Drupal Release: 9.0.0-beta1

TL;DR

Drupal 9.0.0-beta1: Preparing for a Modern Future

Drupal 9.0.0-beta1 marks a significant milestone in Drupal's evolution, focusing on modernizing the codebase and preparing for future compatibility. This release raises minimum requirements for database systems (MySQL 5.7.8+, MariaDB 10.3.7+, PostgreSQL 10+, SQLite 3.26+), updates third-party dependencies for Symfony 5 and Twig 3 compatibility, and introduces important architectural improvements. While removing experimental modules and deprecated code, it maintains API compatibility with Drupal 8 while setting the foundation for a cleaner, more maintainable Drupal 9.

Highlight of the Release

• Raised minimum database requirements: MySQL 5.7.8+, MariaDB 10.3.7+, PostgreSQL 10+, SQLite 3.26+
• Updated minimum Apache version requirement to 2.4.7+
• Added ability for themes to declare dependencies on modules
• Replaced jQuery.cookie with JS-cookie and provided a backward compatibility layer
• Created new Drupal 9 stable theme and decoupled theme assets from Stable
• Added support for button tags in LinkGenerator for better accessibility
• Fixed critical security vulnerability (SA-CORE-2020-001)
• Improved configuration synchronization when both enabling and configuring modules
• Updated normalize.css to the most recent version

Migration Guide

Database Requirements

• MySQL/MariaDB: Upgrade to MySQL 5.7.8+ or MariaDB 10.3.7+ before migrating to Drupal 9.
• PostgreSQL: Ensure you're running PostgreSQL 10+ with the pg_trgm extension enabled.
• SQLite: Update to SQLite 3.26+ if you're using SQLite as your database.
• Apache: Verify your Apache version is 2.4.7+ if you're using Apache as your web server.

Deprecated Code

• Theme Functions: Update any custom code that relies on deprecated theme functions, as these now trigger errors. Replace with Twig templates or render arrays.
• jQuery.cookie: If your custom code uses jQuery.cookie, update to use the new JS-cookie library or rely on the provided backward compatibility layer.

Experimental Modules

• Migrate Multilingual: The Drupal Migrate Multilingual module has been hidden and disabled. If you were using this experimental module, you'll need to find alternative solutions.
• Other Experimental Modules: Several experimental modules have been removed prior to beta1. Review your site's modules and ensure you're not depending on any removed experimental functionality.

Theme System

• Theme Dependencies: If your custom themes need specific modules to function properly, update your theme's info.yml file to declare these dependencies using the new theme dependency feature.
• Stable Theme: If your theme was based on or extending the Stable theme, review the changes in the new Drupal 9 stable theme and update accordingly.

Configuration Management

• Post-Update Hooks: If you've implemented custom post-update hooks, review the new hook_removed_post_updates() functionality to ensure proper management of these hooks.
• Profile Configuration: If you're using installation profiles with module configuration dependencies, review the new capability for profile configuration to depend on optional module configuration.

Upgrade Recommendations

Preparation Before Upgrading

• Environment Assessment: Verify your server environment meets all new minimum requirements:
  • MySQL 5.7.8+ or MariaDB 10.3.7+
  • PostgreSQL 10+ with pg_trgm extension
  • SQLite 3.26+ (if applicable)
  • Apache 2.4.7+ (if using Apache)
• Dependency Audit: Review your site's modules and themes for compatibility with Drupal 9. Use the Upgrade Status module to identify potential issues.
• Custom Code Review: Scan custom modules and themes for deprecated code usage that may need updating.
• Database Backup: Create a complete backup of your database before attempting the upgrade.

Recommended Upgrade Path

• For Drupal 8 Sites:

  1. Update to the latest Drupal 8.9.x release
  2. Remove any deprecated code usage identified by Upgrade Status
  3. Update contributed modules to Drupal 9-compatible versions
  4. Then upgrade to Drupal 9.0.0-beta1

• For New Sites:

  • If starting a new project, consider waiting for the stable release of Drupal 9.0.0 unless you specifically need to test with the beta.

Post-Upgrade Actions

• Test Thoroughly: After upgrading, test all critical site functionality, especially custom features.
• Update Status Check: Run the update status report to ensure all modules are compatible and functioning.
• Performance Review: Monitor site performance after the upgrade to identify any potential issues.

Urgency Assessment

• Beta Status: As this is a beta release, it's not recommended for production sites unless you have specific testing needs.
• Security Considerations: While this release includes security fixes, production sites should generally wait for the stable release unless specifically advised by security teams.

Bug Fixes

Critical Issues

• Security Fix: Addressed critical security vulnerability with SA-CORE-2020-001.
• Cache Pollution: Fixed an issue where Drupal 8.8.1+ and 9 could fail to install in web browsers due to cache pollution.
• Update Manager Errors: Resolved issues where the Update manager would throw errors and become confused about site update status if any extension had missing or invalid version information.

Database and Installation

• PostgreSQL Compatibility: Fixed Drupal\KernelTests\Core\Database\SelectTest failures on PostgreSQL 10.
• MariaDB Compatibility: Addressed test failures with MariaDB 10.2.7 that didn't occur with 10.3.22.
• Configuration Synchronization: Fixed an issue where configuration synchronization that both enables and configures a module would fail.

Testing Framework

• PHPUnit 8 Compatibility: Added workarounds for PHPUnit 8 warnings and fixed compatibility issues with setUp() method.
• Test Duplication: Fixed RegistryTest and RegistryLegacyTest defining the same class by using mock instead.
• Test Fixtures: Fixed UpdatePathTestBase calling setDatabaseDumpFiles twice, resulting in duplicate fixtures.
• Behat/Mink Dependencies: Pinned behat/mink and behat/mink-selenium2-driver to use resolvable releases.

Documentation and Code Quality

• Documentation Corrections: Fixed incorrect documentation in various classes including BanIpManager, Crypt::randomBytesBase64(), and FieldDefinition::setDisplayOptions().
• Code Comment Updates: Updated @todo comments to point to better issues and fixed typos in test doc comments.

New Features

Theme System Improvements

• Theme-Module Dependencies: Themes can now declare dependencies on modules, allowing for more integrated functionality between themes and the modules they rely on.
• New Drupal 9 Stable Theme: Created a dedicated stable theme for Drupal 9, providing a solid foundation for theme development.
• Theme Asset Decoupling: Decoupled theme assets from the Stable theme, making the theming system more flexible and maintainable.

Developer Experience Enhancements

• Button Tags in LinkGenerator: Added support for button tags in LinkGenerator, improving accessibility options.
• JS-Cookie Implementation: Replaced jQuery.cookie with JS-cookie and provided a backward compatibility layer for smoother transitions.
• Post-Update Hooks Management: Added hook_removed_post_updates() to better manage post-update hooks and prevent sites from entering unrecoverable states.
• Database Handling Improvements: Made database reserved keywords properly quoted as per ANSI standards, improving database compatibility.
• Custom Database Drivers: Enhanced support for custom database drivers to extend and share names with core drivers.

Configuration Management

• Profile Configuration Dependencies: Profile configuration can now depend on optional configuration provided by modules, allowing for more flexible installation profiles.
• Improved Configuration Synchronization: Fixed issues with configuration synchronization that both enables and configures a module.

Security Updates

Core Security Update

• SA-CORE-2020-001: Implemented critical security fix SA-CORE-2020-001. This security advisory was cherry-picked from commit ee9a37e3c5afc7b17cb324bd165d93034e9f4129. While specific details about the vulnerability are not provided in the commit messages (as is standard practice for security fixes), this represents an important security improvement that all users should apply.

System Hardening

• Database Security: Improved database security by properly quoting reserved keywords according to ANSI standards, which helps prevent SQL injection vulnerabilities.
• Dependency Updates: Updated various dependencies to more secure versions, reducing potential security risks from outdated libraries.

Performance Improvements

Book Module Optimization

• Book Navigation Performance: Improved the performance of BookManager::buildItems() by eliminating unnecessary node loading, which was causing slowdowns in book navigation.

Database Optimizations

• Database Query Handling: Enhanced database query handling with proper quoting of reserved keywords according to ANSI standards, which can improve query performance and reliability.
• Database Driver Extensions: Improved the architecture for database drivers, allowing custom drivers to extend core drivers while maintaining the same name, which can lead to better performance through specialized optimizations.

Cache Management

• Cache Pollution Prevention: Fixed cache pollution issues that were affecting installation performance and reliability, particularly in web-based installations.
• Entity Storage Optimization: Removed null defaults for memory cache in entity storage handler constructors, streamlining the entity storage system.

Impact Summary

Drupal 9.0.0-beta1 represents a significant milestone in Drupal's evolution, focusing on modernizing the platform's foundation while maintaining API compatibility with Drupal 8. This release is primarily about "under the hood" improvements rather than new user-facing features.

The most immediate impact is on system requirements, with raised minimum versions for all supported databases (MySQL 5.7.8+, MariaDB 10.3.7+, PostgreSQL 10+, SQLite 3.26+) and Apache (2.4.7+). These changes ensure Drupal 9 can leverage modern database features and security improvements while removing the need to support legacy systems.

For developers, this beta introduces important architectural improvements including Symfony 5 and Twig 3 compatibility, proper handling of database reserved keywords, and the ability for themes to declare module dependencies. The removal of deprecated code and experimental modules helps clean up the codebase but may require adjustments for sites using these features.

Site builders will benefit from more reliable configuration management, particularly when synchronizing configurations that both enable and configure modules. The improved update manager now handles extensions with missing or invalid version information more gracefully, preventing confusing error states.

From a security perspective, this release includes an important fix (SA-CORE-2020-001) and strengthens the platform through dependency updates and improved database handling.

Overall, Drupal 9.0.0-beta1 delivers on its promise of providing a cleaner, more modern foundation while maintaining a smooth upgrade path from Drupal 8. The focus on removing technical debt and improving compatibility with modern PHP libraries positions Drupal well for future innovation while preserving the stability that organizations depend on.