Drupal Release: 9.3.13

TL;DR

Drupal 9.3.13: Enhanced CKEditor 5 Support, Accessibility Improvements, and Bug Fixes

This release focuses on improving the CKEditor 5 integration with better plugin support, accessibility enhancements for Claro theme, and various bug fixes. Key improvements include table caption support, media view mode selection, and better handling of allowed HTML tags. The update also addresses several accessibility issues in forced colors mode and fixes documentation inconsistencies.

Highlight of the Release

• Enhanced CKEditor 5 with table caption support and media view mode selection
• Improved accessibility in Claro theme for forced colors and high contrast modes
• Fixed queue processing issues in cron jobs
• Better documentation and unit tests for CKEditor 5 plugins
• Security updates through dependency upgrades

Migration Guide

Migration Notes

• CKEditor 4 to 5 Migration: The 'codetag' plugin from CKEditor 4 has been migrated to a built-in equivalent in CKEditor 5. Users of this plugin should find a seamless transition when upgrading.

• HTML Filtering: The changes to allowed additional attributes may require review if you have custom configurations that rely on specific HTML attributes. The new restrictions are designed to prevent self XSS vulnerabilities.

• View Mode Configuration: If you're using custom view modes with the drupalMedia plugin, you may need to review your configuration, especially if you've experienced issues with the editor not initializing properly.

• List Attributes: If your content relies on ordered list attributes like start or reversed, these are now properly supported in CKEditor 5.

Upgrade Recommendations

This is a minor release containing bug fixes and enhancements, particularly for CKEditor 5 integration and accessibility improvements. It's recommended for all Drupal 9.3.x users to upgrade to this version, especially if you:

• Use CKEditor 5 for content editing
• Have accessibility requirements, particularly for users with high contrast or forced colors settings
• Rely on cron for queue processing
• Use media embedding in your content

The update process should be straightforward with no known breaking changes. As always, test the update in a development environment before applying it to production sites.

Follow the standard Drupal update procedure:

1. Back up your database and files
2. Put the site into maintenance mode
3. Update Drupal core using Composer: composer update drupal/core --with-dependencies
4. Run database updates: drush updatedb or visit /update.php
5. Clear caches: drush cache:rebuild or clear via the UI
6. Take the site out of maintenance mode

Bug Fixes

• CKEditor Configuration Issues:

  • Fixed CKEditor initialization failures when certain configurations of allowed view modes were used
  • Resolved issues with media view modes not working when alignment was not enabled
  • Fixed incorrect handling of configurable CKEditor 5 plugins with filter conditions

• Schema and Database:

  • Fixed undocumented behavior in Schema::findTables() when an underscore is used in table names

• Queue Processing:

  • Fixed an issue where queue items were only reserved by cron for 1 second, causing potential processing problems

• UI and Theme Issues:

  • Fixed Claro <details> element not rendering properly in forced colors mode
  • Corrected dialog CSS that referenced a non-existent --color-whitesmoke CSS variable

• Test Failures:

  • Fixed random test failures in EntityAutocompleteTest

• Documentation:

  • Removed references to the deprecated contextual_pre_render_placeholder() function
  • Updated links to Drupal documentation pages in Umami demo

New Features

Enhanced CKEditor 5 Integration

• Table Caption Support: CKEditor 5 now properly supports table captions, generating standard <table><caption></table> markup instead of the default CKEditor 5 implementation that used figure/figcaption.

• Media View Mode Selection: Content editors can now choose different view modes for embedded media through the CKEditor 5 drupalMedia plugin, providing more flexibility in how media is displayed within content.

• List Enhancements: Added support for <ol start> and <ol reversed> attributes in ordered lists, providing more control over list numbering.

• Code Tag Migration: The 'codetag' plugin from CKEditor 4 has been migrated to a built-in equivalent in CKEditor 5, ensuring continuity for users upgrading from CKEditor 4.

• Global HTML Attributes Support: Added validation and support for global HTML attributes like lang and dir="ltr rtl", preventing data loss when these attributes are used.

Security Updates

• Self XSS Prevention: Added restrictions to allowed additional attributes to prevent self XSS vulnerabilities.

• Dependency Updates: Updated yarn dependencies to address latest security vulnerabilities.

Performance Improvements

• Queue Processing: Fixed an issue with cron queue item reservation time, which should improve reliability of background processing tasks.

• Dependency Updates: Updated various dependencies through yarn upgrades, which may include performance optimizations from upstream packages.

Impact Summary

Drupal 9.3.13 delivers significant improvements to the CKEditor 5 integration, making it more robust and feature-complete. Content editors will benefit from enhanced capabilities like table captions, media view mode selection, and better list control. The accessibility improvements in the Claro theme ensure a better experience for users with visual impairments or those using assistive technologies, particularly in forced colors or high contrast modes.

Developers will appreciate the improved documentation and comprehensive unit tests for CKEditor 5 plugins, making it easier to extend and customize the editor. The fix for queue processing in cron jobs addresses a potential reliability issue that could affect background tasks.

The security enhancements, while not addressing critical vulnerabilities, continue Drupal's commitment to maintaining a secure platform through dependency updates and prevention of potential self XSS issues.

Overall, this release represents an incremental but meaningful improvement to Drupal 9.3.x, with a focus on editor experience, accessibility, and code quality. The changes are particularly valuable for content-heavy sites that rely heavily on the rich text editing capabilities of CKEditor 5.