Drupal Release: 9.1.8

TL;DR

Drupal 9.1.8 is a maintenance release that includes numerous bug fixes, coding standard improvements, and security updates to dependencies. This release focuses on enhancing entity query access checks, fixing coding standards compliance, improving documentation, and addressing various UI and accessibility issues. It also updates several third-party libraries to address security vulnerabilities and ensure better compatibility.

Highlight of the Release

• Fixed entity query access checks in multiple components including aggregator, comments, and inline blocks
• Improved email formatting to prevent triggering spam filters
• Fixed HTML validation issues with hreflang attributes on span and button elements
• Updated several third-party libraries including Underscore.js to address security vulnerabilities
• Enhanced documentation for migration plugins and key concepts

Migration Guide

No migration steps are required for this maintenance release. This is a standard bug fix release that should not impact existing functionality or require special migration procedures.

When upgrading from Drupal 9.1.7 to 9.1.8:

1. Back up your database and site files
2. Update your codebase to use Drupal 9.1.8
3. Run the database updates via the admin interface or using Drush:

   drush updatedb
   

4. Clear caches:

   drush cache:rebuild
   

No additional migration steps are necessary for this release.

Upgrade Recommendations

This is a maintenance release containing bug fixes and security updates to dependencies. It is recommended that all sites running Drupal 9.1.x upgrade to this version to benefit from these improvements.

Priority: Medium

While this release doesn't contain critical security fixes to Drupal core itself, it does include important updates to third-party libraries that address security vulnerabilities. Additionally, the bug fixes improve stability and address several UI and accessibility issues.

Sites currently running Drupal 9.1.7 should upgrade to 9.1.8 at their earliest convenience during a regular maintenance window. The upgrade process should be straightforward with minimal risk of disruption.

Bug Fixes

Entity Query Access Checks

• Fixed entity query access checks in aggregator module
• Fixed access checks in comment_user_predelete() function
• Fixed access checks in InlineBlockEntityOperations

UI and Accessibility Improvements

• Fixed issue where logout option was incorrectly displayed for anonymous users
• Fixed HTML validation errors with hreflang attributes on span and button elements
• Fixed issue where wrappers were removed when adding HTML textfields or textareas using replacement patterns
• Improved configuration translation interface with better feedback messages when no changes are made
• Fixed inaccurate summaries in the RequestPath condition plugin
• Fixed issue where entity types with string IDs were exposed as target options when creating comment types

Email and Text Processing

• Fixed use of strtoupper for URLs in MailFormatHelper::htmlToText() which was triggering spam filters

Caching and Performance

• Prevented unnecessary preloading of routes generated by JSON:API
• Fixed render caching in DisplayPluginInterface::buildRenderable when arguments are provided
• Added system.css_js_query_string setting during installation for proper cache busting

Theme Issues

• Fixed reference to non-existing CSS file in Umami theme

Other Fixes

• Fixed missing use statement in DatabaseStorage class
• Fixed mismatched sprintf calls
• Ensured core themes are added to the test autoloader
• Fixed random errors in JavaScript testing

New Features

No significant new features were introduced in this maintenance release. This update primarily focuses on bug fixes, coding standard improvements, and security updates to dependencies.

Security Updates

• Updated Underscore.js to version 1.13.1 to address security vulnerabilities
• Updated Nightwatch and locked dev dependencies to address security issues
• Updated composer/composer dev dependency in metapackages to version 2.0.13
• Updated caniuse-lite as it was outdated
• Updated Drupal 9 branches to the latest patch releases of Symfony components

Note: While these updates address security issues in dependencies, there are no direct security fixes to Drupal core functionality in this release.

Performance Improvements

Performance Enhancements

• Reduced unnecessary work in FieldHelpTest for better test performance
• Prevented preloading of routes generated by JSON:API, reducing memory usage
• Improved entity query access checks to avoid redundant operations
• Set system.css_js_query_string during installation for proper cache busting and improved frontend performance
• Fixed render caching in DisplayPluginInterface::buildRenderable when arguments are provided, ensuring proper cache utilization

Impact Summary

Drupal 9.1.8 is a maintenance release that focuses on bug fixes, coding standard improvements, and security updates to dependencies. The impact is primarily positive, addressing various issues that improve stability, security, and user experience.

Key impacts include:

1. Improved Security: Updates to third-party libraries address security vulnerabilities, enhancing overall site security.

2. Better User Experience: Fixes to UI elements like the logout option for anonymous users and configuration translation feedback improve the administrative experience.

3. Enhanced Accessibility: Corrections to HTML validation errors with hreflang attributes and proper handling of HTML in text fields improve accessibility compliance.

4. Performance Optimizations: Reduced unnecessary work in various components and improved caching mechanisms enhance overall performance.

5. Developer Experience: Better documentation for migration plugins and fixes to coding standards improve the developer experience.

6. Email Deliverability: Fixed email formatting issues that could trigger spam filters, improving communication reliability.

This release represents an incremental improvement to the Drupal 9.1.x branch with no breaking changes, making it a safe and recommended upgrade for all Drupal 9.1.x sites.