Drupal Release: 9.4.0-rc2

TL;DR

Drupal 9.4.0-rc2 is a release candidate that addresses a critical security vulnerability (SA-CORE-2022-011), fixes a backwards compatibility regression with database drivers, and updates CKEditor tests to work with newer themes. This release is important for anyone testing Drupal 9.4 as it resolves issues that could impact site functionality and security.

Highlight of the Release

• Security fix (SA-CORE-2022-011) addressing a critical vulnerability
• Fixed backwards compatibility regression with database driver autoloading
• Updated CKEditor tests to work with newer themes instead of deprecated Bartik and Seven

Migration Guide

No specific migration steps are required for this release candidate. However, if you're testing Drupal 9.4 and have encountered issues with custom database drivers, updating to this release should resolve those problems.

If you've been using the Bartik or Seven themes in your custom tests, consider updating them to use the current default themes instead, as demonstrated in the CKEditor test updates.

Upgrade Recommendations

For Production Sites

If you're running a production site on Drupal 9.3.x or earlier, continue using the stable release until Drupal 9.4.0 is officially released.

For Test/Development Sites

If you're already testing Drupal 9.4.0-rc1, it's strongly recommended to update to 9.4.0-rc2 to benefit from the security fix and bug fixes. This is especially important if:

1. You use custom database drivers that extend core drivers
2. You're concerned about the security vulnerability addressed in SA-CORE-2022-011

As this is a release candidate, it's not recommended for production sites unless you're actively participating in the testing process for the upcoming Drupal 9.4.0 stable release.

Bug Fixes

Fixed Database Driver Autoloading

Fixed a regression in Drupal 9.4 that broke backwards compatibility with custom database drivers. The issue (#3284502) affected the autoloading of \Drupal\Driver\* overrides of core database drivers. This fix ensures that custom database drivers continue to work as expected after upgrading to Drupal 9.4.

Updated CKEditor Tests

Updated CKEditor tests to no longer use the deprecated Bartik and Seven themes (#3281438). This ensures that tests continue to pass as Drupal moves away from these legacy themes.

New Features

No new features were added in this release candidate. This release focuses on fixing bugs, addressing security issues, and ensuring backwards compatibility.

Security Updates

SA-CORE-2022-011

This release includes a security fix identified as SA-CORE-2022-011. While detailed information about the vulnerability is not provided in the commit messages, security advisories with the SA-CORE prefix typically address important security issues. Users are strongly encouraged to update to this release to protect their sites from potential security threats.

For more details about this security fix, refer to the official Drupal Security Advisory once it's published.

Performance Improvements

No specific performance improvements were included in this release candidate.

Impact Summary

Drupal 9.4.0-rc2 is primarily a security and bug fix release that addresses a critical security vulnerability and fixes backwards compatibility issues. The security fix (SA-CORE-2022-011) protects sites from potential security threats, while the database driver autoloading fix ensures that custom database implementations continue to work correctly after upgrading to Drupal 9.4.

The update to CKEditor tests improves the maintainability of the codebase by removing dependencies on deprecated themes, which helps ensure test reliability as Drupal evolves.

This release candidate is an important step toward a stable Drupal 9.4.0 release, addressing issues discovered during the RC1 testing phase. Site administrators and developers testing Drupal 9.4 should update to this release candidate to benefit from these fixes.