Drupal Release: 8.6.0-beta2

TL;DR

Drupal 8.6.0-beta2 is a security-focused update that includes a critical security fix (SA-CORE-2018-005) and addresses two minor issues related to entity testing and code cleanup. This beta release is an important security update for anyone testing Drupal 8.6.x beta versions.

Highlight of the Release

• Critical security fix (SA-CORE-2018-005) addressing a vulnerability in Drupal core
• Fixed incorrect assumptions in entity testing code
• Code cleanup in path.module removing unused imports

Migration Guide

No specific migration steps are required for this beta release. This is an update within the beta cycle of Drupal 8.6.x and does not introduce any breaking changes that would require migration efforts.

Upgrade Recommendations

Immediate Update Recommended

If you are running Drupal 8.6.0-beta1 in any environment, an immediate update to 8.6.0-beta2 is strongly recommended due to the critical security fix included in this release.

For production sites, it's generally recommended to wait for stable releases rather than running beta versions. If you're not currently testing Drupal 8.6.x beta versions, this update doesn't affect you directly.

The update process follows standard Drupal update procedures:

1. Back up your site and database
2. Put the site in maintenance mode
3. Update the codebase to 8.6.0-beta2
4. Run update.php
5. Take the site out of maintenance mode

Bug Fixes

Entity Testing Fix

Fixed an issue in EntityUpdateToRevisionableAndPublishableTest where the test incorrectly assumed that entities should be converted to revisionable and publishable in a single step. This addresses issue #2982759.

Code Cleanup

Removed unused imports in path.module, addressing issue #2989950. This helps maintain code quality and reduces potential confusion for developers working with this module.

New Features

No new features were added in this beta release. This is primarily a security and bug fix release focusing on addressing critical issues before the stable 8.6.0 release.

Security Updates

Critical Security Fix: SA-CORE-2018-005

This release includes a critical security fix identified as SA-CORE-2018-005. The security advisory was contributed by multiple community members including MichaelCu, mwop, Wim Leers, bkosborne, cashwilliams, moshe weitzman, mlhess, xjm, larowlan, Jibran, and DamienMcKenna.

While specific details about the vulnerability are not provided in the commit message (as is common practice for security issues), this appears to be a significant security fix that warranted immediate attention and inclusion in this beta release.

Performance Improvements

No specific performance improvements were included in this beta release. The focus was on security fixes and bug corrections.

Impact Summary

Drupal 8.6.0-beta2 is primarily a security-focused release that addresses a critical vulnerability through SA-CORE-2018-005. While details of the security issue are not explicitly stated in the commit messages (following security best practices), the involvement of numerous core contributors suggests this is an important security fix.

The release also includes two minor fixes: one addressing incorrect assumptions in entity testing code and another cleaning up unused imports in the path module. These changes improve code quality but have minimal impact on end users.

This beta release is part of the normal development cycle leading up to Drupal 8.6.0 stable and contains a total of 379 changes across 7 files, with 137 additions and 242 deletions. The primary impact is on security, making this an essential update for anyone running the previous beta version.