Drupal Release: 8.5.4

TL;DR

Drupal 8.5.4 is a maintenance and security release that addresses multiple bugs and documentation improvements across various subsystems. This update focuses on fixing issues with entity references, migrations, accessibility, and UI components. It includes important fixes for content moderation, layout builder, and multilingual functionality. While there are no major security fixes highlighted, the release includes numerous bug fixes and performance improvements that enhance stability and user experience.

Highlight of the Release

• Fixed issue with Config module uninstallation via Drush
• Improved entity reference handling for views using revision tables
• Enhanced content moderation with fixes for transition ordering and entity type handling
• Fixed weight form element behavior
• Improved Layout Builder functionality and UI
• Better handling of multilingual content and translations
• Enhanced migration system with better support for entity references and translations
• Numerous documentation improvements and code comment fixes

Migration Guide

Upgrading to Drupal 8.5.4

This is a maintenance release with bug fixes and minor improvements. No specific migration steps are required when upgrading from Drupal 8.5.3 to 8.5.4.

For developers working with entity references:

If you have custom code that works with entity references in views using revision tables, be aware that this release fixes an issue where entity links weren't added to views using the revision table as a base. Review any custom code that might rely on the previous behavior.

For sites using Content Moderation:

Several fixes have been made to Content Moderation functionality:

• Fixed issue with ordering transitions if there are more than 20
• Fixed issue with moderation state being set to default after entity serialization
• Fixed issue with moderation of internal entity types

Review your content moderation workflows to ensure they work as expected after the update.

For multilingual sites:

If you're using multilingual functionality, note the following fixes:

• Fixed issue where translated users could not be deleted
• Fixed issue with node counter not being updated for translations
• Fixed multilingual install on Drupal dev version for CLI utilities

For custom code using deprecated APIs:

Several deprecation messages have been fixed in this release. If your code was suppressing these warnings, you may now see them again. It's recommended to update your code to use the non-deprecated APIs.

Upgrade Recommendations

Recommendation Level: Standard Update

This is a maintenance release containing bug fixes and minor improvements with no known critical issues. It is recommended for all sites running Drupal 8.5.3 to upgrade to 8.5.4 to benefit from these fixes.

Who should upgrade immediately:

• Sites experiencing specific issues fixed in this release, particularly those related to:
  • Content moderation workflows
  • Entity references in views using revision tables
  • Multilingual functionality
  • Layout Builder functionality

Preparation before upgrading:

1. As with any Drupal update, create a complete backup of your site's files and database
2. Review the full list of changes to identify any that might affect your custom code
3. Test the update on a staging environment before applying to production
4. Clear caches after the update is complete

Special considerations:

• If you're using custom code that interacts with entity references, content moderation, or multilingual functionality, pay special attention to the changes in these areas
• If you've implemented workarounds for any of the bugs fixed in this release, you may need to remove those workarounds after updating

This update does not contain any database schema changes or major API changes, so the upgrade process should be straightforward for most sites.

Bug Fixes

Entity and Content Management

• Fixed issue where entity links weren't added to views using the revision table as a base
• Fixed weight form element behavior
• Fixed path to statistics.php when the path starts with index.php
• Fixed DefaultTableMapping not returning the revision table name for multi-valued base fields
• Fixed node type form alter setting new revision to false on subsequent saves
• Fixed issue with moderation state being set to default after entity is serialized
• Fixed circular entity references causing infinite loop in EntityReferenceItem::generateSampleValue()
• Fixed issue with scale and crop image effect editing in Large 3:2 image style

Content Moderation

• Fixed inability to order transitions if there are more than 20
• Fixed issue with content moderation module marked as stable producing failures in Workbench Moderation assets loading
• Fixed issue with moderation of internal entity types
• Added explicit test coverage for isDefaultRevisionPublished

Multilingual and Translation

• Fixed issue where translated users could not be deleted
• Fixed issue with node counter not being updated for translations
• Fixed multilingual install on Drupal dev version for CLI utilities

Layout Builder

• Fixed block visibility setting tab for Roles not showing
• Fixed issue where clicking 'Layout' on full view of a node takes you to the configuration for the 'default' view mode

Views

• Fixed views exposed raw input values for multivalue filter field
• Fixed views pagers including ajax metadata
• Fixed views argument validators not reflecting token replacement
• Fixed views result summary still rendering when there's no results

REST and URLs

• Fixed ContentTypeHeaderMatcher running for DELETE requests
• Fixed unrouted URLs not having overridden query or fragments
• Fixed ActiveLinkResponseFilter failing to set active link with query in non-alphabetical order

Other

• Fixed issue where downloaded translation files weren't replacing existing ones
• Fixed incorrect image URL using an image style returning a 403 instead of a 404
• Fixed menu link parent references when deleting nested links
• Fixed issue with #plain_text not rendering empty-like values (e.g. 0 and "0")
• Fixed issue with file uploads re-posting data

New Features

Layout Builder Improvements

• Added support for third-party settings in Layout Builder defaults
• Fixed exceptions thrown during Layout Builder preview
• Improved UI to match updated mockups

Migration Enhancements

• Added validation for file paths on Credential form
• Improved handling of entity references related to Drupal 6 and 7 node translations
• Enhanced documentation for migration plugins and processes

Umami Demo Theme Updates

• Added new article "Baking mishaps" to the demo content
• Added chili sauce recipe to the demo content
• Improved accessibility of links in the footer
• Fixed styling for border radius on hover state for Recipes banner

Security Updates

No major security fixes were explicitly mentioned in the release notes. However, the update includes several improvements that could indirectly enhance security:

1. Fixed issue with saving to the private tempstore that was starting a session for anonymous users, which could potentially lead to session-related vulnerabilities

2. Fixed issue with ContentTypeHeaderMatcher running for DELETE requests, improving REST API security

3. Fixed entity reference handling to prevent memory leaks and inconsistent entity references when serializing entity storages, which could potentially lead to security issues

4. Improved validation for file paths on Credential form, enhancing security of file handling

5. Fixed issue where downloaded translation files weren't replacing existing ones, ensuring proper file handling

Note that while these changes may have security implications, they were not specifically highlighted as security fixes in the release notes.

Performance Improvements

Entity System Optimizations

• Fixed issue with DefaultTableMapping not returning the revision table name for multi-valued base fields, which improves performance for entity operations involving revisions
• Fixed entity query nested conditions to use LEFT joins when any of the parent condition groups is using OR, improving query performance
• Fixed the ContentEntityBase entity key cache being purged incorrectly when two keys exist for one field, reducing unnecessary cache rebuilds

Browser and JavaScript Improvements

• Updated browser support to restrict build targets to IE11 and above, allowing for more modern JavaScript optimizations
• Added missing jquery.form.min.js.map file, improving developer tools experience

Session Handling

• Fixed issue with saving to the private tempstore starting a session for anonymous users, reducing unnecessary session creation and improving performance for anonymous visitors

Cache Handling

• Fixed FileAccessControlHandler cacheability metadata inaccuracy, improving cache effectiveness
• Improved entity reference handling to prevent memory leaks and inconsistent entity references when serializing entity storages

Impact Summary

Drupal 8.5.4 is a maintenance release that addresses numerous bugs and provides enhancements across various subsystems. The most significant improvements focus on entity handling, content moderation, multilingual support, and the Layout Builder.

For site administrators, this release improves stability with fixes for configuration management, content moderation workflows, and multilingual handling. The fixed issue with Config module uninstallation via Drush will be particularly helpful for those managing site configurations through command-line tools.

Developers will benefit from numerous documentation improvements, enhanced migration system capabilities, and fixes for entity reference handling. The improvements to test infrastructure, particularly for browser tests, will help with development workflows.

Content editors will experience better functionality in the Layout Builder, improved handling of content moderation states, and fixes for entity revisions and translations. The fixed weight form element behavior will improve content ordering capabilities.

End users will notice improved accessibility in the Umami demo theme, better handling of URLs and links, and fixed issues with image styles and responsive images.

Overall, while this release doesn't introduce major new features, it significantly improves stability, fixes numerous bugs, and enhances the developer and user experience across the platform. The focus on fixing issues with entity references, migrations, and multilingual functionality addresses some of the more complex areas of Drupal, making this an important update for maintaining site stability.