive text for screen readers

Other Enhancements

• Added JS modernization initiative to MAINTAINERS.txt, formalizing efforts to improve Drupal's JavaScript architecture
• Statistics block links are now built with toRenderable() for better rendering consistency

Security Updates

Critical Security Update

• SA-CORE-2018-001 security fix is included in this release. This is a critical security update that all Drupal 8 site owners should apply immediately.

Other Security Improvements

• Improved handling of entity serialization with better determination of whether serializing blobs is safe for use in Layout Builder
• Enhanced internal entity type handling to better protect sensitive data from external access

Performance Improvements

Performance Optimizations

• SectionComponent::toRenderArray() now avoids running unnecessary access checks when not needed
• Fixed Views Table style plugin that was breaking dynamic cache, improving page load performance
• Optimized user_hook_toolbar() to prevent it from making all pages uncacheable, significantly improving cache performance

These improvements help reduce unnecessary processing and improve caching effectiveness, resulting in better overall site performance.

Impact Summary

Drupal 8.5.0-rc1 represents a significant step toward the stable 8.5.0 release with important security, functionality, and accessibility improvements. The inclusion of SA-CORE-2018-001 makes this an essential security update for all Drupal 8 sites.

The Layout Builder system has received substantial improvements, making it more robust and flexible for site builders. Content moderation workflows are now more reliable with fixes for several edge cases that could cause errors or unexpected behavior.

Accessibility has been a major focus in this release, particularly in the Umami theme, with improvements to focus styles, text alternatives, and screen reader support. These changes help Drupal sites better comply with accessibility guidelines.

The migration system has been enhanced with better categorization and documentation, making it easier for site builders and developers to understand and use migration tools effectively.

For developers, numerous bug fixes and API improvements provide a more stable foundation for custom code. The formalization of the JS modernization initiative signals Drupal's continued commitment to improving its JavaScript architecture.

Overall, this release candidate delivers important fixes and enhancements that improve security, usability, and developer experience, while preparing the way for the stable 8.5.0 release.