Drupal Release: 9.3.0-beta2

TL;DR

Drupal 9.3.0-beta2: Symfony 5.4 Upgrade & PHP 8.1 Compatibility

This beta release focuses on preparing Drupal 9.3 for Symfony 6 compatibility by updating to Symfony 5.4 components. It also includes important PHP 8.1 compatibility fixes, security improvements, and code modernization. Key changes include replacing outdated PHP constructs with modern syntax, fixing test failures with Symfony 5, and addressing a security vulnerability (SA-CORE-2021-011). This release is primarily important for developers and site maintainers planning to use newer PHP versions or preparing for future Drupal upgrades.

Highlight of the Release

• Updated to Symfony 5.4 components to prepare for future Symfony 6 compatibility
• Fixed PHP 8.1 compatibility issues, particularly in HTMLRestrictionsUtilities
• Addressed security vulnerability with SA-CORE-2021-011
• Modernized PHP code by replacing isset() with null coalescing operators
• Updated array destructuring syntax for better compatibility
• Fixed CKEditor 5 filter validation order

Migration Guide

PHP Syntax Updates

If you maintain custom modules or themes, consider updating your code to use:

• Null Coalescing Operator: Replace isset($var) ? $var : $default with $var ?? $default
• Modern Array Destructuring: Update list($a, $b) = $array to [$a, $b] = $array

Symfony 5.4 Compatibility

If your custom code interacts directly with Symfony components, review the Symfony 5.4 changelog for any potential breaking changes.

PHP 8.1 Preparation

If you plan to use PHP 8.1 with Drupal 9.3, test your site thoroughly as this version includes initial compatibility fixes but may not address all potential issues.

Upgrade Recommendations

For Production Sites

• Wait for Final Release: As this is a beta release (9.3.0-beta2), it's recommended to wait for the final 9.3.0 release before upgrading production sites.
• Security Update: If you're currently on Drupal 9.2.x or earlier and concerned about the security issue fixed in SA-CORE-2021-011, consider applying the security patch to your current version instead of upgrading to this beta.

For Development/Testing Sites

• Test Upgrade Path: This beta provides a good opportunity to test the upgrade path from Drupal 9.2.x to 9.3.x.
• PHP 8.1 Testing: If you plan to use PHP 8.1, this beta includes important compatibility fixes that should be tested.
• Module Compatibility: Test your custom and contributed modules with this beta to identify any compatibility issues before the final release.

Preparation Steps

1. Create a complete backup of your site
2. Update to the latest Drupal 9.2.x release first
3. Test the upgrade in a development environment
4. Check for deprecated code in custom modules
5. Review the change records for Drupal 9.3.x

Bug Fixes

Test Framework Fixes

• JsonAPI Test Fixes: Resolved failures in Drupal\Tests\jsonapi\Functional\JsonApiFunctionalTest when running with Symfony 5.
• File Item Validation Test: Fixed Drupal\Tests\file\Kernel\FileItemValidationTest failures with Symfony 5.
• Views Argument Default Test: Resolved failures in Drupal\Tests\views\Unit\Plugin\argument_default\QueryParameterTest for Symfony 5.4.
• ResourceObjectNormalizerCacher Test: Fixed failures in Drupal\Tests\jsonapi\Kernel\EventSubscriber\ResourceObjectNormalizerCacherTest with Symfony 5.

CKEditor 5 Fixes

• Filter Validation Order: Fixed an issue where CKEditor 5 wasn't validating filters in the correct order, causing tests to fail locally.

PHP 8.1 Compatibility

• HTMLRestrictionsUtilities Fix: Resolved deprecation notices in HTMLRestrictionsUtilities::providedElementsAttributes() when running on PHP 8.1.

Other Fixes

• BlockRepository Fix: Addressed issue where BlockRepository::contextHandler was being created dynamically, which could lead to potential problems.

New Features

Code Modernization

• PHP Syntax Improvements: Replaced all isset() constructs with the null coalescing operator (??), making the code more concise and readable.
• Array Destructuring Updates: Replaced all list (array destructuring) assignments with the modern array syntax for better compatibility and readability.

Documentation Improvements

• Updated API Documentation: Enhanced the core/USAGE.TXT file to provide more comprehensive information about Drupal's API beyond just hooks and functions.

Symfony 5.4 Integration

• Component Updates: Updated all Symfony 5 components to version 5.4, preparing the codebase for future Symfony 6 compatibility.

Security Updates

Security Advisory Implementation

• SA-CORE-2021-011: This beta includes an important security fix identified in SA-CORE-2021-011. The security advisory was contributed by jbogdanski, Wim Leers, xjm, greggles, lauriii, and tedbow.

Note: As per standard security practices, detailed information about the vulnerability is not disclosed in the release notes to protect sites that have not yet been updated.

Performance Improvements

Code Optimization

• Modern PHP Syntax: The replacement of isset() constructs with null coalescing operators and updating array destructuring syntax contributes to more efficient code execution.

• Test Improvements: Various test fixes and improvements help ensure better performance during development and testing workflows.

Impact Summary

Drupal 9.3.0-beta2 represents an important step toward better compatibility with modern PHP features and future Symfony versions. The update to Symfony 5.4 components paves the way for eventual Symfony 6 compatibility, while PHP syntax modernization improves code quality and maintainability.

The security fix (SA-CORE-2021-011) addresses a vulnerability that should be applied to all Drupal sites. PHP 8.1 compatibility improvements help early adopters of the newest PHP version, though more work may be needed for full compatibility.

For developers, this release signals the direction of Drupal's evolution toward more modern coding standards and dependencies. The changes to CKEditor 5 filter validation order fix issues that were causing test failures, improving the developer experience.

Overall, this beta release focuses on infrastructure improvements rather than end-user features, making it primarily relevant for developers, site builders, and those planning for future upgrades. The code modernization efforts will help ensure Drupal remains compatible with evolving web standards and technologies.