Drupal Release: 9.4.13

TL;DR

Drupal 9.4.13 is a minor security and bug fix release that updates CKEditor 4 to version 4.21.0 to address security vulnerabilities, fixes a regression in the language switcher block, and adds a conflict declaration with PHPUnit 9.6 to prevent compatibility issues. This release ensures continued security and stability for Drupal 9.4.x sites without introducing new features.

Highlight of the Release

• Updated CKEditor 4 to version 4.21.0 to address security vulnerabilities
• Fixed regression in language switcher block that was throwing exceptions when no route is matched
• Added conflict declaration with PHPUnit 9.6 to prevent compatibility issues

Migration Guide

No specific migration steps are required for this update. This is a standard minor version update that can be applied using your regular update process:

composer require drupal/core-recommended:9.4.13 --update-with-dependencies

Or update your project's composer.json file to specify the new version and run composer update.

After updating the codebase, run database updates through the admin interface or using Drush:

drush updatedb

Clear caches after the update:

drush cache:rebuild

Upgrade Recommendations

It is strongly recommended to upgrade to Drupal 9.4.13 as soon as possible, especially if you are using CKEditor 4, due to the security updates included in this release.

This update is particularly important for:

• Sites using CKEditor 4 for content editing
• Multilingual sites using the language switcher block
• Development environments where PHPUnit tests are run

As this is a minor release with security fixes, the upgrade process should be straightforward with minimal risk of breaking changes.

Bug Fixes

Fixed Language Switcher Block Exception

This release resolves a regression issue where the language switcher block would throw an exception when no route is matched. This fix ensures that the language switcher block functions correctly in all contexts, improving the overall stability of multilingual Drupal sites.

Added PHPUnit Conflict Declaration

A conflict declaration has been added for PHPUnit ^9.6 to prevent compatibility issues when running tests. This ensures that developers using Drupal 9.4.x will not encounter unexpected test failures due to incompatible PHPUnit versions.

New Features

No new features were introduced in this release. Drupal 9.4.13 focuses on security updates and bug fixes to maintain stability and security of existing functionality.

Security Updates

CKEditor 4 Security Update

Drupal 9.4.13 updates CKEditor 4 to version 4.21.0 to address security vulnerabilities. This update is important for maintaining the security of sites that use CKEditor 4 for content editing.

While specific details about the security vulnerabilities are not provided in the commit messages, updating to this version is recommended to ensure your site remains protected against potential security threats in the CKEditor component.

Performance Improvements

No specific performance improvements were included in this release. The focus was on security updates and bug fixes.

Impact Summary

Drupal 9.4.13 is primarily a security and bug fix release that addresses important issues without introducing new features or breaking changes. The update to CKEditor 4 version 4.21.0 addresses security vulnerabilities, making this update important for maintaining site security.

The fix for the language switcher block regression improves stability for multilingual sites, preventing exceptions when no route is matched. This ensures a smoother user experience for visitors navigating multilingual content.

The addition of a conflict declaration with PHPUnit 9.6 helps developers avoid compatibility issues during testing, ensuring more reliable test results.

Overall, this release maintains the stability and security of Drupal 9.4.x without requiring significant changes to existing sites or workflows. The update is recommended for all Drupal 9.4.x sites, with particular urgency for those using CKEditor 4 or multilingual functionality.