Drupal Release: 8.9.7

TL;DR

Drupal 8.9.7 is a maintenance and security release that includes numerous bug fixes, performance improvements, and minor enhancements. This release addresses issues with media library access checks, oEmbed functionality, migration tools, and PHP 8.0 compatibility. It also includes fixes for taxonomy term handling, entity reference autocomplete, and comment loading. This update is important for sites using media libraries, migrations, or planning to upgrade to PHP 8.0.

Highlight of the Release

• Fixed media library access checks for entity revisions
• Improved oEmbed system to properly handle query strings in thumbnail filenames
• Added PHP 8.0 compatibility fixes
• Fixed fatal errors when loading orphaned comments
• Enhanced migration tools with better error reporting and exception handling
• Improved file size validation error messages

Migration Guide

No significant migration steps are required for this maintenance release. This is a standard bug fix release that should not require special migration procedures beyond the normal update process:

1. Back up your database and site files
2. Put your site into maintenance mode
3. Update Drupal core codebase
4. Run the update script by navigating to /update.php
5. Take your site out of maintenance mode

If you are using any of the specific features that received fixes (such as media library, migrations, or entity references), you may want to test those features after updating to ensure they work as expected with your site configuration.

Upgrade Recommendations

This is a maintenance and security release that includes important bug fixes and compatibility improvements. It is recommended for all Drupal 8.9.x sites to upgrade to 8.9.7, especially if you are:

• Using the media library functionality
• Running migration processes
• Experiencing issues with comment loading
• Planning to upgrade to PHP 8.0 in the future
• Using oEmbed functionality

The update contains no known breaking changes and follows standard Drupal maintenance release practices. As always, it's recommended to test the update on a staging environment before applying it to your production site.

Bug Fixes

Media and File Handling

• Fixed oEmbed system to properly remove query strings from local thumbnail filenames
• Improved file size validation error messages to include the filename
• Fixed media library access checks for entity revisions

Migration and Upgrade

• Fixed redirect handling for admin/reports/upgrade to properly handle view arguments
• Improved error reporting in migration tools with file and line details for caught exceptions
• Fixed issues with taxonomy term migration

Entity and Field Handling

• Fixed EntityReferenceAutocompleteWidget::getAutocreateBundle() to no longer unnecessarily require the 'target_bundles' setting
• Fixed fatal errors when loading/building orphaned comments
• Fixed DateTimePlus to pass correct parameter types to checkdate()

PHP 8.0 Compatibility

• Fixed CKEditorPluginManager::getEnabledButtons to prevent warnings on PHP 8.0.0 beta3

Other Fixes

• Fixed Unicode::mimeHeaderDecode() to properly support lowercased encoding
• Fixed confusing description for prefix form element in migration UI
• Fixed oEmbed validator to use the urlResolver to get the resource URL
• Fixed various code issues including unused variables and typos

New Features

Enhanced Migration Tools

• Added file and line details to migrate messages from caught exceptions, making debugging easier
• Improved handling of link fields during migration, now properly handling empty, <nolink> and <none> values
• Added support for taxonomy_term_reference_plain and taxonomy_term_reference_rss_category to TaxonomyTermReference

Media Library Improvements

• Fixed media library upload forms to allow proper overriding
• Added proper access checks against the revision of the entity being edited

Security Updates

This release includes security fixes from SA-CORE-2020-011 followup, with code cleanup and standards improvements in the related test code. While specific details of security fixes are not fully disclosed in the commit messages, the inclusion of security-related commits indicates that this release addresses previously identified security vulnerabilities.

Performance Improvements

Query Optimization

• Improved SQL query handling by fixing SQLBase::mapjoinable to properly support SQLite
• Enhanced taxonomy term queries by not adding term_access tag when SQL rewriting is off, which can improve performance in certain scenarios

Code Cleanup

• Removed unused variables in several files
• Fixed CSS comments in variables.pcss.css that were creating unnecessary noise in compiled CSS
• Disabled csslint testing in core to streamline development processes

Impact Summary

Drupal 8.9.7 is primarily a bug fix and maintenance release that addresses several important issues across different areas of the CMS. The most significant impacts are:

1. Media Library Improvements: Fixed access checks for entity revisions and improved upload form handling, which enhances security and flexibility for sites using media libraries.

2. Migration Tool Enhancements: Several fixes and improvements to migration tools make the migration process more reliable and provide better error reporting, benefiting sites undergoing migrations.

3. PHP 8.0 Compatibility: This release includes fixes that prepare Drupal for PHP 8.0, helping sites plan for future PHP version upgrades.

4. Comment System Stability: Fixed critical issues with orphaned comments that were causing fatal errors, improving overall site stability.

5. oEmbed Handling: Improved thumbnail handling and URL resolution in the oEmbed system, which affects sites embedding external content.

These changes collectively improve the stability, security, and performance of Drupal 8.9.x sites without introducing breaking changes, making this an important but low-risk update for most sites.