X-Git-Url: http://aleph1.co.uk/gitweb/?a=blobdiff_plain;f=web%2Fcore%2FCHANGELOG.txt;h=59c2953dc072700f0d035197da7aa779c8bbfabe;hb=refs%2Fheads%2Fd864;hp=49b8ea0344212eabe922300bd62736644888f88b;hpb=9917807b03b64faf00f6a1f29dcb6eafc454efa5;p=yaffs-website diff --git a/web/core/CHANGELOG.txt b/web/core/CHANGELOG.txt index 49b8ea034..59c2953dc 100644 --- a/web/core/CHANGELOG.txt +++ b/web/core/CHANGELOG.txt @@ -1,2093 +1,8 @@ -Drupal 8.4.5, 2018-02-20 ------------------------- -- Fixed security issues. See SA-CORE-2018-001. - -Drupal 8.4.0, 2017-10-04 ------------------------- -### Drush users: Update to Drush 8.1.12+ or higher - -[Versions of Drush earlier than 8.1.12 will not work with Drupal -8.4.x](https://www.drupal.org/node/2874827). Update Drush to 8.1.12 or higher -**before using it to update to Drupal core 8.4.x** or you will encounter fatal -errors that prevent updates from running. - -* If Drush is installed globally (i.e., generally available on the web host), - Drush 8.1.12 and higher will successfully update Drupal 8.3.x to 8.4.0, but - users may still see [other error messages after updates have - run](https://github.com/drush-ops/drush/issues/2933).) -* If the site is built with Composer and includes Drush as a local dependency - (less common), you should update your `composer.json` file to require at - least [Drush 8.1.15](https://github.com/drush-ops/drush/releases/tag/8.1.15). - Drush 8.1.14 will not work in the same composer project as Drupal 8.4. - -### Updated browser requirements: Internet Explorer 9 and 10 no longer supported - -In April 2017, Microsoft discontinued all support for Internet Explorer 9 and -10. Therefore, [Drupal 8.4 has as well](https://www.drupal.org/node/2842298). -Drupal 8.4 still mostly works in these browser versions, but bugs that affect -them only will no longer be fixed, and existing workarounds for them will -be removed beginning in Drupal 8.5. - -Additionally, Drupal 8's [browser requirements documentation -page](https://www.drupal.org/docs/8/system-requirements/browser-requirements) -currently lists incorrect information regarding very outdated browser versions -such as Safari 5 and Firefox 5. [Clarifications to the browser policy and -documentation](https://www.drupal.org/node/2390621) are underway. - -### Known Issues - -Drupal 8.4.0 includes major version updates for two dependencies: -Symfony 3.2 and jQuery 3. Both updates may introduce backwards compatibility -issues for some sites or modules, so test carefully. For more information, see -the "Third-party library updates" section below. Known issues related to the -Symfony update include: - -* Drush issues: - * [Incompatibility with Drush 8.1.11 and earlier](https://www.drupal.org/node/2874827). - * [Other error messages with Drush 8.1.12 and higher](https://github.com/drush-ops/drush/issues/2933). - * [Incompatibility with Drush 8.1.14 and earlier for Composer-built sites](https://github.com/drupal-composer/drupal-project/issues/305). -* [Certain file uploads may fail - silently](https://www.drupal.org/node/2906030) due to a Symfony 3 backwards - compatibility break if they used the `$deep` parameter (which was already - deprecated in Symfony 2.8 and is removed in Symfony 3.0. *Check any custom - file upload code* that may have used the deprecated parameter and [update - it according to the API change record](https://www.drupal.org/node/2743809). - -See the ['8.4.0 update' tag for a list of known issues across -projects](https://www.drupal.org/project/issues/search?issue_tags=8.4.0%20update). - -[Search the issue queue for known -issues](https://www.drupal.org/project/issues/search/drupal?project_issue_followers=&status%5B%5D=Open&version%5B%5D=8.x&issue_tags_op=%3D). - -### Important fixes since 8.3.x - -Translators should take note of several [string additions and changes since the -last release](https://www.drupal.org/project/issues/search/drupal?project_issue_followers=&issue_tags_op=%3D&issue_tags=String+change+in+8.4.0). - -#### File usage tracking - -Drupal 8 has several longstanding [file usage tracking -bugs](https://www.drupal.org/node/2821423). To prevent further data loss, -Drupal 8.4 has [disabled the automatic deletion of files with no known -remaining usages](https://www.drupal.org/node/2801777). This will result of the -accumulation of unused files on sites, but ensures that files erroneously -reporting 0 usages are not deleted while in use. Additionally, an issue with -[validation errors when saving content referencing these -files](https://www.drupal.org/node/2896480) has also been resolved. - -[The change record explains how sites can opt back into marking files -temporary](https://www.drupal.org/node/2891902). If you choose to enable the -setting, you can also set "Delete orphaned files" to "Never" on -`/admin/config/media/file-system` to avoid permanent deletion of the affected -files. - -While the files will no longer be deleted by default, file usage is still not -tracked correctly in several scenarios, regardless of the setting. Discussion -on [how to evolve the file usage tracking -system](https://www.drupal.org/node/2821423) is underway. - -#### Configuration export sorting - -* [#2361539: Config export key order is not predictable for sequences, add - orderby property to config schema](https://www.drupal.org/node/2361539) - resolves an issue where sequences in configuration were not sorted unless - the code responsible for saving configuration explicitly performed a sort. - This resulted in unpredictable changes in configuration ordering and - confusing diffs even when nothing had changed. To resolve this issue, we've - [added an `orderby` key to the config schema](https://www.drupal.org/node/2852566) - that allows it to be sorted either by key or by value. Adding a preferred - sort is strongly recommended. -* Two related issues remain open: - * [#2860531: Add orderby key to third-party - settings](https://www.drupal.org/node/2860531) relates to unsorted - sequences which result in unexpected discrepancies in configuration - during a configuration import. - * [#2885368: Config export key order for sequences: "orderedby" does not - support cases where the order actually - matters](https://www.drupal.org/node/2885368) relates to various - sequences in core and contributed modules in which the source order is - important. - -#### Revision data integrity fixes - -* Previously, data from draft revisions for - [path aliases](https://www.drupal.org/node/2856363), - [menus](https://www.drupal.org/node/2858434), - and [books](https://www.drupal.org/node/2858431) could leak into the live - site. Drupal 8.4.0 hotfixes all three issues by preventing changes to - this data from being saved on any revision that is not the default revision. - These fixes improve revision support for both stable features and the - experimental Content Moderation module. -* Correspondingly, [Content Moderation now avoids such scenarios with - non-default revisions](https://www.drupal.org/node/2883868) by setting the - 'default revision' flag earlier. -* Previously, [saving a revision of an entity translation could cause draft - revisions to go "missing"](https://www.drupal.org/node/2766957). Drupal 8.4.0 - prevents this by preventing the moderation state from being set to anything - that would make the revision go "missing". Going forward, the entity system - will also [provide the 'revision_translation_affected' base field by default - for all revisionable and translatable entity - types](https://www.drupal.org/node/2896845) for tracking such revisions. -* [A similar but unrelated bug in - Content Moderation](https://www.drupal.org/node/2862988) has also been fixed - in this release. - -#### Other critical improvements - -* When nodes were deleted, Menu UI module deleted their menu items. However, - menu items may exist even whenm Menu UI module is not enabled and can also be - attached to entities other than nodes. Therefore, menu item cleanup on entity - deletetion [is now performed by the Custom Menu Links - module](https://www.drupal.org/node/2350797) instead, covering the previously - missing cases. A related issue that [broke module uninstallation for some - modules providing menu items for certain entity - forms](https://www.drupal.org/node/2907654) has also been resolved. -* A race condition occured in the Batch API when using fastcgi. The Batch API - now ensures that [the current batch state is written completely to the - database before starting the next - batch](https://www.drupal.org/node/2851111). -* When uninstalling modules, empty fields were left behind to be purged. - However, without the field definitions from the module, it was not possible - to purge them any more. [Empty field deletion is now performed - immediately](https://www.drupal.org/node/2884202) instead to avoid this - scenario. -* When clearing caches in a translated interface, the field labels would - [return to the default language](https://www.drupal.org/node/2650434). - -### New stable modules - -The following modules, previously considered experimental, are now stable and -safe for use on production sites, with full backwards compatibility and upgrade -paths from 8.4.0 to future releases: - -#### Datetime Range - -The [Datetime Range module](https://www.drupal.org/node/2893128) provides a -field type that allows end dates to support contributed modules like -[Calendar](https://www.drupal.org/project/calendar). This stable release is -backwards-compatible with the 8.3.x experimental version and shares a -consistent API with other Datetime fields. - -Future releases may improve Views support, usability, Datetime Range field -validation, and REST support. For bugs or feature requests for this module, -[see the core Datetime issue -queue](https://www.drupal.org/project/issues/search/drupal?project_issue_followers=&status%5B%5D=Open&version%5B%5D=8.x&component%5B%5D=datetime.module&issue_tags_op=%3D). - -#### Layout Discovery - -The [Layout Discovery module](https://www.drupal.org/node/2834025) provides -an API for modules or themes to register layouts as well as five common -layouts. Providing this API in core enables core and contributed layout -solutions to be compatible with each other. This stable release is -backwards-compatible with the 8.3.x experimental version and introduces -[support for per-region attributes](https://www.drupal.org/node/2885877). - -#### Media - -The new core [Media module](https://www.drupal.org/node/2831274) provides an -API for reusable media entities and references. It is based on the contributed -[Media Entity module](https://www.drupal.org/project/media_entity). - -Since there is a rich ecosystem of Drupal contributed modules built on Media -Entity, the top priority for this release is to [provide a stable core API and -data model](https://www.drupal.org/node/2895059) for a smoother transition for -these modules. Developers and expert site builders can now add Media as a -dependency. Work is underway to [provide an update path for existing sites' -Media Entity data](https://www.drupal.org/node/2880334) and to [port existing -contributed modules to the improved core -API](https://www.drupal.org/node/2860796). Both versions cannot be used at the -same time, so we also [prevent the 1.x version of the contributed Media Entity -module from being enabled at the same time as the core Media -module](https://www.drupal.org/node/2896427). - -Note that **the core Media module is currently marked hidden** and will not -appear on the 'Extend' (module administration) page. (Enabling a contributed -module that depends on the core Media module will also enable Media -automatically.) The module will be displayed to site builders normally once -user experience issues with it are resolved. Similarly, the REST API and -normalizations for Media is not final and support for decoupled applications -will also be improved in a future release. - -#### Inline Form Errors - -The [Inline Form Errors module](https://www.drupal.org/node/2897652) provides a -summary of any validation errors at the top of a form and places the individual -error messages next to the form elements themselves. This helps users -understand which entries need to be fixed, and how. Inline Form Errors was -provided as an experimental module from Drupal 8.0.0 on, but it is now stable -and polished enough for production use. See the core [Inline Form Errors module -issue queue](https://www.drupal.org/project/issues/drupal?text=&status=Open&priorities=All&categories=All&version=All&component=inline_form_errors.module) -for outstanding issues. - -#### Workflows - -The Workflows module provides an abstract system of states (like Draft, -Archived, and Published) and transitions between them. Workflows can be used by -modules that implement non-publishing workflows (such as for users or products) -as well as content publishing workflows. - -Drupal 8.4 introduces a final significant backwards compatibility and data -model break for this module, [moving responsibility for workflow states and -transitions from the Workflow entity to the Workflow type -plugin](https://www.drupal.org/node/2849827). Read [Workflow type plugins are -now responsible for state and transition -schema](https://www.drupal.org/node/2897706) for full details on the API and -data model changes related to this fix. Now that this change is complete, [the -Workflows module became stable](https://www.drupal.org/node/2897130)! - -While the module can be installed as-is, it is not useful in itself without -either Content Moderation and/or some other module that requires it. - -### Content authoring and site administration improvements - -* The "Save and keep (un)published" dropbutton has been replaced with [a - "Published" checkbox and single "Save" - button](https://www.drupal.org/node/2068063). The "Save and..." dropbutton - was a new design in Drupal 8, but users found it confusing, so we have - restored a design that is more similar to the user interface for Drupal 7 and - earlier. -* Previously, deleting a field on a content type would also delete any views - depending on the field. While the confirmation form did indicate that the - view would be deleted, users did not expect the behavior and often missed the - message, leading to data loss. [Now, the view is disabled - instead](https://www.drupal.org/node/2468045). In the future, we intend to - [notify users that configuration has been - disabled](https://www.drupal.org/node/2832558) (as in this fix) as well as - [give users clearer warnings for other highly destructive - operations](https://www.drupal.org/node/2773205). -* The [Drupal toolbar no longer flickers](https://www.drupal.org/node/2542050) - during page rendering, thus improving perceived front-end performance. -* Options in [timezones selector are now grouped by - regions](https://www.drupal.org/node/2847651) and labeled by cities instead - of timezone names, making it much easier for users to find and select the - specific timezone they need. -* Both the ["Comments" administration page at - `/admin/content/comment`](https://www.drupal.org/node/1986606) and the - ["Recent log messages" report provided by - dblog](https://www.drupal.org/node/2015149) are now configurable views. The - "Comments" administration page also [has some default filters - added](https://www.drupal.org/node/2898344). -* Useful meta information about a node's status is typically displayed at the - top of the node sidebar. Previously, this meta information was provided by - the Seven theme, so it was not available in other administrative themes. - [This meta information is now provided by node.module - itself](https://www.drupal.org/node/2803875) so other administration themes - can access it. -* [Views now supports rendering computed - fields](https://www.drupal.org/node/2852067). - -### REST and API-first improvements - -* Authenticated REST API performance increased by 15% by [utilizing the Dynamic - Page Cache](https://www.drupal.org/node/2827797). -* POSTing entities [can now happen at `/node`, `/taxonomy/term` and so - on](https://www.drupal.org/node/2293697), instead of `/entity/node`, - `/entity/taxonomy_term`. Instead of confusingly different URLs, they therefore - now use the URLs you'd expect. Backwards compatibility is maintained. -* There is now a dedicated resource for [resetting a user's - password](https://www.drupal.org/node/2847708). -* Time fields now are [normalized to RFC3339 timestamps by - default](https://www.drupal.org/node/2768651), fixing time ambiguity. - Existing sites continue to receive UNIX timestamps, but can opt in. [See the - change record for more information about backwards compatibility and on how - to opt in](https://www.drupal.org/node/2859657). -* [Path alias fields are now normalized as - well](https://www.drupal.org/node/2846554). [See the change record for - information about how this impacts API-first modules and other features - relying on serialized entities](https://www.drupal.org/node/2856220). -* When denormalization fails, a [422 response is now - returned](https://www.drupal.org/node/2827084) instead of a 400, per the HTTP - specification. -* With CORS enabled to allow origins besides the site's own host, [submitting - forms was broken](https://www.drupal.org/node/2853201) unless the site's own - host was also explicitly allowed. This is now resolved. -* Fatal errors and exceptions [now show a - backtrace](https://www.drupal.org/node/2853300) for all non-HTML requests as - well as HTML requests, which makes for easier debugging and better bug - reports. -* Massive expansion of test coverage. - -### Performance and scalability improvements - -* Drupal 8 caches at various different levels for more effective caching. - However, this resulted in exessively growing cache tables with tens or - hundreds of thousands of entries, and gigabytes in size. [A new limit of 5000 - rows per cache bin was introduced to limit this - growth](https://www.drupal.org/node/2526150). -* The internal page cache now [has a dedicated cache - bin](https://www.drupal.org/node/2889603) distinct from the rest of the - render cache for improved scalability. -* The service collector pattern instantiates all services it collects, which is - expensive, and unnecessary for some use cases. For those use cases, a [new - service ID collector](https://www.drupal.org/node/2472337) pattern has been - added and the theme negotiator updated to use it. [See the change record for - information about how to use the service ID - collector](https://www.drupal.org/node/2598944) for improved performance. -* The maximum time in-progress forms are cached [is now - customizable](https://www.drupal.org/node/1286154) rather than being limited - to a default cache lifetime of 6 hours. Sites can decrease the lifetime to - reduce cache footprint, or increase it if needed for a particular site's - usecase. [See the change record to learn how to access this new - setting](https://www.drupal.org/node/2886836). -* If there are no status messages, the corresponding rendering [is now - skipped](https://www.drupal.org/node/2853509). On simple sites that use the - Dynamic Page Cache (the default), this can result in a 10% improvement when - there are no messages! -* [Optimized the early Drupal installer](https://www.drupal.org/node/2872611) - to check whether any themes are installed first before invoking an - unnecessary function, which improves Drupal install time measurably for both - sites and automated tests. - -### Developer experience improvements - -* [Adopted Airbnb JavaScript style guide - 14.1](https://www.drupal.org/node/2815077) as the new baseline set of coding - standards for Drupal core and contributed modules. [See the change record for - information about how to configure your project for - eslint](https://www.drupal.org/node/2873849). -* Field type definitions can now [enforce the cardinality of the - field](https://www.drupal.org/node/2403703). [See the change record for - information about how to specify a cardinality via the - annotation](https://www.drupal.org/node/2869873). -* [Added new methods](https://www.drupal.org/node/2869809) to make getting - typed configuration entity representations easier. [See the change record for - more information about how to invoke these - methods](https://www.drupal.org/node/2877282). -* The `html_tag` render element now [supports nested render - arrays](https://www.drupal.org/node/2694535), enabling the creation of - dynamic SVGs. [See the change record for information about how you can use - this in your theme](https://www.drupal.org/node/2887146). -* [Added more helpful errors](https://www.drupal.org/node/2705037) when CSS - is not properly nested under an existing category in asset libraries. -* Also see the [change records for the 8.4.x - branch](https://www.drupal.org/list-changes/drupal/published?keywords_description=&to_branch=8.4.x&version=&created_op=%3E%3D&created%5Bvalue%5D=&created%5Bmin%5D=&created%5Bmax%5D=) - for other changes for developers. - -### Automated testing improvements - -* [PHPUnit has been updated from 4.8.28 to - 4.8.35](https://www.drupal.org/node/2850797) in order to incorporate a - forward-compatibility layer for PHPUnit 4.8, which will be useful during a - future migration to PHPUnit 5 or PHPUnit 6. -* Many former WebTestBase tests were converted to BrowserTestBase. [Track - current progress](http://simpletest-countdown.org/). -* The default approach for testing deprecated code has changed to [require use - of the Drupal core deprecation policy](https://www.drupal.org/node/2488860) - (`@trigger_error()`) to mark code deprecated; otherwise a test error will - be thrown. [See the change record for information about how to update - `phpunit.xml` and how to test deprecated - code](https://www.drupal.org/node/2811561). -* BrowserTestBase is [no longer dependent on traits from - Simpletest](https://www.drupal.org/node/2803621). Backwards - compatibility is preserved. -* [Resolved random test failures](https://www.drupal.org/node/2866056) due to - ResourceTestBase's HTTP client timeout of 30 seconds. - -### Third-party library updates - -* [Drupal's Symfony dependency has been updated from Symfony 2.8 to Symfony - 3.2](https://www.drupal.org/node/2712647). This major version update is - necessary because Symfony 2.8 support will end around the release of Drupal - 8.6.0 next year. See the change record for information about [Symfony 3 - backwards compatibility breaks that affected Drupal - core](https://www.drupal.org/node/2743809). [Drupal 8 also requires Symfony - 3.2.8](https://www.drupal.org/node/2871253) because of a bug in Symfony - 3.2.7. -* [#2533498: Update jQuery to version 3](https://www.drupal.org/node/2533498). - Now that jQuery 3.0 has been released, jQuery 2.x will only be receiving - security updates, so Drupal 8.4.0 ships with this library update. jQuery 3 - features numerous improvements, including better error reporting. See the - [jQuery Core 3.0 Upgrade Guide](https://jquery.com/upgrade-guide/3.0/) for - information on jQuery 3 backwards compatibility breaks that might affect the - JavaScript code in your modules, themes, and sites. -* The zurb/joyride library (used by the Tour module) has been [updated to a - development version higher than 2.1.0.1](https://www.drupal.org/node/2898808) - to resolve an upstream incompatibility with jQuery 3. We will update to - Joyride 2.1.1 once it is available with the needed fix. -* [zendframework/zend-diactoros has been updated from 1.3.10 to 1.4.1](https://www.drupal.org/node/2874817). -* [jQuery UI has been updated from 1.11.4 to 1.12.1](https://www.drupal.org/node/2809427). -* [jQuery Once has been updated from 2.1.1 to 2.2.0](https://www.drupal.org/node/2899156). -* [CKEditor has been updated from 4.6.2 to 4.7.2](https://www.drupal.org/node/2904142). -* [asm89/stack-cors has been updated from 1.0 to 1.1](https://www.drupal.org/node/2853201). -* [The minimum phpsec/prophecy requirement is now 1.4](https://www.drupal.org/node/2900800). -* [composer/installers has been updated from 1.2.0 to 1.4.0](https://www.drupal.org/node/2900112). -* [wikimedia/composer-merge-plugin has been updated from 1.4.0 to 1.4.1](https://www.drupal.org/node/2900112). -* [guzzlehttp/guzzle has been updated from 6.2.3 to 6.3.0](https://www.drupal.org/node/2900112). -* [mikey179/vfsstream has been updated from 1.6.4 to 1.6.5](https://www.drupal.org/node/2900112). -* [phpunit/phpunit has been updated from 4.8.35 to 4.8.36](https://www.drupal.org/node/2900112). -* [masterminds/html5 has been updated from 2.2.2 to 2.3.0](https://www.drupal.org/node/2909743). -* [symfony-cmf/routing has been udpated from 1.4.0 to 1.4.1](https://www.drupal.org/node/2909743). - -### Experimental modules - -#### Migrate ([beta stability](https://www.drupal.org/core/experimental#beta)) - -Migrate provides a general API for migrations. It will be considered completely -stable once all issues tagged [Migrate -critical](https://www.drupal.org/project/issues/search/drupal?project_issue_followers=&status%5B%5D=Open&version%5B%5D=8.x&issue_tags_op=%3D&issue_tags=Migrate+critical) -are resolved. - -* This release includes numerous developer experience improvements for Migrate - and Migrate Drupal, including [deprecating outdated references to - "CCK"](https://www.drupal.org/node/2751897), [simplifying field type - mapping](https://www.drupal.org/node/2896507), renaming several plugins to - better capture their and many other API and documentation improvements. - (Backwards compatibility is provided in each case Migrate is in beta.) -* Added the ability to [provide the source - module](https://www.drupal.org/node/2569805) to migrations to help site - owners review what data is being migrating, especially for cases where the - source and destination module are not the same (for example if a new Drupal 8 - module replaces old functionality. - - -#### Migrate Drupal and Migrate Drupal UI ([alpha stability](https://www.drupal.org/core/experimental#alpha)) - -Migrate Drupal module provides API support for Drupal-to-Drupal migrations, and -Migrate Drupal UI offers a simple user interface to run migrations from older -Drupal versions. - -* This release adds [date](https://www.drupal.org/node/2566779) and - [node reference](https://www.drupal.org/node/2814949) support for Drupal 6 to - 8 migrations. -* Core provides migrations for most Drupal 6 data and can be used for migrating - Drupal 6 sites to Drupal 8, and the Drupal 6 to 8 migration path is nearing - beta stability. Some gaps remain, such as for some internationalization data. - ([Outstanding issues for the Drupal 6 to Drupal 8 - migration](https://www.drupal.org/project/issues/search/drupal?project_issue_followers=&status%5B%5D=1&status%5B%5D=13&status%5B%5D=8&status%5B%5D=14&status%5B%5D=15&status%5B%5D=4&issue_tags_op=%3D&issue_tags=migrate-d6-d8).) -* The Drupal 7 to Drupal 8 migration is incomplete but is suitable for - developers who would like to help improve the migration and can be used to - test upgrades especially for simple Drupal 7 sites. Most high-priority - migrations are available. ([Outstanding issues for the Drupal 7 to Drupal 8 - migration](https://www.drupal.org/node/2456259).) -* Drush support for Migrate is currently only available in the - [Drupal Upgrade](https://www.drupal.org/project/migrate_upgrade) contributed - module. (See the [pull request to add support to - Drush](https://github.com/drush-ops/drush/issues/2140).) -* Conflicting text field processing settings [are now identified and - logged](https://www.drupal.org/node/2842222) to avoid security or data - integrity issues with the migration of plain and formatted text fields. -* Automatic redirects are now [added for translation node paths that are no - longer valid](https://www.drupal.org/node/2850085) after migration has merged - translations into a single node. -* A data integrity bug that resulted in [duplicate comment types and incorrect - comment_entity_statistics](https://www.drupal.org/node/2853872) for node and - forum comment migrations has been resolved. -* A bug that [stopped public files from being migrated from D6 to D8 if the - user first selected Drupal 7 in the UI](https://www.drupal.org/node/2907233) - has also been resolved. - -#### Content Moderation ([beta stability](https://www.drupal.org/core/experimental#beta)) - -Content Moderation allows workflows from the Workflows module to be applied to -content. Content Moderation has beta stability in 8.4.0-alpha1. Notable improvements in this release: - -* Workflow states are now [selected from a select list, rather than under a drop-button](https://www.drupal.org/node/2753717), which represents a significant - usability improvement. -* Now that workflows can be applied to any revisionable entity type, Content - Moderation [adds entity type checkboxes to the workflow form](https://www.drupal.org/node/2843083). - This allows site administrators to configure which entity types should have - the workflow at the same time as they configure the workflow itself, for a - more intuitive user experience. -* Content Moderation now [prevents the deletion of workflows that are currently in use](https://www.drupal.org/node/2830740) - to prevent fatal errors and data integrity problems. -* The confusing terminology of - ["forward revisions" has been replaced with that of "pending revisions"](https://www.drupal.org/node/2890364). - If your contributed module refers to revisions that are not yet published, it - should use this new term. -* [The 'Latest revision' views filter has been rewritten to avoid relying on a - custom {revision_tracker}](https://www.drupal.org/node/2865579), and that - table has been removed from the database schema. - -As per the experimental module process, there were some backwards-incompatible -changes since Drupal 8.3.x. Experimental modules do not offer a supported -upgrade path, but [an unofficial upgrade path is -available](https://www.drupal.org/node/2896630). - -#### Field Layout ([alpha stability](https://www.drupal.org/core/experimental#alpha)) - -This module provides the ability for site builders to rearrange fields on -content types, block types, etc. into new regions, for both the form and -display, on the same forms provided by the normal field user interface. Field -Layout has had several bugfixes since 8.3.0, but no significant changes. See -the [entity display layout roadmap](https://www.drupal.org/node/2795833) for -the next steps for this module, which needs to become stable by 8.5.0 to remain -in Drupal core. - -#### Settings Tray ([beta stability](https://www.drupal.org/core/experimental#beta)) - -The Settings Tray module allows configuring page elements such as blocks and -menus from the frontend of your site. Settings Tray has improved significantly -since Drupal 8.3.0, including numerous user interaction and accessibility -fixes, better compatibility with stable core modules like Quick Edit and -Contextual Links, added documentation, and [a CSS -reset](https://www.drupal.org/node/2826722) for better themer experience. - -The module reached beta stability following completion of [moving the -off-canvas dialog renderer into a core -component](https://www.drupal.org/node/2784443), and [renaming the machine name -of the module to settings_tray](https://www.drupal.org/node/2803375), to match -its user-facing name. We hope to make Settings Tray stable by 8.5.0. To track -progress, see the ["outside in" roadmap issue](https://www.drupal.org/node/2762505). - -#### Place Blocks ([alpha stability](https://www.drupal.org/core/experimental#alpha)) - -This feature allows the user to place a block on any page and see the region -where it will be displayed, without having to navigate to a backend -administration form. [8.4.0-alpha1 was the deadline for Place Blocks to -stabilize](https://www.drupal.org/core/experimental#versions), but the module's -roadmap was not completed. Furthermore, the module is not intended as a -standalone feature and should instead be a built-in part of the Block system. -For these reasons, [Place Blocks module has been marked hidden in this -release](https://www.drupal.org/node/2898267) (it can still be enabled with -Drush). The Place Blocks module itself will be turned into an empty module in -Drupal 8.5.x, since ideally the core Block system will offer the same -functionality in 8.5.0 (though this depends on completion of a [core patch for -the feature](https://www.drupal.org/node/2739075).) - -Drupal 8.3.0, 2017-04-05 ------------------------- -- Added modules: - * Added the Workflows module (experimental) which abstracts transitions and - states from Content Moderation into a separate component for reuse by - other modules implementing non-publishing workflows. - * Added the Layout Discovery module (experimental) which provides an API for - modules or themes to register layouts. - * Added the Field Layout module (experimental) which provides the ability - for site builders to rearrange fields on content types, block types, etc. - into new regions, for both the form and display, on the same forms - provided by the normal field user interface. -- Updated vendor libraries: - * Updated to Twig 1.25. - * Updated to jQuery 2.2.4. - * Updated to CKEditor 4.6.2 (with new Moono-Lisa skin). - * Updated Symfony components to 2.8.18. - * Updated PHPUnit to 4.8.35. - * Applied patch-level updates to the latest versions for all dependencies - wherever possible. Minor updates applied for Symfony PSR-7 Bridge and - Zend Stdlib, which Drupal does not depend on directly. -- Browser support: - * Advance notice: Internet Explore 9 and 10 will no longer supported from - 8.4.x, scheduled for October 2017. Microsoft has now ended support for - these browsers. Drupal will still support Internet Explorer 11 and its - replacement, Edge. -- Raised stability levels of experimental modules: - * Updated the BigPipe module from beta to stable. - * Updated the Migrate module from alpha to beta. - * See https://www.drupal.org/core/experimental#versions for more - information about the stability levels of experimental modules. -- Improved authoring features: - * Can now drag and drop images into image fields in Quick Edit mode. - * Image fields are now limited to only accepting images, so that users on - mobile clients are not offered a confusing and non-functional video - upload option. - * CKEditor now utilizes the AutoGrow plugin to better take advantage of - larger screen sizes. -- Improved site building and administration: - * Redesigned status report. - * Standardized display of Views overview page to more closely match that of - other administrative overview pages. - * Views filter order now matches the table column order below in Content - and People overview pages. - * The "Allowed HTML tags" input has been converted to a textarea, which - significantly improves the usability of HTML filter configuration. - * Removed the 'disabled' region from block administration. - * Incoming paths are again case-insensitive for routing, similar to earlier - major Drupal versions. -- Content Moderation improvements (experimental): - * Refactored to use new experimental Workflows module. - * Now supports moderation of non-translatable entity types. - * When reverting a moderated revision, the moderation state is now - reverted too. - * Added an API to create and enforce default workflow states and - transitions. - * Allow moderation of entity types without bundles, as long as they have - revisions. - * Publishes any entity type that implements EntityPublishedInterface, not - just Nodes. -- Migration improvements (experimental): - * Drupal 7 core node translations are now migrated to Drupal 8. - * Configuration translation support is added to migrations in general and - implemented for Drupal 6 user profile fields. -- Improved REST API and decoupled site features: - * REST API now supports the registering of users. - * Anonymous REST API performance increased by 60% by utilizing the internal - page cache. - * Improved the response bodies and status codes for requests with incorrect - request headers or request bodies, in dozens of situations. - * Massive overhaul of the test coverage. - * 403 responses now return reason why access was denied. - * Serialized values for Booleans and integers are now returned as the - correct data type, rather than incorrectly typed as strings. -- Improved performance/scalability: - * Optimized class loader detection made more generic to support class - loaders other than ApcClassLoader. - * ViewsData and Token info cache now use the default cache bin to prevent - APCu memory from being filled too quickly. - * Improve statistics performance by adding a swappable backend. -- Improved developer APIs: - * Deprecated several routing services in favor of two more unified services. - * Replaced the deprecated Symfony ExecutionContextInterface by subclassing - from ConstraintValidator to prepare for an update to Symfony 3. - * EntityPublishedInterface and EntityPublishedTrait have been added to give - a generic publishing API, and are being used by Node and Comment entity - types. - * Added a collection label to EntityType. This is a plural uppercase label - for a collection of entities - e.g. "Workflows". -- Changed coding standards: - * Officially adopted short array syntax and updated all of core accordingly. - * PHP CodeSniffer and Drupal Coder have been added as composer dev - requirements, so they can be installed automatically with - `composer install --dev` rather than requiring separate installation. (Do - not use `composer install --dev` for production sites.) - * Most global constants in Drupal 8 have been deprecated in favor of class - constants. As a best practice, use appropriate class constants rather than - global constants. -- Testing improvements: - * Integrated PHPUnit verbose output in SimpleTest UI. - * Improved backward compatibility with WebTestBase. - * Improved backward compatibility between BrowserTestBase and WebTestBase. - * Many old WebTestBase tests have been moved to BrowserTestBase. - * Expanded automated test coverage for JavaScript. -- Package management: - * composer.json now uses the new official endpoint for modules and themes, - packages.drupal.org. - * Custom modules and themes can now be installed to correct locations using - composer. - * Added Package.json enabling new JavaScript language features. - -Drupal 8.2.0, 2016-10-05 ------------------------- -- Updated the git repository configuration to not normalize line endings for - files of unknown type. -- Added vendor libraries: - * Added Stack/Cors 1.0.0. -- Updated vendor libraries: - * Updated to jQuery 2.2.3. - * Updated to Twig 1.24. - * Updated to CKEditor 4.5.11. - * Updated to Symfony Routing 1.4.0. - * Updated to Stack/Builder 1.0.4. - * Updated to Guzzle 6.2.1. -- Added modules: - * Added the Place Block module (experimental) to place a block on any page - without having to navigate to the backend administration form. - * Added the Settings Tray module (experimental) to edit the configuration of - any block on the page. Its machine name in this release is "outside_in". - * Added the Content Moderation module (experimental) to define and use - workflow states such as Draft, Archived and Published. This functionality - was previously provided by the contributed module Workbench Moderation. - * Added the Datetime Range module (experimental) that provides a new field - type with support for start and end dates. -- Raised stability levels of experimental modules: - * Updated the BigPipe module from alpha to beta. - * See https://www.drupal.org/core/experimental#versions for more - information about the stability levels of experimental modules. -- Improved authoring features: - * Relative URLs are automatically converted to absolute ones when content - is output to an RSS feed. - * Enabled revisions by default on new node types. - * Added a redirect option to site-wide contact forms. - * Whenever a new entity is created, a link to it is now provided in a - status message, for easy access to it regardless of the form workflow. - * Styled CKEditor dialogs to match Drupal dialogs. -- Improved site administration experience: - * Numerous improvements to user interface text. -- Improved site building features: - * Added the ability to remove a module's content entities prior to - uninstallation. - * Made it possible to select the comment view mode in the formatter form. - * Fixed the Migrate module to skip over migration sources that require - code from uninstalled modules. -- Improved REST API and decoupled site features: - * Added support for reading (GET) configuration entities as REST resources. - * Added dedicated resources for user login, logout and registration. - * Added support for selecting an authentication provider as part of the - configuration of a REST Export Views Display. - * Added a cors.config service parameter for enabling and configuring - cross-origin resource sharing (CORS). - * Simplified REST configuration with per-resource configuration entities - and less verbose configuration structure. (The previous, advanced - configuration structure is also still supported.) - * Improved the response messages and status codes for requests with missing - or incorrect headers. - * Improved responses to PATCH requests to entity resources to contain the - updated entity in the response body. -- Improved developer APIs: - * Added support for specifying the field item delta as part of an entity - query condition. This was possible in Drupal 7 via - EntityFieldQuery::fieldDeltaCondition(), but missing from earlier - versions of Drupal 8. -- Improved performance/scalability: - * In the internal page cache, 404 responses are now cached for a shorter - time (1 hour by default), to consume less space. - * Breadcrumbs are now cached by the parent of the path rather than the full - path, for fewer cache entries and higher cache hit rates. -- Changed coding standards: - * Local variables and parameters can now use camelCase. - * A blank line is now required after the = 5.0.15 or PostgreSQL >= 8.3. - * Added query builders for INSERT, UPDATE, DELETE, MERGE, and SELECT queries. - * Support for primary/replica replication, transactions, multi-insert - queries, and other features. - * Added support for the SQLite database engine. - * Default to InnoDB engine, rather than MyISAM, on MySQL when available. - This offers increased scalability and data integrity. -- Security: - * Protected cron.php -- cron will only run if the proper key is provided. - * Implemented a pluggable password system and much stronger password hashes - that are compatible with the Portable PHP password hashing framework. - * Rate limited login attempts to prevent brute-force password guessing, and - improved the flood control API to allow variable time windows and - identifiers for limiting user access to resources. - * Transformed the "Update status" module into the "Update manager" which - can securely install or update modules and themes via a web interface. -- Usability: - * Added contextual links (a.k.a. local tasks) to page elements, such as - blocks, nodes, or comments, which allows to perform the most common tasks - with a single click only. - * Improved installer requirements check. - * Improved support for integration of WYSIWYG editors. - * Implemented drag-and-drop positioning for input format listings. - * Implemented drag-and-drop positioning for language listing. - * Implemented drag-and-drop positioning for poll options. - * Provided descriptions and human-readable names for user permissions. - * Removed comment controls for users. - * Removed display order settings for comment module. Comment display - order can now be customized using the Views module. - * Removed the 'related terms' feature from taxonomy module since this can - now be achieved with Field API. - * Added additional features to the default installation profile, and - implemented a "slimmed down" profile designed for developers. - * Added a built-in, automated cron run feature, which is triggered by site - visitors. - * Added an administrator role which is assigned all permissions for - installed modules automatically. - * Image toolkits are now provided by modules (rather than requiring a - manual file copy to the includes directory). - * Added an edit tab to taxonomy term pages. - * Redesigned password strength validator. - * Redesigned the add content type screen. - * Highlight duplicate URL aliases. - * Renamed "input formats" to "text formats". - * Moved text format permissions to the main permissions page. - * Added configurable ability for users to cancel their own accounts. - * Added "vertical tabs", a reusable interface component that features - automatic summaries and increases usability. - * Replaced fieldsets on node edit and add pages with vertical tabs. -- Performance: - * Improved performance on uncached page views by loading multiple core - objects in a single database query. - * Improved performance for logged-in users by reducing queries for path - alias lookups. - * Improved support for HTTP proxies (including reverse proxies), allowing - anonymous page views to be served entirely from the proxy. -- Documentation: - * Hook API documentation now included in Drupal core. -- News aggregator: - * Added OPML import functionality for RSS feeds. - * Optionally, RSS feeds may be configured to not automatically generate feed blocks. -- Search: - * Added support for language-aware searches. -- Aggregator: - * Introduced architecture that allows pluggable parsers and processors for - syndicating RSS and Atom feeds. - * Added options to suspend updating specific feeds and never discard feeds - items. -- Testing: - * Added test framework and tests. -- Improved time zone support: - * Drupal now uses PHP's time zone database when rendering dates in local - time. Site-wide and user-configured time zone offsets have been converted - to time zone names; for example, Africa/Abidjan. - * In some cases the upgrade and install scripts do not choose the preferred - site default time zone. The automatically-selected time zone can be - corrected at admin/config/regional/settings. - * If your site is being upgraded from Drupal 6 and you do not have the - contributed date or event modules installed, user time zone settings will - fallback to the system time zone and will have to be reconfigured by each user. - * User-configured time zones now serve as the default time zone for PHP - date/time functions. -- Filter system: - * Revamped the filter API and text format storage. - * Added support for default text formats to be assigned on a per-role basis. - * Refactored the HTML corrector to take advantage of PHP 5 features. -- User system: - * Added clean API functions for creating, loading, updating, and deleting - user roles and permissions. - * Refactored the "access rules" component of user module: The user module - now provides a simple interface for blocking single IP addresses. The - previous functionality in the user module for restricting certain email - addresses and usernames is now available as a contributed module. Further, - IP address range blocking is no longer supported and should be implemented - at the operating system level. - * Removed per-user themes: Contributed modules with similar functionality - are available. -- OpenID: - * Added support for Gmail and Google Apps for Domain identifiers. Users can - now log in with their user@example.com identifier when example.com is - powered by Google. - * Made the OpenID module more pluggable. -- Added code registry: - * Using the registry, modules declare their includable files via their .info file, - allowing Drupal to lazy-load classes and interfaces as needed. -- Theme system: - * Removed the Bluemarine, Chameleon and Pushbutton themes. These themes live - on as contributed themes (https://www.drupal.org/project/bluemarine, - https://www.drupal.org/project/chameleon and - https://www.drupal.org/project/pushbutton). - * Added Stark theme to make analyzing Drupal's default HTML and CSS easier. - * Added Seven as the default administration theme. - * Variable preprocessing of theme hooks prior to template rendering now goes - through two phases: a 'preprocess' phase and a new 'process' phase. See - http://api.drupal.org/api/function/theme/7 for details. - * Theme hooks implemented as functions (rather than as templates) can now - also have preprocess (and process) functions. See - http://api.drupal.org/api/function/theme/7 for details. - * Added Bartik as the default theme. -- File handling: - * Files are now first class Drupal objects with file_load(), file_save(), - and file_validate() functions and corresponding hooks. - * The file_move(), file_copy() and file_delete() functions now operate on - file objects and invoke file hooks so that modules are notified and can - respond to changes. - * For the occasions when only basic file manipulation are needed--such as - uploading a site logo--that don't require the overhead of databases and - hooks, the current unmanaged copy, move and delete operations have been - preserved but renamed to file_unmanaged_*(). - * Rewrote file handling to use PHP stream wrappers to enable support for - both public and private files and to support pluggable storage mechanisms - and access to remote resources (for example, S3 storage or Flickr photos). - * The mime_extension_mapping variable has been removed. Modules that need to - alter the default MIME type extension mappings should implement - hook_file_mimetype_mapping_alter(). - * Added the hook_file_url_alter() hook, which makes it possible to serve - files from a CDN. - * Added a field specifically for uploading files, previously provided by - the contributed module FileField. -- Image handling: - * Improved image handling, including better support for add-on image - libraries. - * Added API and interface for creating advanced image thumbnails. - * Inclusion of additional effects such as rotate and desaturate. - * Added a field specifically for uploading images, previously provided by - the contributed module ImageField. -- Added aliased multi-site support: - * Added support for mapping domain names to sites directories. -- Added RDF support: - * Modules can declare RDF namespaces which are serialized in the tag - for RDFa support. - * Modules can specify how their data structure maps to RDF. - * Added support for RDFa export of nodes, comments, terms, users, etc. and - their fields. -- Search engine optimization and web linking: - * Added a rel="canonical" link on node and comment pages to prevent - duplicate content indexing by search engines. - * Added a default rel="shortlink" link on node and comment pages that - advertises a short link as an alternative URL to third-party services. - * Meta information is now alterable by all modules before rendering. -- Field API: - * Custom data fields may be attached to nodes, users, comments and taxonomy - terms. - * Node bodies and teasers are now Field API fields instead of - being a hard-coded property of node objects. - * In addition, any other object type may register with Field API - and allow custom data fields to be attached to itself. - * Provides most of the features of the former Content Construction - Kit (CCK) module. - * Taxonomy terms are now Field API fields that can be added to any fieldable - object. -- Installer: - * Refactored the installer into an API that allows Drupal to be installed - via a command line script. -- Page organization - * Made the help text area a full featured region with blocks. - * Site mission is replaced with the highlighted content block region and - separate RSS feed description settings. - * The footer message setting was removed in favor of custom blocks. - * Made the main page content a block which can be moved and ordered - with other blocks in the same region. - * Blocks can now return structured arrays for later rendering just - like page callbacks. -- Translation system - * The translation system now supports message context (msgctxt). - * Added support for translatable fields to Field API. -- JavaScript changes - * Upgraded the core JavaScript library to jQuery version 1.4.4. - * Upgraded the jQuery Forms library to 2.52. - * Added jQuery UI 1.8.7, which allows improvements to Drupal's user - experience. -- Better module version support - * Modules now can specify which version of another module they depend on. -- Removed modules from core - * The following modules have been removed from core, because contributed - modules with similar functionality are available: - * Blog API module - * Ping module - * Throttle module -- Improved node access control system. - * All modules may now influence the access to a node at runtime, not just - the module that defined a node. - * Users may now be allowed to bypass node access restrictions without giving - them complete access to the site. - * Access control affects both published and unpublished nodes. - * Numerous other improvements to the node access system. -- Actions system - * Simplified definitions of actions and triggers. - * Removed dependency on the combination of hooks and operations. Triggers - now directly map to module hooks. -- Task handling - * Added a queue API to process many or long-running tasks. - * Added queue API support to cron API. - * Added a locking framework to coordinate long-running operations across - requests. - -Drupal 6.0, 2008-02-13 ----------------------- -- New, faster and better menu system. -- New watchdog as a hook functionality. - * New hook_watchdog that can be implemented by any module to route log - messages to various destinations. - * Expands the severity levels from 3 (Error, Warning, Notice) to the 8 - levels defined in RFC 3164. - * The watchdog module is now called dblog, and is optional, but enabled by - default in the default installation profile. - * Extended the database log module so log messages can be filtered. - * Added syslog module: useful for monitoring large Drupal installations. -- Added optional email notifications when users are approved, blocked, or - deleted. -- Drupal works with error reporting set to E_ALL. -- Added scripts/drupal.sh to execute Drupal code from the command line. Useful - to use Drupal as a framework to build command-line tools. -- Made signature support optional and made it possible to theme signatures. -- Made it possible to filter the URL aliases on the URL alias administration - screen. -- Language system improvements: - * Support for right to left languages. - * Language detection based on parts of the URL. - * Browser based language detection. - * Made it possible to specify a node's language. - * Support for translating posts on the site to different languages. - * Language dependent path aliases. - * Automatically import translations when adding a new language. - * JavaScript interface translation. - * Automatically import a module's translation upon enabling that module. -- Moved "PHP input filter" to a standalone module so it can be deleted for - security reasons. -- Usability: - * Improved handling of teasers in posts. - * Added sticky table headers. - * Check for clean URL support automatically with JavaScript. - * Removed default/settings.php. Instead the installer will create it from - default.settings.php. - * Made it possible to configure your own date formats. - * Remember anonymous comment posters. - * Only allow modules and themes to be enabled that have explicitly been - ported to the correct core API version. - * Can now specify the minimum PHP version required for a module within the - .info file. - * Drupal core no longer requires CREATE TEMPORARY TABLES or LOCK TABLES - database rights. - * Dynamically check password strength and confirmation. - * Refactored poll administration. - * Implemented drag-and-drop positioning for blocks, menu items, taxonomy - vocabularies and terms, forums, profile fields, and input format filters. -- Theme system: - * Added .info files to themes and made it easier to specify regions and - features. - * Added theme registry: modules can directly provide .tpl.php files for - their themes without having to create theme_ functions. - * Used the Garland theme for the installation and maintenance pages. - * Added theme preprocess functions for themes that are templates. - * Added support for themeable functions in JavaScript. -- Refactored update.php to a generic batch API to be able to run time-consuming - operations in multiple subsequent HTTP requests. -- Installer: - * Themed the installer with the Garland theme. - * Added form to provide initial site information during installation. - * Added ability to provide extra installation steps programmatically. - * Made it possible to import interface translations during installation. -- Added the HTML corrector filter: - * Fixes faulty and chopped off HTML in postings. - * Tags are now automatically closed at the end of the teaser. -- Performance: - * Made it easier to conditionally load .include files and split up many core - modules. - * Added a JavaScript aggregator. - * Added block-level caching, improving performance for both authenticated - and anonymous users. - * Made Drupal work correctly when running behind a reverse proxy like - Squid or Pound. -- File handling improvements: - * Entries in the files table are now keyed to a user instead of a node. - * Added reusable validation functions to check for uploaded file sizes, - extensions, and image resolution. - * Added ability to create and remove temporary files during a cron job. -- Forum improvements: - * Any node type may now be posted in a forum. -- Taxonomy improvements: - * Descriptions for terms are now shown on taxonomy/term pages as well - as RSS feeds. - * Added versioning support to categories by associating them with node - revisions. -- Added support for OpenID. -- Added support for triggering configurable actions. -- Added the Update status module to automatically check for available updates - and warn sites if they are missing security updates or newer versions. - Sites deploying from CVS should use https://www.drupal.org/project/cvs_deploy. - Advanced settings provided by https://www.drupal.org/project/update_advanced. -- Upgraded the core JavaScript library to jQuery version 1.2.3. -- Added a new Schema API, which provides built-in support for core and - contributed modules to work with databases other than MySQL. -- Removed drupal.module. The functionality lives on as the Site network - contributed module (https://www.drupal.org/project/site_network). -- Removed old system updates. Updates from Drupal versions prior to 5.x will - require upgrading to 5.x before upgrading to 6.x. - -Drupal 5.7, 2008-01-28 ----------------------- -- fixed the input format configuration page. -- fixed a variety of small bugs. - -Drupal 5.6, 2008-01-10 ----------------------- -- fixed a variety of small bugs. -- fixed a security issue (Cross site request forgery), see SA-2008-005 -- fixed a security issue (Cross site scripting, UTF8), see SA-2008-006 -- fixed a security issue (Cross site scripting, register_globals), see SA-2008-007 - -Drupal 5.5, 2007-12-06 ----------------------- -- fixed missing missing brackets in a query in the user module. -- fixed taxonomy feed bug introduced by SA-2007-031 - -Drupal 5.4, 2007-12-05 ----------------------- -- fixed a variety of small bugs. -- fixed a security issue (SQL injection), see SA-2007-031 - -Drupal 5.3, 2007-10-17 ----------------------- -- fixed a variety of small bugs. -- fixed a security issue (HTTP response splitting), see SA-2007-024 -- fixed a security issue (Arbitrary code execution via installer), see SA-2007-025 -- fixed a security issue (Cross site scripting via uploads), see SA-2007-026 -- fixed a security issue (User deletion cross site request forgery), see SA-2007-029 -- fixed a security issue (API handling of unpublished comment), see SA-2007-030 - -Drupal 5.2, 2007-07-26 ----------------------- -- changed hook_link() $teaser argument to match documentation. -- fixed a variety of small bugs. -- fixed a security issue (cross-site request forgery), see SA-2007-017 -- fixed a security issue (cross-site scripting), see SA-2007-018 - -Drupal 5.1, 2007-01-29 ----------------------- -- fixed security issue (code execution), see SA-2007-005 -- fixed a variety of small bugs. - -Drupal 5.0, 2007-01-15 ----------------------- -- Completely retooled the administration page - * /Admin now contains an administration page which may be themed - * Reorganised administration menu items by task and by module - * Added a status report page with detailed PHP/MySQL/Drupal information -- Added web-based installer which can: - * Check installation and run-time requirements - * Automatically generate the database configuration file - * Install pre-made installation profiles or distributions - * Import the database structure with automatic table prefixing - * Be localized -- Added new default Garland theme -- Added color module to change some themes' color schemes -- Included the jQuery JavaScript library 1.0.4 and converted all core JavaScript to use it -- Introduced the ability to alter mail sent from system -- Module system: - * Added .info files for module meta-data - * Added support for module dependencies - * Improved module installation screen - * Moved core modules to their own directories - * Added support for module uninstalling -- Added support for different cache backends -- Added support for a generic "sites/all" directory. -- Usability: - * Added support for auto-complete forms (AJAX) to user profiles. - * Made it possible to instantly assign roles to newly created user accounts. - * Improved configurability of the contact forms. - * Reorganized the settings pages. - * Made it easy to investigate popular search terms. - * Added a 'select all' checkbox and a range select feature to administration tables. - * Simplified the 'break' tag to split teasers from body. - * Use proper capitalization for titles, menu items and operations. -- Integrated urlfilter.module into filter.module -- Block system: - * Extended the block visibility settings with a role specific setting. - * Made it possible to customize all block titles. -- Poll module: - * Optionally allow people to inspect all votes. - * Optionally allow people to cancel their vote. -- Distributed authentication: - * Added default server option. -- Added default robots.txt to control crawlers. -- Database API: - * Added db_table_exists(). -- Blogapi module: - * 'Blogapi new' and 'blogapi edit' nodeapi operations. -- User module: - * Added hook_profile_alter(). - * Email verification is made optional. - * Added mass editing and filtering on admin/user/user. -- PHP Template engine: - * Add the ability to look for a series of suggested templates. - * Look for page templates based upon the path. - * Look for block templates based upon the region, module, and delta. -- Content system: - * Made it easier for node access modules to work well with each other. - * Added configurable content types. - * Changed node rendering to work with structured arrays. -- Performance: - * Improved session handling: reduces database overhead. - * Improved access checking: reduces database overhead. - * Made it possible to do memcached based session management. - * Omit sidebars when serving a '404 - Page not found': saves CPU cycles and bandwidth. - * Added an 'aggressive' caching policy. - * Added a CSS aggregator and compressor (up to 40% faster page loads). -- Removed the archive module. -- Upgrade system: - * Created space for update branches. -- Form API: - * Made it possible to programmatically submit forms. - * Improved api for multistep forms. -- Theme system: - * Split up and removed drupal.css. - * Added nested lists generation. - * Added a self-clearing block class. - -Drupal 4.7.11, 2008-01-10 -------------------------- -- fixed a security issue (Cross site request forgery), see SA-2008-005 -- fixed a security issue (Cross site scripting, UTF8), see SA-2008-006 -- fixed a security issue (Cross site scripting, register_globals), see SA-2008-007 - -Drupal 4.7.10, 2007-12-06 -------------------------- -- fixed taxonomy feed bug introduced by SA-2007-031 - -Drupal 4.7.9, 2007-12-05 ------------------------- -- fixed a security issue (SQL injection), see SA-2007-031 - -Drupal 4.7.8, 2007-10-17 ------------------------- -- fixed a security issue (HTTP response splitting), see SA-2007-024 -- fixed a security issue (Cross site scripting via uploads), see SA-2007-026 -- fixed a security issue (API handling of unpublished comment), see SA-2007-030 - -Drupal 4.7.7, 2007-07-26 ------------------------- -- fixed security issue (XSS), see SA-2007-018 - -Drupal 4.7.6, 2007-01-29 ------------------------- -- fixed security issue (code execution), see SA-2007-005 - -Drupal 4.7.5, 2007-01-05 ------------------------- -- Fixed security issue (XSS), see SA-2007-001 -- Fixed security issue (DoS), see SA-2007-002 - -Drupal 4.7.4, 2006-10-18 ------------------------- -- Fixed security issue (XSS), see SA-2006-024 -- Fixed security issue (CSRF), see SA-2006-025 -- Fixed security issue (Form action attribute injection), see SA-2006-026 - -Drupal 4.7.3, 2006-08-02 ------------------------- -- Fixed security issue (XSS), see SA-2006-011 - -Drupal 4.7.2, 2006-06-01 ------------------------- -- Fixed critical upload issue, see SA-2006-007 -- Fixed taxonomy XSS issue, see SA-2006-008 -- Fixed a variety of small bugs. - -Drupal 4.7.1, 2006-05-24 ------------------------- -- Fixed critical SQL issue, see SA-2006-005 -- Fixed a serious upgrade related bug. -- Fixed a variety of small bugs. - -Drupal 4.7.0, 2006-05-01 ------------------------- -- Added free tagging support. -- Added a site-wide contact form. -- Theme system: - * Added the PHPTemplate theme engine and removed the Xtemplate engine. - * Converted the bluemarine theme from XTemplate to PHPTemplate. - * Converted the pushbutton theme from XTemplate to PHPTemplate. -- Usability: - * Reworked the 'request new password' functionality. - * Reworked the node and comment edit forms. - * Made it easy to add nodes to the navigation menu. - * Added site 'offline for maintenance' feature. - * Added support for auto-complete forms (AJAX). - * Added support for collapsible page sections (JS). - * Added support for resizable text fields (JS). - * Improved file upload functionality (AJAX). - * Reorganized some settings pages. - * Added friendly database error screens. - * Improved styling of update.php. -- Refactored the forms API. - * Made it possible to alter, extend or theme forms. -- Comment system: - * Added support for "mass comment operations" to ease repetitive tasks. - * Comment moderation has been removed. -- Node system: - * Reworked the revision functionality. - * Removed the bookmarklet code. Third-party modules can now handle - This. -- Upgrade system: - * Allows contributed modules to plug into the upgrade system. -- Profiles: - * Added a block to display author information along with posts. - * Added support for private profile fields. -- Statistics module: - * Added the ability to track page generation times. - * Made it possible to block certain IPs/hostnames. -- Block system: - * Added support for theme-specific block regions. -- Syndication: - * Made the aggregator module parse Atom feeds. - * Made the aggregator generate RSS feeds. - * Added RSS feed settings. -- XML-RPC: - * Replaced the XML-RPC library by a better one. -- Performance: - * Added 'loose caching' option for high-traffic sites. - * Improved performance of path aliasing. - * Added the ability to track page generation times. -- Internationalization: - * Improved Unicode string handling API. - * Added support for PHP's multibyte string module. -- Added support for PHP5's 'mysqli' extension. -- Search module: - * Made indexer smarter and more robust. - * Added advanced search operators (phrase, node type, etc.). - * Added customizable result ranking. -- PostgreSQL support: - * Removed dependency on PL/pgSQL procedural language. -- Menu system: - * Added support for external URLs. -- Queue module: - * Removed from core. -- HTTP handling: - * Added support for a tolerant Base URL. - * Output URIs relative to the root, without a base tag. - -Drupal 4.6.11, 2007-01-05 -------------------------- -- Fixed security issue (XSS), see SA-2007-001 -- Fixed security issue (DoS), see SA-2007-002 - -Drupal 4.6.10, 2006-10-18 -------------------------- -- Fixed security issue (XSS), see SA-2006-024 -- Fixed security issue (CSRF), see SA-2006-025 -- Fixed security issue (Form action attribute injection), see SA-2006-026 - -Drupal 4.6.9, 2006-08-02 ------------------------- -- Fixed security issue (XSS), see SA-2006-011 - -Drupal 4.6.8, 2006-06-01 ------------------------- -- Fixed critical upload issue, see SA-2006-007 -- Fixed taxonomy XSS issue, see SA-2006-008 - -Drupal 4.6.7, 2006-05-24 ------------------------- -- Fixed critical SQL issue, see SA-2006-005 - -Drupal 4.6.6, 2006-03-13 ------------------------- -- Fixed bugs, including 4 security vulnerabilities. - -Drupal 4.6.5, 2005-12-12 ------------------------- -- Fixed bugs: no critical bugs were identified. - -Drupal 4.6.4, 2005-11-30 ------------------------- -- Fixed bugs, including 3 security vulnerabilities. - -Drupal 4.6.3, 2005-08-15 ------------------------- -- Fixed bugs, including a critical "arbitrary PHP code execution" bug. - -Drupal 4.6.2, 2005-06-29 ------------------------- -- Fixed bugs, including two critical "arbitrary PHP code execution" bugs. - -Drupal 4.6.1, 2005-06-01 ------------------------- -- Fixed bugs, including a critical input validation bug. - -Drupal 4.6.0, 2005-04-15 ------------------------- -- PHP5 compliance -- Search: - * Added UTF-8 support to make it work with all languages. - * Improved search indexing algorithm. - * Improved search output. - * Impose a throttle on indexing of large sites. - * Added search block. -- Syndication: - * Made the ping module ping pingomatic.com which, in turn, will ping all the major ping services. - * Made Drupal generate RSS 2.0 feeds. - * Made RSS feeds extensible. - * Added categories to RSS feeds. - * Added enclosures to RSS feeds. -- Flood control mechanism: - * Added a mechanism to throttle certain operations. -- Usability: - * Refactored the block configuration pages. - * Refactored the statistics pages. - * Refactored the watchdog pages. - * Refactored the throttle module configuration. - * Refactored the access rules page. - * Refactored the content administration page. - * Introduced forum configuration pages. - * Added a 'add child page' link to book pages. -- Contact module: - * Added a simple contact module that allows users to contact each other using email. -- Multi-site configuration: - * Made it possible to run multiple sites from a single code base. -- Added an image API: enables better image handling. -- Block system: - * Extended the block visibility settings. -- Theme system: - * Added new theme functions. -- Database backend: - * The PEAR database backend is no longer supported. -- Performance: - * Improved performance of the forum topics block. - * Improved performance of the tracker module. - * Improved performance of the node pages. -- Documentation: - * Improved and extended PHPDoc/Doxygen comments. - -Drupal 4.5.8, 2006-03-13 ------------------------- -- Fixed bugs, including 3 security vulnerabilities. - -Drupal 4.5.7, 2005-12-12 ------------------------- -- Fixed bugs: no critical bugs were identified. - -Drupal 4.5.6, 2005-11-30 ------------------------- -- Fixed bugs, including 3 security vulnerabilities. - -Drupal 4.5.5, 2005-08-15 ------------------------- -- Fixed bugs, including a critical "arbitrary PHP code execution" bug. - -Drupal 4.5.4, 2005-06-29 ------------------------- -- Fixed bugs, including two critical "arbitrary PHP code execution" bugs. - -Drupal 4.5.3, 2005-06-01 ------------------------- -- Fixed bugs, including a critical input validation bug. - -Drupal 4.5.2, 2005-01-15 ------------------------- -- Fixed bugs: a cross-site scripting (XSS) vulnerability has been fixed. - -Drupal 4.5.1, 2004-12-01 ------------------------- -- Fixed bugs: no critical bugs were identified. - -Drupal 4.5.0, 2004-10-18 ------------------------- -- Navigation: - * Made it possible to add, delete, rename and move menu items. - * Introduced tabs and subtabs for local tasks. - * Reorganized the navigation menus. -- User management: - * Added support for multiple roles per user. - * Made it possible to add custom profile fields. - * Made it possible to browse user profiles by field. -- Node system: - * Added support for node-level permissions. -- Comment module: - * Made it possible to leave contact information without having to register. -- Upload module: - * Added support for uploading documents (includes images). -- Forum module: - * Added support for sticky forum topics. - * Made it possible to track forum topics. -- Syndication: - * Added support for RSS ping-notifications of http://technorati.com/. - * Refactored the categorization of syndicated news items. - * Added a URL alias for 'rss.xml'. - * Improved date parsing. -- Database backend: - * Added support for multiple database connections. - * The PostgreSQL backend does no longer require PEAR. -- Theme system: - * Changed all GIFs to PNGs. - * Reorganised the handling of themes, template engines, templates and styles. - * Unified and extended the available theme settings. - * Added theme screenshots. -- Blocks: - * Added 'recent comments' block. - * Added 'categories' block. -- Blogger API: - * Added support for auto-discovery of blogger API via RSD. -- Performance: - * Added support for sending gzip compressed pages. - * Improved performance of the forum module. -- Accessibility: - * Improved the accessibility of the archive module's calendar. - * Improved form handling and error reporting. - * Added HTTP redirects to prevent submitting twice when refreshing right after a form submission. -- Refactored 403 (forbidden) handling and added support for custom 403 pages. -- Documentation: - * Added PHPDoc/Doxygen comments. -- Filter system: - * Added support for using multiple input formats on the site - * Expanded the embedded PHP-code feature so it can be used everywhere - * Added support for role-dependent filtering, through input formats -- UI translation: - * Managing translations is now completely done through the administration interface - * Added support for importing/exporting gettext .po files - -Drupal 4.4.3, 2005-06-01 ------------------------- -- Fixed bugs, including a critical input validation bug. - -Drupal 4.4.2, 2004-07-04 ------------------------- -- Fixed bugs: no critical bugs were identified. - -Drupal 4.4.1, 2004-05-01 ------------------------- -- Fixed bugs: no critical bugs were identified. - -Drupal 4.4.0, 2004-04-01 ------------------------- -- Added support for the MetaWeblog API and MovableType extensions. -- Added a file API: enables better document management. -- Improved the watchdog and search module to log search keys. -- News aggregator: - * Added support for conditional GET. - * Added OPML feed subscription list. - * Added support for , , , , and . -- Comment module: - * Made it possible to disable the "comment viewing controls". -- Performance: - * Improved module loading when serving cached pages. - * Made it possible to automatically disable modules when under heavy load. - * Made it possible to automatically disable blocks when under heavy load. - * Improved performance and memory footprint of the locale module. -- Theme system: - * Made all theme functions start with 'theme_'. - * Made all theme functions return their output. - * Migrated away from using the BaseTheme class. - * Added many new theme functions and refactored existing theme functions. - * Added avatar support to 'Xtemplate'. - * Replaced theme 'UnConeD' by 'Chameleon'. - * Replaced theme 'Marvin' by 'Pushbutton'. -- Usability: - * Added breadcrumb navigation to all pages. - * Made it possible to add context-sensitive help to all pages. - * Replaced drop-down menus by radio buttons where appropriate. - * Removed the 'magic_quotes_gpc = 0' requirement. - * Added a 'book navigation' block. -- Accessibility: - * Made themes degrade gracefully in absence of CSS. - * Grouped form elements using '
' and '' tags. - * Added '