Drupal Release: 8.8.7

TL;DR

Drupal 8.8.7 is a maintenance and security release that addresses several critical bugs and includes important security updates. This release fixes issues with bulk node deletion, update manager functionality, localStorage quota problems in the off-canvas dialog, and improves compatibility with PHPUnit. It also includes numerous documentation improvements, code cleanup, and test enhancements to ensure better stability and maintainability. This update is recommended for all Drupal 8.8.x sites to ensure security and stability.

Highlight of the Release

• Fixed error when bulk deleting already deleted nodes
• Fixed off-canvas dialog filling up localStorage quota causing errors
• Improved update manager functionality with better security release recommendations
• Added forwards-compatibility shims for PHPUnit 6 & 7
• Fixed issues with sites having missing schema information that prevented updates to 8.8.3+

Migration Guide

This is a maintenance release that primarily includes bug fixes and improvements. There are no specific migration steps required when updating from Drupal 8.8.6 to 8.8.7.

To update to Drupal 8.8.7:

1. Back up your site's files and database
2. Update your codebase to Drupal 8.8.7 using Composer:

   composer update drupal/core-recommended --with-dependencies
   

   Or if you're not using Composer, download the release and follow the manual update instructions.
3. Run the database updates:

   drush updatedb
   

   Or visit /update.php in your browser
4. Clear caches:

   drush cache:rebuild
   

   Or visit the Performance page in the admin interface

If you encounter any issues with the update, particularly related to schema information or views configuration, refer to the specific bug fixes mentioned in this release for troubleshooting guidance.

Upgrade Recommendations

Recommendation Level: High

This release contains important bug fixes and security updates that address several critical issues. All sites running Drupal 8.8.x should upgrade to this version as soon as possible.

The update is particularly important for:

• Sites that use bulk operations for content management
• Sites that have experienced issues with the off-canvas dialog
• Sites that have had problems with update manager recommendations
• Sites that have encountered issues with schema information during updates
• Sites that use views with potentially invalid configurations

This is a maintenance release with minimal risk of introducing new issues. The fixes included address specific bugs without making significant architectural changes, making this a safe update for most sites.

For sites still on earlier versions of Drupal 8, consider updating to the latest version of Drupal 8.9 or Drupal 9 if possible, as Drupal 8 will reach end-of-life in November 2021.

Bug Fixes

• Bulk Node Deletion: Fixed error when trying to bulk delete already deleted nodes (Issue #3030989)

• Off-canvas Dialog: Fixed issue with off-canvas dialog filling up localStorage's quota, causing errors (Issue #3070745)

• Update Manager:

  • Fixed incorrect recommendations for security releases for old minors when a secure version is available (Issue #2992631)
  • Fixed PHP warning in template_preprocess_update_report() due to invalid argument supplied for foreach (Issue #3002820)

• Schema and Updates:

  • Fixed issue where sites with missing schema information couldn't update to 8.8.3+ (Issue #3120910)
  • Fixed issue where views_update_8500() incorrectly inlined configuration changes (Issue #2989745)
  • Fixed issue with invalid system.schema key_value entry causing fatal errors when updating to 8.8.5 (Issue #3136668)
  • Fixed update failures when views have invalid configuration when updating from 8.7.10 to 8.8.0 (Issue #3100712)

• Statistics Module: Fixed duplicate timestamp placeholder in statistics query (Issue #3128761)

• Media Library: Fixed duplicate paragraph in Media Library help text (Issue #3099528)

• oEmbed: Fixed failing tests involving oEmbed (Issue #3130427)

• Dependency Checks: Fixed dependency compatibility check in system that didn't verify if version was defined (Issue #3133604, later reverted)

New Features

This release primarily focuses on bug fixes and improvements rather than introducing new features. However, it does include several enhancements to existing functionality:

• Added forwards-compatibility shims for PHPUnit 6 & 7, including:

  • assertEqualsCanonicalizing()
  • assertString(Not)ContainsString()
  • assertInternalType() replacements

• Improved documentation across multiple areas of the codebase, making it easier for developers to understand and work with Drupal's APIs.

• Enhanced error handling for sites with missing schema information, preventing issues during updates.

Security Updates

• Dependencies Update: Updated symfony/http-foundation to 3.4.35, which is a security release addressing potential vulnerabilities (Issue #3143722)

• Yarn Dependencies: Updated yarn dependencies to fix security issues (Issue #3118741)

• While not explicitly labeled as security fixes, several bug fixes in this release address potential issues that could impact site security and stability:

  • Fixed issues with the update manager that could lead to incorrect security recommendations
  • Improved handling of schema information and updates
  • Fixed localStorage quota issues in off-canvas dialog

Performance Improvements

• Off-canvas Dialog: Fixed issue with off-canvas dialog filling up localStorage's quota, which not only caused errors but also improved performance by preventing excessive storage usage (Issue #3070745)

• Test Performance: Several improvements to test performance and reliability:

  • Removed unnecessary extension of PageCacheTagsTestBase in UserPasswordResetTest (Issue #2978398)
  • Improved test efficiency by converting some functional tests to kernel tests (Issue #3134333)
  • Removed transform rule from css_disable_transitions_test for better performance (Issue #3082602)

• Code Optimization: Various code optimizations and cleanup that indirectly improve performance:

  • Removed duplicate if statements in MenuLinkContent.php (later reverted)
  • Fixed comparison of string to blob in CommentIntegrationTest (Issue #3134475)
  • Improved handling of schema information and updates

Impact Summary

Drupal 8.8.7 is a maintenance release that addresses several important bugs and includes security updates. The most significant fixes include resolving errors when bulk deleting already deleted nodes, preventing off-canvas dialogs from filling up localStorage quota, improving update manager functionality, and fixing issues with sites having missing schema information that prevented updates.

This release also includes numerous documentation improvements and code cleanup, making the codebase more maintainable and developer-friendly. The addition of forwards-compatibility shims for PHPUnit 6 & 7 improves testing capabilities and prepares for future updates.

For site administrators, this update resolves several frustrating issues that could impact day-to-day operations, particularly around content management and system updates. Developers will benefit from improved documentation and more reliable testing tools. The security updates to dependencies help maintain the overall security posture of Drupal sites.

Overall, this is a recommended update for all Drupal 8.8.x sites to ensure continued stability, security, and compatibility with development tools.