Drupal Release: 9.4.6

TL;DR

Drupal 9.4.6: Stability and Security Improvements

This release focuses on enhancing stability and security across Drupal 9.4.x with important updates to third-party dependencies like jQuery UI and improvements to CKEditor 5 functionality. It addresses several critical bugs affecting views, testing performance, and JavaScript functionality. The update also includes fixes for PHP 8.2 compatibility issues and adds a warning about a known OPcache bug in PHP 8.1.0-8.1.5. This maintenance release is recommended for all Drupal 9.4.x sites to ensure continued stability and security.

Highlight of the Release

• Updated jQuery UI to the latest versions for improved security and functionality
• Fixed CKEditor 5 to work properly in modal dialogs
• Improved upgrade path from CKEditor 4's StylesCombo to CKEditor 5's Style
• Added warning about OPcache bug in PHP 8.1.0 to 8.1.5 in status report
• Fixed performance regression in functional tests with many modules
• Added Starterkit readme for theme developers

Migration Guide

This is a minor update that doesn't require specific migration steps. However, there are a few things to note:

For sites using CKEditor 5:

If you've been experiencing issues with CKEditor 5 in modal dialogs or with the Style plugin, this update should resolve those problems without requiring configuration changes.

For PHP 8.1 users:

The status report now includes a warning about a known OPcache bug in PHP versions 8.1.0 through 8.1.5. If you're using one of these PHP versions, consider upgrading to PHP 8.1.6 or later to avoid potential issues.

For theme developers:

If you've been having issues with the generate-theme script in DDEV environments, this update fixes those problems. Review the new Starterkit readme for improved guidance on theme development.

For developers running tests:

Several test stability improvements have been made. If you were experiencing intermittent test failures, particularly with AjaxBlockTest, Settings Tray tests, or ContentPreviewToggleTest, these should now be more reliable.

Upgrade Recommendations

Recommendation Level: Recommended for all Drupal 9.4.x sites

This update contains important bug fixes, performance improvements, and dependency updates that enhance the stability and security of your Drupal site. While there are no critical security fixes that would make this an urgent update, the improvements to CKEditor 5 functionality and the fixes for various bugs make this a worthwhile update for all sites.

When to upgrade:

• During your next regular maintenance window
• Sooner if you're experiencing any of the specific issues addressed in this release, particularly CKEditor 5 in modal dialogs or test stability problems

Testing recommendation: As with any update, test thoroughly in a staging environment before deploying to production, with particular attention to:

• CKEditor 5 functionality, especially in modal dialogs
• Any custom JavaScript that might interact with jQuery UI
• Theme functionality if using Olivero or custom themes based on Starterkit

Bug Fixes

• CKEditor Issues:

  • Fixed CKEditor 5 not working properly in modal dialogs
  • Fixed broken UX in CKEditor + HTML filter on Claro theme where tag addition messages weren't appearing
  • Fixed HTMLRestrictions::fromString() bug where multiple occurrences of the same tag resulted in only the last one being respected
  • Fixed HTMLRestrictions::mergeAllowedElementsLevel() failure when merging <ol type="1">
  • Fixed issue where alt_field setting on "Image" media was not respected in drupalMedia

• Views and Filters:

  • Fixed Views preview not passing 0 to context filters

• Testing Framework:

  • Fixed regression in functional test performance with a large number of modules
  • Fixed intermittent failures in AjaxBlockTest
  • Fixed intermittently failing Settings Tray Functional Javascript tests
  • Fixed random test failure in ContentPreviewToggleTest
  • Updated NoJavaScriptAnonymousTest to use Standard profile instead of listing modules
  • Fixed PHP 8.2 compatibility issues in ProtectedUserFieldConstraintValidatorTest and TestSetupTraitTest

• Theme System:

  • Fixed generate-theme script failing in DDEV environments
  • Fixed Safari-specific issue in Olivero theme with search functionality

• Process Plugins:

  • Fixed 'Get' Process plugin to handle multiple values properly

New Features

and Improvements

• Starterkit Documentation: Added a comprehensive readme for the Starterkit theme system, providing better guidance for theme developers.

• JavaScript Build System: Added a new vendor-update command to the build command for JavaScript assets, improving the development workflow.

• Status Report Enhancement: Added a warning about a known OPcache bug in PHP 8.1.0 to 8.1.5 to help administrators avoid potential issues.

• CKEditor 5 Improvements:

  • Enhanced functionality to work properly in modal dialogs
  • Improved upgrade path from CKEditor 4's StylesCombo to CKEditor 5's Style
  • Fixed handling of image alt attributes from media entities

• UI Improvements:

  • Fixed Safari-specific issue in Olivero theme where clicking "X" when search is open did not collapse the search
  • Hidden redundant "Image" labels for specific image display modes

Security Updates

• Third-party Dependencies: Updated jQuery UI to the latest versions, addressing potential security vulnerabilities in older versions.

• JavaScript Dependencies: Updated terser and terser-webpack-plugin to the latest versions, which may include security fixes.

Note: While this release doesn't contain specific security advisories, keeping dependencies up-to-date is an important security practice that this release maintains.

Performance Improvements

• Testing Performance: Fixed a significant regression in functional test performance when testing with a large number of modules, which should speed up development and CI processes.

• JavaScript Updates: Updated terser and terser-webpack-plugin to the latest versions, which can provide better JavaScript minification and build performance.

• Code Organization: Sorted sniffs/rules in phpcs.xml.dist and added a test to keep them sorted, which improves maintainability and potentially speeds up code sniffing operations.

• Browser Performance: Fixed several UI-related issues that could impact browser performance, particularly in the Olivero theme and with CKEditor 5 integration.

Impact Summary

Drupal 9.4.6 is a maintenance release that focuses on stability, compatibility, and user experience improvements. The most significant impacts include:

1. Enhanced Editor Experience: Multiple fixes for CKEditor 5 improve the content editing experience, particularly when working with styles and in modal dialogs. Content editors should notice smoother operation and fewer issues.

2. Better Development Experience: Updates to JavaScript dependencies, improved test stability, and fixes for development tools like the generate-theme script make for a better developer experience. The new Starterkit readme also provides better guidance for theme developers.

3. Improved PHP Compatibility: Fixes for PHP 8.2 compatibility issues and a new warning about a known OPcache bug in PHP 8.1.0-8.1.5 help administrators maintain stable environments.

4. Better User Interface: Several UI fixes, particularly in the Olivero theme and with CKEditor integration in the Claro theme, improve the overall user experience.

This release doesn't introduce major new features but focuses on refinement and stability, making it an important update for maintaining a healthy Drupal installation. The changes are particularly beneficial for content editors working with CKEditor 5 and developers working on themes or running tests.