HomeContent Toolkit Logo

Content Toolkit

Home

>

Tools

>

Drupal

>

Releases

>

9.0.4

Drupal Release: 9.0.4

Tag Name: 9.0.4

Release Date: 9/2/2020

View Release
Drupal LogoDrupal

Highly flexible, open-source content management system known for complex, scalable web applications. Preferred by government, educational, and large enterprise websites requiring advanced customization and security features. Robust module ecosystem.

Open SourceDeveloper-FriendlyEnterprise

TL;DR

Drupal 9.0.4 is a maintenance release that addresses various bugs, improves accessibility, and enhances security. This update focuses on fixing issues with content moderation filters, comment handling, JSON:API functionality, and UI improvements. It's particularly important for sites using content moderation, comments, or the JSON:API module.

Highlight of the Release

    • Fixed content moderation state filter grouping issues
    • Resolved fatal errors when loading orphaned comments
    • Improved JSON:API filtering for resources with empty relationship objects
    • Enhanced accessibility for required fields in IE11 high contrast mode
    • Fixed Views UI tags autocomplete functionality

Migration Guide

No specific migration steps are required for this maintenance release. Drupal 9.0.4 contains bug fixes and minor improvements that don't require special migration procedures.

When upgrading from Drupal 9.0.3 to 9.0.4:

  1. Back up your database and files
  2. Put your site into maintenance mode
  3. Update your codebase to Drupal 9.0.4
  4. Run the database updates via the UI at /update.php or using Drush: drush updatedb
  5. Clear caches via the UI or using Drush: drush cache:rebuild
  6. Take your site out of maintenance mode

If you're using any of the specific modules or features mentioned in the bug fixes (especially Content Moderation, Comments, or JSON:API), test those functionalities after upgrading to ensure they work as expected.

Upgrade Recommendations

This is a recommended upgrade for all Drupal 9.0.x sites, especially those using:

  • Content Moderation
  • Comments functionality
  • JSON:API module
  • Sites with accessibility requirements, particularly for IE11 users

The release contains important bug fixes that address issues that could cause fatal errors (particularly with comments and libraries.yml files) and improves accessibility for users with high contrast needs.

Priority: Medium Timing: Regular maintenance cycle Effort: Standard update process

While there are no critical security fixes in this release, the improvements to error logging and access control for taxonomy terms have security implications that make this update worthwhile from a security perspective.

Bug Fixes

  • Content Moderation

    • Fixed an issue where content moderation state filter incorrectly grouped content type conditions (Issue #3112433)

  • Comments

    • Resolved fatal errors when loading/building orphaned comments (Issue #2614720)
    • Fixed RDF comment storage to not load NULL comments (Issue #2978320)

  • JSON:API

    • Fixed regression that made it impossible to filter for resources with an empty relationship object (Issue #3025372)
    • Updated PHPDoc links targeting JSON:API issues to point to Drupal core issues (Issue #3122113)

  • Views

    • Fixed Views UI tags to properly use autocomplete suggestions (Issue #3035732)
    • Corrected exposed term filters to not show term options that users don't have access to (Issue #3101738)

  • Media

    • Fixed oEmbed system to properly remove query strings from local thumbnail filenames (Issue #3071760)

  • User Interface

    • Fixed hidden buttons in off-canvas dialog not being properly hidden (Issue #3070375)
    • Resolved exception thrown when changing "Site language" setting of a translated user account (Issue #3005641)

  • System

    • Fixed empty *.libraries.yml files causing fatal errors (Issue #3167036)
    • Corrected typo in DeprecatedServicePropertyTrait (Issue #3163703)
    • Fixed unused variable $id in field module's BulkDeleteTest.php (Issue #3163687)

  • Documentation

    • Corrected reference to RFC5424 severity levels (Issue #3164678)
    • Fixed documentation for Image::scaleDimensions() that referenced a non-implemented function (Issue #3166645)
    • Corrected DrupalCoreRenderElementEmail documentation (Issue #3167196)

  • Testing

    • Changed static queries to dynamic queries in core module tests (Issue #3160267)
    • Corrected latest revision for node 1 in drupal6 test fixture (Issue #3116841)
    • Fixed more uses of public static $modules (Issue #3164721)

New Features

No significant new features were added in this maintenance release. Drupal 9.0.4 focuses primarily on bug fixes, accessibility improvements, and security enhancements to the existing codebase.

Security Updates

  • Error Logging

    • ExceptionLoggingSubscriber no longer logs backtrace strings on access denied exceptions (Issue #3167390), reducing exposure of potentially sensitive information in logs

  • Access Control

    • Fixed exposed term filters to not show term options that users don't have access to (Issue #3101738), ensuring proper access control for taxonomy terms

While not explicitly labeled as security fixes, these changes address potential information disclosure and access control issues that could have security implications.

Performance Improvements

This release doesn't include significant performance improvements as its primary focus is on bug fixes and security enhancements. However, some of the fixes, particularly those related to query handling and error logging, may indirectly improve performance in specific scenarios:

  • The fix for exposed term filters (Issue #3101738) may improve performance by not loading term options that users don't have access to
  • Improved error handling for access denied exceptions (Issue #3167390) reduces unnecessary logging of backtrace information
  • Converting static queries to dynamic queries in tests (Issue #3160267) follows best practices that could lead to better performance in testing environments

Impact Summary

Drupal 9.0.4 is a maintenance release that addresses numerous bugs and improves the stability of Drupal 9. The most significant impacts are:

  1. Improved Stability: Several fixes for issues that could cause fatal errors, particularly with comments and empty libraries.yml files.

  2. Better Accessibility: Required fields are now properly identifiable in IE11 high contrast mode, and hidden buttons in off-canvas dialogs work correctly.

  3. Enhanced Content Moderation: Fixed filtering issues that affected content moderation state filters.

  4. Improved JSON:API Functionality: Fixed regression that prevented filtering resources with empty relationship objects.

  5. Better User Experience: Views UI tags now properly use autocomplete suggestions, and exposed term filters correctly respect user access permissions.

  6. Reduced Security Risks: Improved error logging for access denied exceptions to prevent potential information disclosure.

This release demonstrates Drupal's commitment to maintaining a stable, secure, and accessible platform. While it doesn't introduce new features, it strengthens the foundation of Drupal 9 by addressing various edge cases and improving existing functionality.

Statistics:

File Changed162
Line Additions1,462
Line Deletions475
Line Changes1,937
Total Commits30

User Affected:

  • Improved content moderation state filtering
  • Fixed issues with comment handling that previously caused fatal errors
  • Better error logging for access denied exceptions

Contributors:

xjmalexpottlarowlanlauriii