Drupal Release: 9.5.4

TL;DR

Drupal 9.5.4: Bug Fixes and Documentation Improvements

Drupal 9.5.4 is a maintenance release that addresses numerous bugs and improves documentation across the system. Key fixes include resolving issues with content moderation, layout builder, email handling, and states API functionality. The release also includes significant documentation improvements and type hint corrections to enhance developer experience. This update is recommended for all Drupal 9.5.x sites to ensure stability and security.

Highlight of the Release

• Fixed content moderation issue when moderated entities are re-saved on hook_insert()
• Resolved email handling issue when From name contains a comma
• Fixed States API issues with number inputs and defaultTrigger oldValue updates
• Improved documentation across multiple interfaces and methods
• Increased weight field delta to support reordering more than 20 blocks in a section

Migration Guide

This maintenance release does not require any specific migration steps for most users. The changes are primarily bug fixes and documentation improvements that should not affect existing functionality.

However, there are a few items to note:

1. PHPUnit Compatibility: This release adds a conflict on PHPUnit ^9.6 to Drupal 9. If you're using PHPUnit for testing, ensure you're using a compatible version (below 9.6).

2. Role Permissions: If you rely on the order of role permissions in exported configuration, be aware that these are now sorted, which might affect version control diffs but should not impact functionality.

3. Layout Builder Weight Field: The delta of the "weight" field has been increased to support reordering more than 20 blocks in a section. If you have custom code that interacts with these weight values, ensure it can handle the expanded range.

4. States API: If you have custom code that relies on the States API, particularly with number inputs or defaultTrigger behavior, test thoroughly as fixes in these areas might affect edge cases.

Upgrade Recommendations

Recommendation Level: Recommended

This release contains numerous bug fixes and documentation improvements that enhance the stability and developer experience of Drupal 9.5.x. While there are no critical security fixes included, the bug fixes address several important issues that could affect site functionality.

Who should upgrade:

• Sites experiencing any of the specific issues fixed in this release
• Sites using content moderation
• Sites with complex layout builder configurations
• Sites sending emails with special characters in the From name
• Any production site running Drupal 9.5.x

Upgrade timing: Schedule the upgrade during your next regular maintenance window. As this is a minor version update (9.5.3 to 9.5.4), the upgrade process should be straightforward with minimal risk.

Preparation steps:

1. Create a complete backup of your site files and database
2. Test the upgrade on a staging environment first
3. Review the full release notes for any changes that might affect custom code
4. Allocate time to test site functionality after the upgrade, particularly areas related to the fixed issues

Bug Fixes

This release includes numerous bug fixes across various components:

• Content Moderation: Fixed a critical issue where content moderation would fatal error when a moderated entity is re-saved on hook_insert().

• Email Handling: Resolved an issue with email From names containing commas that caused uncaught RfcComplianceException errors.

• States API:

  • Fixed issue where defaultTrigger oldValue becomes out of date if values are updated via a state trigger.
  • Resolved problem with Empty/Filled state with number inputs not updating when using spinner controls.

• Layout Builder: Fixed deprecated function warning with strpos() in layout_builder_entity_view_alter.

• Claro Theme: Fixed undefined array key "expose_button" error.

• Tour Module: Resolved issue with HTML entities in Tour tip labels getting double-escaped.

• Views:

  • Fixed TimeInterval plugin handling of empty values.
  • Corrected Views pager using exposed_raw_input instead of exposed_input.

• Contextual Links: Fixed issue where contextual links did not respect parameters in the destination.

• User Management: Resolved fatal error that occurred after assigning a custom role with an all-numeric name to a user.

• Configuration: Fixed issue with role permissions not being sorted in config export.

• Installation: Corrected problem with $install_state['settings_verified'] being incorrectly set when config_sync_directory is missing.

• Entity Handling:

  • Fixed bundle restrictions from a route not applying to revisionable entities.
  • Resolved issue with EntityTestAccessControlHandler allowing viewing of unpublished entities.

• Aggregator: Fixed potential empty page contents due to missing cache context.

New Features

This maintenance release focuses primarily on bug fixes and documentation improvements rather than introducing new features. However, there are some notable enhancements:

• Layout Builder Improvements: Increased the delta of the "weight" field to support reordering more than 20 blocks in a section, providing more flexibility for complex layouts.

• Umami Demo Enhancements: Authors and editors can now edit page layouts in the Umami demo, improving the demonstration of content editing capabilities.

• Module Management: Non-stable modules are now promoted to the top of the list at admin/modules/uninstall form, making them more visible and easier to manage.

Security Updates

This release does not contain any major security fixes. However, it does include some improvements related to security practices:

• Fixed incorrect use of FormattableMarkup in logger messages, which could potentially lead to security issues if not handled properly.

• Corrected the Symfony method Request::setTrustedHosts() usage from non-static to static, ensuring proper security configuration for trusted hosts.

• Fixed an issue with EntityTestAccessControlHandler allowing viewing of unpublished entities, which improves the security model for content access control.

Performance Improvements

While this release primarily focuses on bug fixes and documentation improvements, there are a few performance-related enhancements:

• Test Performance: Potentially improved speed of LinkFieldTest execution, which should help reduce testing time.

• Flood Control: Enhanced test coverage and implementation of the flood memory backend, which could lead to better performance in flood control operations.

• Cache Context: Added missing cache context to Aggregator page contents, which prevents empty content issues and improves caching efficiency.

Impact Summary

Drupal 9.5.4 is a maintenance release that focuses on bug fixes and documentation improvements rather than introducing major new features or changes. The impact of this release is primarily positive, addressing various issues that could affect site functionality and developer experience.

Key Impacts:

1. Improved Stability: The release fixes several bugs that could cause errors or unexpected behavior, particularly in content moderation, layout builder, and the States API.

2. Better Developer Experience: Numerous documentation improvements and type hint corrections make the codebase more maintainable and easier to work with.

3. Enhanced Email Handling: The fix for email From names containing commas resolves a compliance issue that could prevent emails from being sent properly.

4. Layout Builder Flexibility: Increasing the weight field delta allows for more complex layouts with more than 20 blocks in a section.

5. User Management Improvements: Fixes for custom roles with numeric names and better organization of modules in the uninstall form improve administrative workflows.

This release represents an incremental improvement to Drupal 9.5.x without introducing breaking changes. The fixes address real-world issues reported by the community, making it a worthwhile update for all Drupal 9.5.x sites.