Drupal Changelog

New in version 7.38

June 19th, 2015
  • This release fixes security vulnerabilities.

New in version 7.37 (May 10th, 2015)

  • Fixed a regression in Drupal 7.36 which caused certain kinds of content types to become disabled if they were defined by a no-longer-enabled module.
  • Removed a confusing description regarding automatic time zone detection from the user account form (minor UI and data structure change).
  • Allowed custom HTML tags with a dash in the name to pass through filter_xss() when specified in the list of allowed tags.
  • Allowed hook_field_schema() implementations to specify indexes for fields based on a fixed-length column prefix (rather than the entire column), as was already allowed in hook_schema() implementations.
  • Fixed PDO exceptions on PostgreSQL when accessing invalid entity URLs.
  • Added a sites/all/libraries folder to the codebase, with instructions for using it.
  • Added a description to the "Administer text formats and filters" permission on the Permissions page (string change).

New in version 7.36 (April 2nd, 2015)

  • Drupal 7.36 contains bug fixes and small API/feature improvements only.

New in version 8.0.0 Beta 6 (January 30th, 2015)

  • Revert "Issue #2388749 Register symfony's mime guessers if they are supported"

New in version 8.0.0 Beta 4 (December 19th, 2014)

  • Revert "Issue #2196977 Drupal/filter/Annotation/Filter uses public $module instead of $provider"
  • #2196977 Drupal/filter/Annotation/Filter uses public $module instead of $provider
  • #2392235 ChainedFastBackend shouldn't write cache tags to the fast cache back-end
  • #2394327 run-tests.sh throwing stream wrapper warnings
  • #2372855 Add content & config entity dependencies to views
  • #2068655 Entity fields do not support case sensitive queries
  • #2338873 Modules providing non-configurable field storage definitions can be uninstalled, leaving orphaned unpurged data
  • #2392883 Update JS lib: domready to 1.0.7
  • #2354469 Can't create node, if preview is required
  • #2392433 Stream wrappers are registered before page cache
  • #2382199 Encode COPYRIGHT.TXT with UTF-8
  • #2393391 JS clean-up for re-worked Field UI
  • #2387627 Changing access plugins in views leaves invalid settings around
  • #2116327 Creating DrupalDateTime object, with a 'date' array as input will always fail with exception
  • #2389275 Views render element #embed not working
  • #2353357 hook_stream_wrappers_alter() is broken since modules are not loaded on demand, also change to an event since it's the last hook that forces this during bootstrap
  • #1963340 Change field UI so that adding a field is a separate task
  • #2350309 Forum index links head to taxonomy/term/{term} instead of forum/{term}
  • Revert "git commit -m 'Issue #2350309 Forum index links head to taxonomy/term/{term} instead of forum/{term}'"
  • git commit -m 'Issue #2350309 Forum index links head to taxonomy/term/{term} instead of forum/{term}'
  • #2386559 ERItem::setValue(array('entity' => $entity) produces broken Items
  • #2393061 Adjust phpdoc for callback_allowed_values_function()
  • #2238085 [regression] options_allowed_values() signature doesn't allow for Views filter configuration
  • #2170235 file_private_path should be in $settings, like file_public_path
  • #2349553 Store entity field information in the views data
  • #2368323 Replace _l() in PathController::adminOverview()
  • #2137309 Typed data does not handle set() and onChange() consistently
  • #2389381 Impossible to add images in WYSIWYG including in-place editing due to fatal error
  • Revert "Issue #2273923 Remove html => TRUE option from l() and link generator"
  • #2382931 Drupal\field\Plugin\views\field\Field::access returns an object instead of the expected boolean
  • #2273923 Remove html => TRUE option from l() and link generator
  • #2204363 [sechole] Returning TRUE from hook_entity_access()/hook_ENTITYTYPE_access() must not bypass EntityAccessController::checkAccess()
  • #2392209 DefaultTableMapping::getFieldColumName is broken for base tables
  • #2391295 Use @return $this instead of @return static in EntityInterface
  • #2391317 NodeTypeListBuilder typo
  • #2386161 ChainedFastBackend doesn't set 'expires' and 'tags' when writing to fastBackend
  • #2278017 When a content entity type providing module is uninstalled, the entities are not fully deleted, leaving broken reference
  • #2379811 Views tries to render contextual links when Contextual Links module is disabled
  • #2387019 String field formatters cannot link to their parent entity
  • #2342543 Applying entity schema updates fail when both entity type and base field definitions change at the same time
  • #2354685 Fatal Error on re-saving required EntityReference field setting
  • #2392281 system.module is included in our PHPUnit tests
  • #2352081 Prevent installation over an already installed database
  • #2382543 Remove usage of drupal_html_class() and drupal_clean_css_identifier()
  • #2390013 Follow-up comment widget should properly detect default value input
  • #1985406 #states not supported for elements in formatter settings being displayed on Views field handler form
  • #2390707 Remove hook_library_alter() implementations
  • #2183983 Find hidden configuration schema issues
  • #2391245 Resolve remaining misc issues with configuration schema fails
  • #2388863 Entity type is definition
  • #2167379 db_select docblock should list optional parameters as (optional)
  • #2391381 $include_computed parameter from Map::getValue() is broken and unused
  • #2358991 Remove usage of drupal_mail()
  • #2388925 British again invade config sync
  • #2384527 Make the class variables protected for ShortcutSet
  • #2384665 Follow-up: FieldConfigBase::calculateDependencies() fatal error is unhelpful
  • #2381299 Clean-up block module test members - ensure property definition and use of camelCase naming convention
  • #2389411 wrong backend_overrideable in book
  • #2387857 Have consistent names for bulk operations at admin/content
  • #2388009 Clean-up shortcut module test members - ensure property definition and use of camelCase naming convention
  • #2388905 menu link storage override requires too much copy-paste
  • #2388467 Remove \Drupal\entity_test\EntityTestViewsData and update the annotation
  • #1892006 Include a print styling for Seven
  • #2387981 Clean-up statistics module test members - ensure property definition and use of camelCase naming convention
  • #2381921 Clean-up RDF module test members - ensure property definition and use of camelCase naming convention
  • #2389407 System Manager Service is not database dependent
  • #2391021 Config schema issues in config tests themselves
  • #2384167 Clean-up DateTime module test members — ensure property definition and use of camelCase naming convention
  • #2226863 Update stale references to theme functions that have been converted to Twig
  • #2272001 Views display plugin's list of handlers is not filtered by access
  • #2387157 Cloning display into another display also stores options that are not supported by the new display type
  • #2363155 content_translation.settings config is not scalable
  • #2359509 Incorrect type safe check in Entity::onUpdateBundleEntity() results too many cache clears
  • #2358269 Migration bugs in block visibility, field overrides, cron, maintenance settings and form modes found by configuration schema checking
  • #2248977 Complete support for multi-value base fields in ContentEntitySchemaHandler and use it for the user.roles field
  • #2390445 System module tests don't pass config schema check
  • #2389697 Editor settings altering not needed (and not compatible with config schema assumptions)
  • #2387149 Display extenders are not possible to describe with config schema
  • #2390749 run-tests.sh should allow single test methods to be run
  • #2390615 Add method to determine config dependency key depending on entity type
  • #2355245 ER's label formatter needs to take into account that $entity->urlInfo() might throw an exception
  • #2387141 Missing field configuration schemas across core tests
  • #2385111 Bartik's CKEditor iframe stylesheet is not being loaded, hence image captions look broken
  • Revert "Issue #2354705 Mark a couple of asset services as non public"
  • #2386247 install.php should pass the class loader down into install_begin_request()
  • #2388593 Remove drupal_truncate_bytes()
  • #2388765 Improve performance of SqlContentEntityStorage::countFieldData() for large datasets when getting the result as a boolean
  • #2335879 Change SqlContentEntityStorageSchema::requiresEntityDataMigration() to ask the old storage handler if it has data rather than assuming yes unless NULL storage
  • #2382533 Attach assets only via the asset library system
  • #2369225 Add $options['base_url'] to UrlGenerator::generateFromRoute()
  • #2389287 Missing PhpExecutableFinder
  • #2387669 ConfigInstallWebTest is broken
  • #2388631 Remove drupal_match_path()
  • #2388707 UserAccessControlHandler has wrong $explicit_check_fields name for the password field when checking field access
  • #2355909 language.settings config is not scalable
  • #2263359 hook_help(): Top of page help sections can't link to help pages without a fatal error or checking for help module
  • #2084987 Remove usage of field_ui_default_value and recommend proper replacement
  • #2388043 Remove DrupalUnitTestBase
  • #2380607 Do not call ConfigBase::validateKeys() for data loaded from storage
  • #2387443 BinaryFileResponse can fail because the core MIME guessing is not added to the MimeType singleton
  • #2385787 Remove form_state_values_clean() from form.inc
  • #2364381 Exception thrown in drupal_render() causes an exception during the rendering of exceptions
  • #2386585 Upgrade to Symfony 2.6.1
  • #2388215 Drag and drop is broken.
  • #2383573 Clean-up Contact module Test members - ensure property definition and use of camelCase naming convention
  • #2331793 Changing pager settings for this display only also changes pager settings for other display
  • #2017433 The documentation for hook_ranking() is wrong
  • #2387781 Fix camel case for method in EntityStorageInterface
  • #2347999 DrupalUnitTestBase is deprecated, replace with KernelTestBase
  • #2384487 Make the class variables protected for FilterFormat
  • #2364267 Clarify the logic in TypedDataManager::getPropertyInstance()
  • #2385225 Clean-up editor module test members - ensure property definition and use of camelCase naming convention
  • #2381303 Clean-up CKEditor module test members — ensure property definition and use of camelCase naming convention
  • #1055150 Time zone description is confusing on user register form
  • #2365319 Entity normalization should check field access to avoid leaking data
  • #2386255 Remove explicit sha1() call in drupal_page_cache_get_cid()
  • #2385805 Views tests don't pass strict schema checking
  • #2290261 Revert php_fileinfo requirement
  • #2379595 node_help() broken for node add/edit form
  • #2385545 Installer can generate unthemed pages
  • #2386325 Recurring config schema problems with datetime and link field values in migrate tests
  • #2386005 Views UI tour needs better label
  • #2385227 Clean-up entity_reference module test members - ensure property definition and use of camelCase naming convention
  • #2384531 Make the class variables protected for RdfMapping
  • #2384357 Simplify Field UI testing
  • #2186113 Avoid key value expire garbage collection on actual requests
  • #2384539 Make the class variables protected for Action
  • #2385391 DistributionProfileTest does not need to create an empty .profile
  • #2384541 Make the class variables protected for ConfigurableLanguage
  • #2384537 Make the class variables protected for SearchPage entity
  • #2384535 Make the class variables protected for ImageStyle
  • #2384853 Both configuration directories have to be specified in settings.php
  • #2349805 Rest classes should use StringTranslationTrait instead of t() function when possible
  • #2382557 Change JS settings into a separate asset type
  • #2380411 Clean-up Text module test members - ensure property definition and use of camelCase naming convention
  • #2363077 Max and min resolution not working
  • #2384545 $element['#ajax']['callback'] is broken, hence breaking e.g. inserting images in CKEditor
  • #2384689 Clean-up dblog module test members - ensure property definition and use of camelCase naming convention
  • #1074108 Profile selection form not skipped if there is only one visible profile
  • #1942178 Make User module active config save format match the default yml file
  • #2275463 Path field does not respect settings in form display
  • #2385803 Remove form_execute_handlers() from form.inc
  • #2385063 Remove drupal_process_form()
  • #2382239 InstallerKernel is undocumented and hardwires bootstrap config storage
  • #2250165 Replace fake mocks with actual OpenDialogCommand stubs in AjaxCommandsTest
  • #2335673 Remove usage of drupal_process_form()
  • Revert "Issue #2382239 InstallerKernel is undocumented and hardwires bootstrap config storage"
  • #2354705 Mark a couple of asset services as non public
  • #2318755 Block Module: Fix documentation that refers to enabling/disabling of modules
  • #2382011 Expand unit testing for Drupal\Component\Utility\UserAgent
  • #2325269 Test and fix views in test_views directories against their configuration schema
  • #2381751 Clean-up Book module test members - ensure property definition and use of camelCase naming convention
  • #2379863 Clean-up color module test members - ensure property definition and use of camelCase naming convention
  • #2345867 Remove node_row_node_view_preprocess_node() and dead code in the comment views wizard
  • #2359369 Render cache is not cleared when module is uninstalled
  • #2380377 Fix BatchStorageInterface::delete
  • #2345343 view TITLE appears all the time
  • #1938920 Convert node_search_admin theme tables to table #type
  • #2377281 followup by dawehner: Upgrade to Symfony 2.6 stable
  • #2144505 Views does not use the text format type for formatted text
  • #2357145 Views can not be saved with a numeric (grouped) filter
  • #2381909 Basic block type provided by standard is missing a body field
  • #2384165 Clean-up Contextual module test members — ensure property definition and use of camelCase naming convention
  • #2300817 Remove path_is_admin() as it is deprecated
  • #2383307 Remove weird getInfo methods from fake database classes
  • #2383727 Remove form_options_flatten() as it is deprecated
  • #2377685 Fix outdated CSS rules in Views UI
  • #2342593 Remove mixed SSL support from core
  • #2369781 Ensure twig_debug output has needed sanitization
  • #2384581 Security: Update CKEditor library to 4.4.6
  • #2384009 Remove deprecated function _update_create_fetch_task and its usage
  • #2383079 EntityDisplayBase::calculateDependencies() fatal error is unhelpful
  • #2382493 Population of default field values in entity translation is incorrect
  • #2383153 Unwanted list style position in Available updates page listing
  • #2380349 Fix one-line documentation for RouteProcessorCsrf
  • #2384163 Entity render cache is needlessly cleared when an Entity*Fom*Display is modified
  • #2368251 No border around image upload widget when creating content in Bartik
  • #2383667 pathField and pathFieldsSupplemental is not used in Views wizards
  • #2382497 The first parameter of the hook function hook_page_bottom is wrong in the documentation
  • #2379697 Fix configuration schema issues in block content (indirectly link and field test) modules
  • #2365585 FieldItemList::filterEmptyItems() renumbers deltas but does not update the Items
  • #2383633 Clean up in-line colon code style in config schemas
  • #2383277 StringLongItem should not extend StringItem
  • #2381491 Change "and" to && in CKEditorPluginManager
  • #2377281 Upgrade to Symfony 2.6 stable
  • #2378095 Convert all remaining attached individual CSS/JS assets to attached asset libraries
  • #1759090 Remove redundant CSS from theme settings form
  • #2374035 Block module spelling corrections
  • #2294503 Component Utilities unit test cleanups
  • #2382667 #post_render_callback's that result from other #post_render_calback are not processed
  • #2368275 EntityRouteEnhancer and ContentFormControllerSubscriber implicitly depend on too many services
  • #2362227 Replace all instances of current_path()
  • #2382503 Not possible to render self-contained render array while a render stack is active
  • #1938916 Convert locale theme tables to table #type
  • #2159347 Aggregation not working simple test case
  • #2099259 Missing default access for all taxonomy term fields
  • #2381973 View wizard creates 'invalid' views out of the box, missing plugin_ids, insecure permissions
  • #2342023 documentation references hook_disable and hook_modules_disabled, but they've been removed
  • #2318813 Comment module: Fix documentation that refers to enabling/disabling of modules
  • #2358037 Add search form block Twig template file
  • #2309051 Duplicate assertion text in LocaleUpdateTest
  • #2365965 Various tests still have getInfo method
  • #2355543 TokenTest Language mock is not accurate
  • #2349859 Responsive Image Mappings :: throws a fatal exception if no image style is set
  • #2348459 Fields of type 'Text (formatted)' do NOT save values
  • #2365653 CSS definition for one sidebar and 560 to 850 px not correct
  • #2381079 Adjust storage_settings schema for string_long field type
  • git commit -m 'Issue #2369035 Config entities should not always be untranslated in admin routes'
  • #2235901 Remove custom theme settings from *.info.yml
  • #2212335 Separate out NodeSearch::execute() into finding vs. processing results
  • #2358603 ViewsAjaxController results in fatal error for empty optional arguments
  • git commit -m 'Issue #2377397 Themes should use libraries, not individual stylesheets'
  • #2359453 Remove drupal_mail_system()
  • #1833932 Convert theme_system_compact_link() into a #type link
  • #2157541 Views sets access to ANY on routes - could result in information disclosure
  • #2352207 Database cache backend does not treat cid as case sensitive
  • #2381509 Fix docs for _content being _controller in routing.yml files
  • #1002164 The Book module can be uninstalled with nodes with a book node type still existing
  • #2349801 The local tab 'Blocks' should be first on the Custom block library
  • #2358529 Right-aligned images in CKEditor appear to the right of other fields
  • #2350723 State toggles for Enable alt/title and Require alt/title not functioning
  • #1224892 Duplicate code in mysql/schema.inc (createKeySql = createKeysSqlHelper)
  • #2030661 Expand Tour with methods
  • #2380573 Add @return $this to ConfigInstallerInterface::setSynching
  • #2379683 Fix configuration schema issues in contact (indirectly user and system) modules
  • #2348925 Uninstalling a filter plugin removes text formats
  • #2350327 editor.module should use the same data- attributes as entity_embed.module uses
  • #2317913 Early error handling can result in fatal error (Call to a member function get() on a non-object)
  • #2374125 Create a persistent block_content body field storage
  • #2370305 Refactor field type configuration schemas for DX, easier to find errors
  • #2316909 Revisit all built-in test/default views configuration in core
  • #2378703 Port denial of service fixes from SA-CORE-2014-006 to Drupal 8
  • #2377967 Remove bc layer for _content _controller change
  • #2346039 Add missing migrations to MigrateDrupal6Test and fix the result
  • #2030613 Expand EntityViewMode (really EntityDisplayModeBase) with methods
  • #2211241 Refactor search_reindex() into separate functions
  • #2363647 Cannot programatically update books
  • #2144413 Config translation does not support text elements with a format
  • #2349871 Vertical toolbar menu is broken in narrow viewports
  • #2371987 Use e.g. instead of i.e. in Date field hover text
  • #2341461 Remove usage of form_options_flatten()
  • #2232881 pdo used to require comment escaping - doesn'\''t on supported versions
  • #2372255 ckeditor.js variable name typo
  • #2380605 Bartik layout broken
  • #2350823 Use the Classy theme in the Testing profile
  • #2380391 Fix storage settings for TextLongItem and StringLongItem
  • #2324055 Split up the module manager into runtime information and extension information
  • #2353335 module install cannot save FTP settings
  • #2374339 FieldConfigBase::calculateDependencies() fatal error is unhelpful
  • #1663166 Clean up system admin css
  • #2377115 Replace all instances of entity_load('field_config') and entity_load_multiple('field_config') with static method calls
  • #2378055 Reorganise config schema for entity_form_display / entity_view_display
  • #1201452 Potential Vulnerability In DatabaseConnection_mysql
  • #2368019 Expand unit testing for Drupal\Core\Plugin\Context\ContextDefinition
  • #2378789 Views output cache is broken
  • #2350821 Sort views displays by display name
  • #977440 Clean-up comment links title attributes
  • #2376013 Drupal 8 installer initially fails if settings.php and services.yml are correct, but config directories are absent
  • #2372909 Comments to check '$comment->getOwner->isAnonymous()' instead of assuming anonymous is ID 0
  • #2379459 Add a test for forum action links for anon users
  • #2099341 Align view name with other fields in views admin list
  • #2027959 Remove dependency on datetime from comment
  • #1433796 Link to images styles from image field display settings
  • #2376689 IntegerItem 'size' setting should be a storage setting
  • #2371853 Add more helper methods around temporary FAPI storage
  • #2378583 Core ContextAware Plugins have inconsistent ContextDefinition return docs
  • #2377449 Seven maintenance page theming incorrect
  • #1855066 In the "menu" toolbar tray, clicking/tapping white space should show the child level
  • #2379083 Regression (again): Menu contextual links no longer visible in menu blocks, when block caching is enabled
  • #2378263 hook_library_alter() must be manually invoked by users of LibraryDiscovery, and has no test coverage
  • #2346937 Implement a Renderer service; reduces drupal_render / _theme service container calls
  • #2378699 Port session hijacking fixes from SA-CORE-2014-006 to Drupal 8
  • #2304949 Port HTTP Host header DoS fix from SA-CORE-2014-003
  • #2174589 Split up ckeditor.admin.js
  • #2378585 Multiple context requirements cannot be satisfied by a single value
  • #2374201 Docs and quote coding standard follow-up from: Incorrect logic in creating url to fetch information about project updates
  • #2378329 Update AccountProxyInterface::setAccount() documentation to point people to the account_switcher service
  • #2376899 ImageFieldTestBase::createImageField() takes a description in field settings errorneously
  • #2358993 Remove usage of drupal_mail_system()
  • #2343181 RTL issues on front page
  • #2375879 Don't filter languages in case it is not needed
  • #2375245 Remove form_set_value()
  • #2141417 Trays without headings throw a JavaScript error when the non-existent heading text is accessed
  • #2328919 Remove () from a bunch of @covers definitions in PHPUnit
  • #2376791 Move all _content routing definitions to _controller
  • #2373735 Simplify/clean up BareHtmlPageRenderer
  • #2349633 Copy book templates to Classy
  • #2318779 [Meta] Aggregator Module: Fix documentation that refers to enabling/disabling of modules
  • #2376039 Undefined property ContainerAwareEventDispatcherTest::results in run-tests.sh
  • Revert "Issue #2189345 run-tests.sh should exit with a failure code if any tests failed"
  • Revert "Issue #2376039 Undefined property ContainerAwareEventDispatcherTest::results in run-tests.sh"
  • #2339151 Conditions / context system does not allow for multiple configurable contexts, eg. language types
  • #2377393 Seven seven_preprocess_html adds unused classes
  • #2372323 Static loaders on entity types don't return a properly typed object
  • #2376581 Cleanup CommentManager::addDefaultField().
  • #2322439 Titles in a user's activity tab displays as just text and not a link
  • #2376147 Installer is missing all of the global Seven theme stylesheets
  • #2368349 Entity view and form display configuration schemas are too verbose / key ones missing
  • #1853072 Remove forum_menu_local_tasks_alter() hack and instead add links in ForumController::build
  • #2348007 Taxonomy term view needs status filter
  • #2362987 Remove hook_page_build() and hook_page_alter()
  • #2288911 Use route name instead of system path in user maintenance mode subscriber
  • #2354275 There are functions in AliasStorage that are not in AliasStorageInterface
  • #2318753 REST Module: Fix documentation that refers to enabling/disabling of modules
  • #2318789 Book Module: Fix documentation that refers to enabling/disabling of modules
  • #2318783 Ban Module: Fix documentation that refers to enabling/disabling of modules
  • #2318761 Action Module: Fix documentation that refers to enabling/disabling of modules
  • #2318807 Color Module: Fix documentation that refers to enabling/disabling of modules
  • #2345725 Query parameters are not decoded the same as the path portion of a URL
  • #2359071 Remove drupal_wrap_mail
  • #2371229 Exceptions when adding and deleting shortcut are regular messages, should be error messages
  • #2376403 Some full name space paths wrong in comments in WizardPluginBase
  • #1077578 [Followup] Convert bartiks page.tpl.php to HTML5
  • #1850164 Default state of toolbar should show menu tray in non-narrow viewports
  • #2333053 JavaScript for #type => 'machine_name' registers key presses on 'source' slowly later, when label has spaces, special or international characters in it
  • #2375107 Unable to allow multiple roles access views page
  • #2189345 run-tests.sh should exit with a failure code if any tests failed
  • #2237625 Step 4: Remove amateescu from the maintainers of menu links
  • #2374815 Update file comment on TextWithsummaryItemTest to show correct name
  • #2373549 PHPUnit test testGetDoesntHitConsistentBackend failing when run with coverage reporting
  • #2277739 Remove core/scripts/switch-psr4.sh
  • #2364555 Add @covers annotation, fix some --strict for PHPUnit
  • #2349773 Twig Double escaping on modules' available updates page
  • #1847174 Path alias validation should test for relative path, no trailing slash requirements
  • #2103247 Fixed Clicking menu links in the administration menu tray should close the admin menu tray, while in a narrow viewport where the toolbar is positioned on top of the content.
  • #2358995 Remove usage of drupal_wrap_mail().
  • #2366043 Upgrade to Symfony 2.6
  • #2374087 Fixed Create a persistent comment body field storage.
  • #2375225 Add emma.maria as Bartik maintainer.
  • #2370147 Move is_front variable to template_preprocess_page()
  • #287292 Add functionality to impersonate a user
  • #2375923 Fixed favicon missing.
  • #2303777 Fixed Allow drupal components to depend on other components outside Drupal.
  • #2321385 Fixed Creation of node body field in postSave() incompatible with default config and overrides.
  • #1885788 Fixed An AJAX HTTP error occurred during module installation via UI.
  • #2328111 Replace most instances of the DRUPAL_ROOT constant with the app.root container parameter.
  • #2370703 Fixed ER's "autocreate" feature is mostly broken (and untested).
  • #1877482 Fixed Toolbar tabs should have ID attributes based on hook_toolbar() array keys rather than sequentially numbering.
  • Revert "Issue #2232477 Fixed Fatal when adding new fields with NOT NULL constraints in a base table that contains existing entities."
  • #2352155 Remove HtmlFragment/HtmlPage.
  • #2342377 Fixed Non database agnostic expression in SQLContentEntityStorage.
  • #2364647 Fixed [sechole] Remove blacklist mode from Filter:XSS.
  • #2371141 Fixed XSS vulnerability when displaying exception backtrace.
  • #2371671 Fixed drupal_set_message repeat parameter does not work.
  • #2371725 Fixed Don't use theme negotiation all over the place.
  • #2232477 Fixed Fatal when adding new fields with NOT NULL constraints in a base table that contains existing entities.
  • #2372477 Fixed Lots of tests still enable entity.module.
  • #2031901 Remove node tokens from comment.tokens.inc.
  • #1426804 Fixed Allow field storages to be persisted when they have no fields.
  • #2371843 Add event listener to check schema on config save.

New in version 7.34 (November 20th, 2014)

  • As of this release Drupal core limits user password lengths at the API level (the maximum length is between 128 to 512 characters depending on the specific characters used in the password). Previously the default limit of 128 characters was enforced at the form validation level only.

New in version 8.0.0 Beta 3 (November 14th, 2014)

  • #2359161 Fixed Feed icons missing in views blocks and pages.
  • #2267453 Fixed Views plugins do not store additional dependencies.
  • #2236855 Use CSS for file icons in file fields.
  • Revert "Issue"
  • #2346287 Fixed Installer requirements errors escaped HTML in variables.
  • #2322509 Replace all instances of node_load(), node_load_multiple(), entity_load('node') and entity_load_multiple('node') with static method calls.
  • #2178703 Migrate D6 menu links.
  • #2361761 Remove mime_header_encode and mime_header_decode.
  • #2372201 Fixed FakeDelete is missing.
  • #2359703 Remove public visibility from pager variables on the ViewExecutable.
  • #2227401 Apply the seven style guide to the status report.
  • #2358657 Fixed Wrong @covers definitions in Drupal project.
  • #2340785 Create proper test method for determining if text has been escaped properly.
  • #2325517 Add methods for adding/removing attributes (not classes) on Attribute objects.
  • #2371875 Fixed session_manager can't be reasonably overridden.
  • #2354491 Fixed Edit new user list view throws exception on saving.
  • #2293875 Fixed Texts are not vertically aligned in Views list.
  • #2367745 Remove drupal_var_export().
  • #2371457 Replace inappropriate translatatable string in core/modules/contextual/contextual.module.
  • #2361845 Remove drupal_substr.
  • #2361727 Remove drupal_convert_to_utf8.
  • #2371759 The docblock for user_help() should read "Implements hook_help().".
  • #2371479 Replace inelegant string in core/lib/Drupal/Core/Database/Install/Tasks.php.
  • #2353013 Remove taxonomy_term_load_parents_all from taxonomy/taxonomy.module.
  • #2371841 Fixed FullPageVariant::$mainContent must always be an array.
  • #2358685 Remove edit and configure icons from misc.
  • #2278415 Fixed Bartik dropbutton styling looks bad.
  • #2371499 Fixed Misprint in State API example.
  • #920056 Fixed [comment:name] duplicates [comment:author], and the latter should use format_username().
  • #2347787 Fixed Content Type edit form always displays "Don't display post information".
  • #2368975 Fixed ElementInfoManager::buildInfo() processes info data on every request.
  • #2367579 Fixed Move retrieval of visible blocks to a standalone service.
  • #2105693 Fixed ContainerInjectionInterface docs need update.
  • #2370733 Fixed Contrib can not provide config storage.
  • #2350507 Fixed \Drupal\Core\Url has no __toString() magic method.
  • #2370801 Fixed Deleting nothing from K-V DB is broken.
  • #2347511 Add method to test if class attribute has class on Attribute object.
  • #2370005 Fixed Remove link in views ui grouped filter and rearrange fields/sorts does not work.
  • #2354597 Remove usage of form_set_value().
  • #2369733 Fixed No End of "addtogroup hooks" in search.api.php.
  • #2369933 Fixed Remove references to an exception class that doesn't exist (\Drupal\entity_reference\Exception\MissingDefaultValueException).
  • #2321701 Replace all instances of contact_form_load(), entity_load('contact_form') and entity_load_multiple('contact_form') with static method calls.
  • #2362205 Fixed admin/theme/install|update should point to admin/appearance/update|install.
  • #2215507 Fixed Downloads broken for translated private files.
  • #365615 followup by attiks, YesCT, Gábor Hojtsy, mgifford, Albert Volkman, plach, webwarrior, David_Rothstein, penyaskito, smokris | yang_yi_cn: Fixed Followups: Language detection not working correctly for most Chinese readers (and add a user interface for all browser language mappings).
  • #2369107 Update Guzzle to 5.0.3.
  • #2366877 Fixed Entity Reference field schema incorrect.
  • #2267551 followup by jfhovinne: [meta] Deal with PHP requirement vs. Debian PHP version numbering.
  • #2369639 EntityFieldTest helper methods makes debugging tests impossible .
  • #2206571 Add PHPUnit tests for Config class.
  • #2369197 Fixed Remove obsolete PIFR-specific markup after installation.
  • #2359069 Remove drupal_html_to_text().
  • #2361799 Remove drupal_strlen.
  • #2364171 Fixed Enabling and configuring content language negotiation does not work at once.
  • #2368443 Use the new FallbackPluginManagerInterface in ER's selection plugin manager.
  • #2268753 Fixed Cleanup EntityReferenceController's create() method.
  • #2361797 Remove usage of drupal_strlen().
  • #2358999 Remove usage of drupal_html_to_text().
  • #2361795 Remove decode_entities.
  • #2364343 Fixed robots.txt to allow Google access to CSS and JavaScript files.
  • #2363537 Update CMF routing to 1.3 and remove old code.
  • Revert "Issue #2369107 Update Guzzle to 5.0.3."
  • #2368739 Fixed user_page_attachments() unnecessarily adds an individual CSS file on every page.
  • #2368957 Fixed Set class on MoreLink as array instead as string.
  • #1938918 Convert menu theme tables to table #type.
  • #2368081 Fixed Remove outdated @todo in hook_user_install().
  • #2367285 Fixed Function doc typo for hook_page_attachments_alter() in theme.api.php.
  • #2368185 Fixed Content views shipped by node module have non-functional timestamp field.
  • #2361825 Remove drupal_strtolower.
  • #2069619 Remove the module handler dependency from BlockContentBlock.
  • #2364161 Replace nearly all existing _l calls.
  • #2367557 Fixed Update TestKernel to match class loader changes in Drupal Kernel.
  • #2361811 Remove drupal_strtoupper.
  • #2361837 Remove drupal_ucfirst.
  • #2361747 Remove truncate_utf8.
  • #2367835 Fixed FormBuilderTest namespace.
  • #2361823 Remove usage of drupal_strtolower().
  • #1879930 Fixed Language selectors are not showing localized to the page language.
  • Revert "Issue #2358685 Remove edit and configure icons from misc."
  • #2282673 Add a PHPunit test for not using Drupal\Core code in Drupal\Component.
  • #2361809 Remove usage of drupal_strtoupper().
  • #2361745 Remove usage of truncate_utf8().
  • #1833076 Expand translation settings when editing outdated translation so remember to uncheck "needs updating".
  • #2367661 Fixed Follow up: ThirdPartySettingsTraitInterface missing getThirdPartySettings() method.
  • #2367665 Add primary actions on the 'Field storage settings' and 'Field settings' forms.
  • #2349373 Fixed Menu label overlaps with the dropdown trigger on narrow screens on RTL.
  • #2346763 Improve views field rendering performance by caching entity display objects.
  • #2361833 Remove usage of drupal_ucfirst().
  • #2361789 Remove usage of decode_entities().
  • #2230121 Fixed Remove exit() from FormBuilder.
  • #2358685 Remove edit and configure icons from misc.
  • #2358683 Move forum icons into the forum module.
  • #2278403 Remove uses of form_execute_handlers().
  • #2366645 Drupal\Tests\Core\Controller\AjaxControllerTest has wrong @covers.
  • #2329783 Move comment classes from preprocess to templates.
  • #2363643 Fixed Nodes with format 0 are skipped.
  • #2305869 Search migration - search logging (new setting).
  • #2355977 Fixed Code references RelationLinkManagerInterface::getRelationInternalIds but no such method.
  • #2318341 Views mini pager markup.
  • #2135101 Fixed Expand test coverage on configuration translation tabs.
  • #2271419 Fixed Allow field types, widgets, formatters to specify config dependencies.
  • #2299215 Fixed 'extra' join conditions leaking arguments.
  • #2355187 Remove form_get_cache().
  • #2307853 Move file-related hooks to new file.api.php file
  • #2366589 Move form-related hooks to form.api.php
  • #2361615 Fixed Field type config schemas are not in the base schema.
  • #2366583 Move hooks from system.api.php to new module.api.php file
  • #1953770 Move the field-specific settings form elements at the top of the form.
  • #2365705 Add end addtogroup hooks to entity.api.php
  • #2351411 Fixed [perf] Shortcut reruns routing.
  • #2356297 Fixed Double escaping in views ui grouped filters.
  • #2364173 Fixed Remove dead code for session-test/set-not-started.
  • #2365897 Fixed Move taxonomy-term.html.twig to templates folder in Classy.
  • #2365891 Fixed Incorrect schema label.
  • Revert "Issue #2208811 Fixed Views with arguments stopped working on front-end."
  • #2340123 followup by Mile23: Setting cache tags can be tricky: use strings instead of nested arrays to improve DX.
  • #2312385 Fixed Move schemas for migrate_drupal sources to migrate_drupal module.
  • #2302253 Fixed User profile "selection" type field type does not migrate from D6 if any of the available options contain a dot.
  • #2052751 Fixed WidgetFactory is not used anywhere so it should be removed.
  • #2030645 Fixed Expand Menu with methods.
  • #2276203 Fixed CSS Aggregation breaks URLs with Query String.
  • #2261465 Fixed Missing visibility keywords on DrupalKernelTest.
  • #2349765 Copy taxonomy templates to Classy.
  • #197641 followup by herom, good_man, yhager: Fixed Drag and drop is not RTL aware.
  • #2208811 Fixed Views with arguments stopped working on front-end.
  • #2361599 Fixed menu_ui css file is not loaded.
  • #2357925 Fixed Duplicate view copies the old view name and ignores the new one.
  • #184010 followup by stefank, seanr: Add #anchors to modules administration page.
  • #2315849 Update status does not have tests with (semantic) Drupal 8 versions.
  • #2364127 Merge AjaxResponseRenderer into AjaxController.
  • #2360683 Fix docs for WebTestBase::loggedInUser member variable
  • #2307859 Move theme-render hooks from system.api.php to theme.api.php
  • #2363025 Push usage of drupal_set_page_content() higher: out of blocks and page display variants.
  • #2364337 Fixed $typedConfigManager dinamically defined in FieldConfigEntityUnitTest.
  • #2039709 Fixed Forward slash in filter aliases in url alias overview doesn't work.
  • #2363741 Upgrade Twig to 1.16.* from 1.15.*.
  • #2359879 Fixed Session negotiation settings cannot actually be changed on the UI.
  • #2221577 Fix assumption that field settings is not a nested array.
  • #2363139 _content controllers may only return render arrays, not strings.
  • #2349675 Copy file templates to Classy.
  • #2355239 Let AggregatorItemViewsData and AggregatorFeedViewsData use EntityViewsData.
  • #2349727 Copy rdf templates to Classy.
  • #2349731 Copy search templates to Classy.
  • #2349771 Copy user templates to Classy.
  • #2349615 Copy aggregator templates to Classy.
  • #2362517 Improve default 403/404 exception HTML subscriber: don't duplicate the page render pipeline, use the routing system — add system.403 and system.404 routes.
  • #2363589 Fixed Wrong Contains specification in \Drupal\contact\MessageInterface.
  • #2353667 D6->D8 Migration missing variable: forum_nav_vocabulary.
  • #2353699 D6->D8 Migration missing variable: default_nodes_main.
  • #2324371 Fix common HTML escaped render #key values due to Twig autoescape.
  • #2351589 Fixed Exception when a source has no destId.
  • #1948418 Fixed Address SA-CONTRIB-2013-035 for views in D8.
  • #2361711 Remove usage of drupal_convert_to_utf8().
  • #2361757 Remove usage of mime_header_encode().
  • #2350583 Replace extend of deprecated DrupalUnitTestBase with KernelTestBase in Filter.
  • #2360069 Fixed Add missing RTL rules to Seven tabs.css.
  • #2361843 Remove usage of drupal_substr().
  • #2239003 Remove the '_http_statuscode' request attribute.
  • Revert "git commit -m Issue"
  • #2343715 Fixed RTL issues in shortcut module.
  • #2183075 Tidy up css.gzip and js.gzip configuration.
  • #2361681 drupal_render(): invert second argument ($is_recursive_call -> $is_root_call) => more strict, better DX/TX.
  • #2294571 Redirect anonymous users to login page from an exception listener instead of in MaintenanceModeSubscriber and restrict access to the my-account link to authenticated users.
  • #2357937 Remove {{ feed_icons }} from page template (page.html.twig).
  • #2220905 Fixed Misaligned messages status.
  • #2359931 Ensure that empty title support does not break.
  • #2227731 Fixed Normalize configuration data during config writes.
  • #2362519 Fixed Remove dead code from contact.install.
  • #2282519 Fixed Add content dependency information to configuration entities.
  • git commit -m Issue
  • #1956698 Prevent access to YAML files using .htaccess and web.config.
  • #2349651 Fixed Default contact form does not send email as email recipient is not set during the installation.
  • #2361383 Fixed Drupal modal dialog should use ui-front class.
  • #2316561 Type hint hooks with interface: ConfigurableLanguageInterface instead of LanguageEntity/ConfigurableLanguage.
  • #1186582 Fixed rollback and and pushTransaction is not consistent.
  • #2359607 Fixed Minor problems on Theme topic .
  • #2359449 Fixed TypedData calls onChange() parent's method that is not part of the interface.
  • #2361415 Fixed locale_translation_clear_cache_projects() does not work.
  • #2278583 Fixed field_has_data looks at current data instead of revisioning data: this can lead to data loss.
  • #2362123 Drupal_page_header() and drupal_send_headers() are dead code: already deprecated, zero uses remain: remove.
  • #1419298 Remove all trailing whitespace from Drupal core files.
  • #2361693 Fixed AjaxEnhancer is dead code, remove it.
  • #2360841 Fixed Overriding the translation path in the installer does not work.
  • #2349829 Fixed #2293589 breaks table row buttons.
  • #2360241 Fixed MenuLinkManager uses PluginNotFoundException incorrectly.
  • #2288793 Add missing and fix some types in core docblocks and add some typehinting for locale module.
  • #2224581 Delete forum data on uninstall.
  • #2326875 Convert file_element_info() to Element classes.
  • #2353695 D6->D8 Migration missing variable: feed_item_length.
  • #2348793 Fixed I can not uninstall Classy theme .
  • #1813488 Add descriptions to clarify "administer users" and "administer user settings" permissions.
  • #2065485 Document that PluginFormInterface should use #process to solve nesting issues.
  • #2329763 Move links classes from preprocess to templates.
  • #2329767 Move table classes from preprocess to templates.
  • #2358333 Fixed ConfigManager should use interface for translation manager type hint.
  • #2359005 Fixed LocalTaskManagerTest only works because we mock a non existing method.
  • #2226533 Changes to the Language class due to the LanguageInterface (followup).
  • #1825466 [docs follow-up, then backport to D7] Allow NestedArray::mergeDeepArray() to preserve integer keys.
  • #2351847 Fixed Rename getCacheTag() to getCacheTags().
  • #1856262 Raise MySQL requirement to 5.1.21 to support caching of prepared statements.
  • #2267551 follow-up by jfhovinne: [meta] Deal with PHP requirement vs. Debian PHP version numbering.
  • #1623574 Fixed Remove trailing space from form element labels and field labels (HTML nbsp).
  • #2359561 Make #attached more prevalent in render api docs.
  • #1971208 Replace "utilize" with a proper verb.
  • #2359035 Add info to Routing topic about magic placeholder transformation to parameters in method
  • #2356609 Remove support for "reference a specific revision".
  • #2353691 D6->D8 Migration missing variable: page_compression.
  • #2356183 Use array of type X in views.
  • #2332935 followup by plach: Allow code to respond to entity/field schema changes.
  • #2353683 D6->D8 Migration missing variable: allow_insecure_uploads.
  • #2353711 D6->D8 Migration missing variable: update_check_frequency.
  • #2358147 Fixed Code improvement in install.
  • #2329919 Move views_ui classes from preprocess to templates.
  • #2215345 Fixed docs for MenuLinkTreeInterface unclear.
  • #2357185 Remove unnecessary setup in NodeCacheTagsTest.
  • #2332935 Allow code to respond to entity/field schema changes.
  • #2246647 Rename PluginBag to LazyPluginCollection.
  • #2358911 Fix docs for ViewsArgumentValidator annotation class
  • #2349851 Remove uses of the deprecated drupalGetSettings.
  • #2341341 Change public 'name' property access on languages to getName() and add back setName().
  • #2350949 Add hook_page_attachments(_alter)() and deprecate hook_page_build/alter().
  • #2351777 Do not depend on event subscribers for security: Replace AccessRouteSubscriber with build-in checks.
  • #2348365 Update to Guzzle 5.
  • #2357311 Fixed Follow-up to SA-CORE-2014-005 (tests don't work correctly on non-MySQL databases).

New in version 7.33 (November 8th, 2014)

  • Major changes since 7.32:
  • Added an entity_view_mode_prepare() API function to allow entity-defining modules to properly invoke hook_entity_view_mode_alter(), and used it throughout Drupal core to fix bugs with the invocation of that hook (API change: https://www.drupal.org/node/2369141).
  • Added a "theme_hook_original" variable to templates and theme functions and an optional sitewide theme debug mode, to provide contextual information in the page's HTML to theme developers. The theme debug mode is based on the one used with Twig in Drupal 8 and can be accessed by setting the "theme_debug" variable to TRUE (API addition).
  • Began storing the file modification time of each module and theme in the {system} database table so that contributed modules can use it to identify recently changed modules and themes (minor data structure change to the return value of system_get_info() and other related functions).
  • Added a "Did you mean?" feature to the run-tests.sh script for running automated tests from the command line, to help developers who are attempting to run a particular test class or group.
  • Changed the date format used in various HTTP headers output by Drupal core from RFC 1123 format to RFC 7231 format.
  • Added a "block_cache_bypass_node_grants" variable to allow sites which have node access modules enabled to use the block cache if desired (API addition).
  • Made image derivative generation HTTP requests return a 404 error (rather than a 500 error) when the source image does not exist.
  • Fixed a bug which caused user pictures to be removed from the user object after saving, and resulted in data loss if the user account was subsequently re-saved.
  • Fixed a bug in which field_has_data() did not return TRUE for fields that only had data in older entity revisions, leading to loss of the field's data when the field configuration was edited.
  • Fixed a bug which caused the Ajax progress throbber to appear misaligned in many situatons (minor styling change).
  • Prevented the Bartik theme from lower-casing the "Permalink" link on comments, for improved multilingual support (minor UI change).
  • Added a "preferred_menu_links" tag to the database query that is used by menu_link_get_preferred() to find the preferred menu link for a given path, to make it easier to alter.
  • Increased the maximum allowed length of block titles to 255 characters (database schema change to the {block} table).
  • Removed the Field module's field_modules_uninstalled() function, since it did not do anything when it was invoked.
  • Security improvement: Made the database API's orderBy() method sanitize the sort direction ("ASC" or "DESC") for queries built with db_select(), so that calling code does not have to.
  • Changed the RDF module to consistently output RDF metadata for nodes and comments near where the node is rendered in the HTML (minor markup and data structure change).
  • Added an HTML class to RDFa metatags throughout Drupal to prevent them from accidentally affecting the site appearance (minor markup change).
  • Fixed a bug in the Unicode requirements check which prevented installing Drupal on PHP 5.6.
  • Fixed a bug which caused drupal_get_bootstrap_phase() to abort the bootstrap when called early in the page request.
  • Renamed the "Search result" view mode to "Search result highlighting input" to better reflect how it is used (UI change).
  • Improved database queries generated by EntityFieldQuery in the case where delta or language condition groups are used, to reduce the number of INNER JOINs (this is a minor data structure change affecting code which implements hook_query_alter() on these queries).
  • Removed special-case behavior for file uploads which allowed user #1 to bypass maximum file size and user quota limits.
  • All changes since 7.32:
  • #2282541 by David_Rothstein, nod_: Followup to restore previous behavior in which the "Hide summary" click handler in text.js returned FALSE.
  • #2307505 by Cottser, David_Rothstein, Fabianx: Followup to ensure all theme debug output is properly sanitized.
  • #2305291 by scor: Fixed Poll title should have same length as regular content type (255).
  • #1355526 by cafuego, jenlampton: Added a way to determine the date a module was added so the modules page can use it for sort.
  • #892344 by amitgoyal, tstoeckler, hussainweb, pcambra, LaurentAjdnik: Fixed Wrong schema description for {cache_field}.
  • #2282541 by Mark Carver | gge: Fixed Hide summary in text.js not working in jQuery 1.9+.
  • #2147321 by manfer: Fixed Unnecessary space in session-active class.
  • #393538 followup by David_Rothstein: Fixed code style error in check_plain() documentation.
  • #2310415 by cilefen, ednawig, TravisCarden: Fixed run-tests.sh does not handle the error when invalid test groups/classes are specified.
  • #393538 by Liam Morland, valthebald, dmitrig01, David_Rothstein: Document that check_plain() can issue PHP messages on invalid UTF-8 input.
  • #1338966 by geerlingguy, loganfsmyth, lokapujya: Fixed Introduce _rdf_mapping_load_multiple to reduce queries.
  • #1069152 by droplet, alexandrezia, Mixologic, jhedstrom, David_Rothstein | ogi: Fixed Throbber in textfield is misaligned when browser hardware acceleration enabled (followup for Bartik RTL styling).
  • #863594 by David_Rothstein, smussbach, mbrett5062: Fixed Strange first paragraph in the installer database error message.
  • #1918820 by neclimdul, typhonius, girishmuraly, pwolanin | 0x534B41: Fixed HTTP header date formats to follow RFC 7231 rather than RFC 1123.
  • #1930960 by pounard, iamEAP, pjcdawkins, msonnabaum, David_Rothstein: Fixed Block caching disable hardcoded on sites with hook_node_grant() causes serious performance troubles when not necessary.
  • #779374 by helmo, joshi.rohit100, meba, sun | coltrane: Fixed XSS via text format names.
  • #927138 by manarth, handrus, rasmusluckow, douggreen, .John, Taz, David_Rothstein, droplet, webchick, marcingy: Fail image generation with 404 instead of 500, when source file is missing.
  • #1433288 by haggins, fago, David_Rothstein, marcin.wosinek: Fixed Integrity constraint violation when saving a user account after creation.
  • #935592 by pillarsdotnet, lokapujya, David_Rothstein, John Franklin, amitgoyal, joshi.rohit100, sivaji, mgifford, peximo, wodenx, Romlam, Owen Barton, alpritt, beejeebus | macgirvin: Fixed User picture is deleted after calls to user_save().
  • #2356055 by bdlangton: Fixed Notice in includes/mail.inc define.
  • #2278583 by nlisgo, Berdir, joshi.rohit100 | Fabianx: Fixed field_has_data looks at current data instead of revisioning data: this can lead to data loss.
  • #1443070 by CrashTest_, bluegriff | Dave Reid: Added support for popular e-book formats, Google web formats, mkv and mka in file_default_mimetype_mapping().
  • #1231710 by cs_shadow, Hydra, dcam, kathyh, klausi, mlncn: Fixed Field exceptions should return the name of the field that has exceptions.
  • #2142441 by Garrett Albright: Fixed CSS aggregator prepends data: URLs with paths.
  • #2193149 by mikeytown2: Fixed Deadlocks occur in cache_field table.
  • #2112247 by sihv, mitsuroseba, dgroene, aalamaki, Dennis Walgaard, mErilainen: Fixed Valid file extensions in file names are not properly enforced when uploading files with non-lowercase names.
  • #2357311 by penyaskito: Fixed Follow-up to SA-CORE-2014-005 (tests don't work correctly on non-MySQL databases).
  • #1069152 by droplet, alexandrezia, Mixologic, jhedstrom | ogi: Fixed Throbber in textfield is often misaligned.
  • #1913958 by hass, YesCT: Fixed Bartik theme shouldn't change capitalization of translatable strings with CSS.
  • #1071818 by JeremyFrench, nod_, Cottser, gielfeldt, xjm, anthbel, reglogge, NROTC_Webmaster, kristofferwiklund, lliss, sun | sepgil: Fixed Lazy-loading CSS fails in IE.
  • #1823906 by joshi.rohit100, amitgoyal, rahulbile | gargsuchi: Fixed Incorrect error message when poll is submitted with no option selected.
  • #2324821 by rpayanm, er.pushpinderrana | Elijah Lynn: Remove reference to nonexistent theme_poll_bar() function in template_preprocess_poll_bar() documentation.
  • #1640404 by er.pushpinderrana, dcam, amit.drupal, hass | versvs: Fixed Use format_username() in node_feed().
  • #849624 by brad.bulger, dcam, Alan Evans, oriol_e9g, Stevel | tsvenson: Fixed wrong permission for admin/structure/menu/parents.
  • #1195358 by Liam Morland, droplet: Fixed Multiple "Edit/Hide summary" links appear.
  • #1824820 by crevillo, muriqui, a.milkovsky, Phizes: Fixed String offset cast notice in field_invoke_method_multiple().
  • #1854134 by EtienneRd, jeffam | dolu: Added a query tag to the query in menu_link_get_preferred() to allow modules to alter the query.
  • #1221772 by pounard, colan, jcisio | sivaji: Fixed Transaction database settings is misleading in settings.php.
  • #908822 by jmking, asimmonds | salvis: Fixed Dashboard discards elements.
  • #2058761 by kirby14, thedavidmeister: PHP notice when #attributes is not set with #theme_wrappers 'container'.
  • #466576 by gagarine, jackbravo, tim.plunkett, sheise, Rob C, jamesm6162 | daemon: Increased the maximum allowed length of block titles to 255 characters.
  • #366152 by Mile23, bjaspan: Removed the Field module's field_modules_uninstalled() function, since it did not do anything when it was invoked.
  • #1775488 by mgifford, vijaycs85, amateescu | chx: Fixed drupal_cron_cleanup is not converted to lock.
  • #1679570 by mgifford, lucascaro, sun: Fixed TestBase does not always use the correct database connection for handling assertions.
  • #1099732 by joshi.rohit100, droplet | Chi: Fixed Incorrect encoding for error pages in image_style_deliver().
  • #2228825 by donquixote | pingwin4eg: Fixed drupal_get_filename() does not search the filesystem when the file isn't yet listed in the {system} table in the database.
  • #1891728 by gielfeldt: Fixed Database schema methods like getComment() and findTables() always query the "default" target on MySQL.
  • #780304 by dcam, naxoc, Crell | zyxware: Fixed HTML encoding of em wrappers for database table names while showing schema errors.
  • #1120440 by er.pushpinderrana | skwashd: Fixed user.api.php hook summary lines should be more consistent with other entity hooks.
  • #2231693 by helmo, amitgoyal, joshi.rohit100, LinL, iS: Update Powered by Drupal link.
  • #1452896 by Mile23, marthinal, Freso, kid_icarus, joshi.rohit100, alexpott, tim.plunkett, jhodgdon: Fixed PHP notice in clickLink if link does not exist.
  • #205969 by Mile23, oadaeh, twistor, ssm2017 Binder, barraponto, superspring: Fixed drupal_http_request() assumes presence of Reason-Phrase in response Status-Line.
  • #1790612 by carwin, Eric_A, mgifford: Fixed Sanitize the trim_length variable before printing it.
  • #2224917 by m1r1k, Steven Jones, drumm: Fixed Tracker page doesn't order results properly.
  • #28175 by dcam, bleen18 | bertboerland: Fixed Ordering by 'Visitor' in access log pages does not sort IP addresses.
  • #1988456 by gaurav.goyal, eltermann, pvmchau: Non-standard indentation on user_register_form().
  • #2307505 by Cottser, Fabianx: Port twig_debug output to Drupal 7.
  • #1968348 by znerol, David_Rothstein, peximo, DuaelFr: Fixed hook_field_formatter_prepare_view does not make use of hook_entity_view_mode_alter causing major errors.
  • #1936942 by jweowu: Fixed translation_node_insert() updates the node table directly without also flushing the entity load cache.
  • #208611 by p.brouwers, mgifford, tstoeckler, DougKress, Jody Lynn, ksenzee | walkah: Made the Ajax system use drupal_array_merge_deep_array() to stop JavaScript settings from being added twice.
  • #1183708 by Liam Morland | onair1: Fixed Notice: Undefined index: favicon_path in system_theme_settings_validate().
  • #1182374 by lyricnz, xendil, sivaji, brianV: Code style fixes for includes/filetransfer.
  • #2291081 by pounard: forum_node_view attempt an unnecessary vocabulary_load() under certain circumstances.
  • #829464 by Berdir, klausi, sepgil | Heine: Fixed orderby() should verify that the sort direction is always ASC or DESC.
  • #2130673 by lokapujya, cwells | scor: Place number of comments metadata inside node template.
  • #1323830 by cwells, scor, mgifford, er.pushpinderrana, kay_v: Place title RDFa metadata inside entity HTML element.
  • #2301955 by er.pushpinderrana, lokapujya | scor: Ensure RDFa metadata tags are hidden.
  • #2332295 by sanduhrs, klausi, er.pushpinderrana, Berdir | jfha73: Fixed Unicode requirements check not working with PHP 5.6.
  • #667098 by catch, chx, plach, Fabianx: Fixed a bug which caused drupal_get_bootstrap_phase() to abort the bootstrap when called early in the page request.
  • #2329189 by nlisgo, joachim, Mirroar, opdavies: Fix up docs and example code for hook_field_attach_validate()
  • #2283675 by er.pushpinderrana, amitgoyal, mparker17, joachim, mmarquez: Document how optgroups are generated in form_select_options()
  • #2340675 by er.pushpinderrana, David Hernández: Clarify first, unused argument docs in update_calculate_project_update_status()
  • #2314181 by roderik, er.pushpinderrana, hefox: Fix docs for drupal_static
  • #2334689 by er.pushpinderrana, joachim: Document character limit on lock_aquire() for lock name
  • #1166114 by jhodgdon, tomogden, Rajendar Reddy, larowlan, swentel, splatio, erics14, MF82 | RobLoach: Renamed the "Search result" view mode to "Search result highlighting input" to better reflect how it is used.
  • #2277281 by dobe, amitgoyal, michaelfavia, er.pushpinderrana, dcam | drumm: Increase the maximum number of characters on the file field allowed extensions setting from 128 to 256.
  • #1859084 by Jorrit, David_Rothstein, attiks: Improved database queries generated by EntityFieldQuery in the case where delta or language condition groups are used, to reduce the number of INNER JOINs.
  • #1890980 by amitgoyal, robinvdvleuten: Fixed Unnecessary extra output variable in theme_links.
  • #1468210 by marthinal, quicksketch, tstoeckler, Devin Carlson, David_Rothstein, Eric_A: Fixed Remove special $user->uid == 1 check in file_validate_size().
  • #993186 by joshi.rohit100, moshe weitzman | webchick: Node access rebuilds should go newest to oldest (fix for direct node access rebuilds only, not rebuilds done via a batch).
  • #2324083 by er.pushpinderrana, martin_q: Fix up description of return value from drupal_array_get_nested_value()
  • #2318981 by grisendo: Make hook_node_grants and hook_node_access_records sample function bodies consistent
  • #2309687 by eriksm: Fix typo in docs for verbose test class method
  • #2309549 by Bevan, er.pushpinderrana: Fix incorrect documentation of node-type-specific hooks
  • #1261846 by catch, dawehner, brianV, Berdir, sun, xjm, sandipmkhairnar, marvil07, chrisjlee, Cottser, amitgoyal, Elijah Lynn, er.pushpinderrana: Document 1 MB cache limit in cache functions

New in version 8.0.0 Beta 2 (October 17th, 2014)

  • #2357249 Fixed SA-CORE-2014-005 (SQL injection).
  • #2356845 Remove the assetic library.
  • #569362 Document attributes template variables
  • #2356509 Fixed Remove extra param doc from QueueDatabaseFactory.
  • #2238981 Change controllers to receive route parameters in their signature rather than via $request->attributes.
  • #2304969 Fixed Port private files access bypass from SA-CORE-2014-003.
  • #1003788 Fixed PostgreSQL: PDOException:Invalid text representation when attempting to load an entity with a string or non-scalar ID.
  • #2234331 Fixed Change the body classes to follow Drupal 8 CSS standards.
  • #2234277 Composer update (includes security fixes).
  • #2063373 Fixed Cannot save image created from scratch.
  • #2323939 Fixed Views user language field/filter is for original language code, no translation language field/filter.
  • #2355573 Use English or in some LanguageInterface copy and paste docs.
  • #2340701 Use array_diff_key() more in core.
  • #2354657 Separate access manager from loading checks.
  • #2355001 Remove form.inc form_builder().
  • #2267545 Standardize to RFC 5424 log levels.
  • #2028109 Convert hook_stream_wrappers() to tagged services.
  • #2205527 lintrandall777@gmail.com">clintrandall777@gmail.com: Fixed Move configuration import lock to lock.persistent service since a lock can not exist beyond a single request.
  • #2232425 Fixed Database Schema field/column default value is not properly quoted via PDO::quote().
  • #2346129 Introduce a TraversableTypedDataInterface and use that for typehinting instead of ArrayElement.
  • #2267545 Standardize to RFC 5424 log levels.
  • #2296115 Fixed Several entity loadRevision() methods do not obey the interface contract.
  • #2352857 Fixed Improve the display of trigger icon (pencil).
  • #2152521 Fixed User login page looks cramped on mobile.
  • #2355179 Remove usage of form_get_cache() and form_set_cache().
  • #2353729 D6->D8 Migration missing variable: user_mail_status_blocked_notify.
  • #2349637 Remove border from region header in Bartik.
  • #2346931 Fixed Dropbutton AJAX throbber looks awful.
  • #2355545 UserInstallTest testUserInstall() custom assert message not more helpful than the default.
  • #2355523 Fixed InstallerTestBase tests should not require sqlite to be installed.
  • #2333747 Fixed run-tests.sh ignores phpunit tests when using the --module flag.
  • #2235363 Document config dependencies.
  • #2353347 follow-up by dawehner, alexpott: Fixed Random failure in DisplayPathTest.
  • #2354107 Fixed field_ui_help() should check for the existence of modules before linking to their routes.
  • #2350437 Mark unicode.inc functions as deprecated.
  • #2302799 Fixed InstallerTestBase tests can not be run locally.
  • #2354301 Fixed Composer require.php : invalid version constraint.
  • #2354699 Fixed Watchdog entries caused by toolbar module.
  • #2340667 Protect Drupal\Core\Language\Language::id, and use getId().
  • #2354177 Shortcut::getRouteParams() should be named getRouteParameters() for consistency.
  • #2352385 Standardize book & forum entity route names.
  • #2353823 D6->D8 Migration missing variable: cache.
  • #1434670 Add test for verticle_tabs default.
  • #2350941 Simplify $language max weight code using max().
  • #2349605 Fixed EntityReferenceItem is fragile about entity save order.
  • #2226323 Fixed CompositeFormElementTrait causes identical HTML ids for element and its wrapper.
  • #2342551 Implement ThirdPartySettingsInterface in contact module for contact form config entity.
  • #2349263 Fixed Add support for semantic version numbers in installer.
  • #2354005 Fix sample function body for hook_field_formatter_info_alter()
  • #2072043 Add link to examples project in README.txt
  • #2242749 Fixed Port Form API security fix SA-CORE-2014-002 to Drupal 8.
  • #2352641 Break router.builder dependency.
  • #998898 follow-up by kpv: Fix grammar/spelling/spacing in code comment.
  • #2310093 Fixed Config install and import should map from storage record not set properties directly.
  • #2348783 Fixed drupal_set_message inherits previous style if set to 'status'.
  • #2352361 MigrateFieldTest @file docblock is wrong.
  • #2346027 Fixed Unpublished content background overlaps tabs.
  • #998898 Fixed Make sure that the identifiers are not more the 63 characters on PostgreSQL.
  • Revert "Issue #2352857 Fixed Improve the display of trigger icon (pencil)."
  • #2298821 Move generic layout styling into system.admin.css.
  • #2330899 Allow image effects to change the MIME type + extension, add a convert image effect.
  • #1972300 Write a more scalable dispatcher.
  • #2341385 Fixed No alter hooks are invoked for views handler plugin definitions.
  • #2350877 Deprecate/rename drupal_add_feed(), drupal_add_html_head(), drupal_add_html_head_link(), drupal_add_http_header(), and allow to be set declaratively in #attached.
  • #2331113 Fixed Node access rebuilds are completely broken when being rebuilt through a batch process?.
  • #2350997 Fixed Help module install error when Taxonomy is disabled because of Field UI.
  • #2353347 Fixed Random failure in DisplayPathTest.
  • #2246675 Remove all unnecessary 'template' lines in hook_theme() declarations.
  • #2352857 Fixed Improve the display of trigger icon (pencil).
  • #2353005 Remove deprecated function views_get_enabled_display_extenders.
  • #2353393 Use LanguageInterface::DIRECTION_LTR instead of 'ltr' directly.
  • #1802128 Fixed Replace "user name" with "username" in UI text.
  • #2350571 Replace extend of deprecated DrupalUnitTestBase with KernelTestBase in Field.
  • #2313883 Fixed Minor code flow improvements to SessionHandler::write().
  • #2353011 Remove deprecated function views_get_all_views.
  • #2320277 Fixed Views comment language field/filter is for original language code, no translation language field/filter.
  • #2184907 Remove uses of drupal_add_http_header and related functions.
  • #2070737 Change values of LanguageInterface::DIRECTION_(LTR/RTL) to ('ltr'/'rtl').
  • #2273825 Fixed UserStorageInterface should extend EntityStorageInterface.
  • #1849822 Convert (HTML) view rendering to a render array.
  • #2352073 Fixed Undefined property in UrlCacheContext.
  • #2293899 Fixed hook_views_preview_info passes an instance of ViewsUI instead of ViewExecutable.
  • #2158571 Fixed Followup: Routes added in RouteSubscribers cannot be altered.
  • #2336199 Added Allow to specify the database target for a specific migration.
  • #2348547 Fixed CommentViewBuilder should use static where possible, subclassing is currently too painful.
  • #2342683 Fixed NodeViewBuilder should use static where possible, subclassing is currently too painful.
  • #2319667 Fixed Simpletest Module Double escaped HTML in hook_requirements.
  • #74562 Added Show keywords in title of search results page.
  • Revert "Issue #2349651 Fixed Default contact form does not send email as email recipient is not set during the installation."
  • #2349651 Fixed Default contact form does not send email as email recipient is not set during the installation.
  • #2322037 Replace all instances of responsive_image_mapping_load(), entity_load('responsive_image_mapping') and entity_load_multiple('responsive_image_mapping') with static method calls.
  • #2347465 Convert all instances of #type link/links to convert to use routes.
  • #2322067 Replace all instances of taxonomy_term_load(), entity_load('taxonomy_term') and entity_load_multiple('taxonomy_term') with static method calls.
  • #2150443 Do not tell site builders what to name their node types.
  • #2352387 Fixed Broken URL links in Core.
  • #2318377 Determine whether a view is cacheable and its required contexts, store this i/t config entity.
  • #2346369 Support special '#attached' variable for attaching assets in preprocess functions.
  • #2028053 Add typographic styles, components, and utility classes.
  • #2350301 Replace extend of deprecated DrupalUnitTestBase with KernelTestBase in Contextual.
  • #2226207 Make 'template' the default output option for hook_theme().
  • #2329901 Move form classes from preprocess to templates.
  • #2343677 Fixed Stack middleware suffers from incomplete service construction.
  • Revert "Issue #2343677 Fixed Stack middleware suffers from incomplete service construction."
  • #2346791 Remove id selectors from page template of Seven .
  • #1874528 Remove "disable JS for Views UI" checkbox.
  • #1946240 Remove the hardcoded 0 index in status-messages.html.twig.
  • #2343677 Fixed Stack middleware suffers from incomplete service construction.
  • #2350915 Don't require bundle option to be passed in when creating a MenuLinkContent entity.
  • #2337379 Rename 'branding' to 'content-header'.
  • #2267551 PHP 5.4.5 needed to avoid zend failure when using autoloaded traits.
  • #2350835 Mark EntityInterface::getSystemPath() as deprecated.
  • #2346315 Fixed Translated entity references not rendered in the entity display language.
  • #2270251 Unwanted box around CKEditor, i.e. our CSS overrides no longer work (presumably since CKEditor 4.4 upgrade).
  • #2349789 Fixed Responsive Image Mappings are not listed with sqlite.
  • #2345879 Added Enhance ThirdPartySettingsTrait with a get-all-settings method.
  • #1922966 Remove 'bool' and 'translatable' key from option definitions.
  • #2337825 Update comment references to the interface for ConfigurableLanguage class due to the ConfigurableLanguageInterface (followup).
  • #2249995 Clean up hover/focus - In Seven.
  • #2225349 Responsive styles for Modal dialog.
  • #2350461 Fixed issues with UpdateComplexTest in PostgreSQL driver.
  • #2347711 Fixed FieldItemlListInterface::processDefaultValue($default_value) is expected to massage polymorphic data.
  • #2350999 Fix typo in CommentTitleTest
  • #2349365 Fix typos in core.api.php
  • #2175637 Touch support for the toolbar: greatly improves the UX of Toolbar on mobile devices.
  • #2350505 Fixed Remove stray 'new' class on comments.
  • #2347111 StackKernelIntegrationTest is not testing a successful request.
  • #2349879 Fixed Remove unnecessary call to serializer > normalize in XmlEncoder::encode.
  • #2229435 Clean up the way attributes are printed in field.html.twig.
  • #2350499 Fixed Double message after content translations saved.
  • #2304403 Convert language:weight into a protected property.
  • #2248297 Fixed Ensure routes are rebuilt when install modules.
  • Revert "Issue #1842140 Remove title and wrapper div from theme_item_list."
  • #2350981 Remove Mark Carver from MAINTAINERS.txt.
  • #2230091 Fixed Route rebuilding is not guaranteed to finish in time for the next request.
  • #2300131 Fixed EntityResolverManager instantiates objects unnecessarily.
  • #2350917 Update Symfony YAML library to support whole number floats.
  • #2350779 Update Migrate maintainers in MAINTAINERS.txt.
  • #2201789 Don't print '_theme()' in twig_debug output.
  • #2294313 Email is asked before user name in SiteConfigureForm.
  • Revert "Issue #2267551 PHP 5.4.5 needed to avoid zend failure when using autoloaded traits."
  • #2123867 Simplify/cleanup language handling in EntityFormController.
  • #2215543 Replace strong tag with CSS in template_preprocess_authorize_report and remove id..
  • #2329851 Move miscellaneous system classes from preprocess to templates.
  • #2308549 Added Document accessibility features in Image.
  • #2241727 Remove button name override and update tests for that rename of Save to Save configuration in .
  • #2342633 Fixed CKEditor context menu broken due to an error in the drupalimage plugin.
  • #2350315 Replace extend of deprecated DrupalUnitTestBase with KernelTestBase in Editor.
  • #2350289 Replace extend of deprecated DrupalUnitTestBase with KernelTestBase in CKEditor.
  • #2350065 Fixed \t in element IDs for CKEditor config UI.
  • #2345969 Fixed Keep English during installation.
  • #2346001 Fixed Menu link title not prepopulated from node title, and menu isn't created.
  • #2302021 Move options.module widgets in Core.
  • #2346101 Fixed Alternate text should be called Alternative text.
  • #2292035 Fixed CKEditor uses the automatically generated ID attribute for the body field in the ARIA label.
  • #2324791 Remove watchdog().
  • #2195957 Fixed Only install profile configuration when installing that profile, not when enabling associated modules.
  • Revert "Issue #2195957 Fixed Only install profile configuration when installing that profile, not when enabling associated modules."
  • #2195957 Fixed Only install profile configuration when installing that profile, not when enabling associated modules.
  • #2350297 Replace extend of deprecated DrupalUnitTestBase with KernelTestBase in Contact.
  • #2346515 Fix contextual links on new primary links/secondary links blocks.
  • #1842140 Remove title and wrapper div from theme_item_list.
  • #2347533 Added Display module machine names on the extend page.
  • #2091379 Update hook_help for Toolbar module.
  • #2347893 Fixed ViewUnitTestBase extends DrupalUnitTestBase, which has been deprecated.
  • #2335003 Rename task-list.html.twig to maintenance-task-list.html.twig.
  • #2348547 Fixed CommentViewBuilder should use static where possible, subclassing is currently too painful.
  • #217676 Fixed taxonomy_term_load_parents_all() doesn't work correctly with multiple hierarchy terms.
  • #2264041 Fixed Add a test to ensure title callbacks are not vulnerable to XSS.
  • #2350543 Fixed #2343943 introduced gethostname(), which breaks on new testbot .
  • #2160965 Fixed Content entities are not upcast in the page language, inconsistent with config entities.
  • #2350021 Fixed After entering Quick Edit and then closing (no save), image align is lost from image.
  • #2326409 Annotate render element plugins.
  • #2029855 Fixed Missing access control for user base fields.
  • #2322233 Replace all instances of user_role_load(), entity_load('user_role') and entity_load_multiple('user_role') with static method calls.
  • #2349839 Fixed Code comment change for delete() in EntityStorageBase.
  • #1160764 Fixed URL alias load is inconsistent if there are more then one aliases.
  • #2282133 Fixed fieldsets are broken in Stark theme.
  • #2281451 Fixed Search form enabled in header region does not show the typed text.
  • #2202565 Fixed Taxonomy default argument no longer works.
  • #2328573 'site_default' needs to be a language constant.
  • #2338759 Fixed core/update.php is now just update.php.
  • #1845104 Fixed drupal_set_message('0') results in no output rather than outputting "0".
  • #2349469 Remove dot behind the hint on cmi export page.
  • #2321501 Replace calls to aggregator_feed_load(), entity_load('aggregator_feed') and entity_load_multiple() with static method calls.
  • #2346629 Fixed When on report translations page, wrong update messages displayed.
  • #2268467 Document foreseeable changes to conditions and action APIs.
  • #2346783 Fixed Code block in FilterAlign and FilterCaption not closed properly.
  • #1332068 ENGINE_render_template() and ENGINE_extension() are undocumented.
  • #2020081 Fixed H4 element not distinguishable from rest of text (P element).
  • #2226193 Discuss increasing the contrast of the Seven modal header.
  • #1440662 Fixed UX regression: Prevent links in node preview from being clicked.
  • #2318787 Basic_auth Module: Fix documentation that refers to enabling/disabling of modules.
  • #2343281 Fixed RTL issues in content listing page, aka /admin/content.
  • #2350431 Fixed Set proper langcode in shipped config files.
  • #2248505 Improve property definition labels.
  • #2349569 Fixed 'Back to site' link does not work as expected.
  • #2343943 Fixed Language domain may not be left blank for default language.
  • #2347493 Fixed Writing test results leads to FATAL because of memory_limit.
  • #2263975 Fixed Check for proper use of CSS Outline in Bartik.
  • #2293589 Fixed Texts are not vertically aligned in listing views.
  • #2346313 Fixed Fatal error when submitting the book admin form with an empty book.
  • #2267551 PHP 5.4.5 needed to avoid zend failure when using autoloaded traits.
  • #2271327 Fixed Tips link border bottom not looking great.
  • #2307533 Fixed Insufficient space at page bottom.
  • #2344103 Fixed DBLog sort by user is broken.
  • #2347663 Fix minor issues on User topic page
  • #2344491 Move ControllerBase::redirect() to UrlGeneratorTrait.
  • #2272853 Fixed CckFieldValues source plugin loses similar field values.
  • #2347167 Fix space in comment in TourTestBasic
  • #2329769 Move forum classes from preprocess to templates.
  • #2183421 In InOperator Rename Views properties to core standards.
  • #2346245 Update default.services.yml file documentation.
  • #1847932 Added Make the UUID pattern a constant.
  • #2179903 Fixed testDeleteLink() in ViewEditTest with use correct use (not Drupal\views\Plugin\Core\Entity\View) and assertTrue before assertFalse.
  • #2332751 Added Allow to limit the nodes to migrate by node type.
  • #2345753 Remove url(current_path()) and url(NULL) with and .
  • #1842226 Fixed Search OR statements don't work if same keyword is used.
  • #2249303 Implement fallback plugin for Block plugins.
  • #2320743 Taxonomy views needs filter/field on original language.
  • #2251019 Fixed User wildcard search doesn't work.
  • #2278613 Fixed Body text display is blank for migrated content types.
  • #2329771 Move image classes from preprocess to templates.
  • #2348413 Fixed Fatal error at /admin/structure/book.
  • #2329501 Add classy.info.yml to core, set Classy as base theme for Bartik and Seven.
  • #2348397 Fixed HEAD BROKEN: accidental "fixed_dependencies" key in commit 2c11d0.
  • #2343841 Fixed Remove broken link to gawds.org.
  • #2347659 Fixed CONSTANT needs updating.
  • #2268467 Document foreseeable changes to conditions and action APIs.
  • #2239227 Fixed Views GroupwiseMax class calls protected properties.
  • #2306049 Fixed D6->D8 node migration - Handle nodes with format = 0 ?.
  • #2275659 Separate FieldableEntityInterface out of ContentEntityInterface.
  • #2347987 Fixed Broken l() in reportPlugin.
  • #2346421 Improve documentation of getTargetBundle()
  • #2346035 Fixed ModuleHandler::install() should re-register stream wrappers.
  • #2345371 Remove unused update_parse_xml().
  • #2313135 Fixed setting page_cache_without_database in settings.php prevents the container from being dumped.
  • #2346283 Add route name parameter to OutboundRouteProcessorInterface.
  • #2278353 Update to Symfony 2.5.
  • #2304987 Fixed Don't invalidate cache tags of referenced entities, use entity list cache tags correctly, add test coverage for entity list cache tags.
  • #2346969 Fixed Shortcut overview page is sad.
  • #2181291 Fixed Prevent a query from aborting the entire transaction in pgsql.
  • #2343389 Fixed Drupal core testing fails to write results because of SQLITE limitation

New in version 7.32 (October 16th, 2014)

  • This release fixes security vulnerabilities. Sites are urged to upgrade immediately after reading the notes below and the security announcement: SA-CORE-2014-005 - Drupal core - SQL injection.

New in version 8.0.0 Beta 1 (October 2nd, 2014)

  • The fundamental APIs in Drupal 8 (like the entity, configuration, and menu APIs) are now stable enough so that contributed module and theme authors can start (or resume) their #D8CX pledges and port their projects to Drupal 8.
  • We have locked down Drupal 8's data model enough that developers should generally not need to perform data migrations between beta releases of Drupal 8. We will start providing a beta-to-beta upgrade path in a later beta release.
  • Limited API and data model changes will still happen, though core maintainers will try to isolate these changes to only non-fundamental APIs or critical bug fixes.

New in version 7.26 (January 17th, 2014)

  • The database schema of the OpenID module's "openid_association" table has changed in this release (the "idp_endpoint_uri" column is now the primary key, rather than the "assoc_handle" column). During the update all existing entries in this table will be removed, but the table only stores temporary data and therefore the change is not expected to affect site operation or OpenID logins.
  • A new, optional $form_state['programmed_bypass_access_check'] element has been added to the form API, for use with drupal_form_submit(). If this is provided and set to FALSE, drupal_form_submit() will perform the normal form access checks against the current user while submitting the form, rather than bypassing them like it normally does for programmatic form submissions. Any code which passes untrusted data (provided by the current user) to drupal_form_submit() is recommended to use this parameter for security reasons.

New in version 8.0 Alpha 7 (January 8th, 2014)

  • #2150621 by damiankloip: Separate applies and build logic for breadcrumb builders.
  • #2145041 by tim.plunkett: Allow dynamic routes to be defined via a callback.
  • #2156265 by sun: KeyValueFactory is swappable, add an interface and fix type-hints.
  • #2138667 by dawehner: Allow to specify the route name for a path-based view.
  • #2075185 by Wim Leers: When an entity is in-place edited (i.e. saved), other instances of that entity on the same page are not updated (no propagation).
  • #2157855 by jessebeach | moshe weitzman: Poorly named cache id in toolbar.
  • #2102487 by vijaycs85, ACF: Add back in tab removed in [#1972990] and remove drupal_set_title() in tracker module controllers.
  • Revert "Issue #1912602 by dawehner, dagmar, tim.plunkett, bdone: Changing view access from 'Permission' to 'Role' causes AJAX error message re getRoles()."
  • #1912602 by dawehner, dagmar, tim.plunkett, bdone: Changing view access from 'Permission' to 'Role' causes AJAX error message re getRoles().
  • #1954892 by dawehner, David_Rothstein, tim.plunkett: Replace 'theme callback' and hook_custom_theme() with a clean theme negotiation system.
  • #2154209 by chx: Process refactor: multiple handling.
  • #2156351 by olli: Unable to delete block.
  • #2151829 by dawehner, chx: Doctrine annotation parsing takes an unacceptable amount of time/memory on install.
  • #2157045 by dawehner: Update doctrine/common to 2.5-dev.
  • #2008270 by typhonius, mcjim, Wim Leers, vijaycs85, mr.baileys, JohnAlbin: Remove drupal_add_css() from template_preprocess_maintenance_page() — use #attached.
  • #2152463 by linclark: Remove Lin Clark from MAINTAINERS.txt for RDF module.
  • #2021779 follow-up by amateescu: Fixing broken HEAD.
  • #2155785 by alexpott, vijaycs85: Image_field_instance_update() can not handle default images with a fid greater than 9.
  • #2155387 by larowlan: Multiple comment fields per entity are supported, but break horribly when they need pagers.
  • #2021779 by amateescu, tim.plunkett: Decouple shortcuts from menu links.
  • #2134079 by fago: Storage-related methods are not invoked for computed fields.
  • #1790298 by nagba, pwolanin: Unindexed query in aggregator module.
  • #2136641 by damiankloip: Remove boolean usage of ajax property in Views UI link operation building.
  • #2095335 by Wim Leers, vijaycs85: Remove drupal_add_css() and drupal_add_js() from the ajax system.
  • #2149877 by amateescu, swentel: The 'filesize' base field of field entities is a boolean?.
  • #1938062 followup by andypost: Convert the recent_comments block to a view.
  • #1977998 by Bojhan, areke: Clean up Administrative name and description.
  • #2105933 by dsdeiz, a_thakur: Make sure all YML files in Dblog Translation module has no type-casting to string.
  • #2055937 by Wim Leers, jessebeach: Introduce error handling to in-place editing; if an AJAX request to commit changes fails, the user cannot recover.
  • #2091377 by batigolix, jhodgdon: Change link format in hook_help in Text Editor module.
  • #2105927 by a_thakur, vijaycs85: Complete config of Contact module.
  • #2148071 by Gábor Hojtsy, philipz, marthinal, penyaskito: Cannot install in foreign language (Undefined index: und in ContentEntityBase->language()).
  • #1938062 by dawehner, tstoeckler, slashrsm, tim.plunkett, olli, pcambra, YesCT, damiankloip: Convert the recent_comments block to a view.
  • #2151427 by andypost, TR: Convert COMMENT_NOT_PUBLISHED & COMMENT_PUBLISHED to a constant on the comment interface.
  • #2031725 by fgm, fago, vladan.me, Nebel54, Berdir: Move all entity display interfaces to the core component.
  • #1938390 by andypost, disasm, jibran, dawehner, ygerasimov, pfrenssen: Convert contact_site_page and contact_person_page to a new-style Controller.
  • #2152581 by swentel: 'Manage fields' screen needs mobile-izing.
  • #1973436 by claudiu.cristea, vijaycs85: Provide config schema to field types storage for image module.
  • #1973522 by vijaycs85, chr.fritsch, piyuesh23: Provide config schema to field types and storage in file module.
  • #2154683 by Gábor Hojtsy: Ul.links has no active styling for links (language switcher active link is indistinguishable).
  • Revert "Issue #1559244 by Xano, jhodgdon: Clean up search settings page."
  • #2015687 by smiletrl, amateescu, Berdir, fago: Convert field type to FieldType plugin for taxonomy module.
  • #2095283 by Berdir, chx, amateescu, vladan.me: Remove non-storage logic from the storage controllers.
  • #2096591 by mr.baileys, vijaycs85, Wim Leers: Remove drupal_add_css() from the theme system.
  • #2062211 by rych, m1r1k, joelpittet, dstorozhuk: Remove calls to deprecated global $user in system module (first part).
  • #2062791 by joelpittet, natemow, sergeypavlenko, m1r1k, jlindsey15: Remove calls to deprecated global $user and $GLOBALS['user'] in node module.
  • #2144701 by Xano: Copy PluginBase's translation wrappers to ContextAwarePluginBase.
  • #2149233 by TR: Unused / undeclared variable in Config.php.
  • #2099391 by marthinal, dawehner, jhodgdon: Breadcrumbs for Search module should match tab titles.
  • #1559244 by Xano, jhodgdon: Clean up search settings page.
  • #1786490 by Berdir, amateescu, damiankloip, Wim Leers, dawehner: Add caching to the state system.
  • Revert "Issue #1786490 by Berdir, amateescu, damiankloip, dawehner: Add caching to the state system."
  • #1786490 by Berdir, amateescu, damiankloip, dawehner: Add caching to the state system.
  • #221081 by David_Rothstein, fago, schwern, Berdir: Entity cache out of sync and inconsistent when saving/deleting entities.
  • #1966448 by marthinal, larowlan, codeyourdream: comment_entity_load() breaks after disabling the Forum module.
  • #2149933 by nod_: Improve Edit module JS to use .find(...) instead of .is(':has(...)').
  • Revert "Issue #2149933 by effulgentsia: Improve Edit module JS to use .find(...) instead of .is(':has(...)')."
  • #2149933 by effulgentsia: Improve Edit module JS to use .find(...) instead of .is(':has(...)').
  • #2073123 by dsdeiz, maartendeblock | xtfer: Drupal_clean_css_identifier() allows invalid CSS identifiers.
  • #2137005 by jessebeach: Don't hide comments during in-place editing of an Article; position the entity toolbar more intelligently.
  • #2061899 by joelpittet, m1r1k: Remove references to global in Comment module.
  • #2062247 by m1r1k, Garbar: Remove calls to deprecated global in core/modules/system/lib/Drupal/system/Tests/Entity/EntityTranslationTest.php.
  • #2061971 by naveenvalecha, herom, InternetDevels: Replace user_access() calls with ->hasPermission() in block module.
  • #2084257 by beowulf1416 | joachim: Standardize variable in buildHeader().
  • #2061927 by joelpittet, InternetDevels, m1r1k: Remove references to global in History module.
  • #2098197 by dawehner, vijaycs85, damiankloip, tstoeckler: Add getAllRoutes() method to RouteProvider .
  • #2134861 by Gábor Hojtsy, amateescu: Field instance bundle is only accessible directly on the bundle property.
  • #2048379 by Xen, andypost, niko-: Multilingual first time admin/config exception Field 'uri' doesn't have a default value into {locale_file}.
  • #2057199 by lauriii, olli: Unable to select the 'Default' view mode for custom block.
  • #2143093 by vijaycs85, Gábor Hojtsy | ti2m: Remove translation update for uninstalled modules and themes.
  • #2115025 by Gábor Hojtsy, pfrenssen, dawehner: Content admin views title saved localized to the menu table.
  • #2096577 by Wim Leers, vijaycs85: Remove drupal_add_css() from views.module.
  • #1483554 by franz, SebCorbin: Autocomplete textfield and ajax: tab key fires up ajax before setting autocomplete value.
  • #1820086 by gcassie: Remove mention of drupal_session_count() from inline documentation.
  • #2105963 by larowlan, annikaC | vijaycs85: Make sure all YML files in Forum module has no type-casting to string.
  • #2132711 by dawehner: Add a test for the breadcrumb manager.
  • #2112675 by tim.plunkett: Convert dblog_filter_form and dblog_clear_log_form to FormInterface.
  • #2153741 by damiankloip: Add executable permission to rebuild_token_calculator.sh script.
  • #2152261 by joelpittet: Clean up for tablesort-indicator.html.twig.
  • #1258342 by Andreas Radloff: Change search inputs' default width.
  • #2149599 by Wim Leers: Fix minor bugs and minor coding standards violations in edit.module, discovered by backporting.
  • #2133889 by Wim Leers: Clean up Edit: rename EditorDecorationView to FieldDecorationView.
  • #2105931 by sidharthap: Make sure all YML files in Content Translation module has no type-casting to string.
  • #2141055 by Wim Leers: When multiple instances of the same entity on one page, only the first can be edited.
  • #2109793 by damiankloip, dawehner, tim.plunkett: Convert element_* methods in common.inc to a class.
  • #2150171 by alexpott, swentel: Confirm form of a simple setting always says it's creating a new configuration.
  • #2143519 by yched, Wim Leers: Allow FieldInstance yml files to refer to the Field by field name rather than by field_uuid.
  • Revert "Issue #1189804 by cosmicdreams, jessebeach, mgifford, pwieck, smiro, dcmouyard: Convert aggregator-feed-source.html.twig to HTML5."
  • #2151439 by Wim Leers: Run node op links through #post_render_cache to prevent render caching granularity being
  • #2102479 by InternetDevels, dipen chaudhary: Remove drupal_set_title in system/ajax_test module controllers.
  • #1876904 by ekl1773, babruix, jhodgdon, kim.pepper, janip: Implement hook_help() for views.module.
  • Revert "Issue #2143519 by yched: Allow FieldInstance yml files to refer to the Field by field name rather than by field_uuid."
  • #1879200 by pcambra, swentel, Berdir: Remove uneeded argument from entity type callbacks.
  • #2151117 by Cottser, joelpittet: Remove theme_system_powered_by().
  • #2143589 by yched: _comment_get_comment_fields() is weird, costly and unused.
  • #2061925 by alweb, Albert Volkman, dawehner: Remove calls to deprecated global in views_ui module.
  • #2028035 by vladan.me, ceng, Berdir, David Hernández, larowlan: Expand CustomBlockInterface with methods.
  • #1189804 by cosmicdreams, jessebeach, mgifford, pwieck, smiro, dcmouyard: Convert aggregator-feed-source.html.twig to HTML5.
  • #2052219 by nod_: Missing .once() names in views JS.
  • #2105955 by japerry: Make sure all YML files in Field UI module has no type-casting to string.
  • #2119045 by borisbaldinger: Unused variable in LocaleUpdateBase class.
  • #2142603 by yched: DX / efficiency for accessing the 'default langcode' of an entity.
  • #1991292 by swentel: Output of labels from hook_field_extra_fields() should not use check_plain().
  • #2142987 by k4v: Multilingual node search bugs with title and language filtering.
  • #2148797 by Gábor Hojtsy, yched, effulgentsia: field_language() always NULL for non-configurable fields (=> in-place editing of node title fails).
  • #2067551 by lokapujya, Kartagis, sandipmkhairnar, jlindsey15: /core/lib/Drupal/Core/Routing/MatcherDumper.php will never roll back its transaction.
  • #2097189 by damiankloip, sun, Albert Volkman, chx: Add a rebuild script.
  • #2143519 by yched: Allow FieldInstance yml files to refer to the Field by field name rather than by field_uuid.
  • #2147899 by anavarre: Better indicate what to fill in the single import's Configuration name field.
  • #2153293 by ParisLiakos: Remove unused parameter in AggregatorController::opmlPage.
  • #2150623 by dawehner, pwolanin, rfay: Subdirectory + Clean URLs failure: 6.x-3.x PIFR: 3 Failures in D8 test.
  • #2145007 by tim.plunkett, h3rj4n: Convert form_set_error() in FormBase classes to use FormErrorInterface.
  • #2143263 by plopesc | yched: Remove "Field" prefix from FieldDefinitionInterface methods.
  • #2107693 by vijaycs85, rych: Provide configuration schema for views.settings + update views.settings to reflect current configuration setup.
  • #2131997 by larowlan, wesleydv: Disabling a form field on comments does not work.
  • #1973534 by vijaycs85, piyuesh23: Provide config schema to field types and storage in datetime module.
  • #2096371 by sushantpaste, vijaycs85, epari.siva | webflo: Provide config schema for Form modes.
  • #2147685 by jibran: Fields settings page breadcrumb is not correct.
  • Revert "Issue #2020395 by dawehner, oadaeh, mr.baileys, jibran, Andi-D: Convert 'Who's new' block to a View."
  • #2149977 by JStanton: Run-tests.sh no longer respects specifying a port with the --url option.
  • #2080709 by chertzog, mikemiles86: Remove unused local variables from the XMLRPC module.
  • #2151355 by damiankloip: Enable reset button on admin/content exposed filters.
  • Revert "Issue #2151355 by damiankloip: Enable reset button on admin/content exposed filters."
  • #2020395 by dawehner, oadaeh, mr.baileys, jibran, Andi-D: Convert 'Who's new' block to a View.
  • #2147817 by chx: Migrate: add a static map process plugin.
  • #2105959 by japerry: Make sure all YML files in Filter module has no type-casting to string.
  • #2080117 by Enxebre, mcrittenden: Add assertion to Drupal/system/Tests/Database/DeleteTruncateTest.php.
  • #2147815 by chx: Migrate: add an entity deduplication process plugin.
  • #2147811 by chx: Migrate: add an Iterator process plugin.
  • #1946398 by bdgreen, pamatt: Incorrect example in function hook_views_data_alter.
  • #2147501 by dawehner: Convert most of the left over local tasks.
  • #2150257 by chx, mpgeek: Add a machine name process plugin.
  • #2091403 by jhodgdon, batigolix, Berdir: Create hook_help for Entity module.
  • #2029857 by swentel, andrewmacpherson, plopesc: Field plugin settings edit button doesn't show unless there is a settings summary .
  • #2100577 by pwolanin, dawehner: Decouple book module from menu.inc (Phase 1).
  • #1823398 by olli, damiankloip, fastangel: Incorrect name for anonymous when is used title in one view with Contextual filters (UID).
  • #2080131 by damiankloip: Disable 'Aggregation settings' for Views handlers that should not support aggregation.
  • #2031589 by Mark Carver: DrupalKernel.php coder review.
  • #2100133 by corbacho, jessebeach: The Toolbar tray box shadow disappears at small viewports sizes on Chrome, on a Mac, under unpredictable conditions.
  • #2114473 by plopesc: NumberDecimalFormatter settings form has not well defined '#weight' in its elements.
  • Revert "Issue #2020387 by mr.baileys, Andi-D, dawehner, oadaeh, YesCT, Kars-T: Convert 'Active forum topics' block to a View."
  • #2127725 by ParisLiakos: Remove category handling from aggregator.
  • #2020399 by mr.baileys, oadaeh, dawehner, yanniboi, Xano, Andi-D: Convert 'Who's online' block to a View.
  • #2020387 by mr.baileys, Andi-D, dawehner, oadaeh, YesCT, Kars-T: Convert 'Active forum topics' block to a View.
  • #1957276 by dawehner, xjm, yoroy, yoroy, Bojhan, tim.plunkett: Let users set the block instance title for Views blocks in the Block UI.
  • #2132551 by Gábor Hojtsy, alexpott, kfritsche: Picture module uses config keys with a dot.
  • #2149751 by damiankloip: Views exposed forms are broken.
  • #2112239 by amateescu: Convert base field and property definitions.
  • #2150083 by BarisW: Front page misses page title in tag.
  • #1998638 by damiankloip, dawehner, kim.pepper, cosmicdreams, alexpott, larowlan, Damien Tournoud: Replace almost all remaining superglobals (, , etc.) with Symfony Request object.
  • #2109287 by dawehner, Cottser, tim.plunkett, kim.pepper: Replace list_themes() with a service.
  • #2032309 by dawehner, amateescu: Use local tasks derivatives to provide local tasks for views.
  • Revert of Issue #1998638, since it broke drush si and other command-line scripts.
  • #2149263 by tim.plunkett: Remove confirm_form().
  • #2148795 by plach, Gábor Hojtsy: Configurable field translatability is not properly switched.
  • #2149815 by damiankloip: HEAD BROKEN - Remove final plugin.manager.entity usage.
  • #2123843 by damiankloip: Camelize views form methods.
  • #2029509 by damiankloip: fix HEAD.
  • #1342198 by nod_, droplet, cosmicdreams, RobLoach, aspilicious: Use .on and .off instead of .bind, .unbind and .delegate.
  • #2029509 by ekes, dawehner: Add a generic entity argument validation plugin.
  • #2148211 by alexpott: Use isSyncing flag to prevent creation of configuration entities on synchronisation.
  • #2080365 by mrsinguyen: Remove Unused local variable from /core/modules/system/lib/Drupal/system/Tests/FileTransfer/TestFileTransfer.php.
  • #2080535 by mrsinguyen: Remove Unused local variable from /core/modules/options/lib/Drupal/options/Tests/OptionsFieldUITest.php.
  • #2081187 by smiro: Remove Unused local variable from /core/modules/tour/tour.module.
  • #2080393 by mrsinguyen: Remove Unused local variable from /core/modules/image/lib/Drupal/image/Tests/ImageThemeFunctionTest.php.
  • #2080705 by chertzog: Remove Unused local variable from /core/modules/rdf/lib/Drupal/rdf/Tests/TrackerAttributesTest.php.
  • #2080013 by mrsinguyen: Remove Unused local variable from /core/modules/system/lib/Drupal/system/Form/ImageToolkitForm.php.
  • #2080397 by mrsinguyen: Remove Unused local variable from /core/modules/simpletest/simpletest.module.
  • #2081167 by smiro: Remove Unused local variable from /core/modules/block/custom_block/lib/Drupal/custom_block/CustomBlockStorageController.php.
  • #2080399 by Haza: Remove Unused local variable from /core/modules/simpletest/lib/Drupal/simpletest/WebTestBase.php.
  • #2081189 by mrsinguyen, smiro: Remove Unused local variable from /core/modules/language/lib/Drupal/language/HttpKernel/PathProcessorLanguage.php.
  • #2080403 by mrsinguyen: Remove Unused local variable from /core/modules/simpletest/lib/Drupal/simpletest/Tests/DrupalUnitTestBaseTest.php.
  • #2081193 by mrsinguyen: Remove Unused local variable from /core/modules/views_ui/views_ui.module.
  • #2080405 by mrsinguyen: Remove Unused local variable from /core/modules/simpletest/lib/Drupal/simpletest/Tests/MailCaptureTest.php.
  • #2080321 by sandergo90, guregori: Remove Unused local variable from /core/modules/system/lib/Drupal/system/Tests/Common/JavaScriptTest.php.
  • #2080421 by mrsinguyen: Remove Unused local variable from /core/modules/book/lib/Drupal/book/Tests/BookTest.php.
  • #2080411 by mrsinguyen: Remove Unused local variable from /core/modules/book/book.module.
  • #2079981 by mrsinguyen: Remove Unused local variable from /core/modules/node/lib/Drupal/node/Tests/Views/StatusExtraTest.php.
  • #2080597 by sandergo90, mrsinguyen: Remove Unused local variable from /core/modules/user/lib/Drupal/user/Tests/UserLanguageTest.php.
  • #2081175 by smiro: Remove Unused local variable from /serialization/lib/Drupal/serialization/RegisterSerializationClassesCompilerPass.php.
  • #2080371 by mrsinguyen: Remove Unused local variable from /core/modules/statistics/lib/Drupal/statistics/Tests/StatisticsLoggingTest.php.
  • #2081177 by smiro: Remove Unused local variable from /core/modules/menu_link/lib/Drupal/menu_link/MenuLinkStorageController.php.
  • #2080105 by rhm50: Remove Unused local variable from /core/modules/system/lib/Drupal/system/Tests/Plugin/CacheDecoratorTest.php.
  • #2122321 by StephaneQ, jhodgdon: Search_embedded_form test module is improperly using config instead of state.
  • #2080309 by aaronott: Remove Unused local variable from /core/modules/system/lib/Drupal/system/Tests/Database/AlterTest.php.
  • #2080303 by aaronott: Remove Unused local variable from /core/modules/system/lib/Drupal/system/Tests/Database/LoggingTest.php.
  • #2080295 by mcrittenden: Remove Unused local variable from /core/modules/system/lib/Drupal/system/Tests/Database/SchemaTest.php.
  • #2080119 by mcrittenden: Remove Unused local variable from /core/modules/system/lib/Drupal/system/Tests/Database/InsertDefaultsTest.php.
  • #2080305 by aaronott: Remove Unused local variable from /core/modules/system/lib/Drupal/system/Tests/Database/FetchTest.php.
  • #2080715 by dags, chertzog: Remove Unused local variable from /core/modules/tracker/tracker.module.
  • #2100121 by StephaneQ | Berdir: Documentation about changing cache backend in CacheBackendInterface is outdated.
  • #2080291 by justinchev: Remove Unused local variable from /core/modules/system/lib/Drupal/system/Tests/Database/CaseSensitivityTest.php.
  • #2080689 by BerdArt, chertzog: Remove Unused local variable from /core/modules/update/update.fetch.inc.
  • #2080671 by royal121, mcrittenden, Haza: Remove Unused local variable from /core/modules/field/lib/Drupal/field/Tests/Views/HandlerFieldFieldTest.php.
  • #2080033 by royal121, mrsinguyen: Remove Unused local variable from /core/modules/views_ui/lib/Drupal/views_ui/Form/Ajax/Display.php.
  • #2089461 by thedavidmeister, deneo, Alan D., dsdeiz, stpaultim: Convert all calls to check_plain() in core to Drupal\Component\Utility\String::checkPlain() in core/lib.
  • #2080425 by mrsinguyen: Remove Unused local variable from /core/modules/editor/lib/Drupal/editor/Tests/EditorLoadingTest.php.
  • #2080357 by mrsinguyen: Remove Unused local variable from /core/modules/system/lib/Drupal/system/Tests/Ajax/DialogTest.php.
  • #2043047 by makemineatriple, emma.maria, patrickd: Slogan shown on installation pages.
  • #2137301 by cayci1, fago: Move entity constraints under the Entity component.
  • #2072625 by rhm50, legolasbo: Remove Unused local variable from /core/modules/views/lib/Drupal/views/Tests/Handler/FilterDateTest.php.
  • #2080607 by CaptainWonky, mrsinguyen: Remove Unused local variable from /core/modules/user/lib/Drupal/user/Tests/Views/HandlerFieldRoleTest.php.
  • #2081155 by smiro: Remove Unused local variable from /core/modules/filter/lib/Drupal/filter/Plugin/Filter/FilterCaption.php.
  • #2061969 by InternetDevels, andypost: Replace user_access() calls with ->hasPermission() in aggregator module.
  • #2095329 by Wim Leers: Remove drupal_add_css() from batch system.
  • #2095311 by Wim Leers: Remove drupal_add_css() from update.module.
  • #1971490 by balagan, vijaycs85: Standardize label of langcode field in schema files.
  • #2080115 by aaronott: Remove Unused local variable from /core/modules/system/lib/Drupal/system/Tests/Cache/GenericCacheBackendUnitTestBase.php.
  • #2080601 by mrsinguyen, mcrittenden: Remove Unused local variable from /core/modules/user/lib/Drupal/user/Tests/UserRegistrationTest.php.
  • #1743072 by LinL, mtift, heyrocker, disasm: Cleanup coding style in configuration system files.
  • #2147601 by jibran, dawehner: Get rid of entity_local_actions().
  • #1938318 by Les Lim, jibran, tim.plunkett, kim.pepper, disasm | Crell: Convert book_remove_form to a new-style Form object.
  • #2067529 by mrded, rhm50: Remove Unused local variable from /core/modules/views/lib/Drupal/views/ManyToOneHelper.php.
  • #2081149 by areke, deneo, mrsinguyen: Remove Unused local variable from /core/modules/content_translation/content_translation.module.
  • #2080551 by beowulf1416, deneo: Remove Unused local variable from /core/modules/search/lib/Drupal/search/SearchQuery.php.
  • #2081171 by smiro: Remove Unused local variable from /core/modules/ckeditor/ckeditor.admin.inc.
  • #2081131 by mrsinguyen, deneo2: Remove Unused local variable from /core/modules/taxonomy/lib/Drupal/taxonomy/Tests/Views/TaxonomyTestBase.php.
  • #2072593 by stevepurkiss, legolasbo, deneo: Remove Unused local variable from /core/modules/views/lib/Drupal/views/Plugin/views/display/DisplayPluginBase.php.
  • #2080717 by TR, areke, chertzog, mrsinguyen: Remove Unused local variable from /core/modules/config/lib/Drupal/config/Tests/ConfigImportUITest.php.
  • #2080583 by mrsinguyen: Remove Unused local variable from /core/modules/picture/lib/Drupal/picture/Entity/PictureMapping.php.
  • #2135689 by Wim Leers: Clean up edit.module to match coding standards.
  • #2144585 by amateescu: Remove stale references to the 'filter_format' table.
  • #2086479 by tim.plunkett: Convert content_translation_delete_confirm() to the new form interface.
  • #2148839 by chx: Move the drupal6_variable plugin where it belongs.
  • #2132647 by ianthomas_uk: Add test for the settings form of the NodeSearch plugin.
  • #2142553 by swentel, tim.plunkett, alweb, aspilicious: Field UI Local tasks are incorrect on any entity.
  • #2109303 by damiankloip, ParisLiakos: Convert CSRF checks in controllers to the routing system.
  • #2046531 by olli, DuaelFr, dawehner: Change use_more_always to default to TRUE.
  • #2031177 by ifrik, slashrm, batigolix: Fix up hook_help for file module
  • #2035007 by speely, YesCT, penyaskito: Add docs to Language class properties
  • #2137837 by dawehner, andypost: Current field is not displayed in replacement patterns.
  • #2143341 by bdone: Fix 'More link' description of 'Link display' section.
  • #2147503 by amateescu: Remove stale reference to the EntityWrapper class.
  • #2111349 by dawehner, tim.plunkett: Move format_plural to the string translation service and format_interval to the date service.
  • #2143349 by larowlan: Submitting a form as an anonymous user when $form['#token'] = FALSE results in a notice.
  • #2142347 by tim.plunkett: Remove leftover Drupal\block\Routing\RouteSubscriber.
  • #2148709 by amateescu, xjm: CommentManager::getFields() should not try to get fields for config entity types.
  • #1998638 by damiankloip, dawehner, kim.pepper, cosmicdreams, larowlan, Damien Tournoud: Replace all remaining superglobals (, , etc.) with Symfony Request object.
  • #2145083 by TR, longwave, dawehner: Fix some grammatical badness mostly in Views tests and comments
  • #2145077 by TR, longwave: Fix about a zillion spelling errors, mostly in comments
  • #2029731 by drupaldrop, ekes, ifrik: Fix up hook_help for block module
  • #2139169 by ajiang: Remove obsolete information in Annotations topic
  • #2142931 by jian he, longwave: Fix class name in docs for hook_entity_operation_alter
  • #2080699 by mrsinguyen: Remove Unused local variable $items from /core/modules/aggregator/lib/Drupal/aggregator/Tests/AggregatorTestBase.php.
  • #2080373 by mrsinguyen: Remove Unused local variable $response from /core/modules/rest/lib/Drupal/rest/Tests/ReadTest.php.
  • #2080685 by BerdArt, chertzog: Remove Unused local variable $notification_level from /core/modules/update/update.report.inc.
  • #2143797 by agentrickard, amateescu: GetDefaultValue() fails with ConfigurableEntityReferenceFieldItemList.
  • #2072609 by legolasbo: Remove Unused local variable from /core/modules/views/lib/Drupal/views/Tests/ModuleTest.php.
  • #2080527 by chertzog: Remove Unused local variable $base_url from /core/modules/locale/lib/Drupal/locale/Tests/LocaleContentTest.php.
  • #1503314 by swentel, amateescu, bojanz: Remove the concept of active / inactive (field types, storage) from Field API.
  • #2080113 by deneo, rhm50: Remove Unused local variable $plugin_id from /core/modules/system/lib/Drupal/system/Tests/Plugin/CacheDecoratorLanguageTest.php.
  • #2080067 by beowulf1416, netsensei: Remove Unused local variable $has_time from /core/modules/datetime/datetime.module.
  • #2081133 by mrsinguyen, dsdeiz, janstoeckler: Remove Unused local variable from /core/includes/menu.inc.
  • #2080047 by mrsinguyen, dicix: Remove Unused local variable from views_ui module.
  • #2084279 by herom, andypost, David Hernández, dawehner, Xano: Remove plugin.manager.entity service in favor of entity.manager.
  • #2096593 by Wim Leers: Remove drupal_add_css() from system.module.
  • #2087239 by ellishettinga, lauriii, c4rl: Remove theme_exposed_filters().
  • #1988612 by effulgentsia, yched, Wim Leers, Berdir, Pancho: Apply formatters and widgets to rendered entity base fields, starting with node.title.
  • #2142549 by amateescu, yched: Support multi-column field types in base tables.
  • #2031219 by deneo, crowdcg: Remove theme_link from system.performance.yml
  • #2080713 by chertzog: Remove Unused local variable $uuid from /core/modules/shortcut/lib/Drupal/shortcut/Tests/ShortcutTestBase.php.
  • #2143405 by chx, bdone: Split migrate into to migrate and migrate_drupal.
  • #2121775 by jessebeach: Make the markup associated with the required star on field items silent.
  • #2136403 by damiankloip: Block display_title option shows incorrect default value on block configuration form.
  • #1993384 by damiankloip, grisendo: Decouple Views pre_render callbacks from Views UI module.
  • #2102417 by damiankloip, dawehner: Change Drupal\Core\Routing\RouteBuildEvent::getModule() to getProvider().
  • #2065193 by juampy, klausi: Supported_formats and supported_auth should work in the same way.
  • #2108829 by damiankloip, dawehner: Make AccessManager stricter with values returned from access checkers.
  • #2103155 by claudiu.cristea, chx: Pick up plugins in subdirs.
  • #1947880 by chrisjlee, tim.plunkett, Xano, s_leu, Berdir, effulgentsia, penyaskito, dawehner: Replace node_access() with $entity->access().
  • #2143415 by YesCT, mikeryan, marvil07, bdone, chx: Migrate fixes
  • #2115291 by plopesc, agentrickard: Field types must use as provider its own module instead of Core when are defined in hook_field_info_alter().
  • #2052787 by andypost, tim.plunkett, slashrsm: Image style effect ordering exhibits some odd behaviour.
  • #2071145 by dawehner: Regression: Allow to change the commands of an ajax response.
  • #2090783 by Wim Leers: Change notice: Run comment op links (delete, edit, reply, approve + contrib) through #post_render_cache to prevent render caching granularity being per-user.
  • #2146027 by nod_: Regression: Seven jquery dialog style removed.
  • #2099439 by linclark, jessebeach: REST's CSRF check is triggered even when using Basic Auth.
  • #2099391 by dawehner, marthinal | geodaniel: Breadcrumbs for Search module should match tab titles.
  • #2102521 by ianthomas_uk, tim.plunkett: Finish converting menu.module to CMI.
  • #2143013 by ti2m: 'Not specified' and 'Not applicable' appear as children of previous item.
  • #2143023 by FrancescoQ: Move Translation tab on node translation form to right sidebar.
  • #2003812 by jsbalsera, Xano, mducharme, NonProfit, shixish | dagmita: Reorder element under configuration => Regional and language.
  • #2104229 by claudiu.cristea: Deprecate file_usage().
  • #2144795 by InternetDevels: ConnectionUnitTest fails with not MySQL driver.
  • #2139571 by jessebeach: Underscore.js fails to compare DOM nodes correctly; Toolbar JS will fail when upgraded to Backbone 1.0.0.
  • #2107685 by vijaycs85: Provide configuration schema for Simpletest module.
  • #2144569 by longwave, jhodgdon: Get rid of history.api.php.
  • #2099577 follow-up by nod: Optimize method of installer's conditional language selector text.
  • #2076445 by plach, andypost, yched, Gábor Hojtsy: Make sure language codes for original field values always match entity language regardless of field translatability.
  • #2120839 by damiankloip, slashrm, Dave Reid: File usage view causes fatal error for a file with 0 usage.
  • #2143933 by tim.plunkett, pwolanin, dawehner: Add _title and _title_callback to all routes.
  • #2141041 by Heine, klausi, David_Rothstein, amateescu, tim.plunkett, : CsrfTokenGenerator::validate() should do an identical compare. (CORE-SA-2013-003 follow-up)
  • #2145463 by damiankloip: Remove LegacyBreadcrumbBuilder.
  • #2047229 by fago, smiletrl, Berdir, effulgentsia, amateescu: Make use of classes for entity field and data definitions.
  • #2102369 by vijaycs85, JeroenT, ACF, rteijeiro, -enzo-, tim.plunkett: Remove drupal_set_title in custom block module controllers and entitylist controllers.
  • #2061913 by AndreyMaximov, damiankloip, jibran: Remove drupal_set_breadcrumb and LegacyBreadcrumbBuilder in Views module.
  • #576276 by tim.plunkett, larowlan: Abort validation when the token validation fails.
  • #2088121 by nod_, RobLoach, joelpittet, Gábor Hojtsy: Remove Overlay.
  • #787896 by nod_, cha0s, jp.stacey, sun, David_Rothstein, Bojhan, lisarex: Add a link so that administrators can return to their most recently visited non-admin page.
  • #2020895 by yched, pcambra, swentel: Move save() / delete() logic in Field / FieldInstance to [pre|post]Save(), [pre|post]Delete().
  • #2140505 by amateescu, tim.plunkett: Re-running a simpletest no longer displays the batch progress or duration.
  • #2095961 by ekes: Remove instances of menu_get_object('user').
  • #2102445 by disasm: Remove drupal_set_title in content_translation module controllers.
  • #2102449 by amateescu, swentel: Remove drupal_set_title in field_ui module controllers.
  • #1712456 by damiankloip, aspilicious, amateescu: How to leverage cache tags in Views.
  • #2049121 by plopesc, klausi: Regression: Moving out term children on term listing page is broken.
  • #2099133 by Wim Leers Comment form on same page as comments forces node render caching to be per user.
  • #2133439 by damiankloip: Dynamically create token value string based on route path.
  • #1255696 by dagmar, lslinnet, swentel, jenlampton, sun: Move field type modules into separate 'Field type' package.
  • Revert "Issue #2002336 by mgifford, falcon03, Liam Morland: Introduce a class to hide borders fieldsets elements."
  • #2143111 by derhasi: Fix documentation reference to obsolete \Drupal\views\Plugin\query\QueryInterface.
  • #2118991 by Berdir, dawehner: Use abstract service definitions to minimize copy & pasted service definitions.
  • #1982248 by Dragan Eror, marcus777: Markup for: views/templates/views-view-list.tpl.php.
  • #675446 by mgifford, RobLoach, amateescu, nod_, longwave, oxyc, rteijeiro, tomyouds, Jelle_S, mcrittenden, Sutharsan, hansyg, Angry Dan, clemens.tolboom, droplet | Dave Reid: Change notice: Use jQuery UI Autocomplete.
  • #2143097 by dawehner, longwave: Random failure in FilterUidRevisionTest blocking extensive core sprints in Vienna.
  • #2002336 by mgifford, falcon03, Liam Morland: Introduce a class to hide borders fieldsets elements.
  • #2099239 by capuleto, dawehner: Add unit test for AccessSubscriber.
  • #2105609 by RoSk0, jhodgdon: Convert search_embedded_form_form to a Controller.
  • #2047671 by jessebeach, Wim Leers, nod, xjm: Expanded contextual links look goofy when there are no items.
  • #2120335 by Wim Leers: Edit module only supports view modes, field_view_field() with a array is not supported.
  • #2136895 by Wim Leers: Comment settings are now a field, but not an editable one: breaks in-place editing .
  • #2131897 by jessebeach: CSS alignment issue of menu disclosure disks in RTL layout.
  • #2030929 by cwells, linclark, jesse.d: Test text formatter RDFa output.
  • #1879386 by LewisNyman, jessebeach, Wim Leers, tkoleary: Increase target size of contextual links on touch devices.
  • #2011082 follow-up by swentel, yched: Add back missing language arguments.
  • #2004246 by chrishks, hass, larowlan, nyirocsaba: Standardize capitalization on actions for comment operations: 'edit', 'translations', 'delete', 'reply', 'approve'.
  • #2134909 by Xano, Wim Leers: Clean up editor.module to match coding standards.
  • #2113319 by Xano: Rename getOriginalID() to getOriginalId() and setOriginalID() to setOriginalId().
  • #2099251 by larowlan, targoo: Missing helper short description in forum.
  • #1992894 by vijaycs85: Provide config schema to views components in user module.
  • #2087253 by olli: Views entity area handler does not check view access.
  • #2021161 by dawehner, Xano, AjitS, tim.plunkett: Replace the fallback node listing with a list controller.
  • #1938884 by tim.plunkett, dawehner, Xano, Les Lim: Replace the fallback user listing with a list controller.
  • #2131851 by tim.plunkett: Form errors must be specific to a form and not a global.
  • Revert "Issue #2104229 by claudiu.cristea: Deprecate file_usage()."
  • #2084665 by Xano, aschiwi, yoroy: Clean up the DB configuration during installation.
  • #2142637 by swentel, Bojhan: Display only one Save button on content type creation.
  • #2099205 by Wim Leers, zero2one, Gábor Hojtsy: When uploading and inserting an image trough the WYSIWYG plugin a relative path should be used for the image source (src) .
  • #2100509 by emma.maria, dcrocks, csakiistvan, Manjit.Singh: Password strength indicator for site maintenance account is aligned incorrectly on the installation screen.
  • #2096373 by sushantpaste, jsbalsera, Sumeet.Pareek, gaurav.goyal: Provide config schema for View modes.
  • #2107687 by vijaycs85: Provide configuration schema for Rest module.
  • #2137063 by tstoeckler: Remove ConfigTestTranslationUITest.
  • Revert "Rollback of Issue #2138239 by damiankloip, tim.plunkett, amateescu: Use GlobIterator instead of glob. — breaks testbot."
  • #2140803 by Xano: Hook_config_translation_info(_alter)() docblock references incorrect YAML file.
  • #2139195 by tstoeckler: Remove left-over entries in entity_menu().
  • #2140051 by damiankloip: Remove views_cache_get/set functions.
  • #2142123 by pcambra: Adapt moveChildren function to match its interface.
  • #2120841 by tim.plunkett: Convert form_options_flatten() to a method on FormBuilder.
  • #2137947 by tim.plunkett, damiankloip: Finish unit tests for PluginBag and subclasses.
  • #1965510 by TR, shanethehat, DyanneNova: Fix punctuation in Taxonomy module tests' assertion sentences.
  • #2003684 by rszrama, Wim Leers, nicholaspaun: Contextual.module does not escape contextual ids in HTML attributes.
  • #2120863 by tim.plunkett, Gaelan: Add docs to core/lib/Drupal/Core/Form/FormBuilder.php.
  • #2137223 by YesCT: Config translation code documentation and small code clean up.
  • #2135845 by Wim Leers: UserInterface duplicates some methods of AccountInterface.
  • #2130551 by jhedstrom: Convert system modules MimeTypeMatcherTest to phpunit.
  • #2130673 by cwells: Place number of comments metadata inside node template.
  • #2121855 by dawehner, tim.plunkett, damiankloip: Move the views data tests to a unit test.
  • #2129809 by damiankloip: Remove usage of user_access() in NodeRevisionAccessCheck.
  • #2124287 by jessebeach: Book module's BookNavigationBlock passes poorly formatted variable data to the book-all-books-block template.
  • #2129525 by olli: Views link display custom url does not use the default value from master display.
  • #2134929 by Wim Leers: Clean up Edit: rename EntityView to EntityDecorationView.
  • #2121209 by swentel, Bojhan: Remove empty 'Web services' category in 'Configuration'.
  • #2112635 by tim.plunkett: Convert update_script_selection_form to FormInterface.
  • #2139921 by Wim Leers: Contextual links can't handle multiple occurrences of the same contextual links.
  • #2039277 by googletorp, dawehner, sandhya.m: Convert aggregator/opml to the new controller style.
  • #2102489 by InternetDevels: Remove drupal_set_title in views module controllers.
  • #1986074 by LewisNyman, Outi, mcjim, edward_or, ry5n, Bojhan, yoroy: Buttons style update.
  • #2132441 by chx, eliza411: Run-tests.sh --module is broken.
  • #2138867 by chx: Allow dangling commas in annotations.
  • #2140459 by amateescu, larowlan, David_Rothstein: Color module XSS in appearance settings.
  • #2140447 by larowlan, Heine: Open redirect in overlay (forward port of SA-CORE-2013-003).
  • #1892530 by amateescu, larowlan, grisendo, pwolanin: XSS in image file description (forward port of SA-CORE-2013-003).
  • #2103635 by claudiu.cristea | fietserwin: Remove effects from ImageInterface.

New in version 7.25 (January 3rd, 2014)

  • Major changes since 7.24:
  • Added an optional feature to the Statistics module to allow node views to be tracked by Ajax requests rather than during the server-side generation of the page. This allows the node counter to work on sites that use external page caches (string change and new administrative option: https://drupal.org/node/2164069).
  • Fixed a bug in node_save() which prevented the saved node from being updated in hook_node_insert() and other similar hooks.
  • Added a meta tag to install.php to prevent it from being indexed by search engines even when Drupal is installed in a subfolder (minor markup change).
  • Fixed a bug in the database API that caused frequent deadlock errors when running merge queries on some servers.
  • Performance improvement: Prevented block rehashing from writing blocks to the database on every cache clear and cron run when the blocks have not changed. This fix results in an extra 'saved' key which is added and set to TRUE for each block returned by _block_rehash() that actually is saved to the database (data structure change).
  • Added an optional 'skip on cron' parameter to hook_cron_queue_info() to allow queues to avoid being automatically processed on cron runs (API addition).
  • Fixed a bug which caused hook_block_view_MODULE_DELTA_alter() to never be invoked if the block delta had a hyphen in it. To implement the hook when the block delta has a hyphen, modules should now replace hyphens with underscores when constructing the function name for the hook implementation.
  • Fixed a bug which caused cached pages to sometimes be sent to the browser with incorrect compression. The fix adds a new 'page_compressed' key to the $cache->data array returned by drupal_page_get_cache() (minor data structure change).
  • Fixed broken tests on PHP 5.5.
  • Made the File and Image modules more robust when saving entities that have deleted files attached. The code in file_field_presave() will now remove the record of the deleted file from the entity before saving (minor data structure change).
  • Standardized menu callback functions throughout Drupal core to return MENU_NOT_FOUND and MENU_ACCESS_DENIED rather than printing their own "page not found" or "access denied" pages (minor API change in the return value of these functions under some circumstances).
  • Fixed a bug in which caches were not properly cleared when a node was deleted via the administrative interface.
  • Changed the Bartik theme to render content contained in , and similar tags in a larger font size, so it is easier to read.
  • Fixed a bug in the Search module that caused exceptions to be thrown during searches if the server was not configured to represent decimal points as a period.
  • Fixed a regression in the Image module that made image_style_url() not work when a relative path (rather than a complete file URI) was passed to it.
  • Added a link to the drupal.org documentation page for cron to the Cron settings page (string change).
  • Added a 'drupal_anonymous_user_object' variable to allow the anonymous user object returned by drupal_anonymous_user() to be overridden with a classed object (API addition).
  • Changed the database API to allow inserts based on a SELECT * query to work correctly.
  • Changed the database schema of the {file_managed} table to allow Drupal to manage files larger than 4 GB.
  • Changed the File module's hook_field_load() implementation to prevent file entity properties which have the same name as file or image field properties from overwriting the field properties (minor API change).
  • All changes since 7.24:
  • #2051787 by milesw: Document that caches should be cleared after calling field_attach_update().
  • #1876546 by plopesc, Kevin Morse | joachim: Node_type_form_validate() and node_type_form_submit() pointlessly trim machine name value.
  • #1182374 by lyricnz, sivaji, brianV: Code style fixes for includes/filetransfer.
  • #2117601 by Alan D.: Namespaced Drupal\node\Node entity in node_revision_list() doc comment rather than node.
  • #1146244 by Dean Reilly, klausi, fago, firebird, David_Rothstein, aaronbauman, shenzhuxi, jaanhoinatski, themoep, citlacom: Node_access integrity constraint violation on module_invoke_all('node_' . $op, $node);.
  • #1760330 by s.Daniel, David_Rothstein, jfhovinne: Hide vulnerable drupal install.php sites from search engines.
  • #805236 by merrillholt, ekl1773, marcingy, sun, catch: Cache the query in menu_local_tasks().
  • #1252206 by sivaji, droplet, kid_icarus, Bojhan: Remove checkbox spacing.
  • #937284 by chx, chrisdolby, deviantintegral, Berdir, tim.plunkett | hefox: DEADLOCK errors on MergeQuery INSERT due to InnoDB gap locking when condition in SELECT ... FOR UPDATE results in 0 rows.
  • #1201088 by crazyrohila, pjcdawkins, eiriksm, Zgear, barbi | alxsvdr: Drupal_environment_initialize() passes wrong ini_set parameter.
  • #1798066 by boztek, dcam, larowlan | Anonymous: Clean up CommentTestBase::setCommentSettings().
  • #1480734 by kotnik: Useless require_once file in st().
  • #1693336 by chx, David_Rothstein, catch | iamEAP: Block rehashing happens on every cron run.
  • #2136369 by marvil07: Provide a way to avoid processing a queue during cron execution.
  • #1076132 by fizk, friesk, foxtrotcharlie, coolestdude1, David_Rothstein, skwashd, alexpott, tstoeckler | adaddinsane: Hook_block_view_MODULE_DELTA_alter fails with blocks that have a hyphen in the block delta.
  • #1476810 by Spleshka, David_Rothstein, franz | Heine: Drupal_serve_page_from_cache can serve uncompressed data with Content-Encoding gzip header with page_cache_without_database = 1.
  • #2054205 by pfrenssen, Berdir: Broken Tests on PHP 5.5.
  • #2018791 by droplet | gagarine: States.js is not compatible with jquery +1.6.1 because it use $.attr in the wrong way.
  • #1563620 by donquixote, David_Rothstein, chaby: Fix errors running unit tests in Drupal 7 when the Locale module is enabled.
  • #1443158 by agentrickard, Dave Reid, marcingy: File_field_presave assumes that a file object has been loaded.
  • #1426122 by deletedaccount, Alan D., andypost, maximpodorov: Some callbacks return junk when calling drupal_not_found(); replace with return MENU_NOT_FOUND instead.
  • #2120461 by amitsedaiz | joachim: Theme_status_report() uses an integer instead of a constant.
  • #1841900 by olli, herom, Sheldon Rampton: Node deletion should clear page cache.
  • #2127835 by zterry95: Fix code format in user.module.
  • #1198904 by das-peter, jox: Drupal_load_stylesheet() fails to load @import files in different directories.
  • #1269166 by mgifford | hass: PRE tags (and other similar tags) have unreadable small font-size in Bartik.
  • #2078917 by sun: E-mails contain double spaces in soft-wrapped sentences.
  • #1504522 by rahulbile, Chi: Strict warning: Only variables should be passed by reference in update_results_page().
  • #2090207 by helmo, davidhunter, Tor Arne Thune: Undefined property: stdClass::$visibility in profile_view_field().
  • #1970588 by Heine: SearchExcerptTestCase should be a DrupalWebTestCase.
  • #2016497 by naxoc, jhodgdon | plachance: Search query extender should not use floats directly.
  • #1955378 by skek, Darren Oh, claudiu.cristea, David_Rothstein: Return same derivative token with path or URI.
  • #1993728 by johnmcc, pfrenssen: TestMenuTreeData() assert message confuses dashes and underscores.
  • #1209532 by timmillwood, lucascaro, wiifm, iamEAP, sdrycroft, mikeytown2 | slashrsm: Count node views via AJAX in the statistics module.
  • #813634 by jlscott, cafuego, Nitesh Sethia, claudinec, brianV: Node.language column should have an index.
  • #2079315 by mondrake: Image style editing leads to redundant watchdog entries.
  • #1982020 by Fabianx, FreekyMage, Cottser: Add static caching to drupal_html_class().
  • #1996644 by apkwilson, abghosh82 | joachim: User_login_name_validate() uses isset() where other user login form validation handlers use !empty().
  • #2011918 by jesse.d, Liam Morland, scor: Titles are often double-escaped (including in the content attribute of the dc:title meta element for nodes).
  • #2040209 by WebEvt: CSS is truncated when aggregation is turned on.
  • #310315 by superspring, justafish, naxoc, Waltemath | fonant: drupal_wrap_mail() strips trailing blanks from standard hyphen-hyphen-space-newline e-mail signature separator.
  • #2064667 by kboopathi | Charles Belov: PHP Filter has a broken link to "Example PHP snippets" within help.
  • #1414368 by coolestdude1, Dave Reid: Drupal_http_request does not handle basic auth correctly when dealing with blank passwords.
  • #1346098 by benjy | joachim: Standard install profile sets a pointless $vocabulary->help.
  • #1679660 by rhm50, amontero, billk2, valthebald | bagvendt: Add link to cron tutorial on drupal.org.
  • #1399798 by nevergone, amateescu, chriscohen: Add a variable to allow the anonymous user object to not be a stdClass and to work around the fact that anonymous user properties are hardcoded.
  • #2056363 by yched, Sweetchuck, chx: INSERT INTO table SELECT * FROM ... not supported.
  • #1815886 by bojanz, slashrsm | torgosPizza: Change the database schema to allow Drupal core to manage files larger than 4 GB.
  • #1683794 by JacobSanford, somepal, Caligan: Fix docs for user_block_user_action() function
  • #1820086 by gcassie: Remove mention of drupal_session_count() from inline documentation.
  • #2145077 by TR: Fix spelling errors in D7 tests and comments
  • #2129867 by ar-jan: Fix HTML formatting in drupal_add_js docs.
  • #1665446 by sivaji, kostajh, markpavlitski: Fix documentation for user_pass_rehash and related functions
  • #2084535 by sivaji, mErilainen, tankerjoe, DanielFbrg: Fix docs for file_copy
  • #1947766 by pfrenssen: Fix docs for user_page() function
  • #332518 by diego21, joachim, chriscohen: Fix up documentation for system_settings_form().
  • #1345654 by diego21, joachim: Make sure hook_field_info tells you there are other needed hooks
  • #1517032 by damiankloip, covenantd: Fix search-result.tpl.php docs
  • #2109957 by ar-jan, joachim: Clarify docs for hook_field_schema()
  • #2105237 by StephaneQ: Remove innacurate line in stream wrapper class docs
  • #2046677 by drumm | tvn: Fixed Strict warning: Creating default object from empty value in template_preprocess_profile_listing().
  • #2078101 by Xano: Update copyright date
  • #692366 by mariacha1, hosef, Albert Volkman, xjm, underq, kid_icarus, willmoy, bradweikel: Replace US-centric php.net URLs with language-neutral URLs
  • #2061275 by StephaneQ, cconrad: Do not confuse hook_cron_queue_info with hook_cron in docs
  • #2062399 by kattekrab, Kartagis, effulgentsia, cafuego, Damien Tournoud, beejeebus, Dries, cweagans, webchick: Add Percona to list of supported MySQL-like databases
  • #1977054 by ebargtuo, dooug: Make docs for language API callbacks match the code
  • #2066275 by Dave Reid: Fixed file_field_load() overwrites any field item properties with file entity properties.
  • #2059785 by kiamlaluno, longwave: Fix punctuation in field_view_field() docs
  • #2062127 by jlindsey15, joachim: Document system_requirements as implementation of hook_requirements
  • #2061545 by StephaneQ, rterrein: Add missing ampersand in sample hook_dashboard_regions_alter function body
  • #2061843 by TravisCarden: Clean up the docs for hook_schema
  • #2044791 by skipyT, alexandre.todorov, joachim: Clarify documentation of hook_block_view around empty return values
  • #1967802 by ebargtuo: Fix documentation of block view alter hooks
  • #2059685 by StephaneQ, Cottser: Remove t() from test assertion messages in dashboard module
  • #2059687 by StephaneQ, Cottser: Remove t() from test assertion messages in blog module
  • #2059689 by StephaneQ, dcam: Remove t() from test assertion messages in profile module
  • #2059691 by StephaneQ, dcam: Remove t() from test assertion messages in trigger module

New in version 7.24 (November 22nd, 2013)

  • This release fixes the following security vulnerabilities: SA-CORE-2013-003 - Drupal core - Multiple vulnerabilities

New in version 7.22 (April 4th, 2013)

  • Major changes since 7.21:
  • Allowed the drupal_http_request() function to be overridden so that additional HTTP request capabilities can be added by contributed modules.
  • Changed the Simpletest module to allow PSR-0 test classes to be used in Drupal 7.
  • Removed an unnecessary "Content-Disposition" header from private file downloads; it prevented many private files from being viewed inline in a web browser.
  • Changed various field API functions to allow them to optionally act on a single field within an entity (API addition: http://drupal.org/node/1825844).
  • Fixed a bug which prevented Drupal's file transfer functionality from working on some PHP 5.4 systems.
  • Fixed incorrect log message when theme() is called for a theme hook that does not exist (minor string change).
  • Fixed Drupal's token-replacement system to allow spaces in the token value.
  • Changed the default behavior after a user creates a node they do not have access to view. The user will now be redirected to the front page rather than an access denied page.
  • Fixed a bug which prevented empty HTTP headers (such as "0") from being set. (Minor behavior change: Callers of drupal_add_http_header() must now set FALSE explicitly to prevent a header from being sent at all; this was already indicated in the function's documentation.)
  • Fixed OpenID errors when more than one module implements hook_openid(). The behavior is now changed so that if more than one module tries to set the same parameter, the last module's change takes effect.
  • Fixed a serious documentation bug: The $name variable in the taxonomy-term.tpl.php theme template was incorrectly documented as being sanitized when in fact it is not.
  • Fixed a bug which prevented Drupal 6 to Drupal 7 upgrades on sites which had duplicate permission names in the User module's database tables.
  • Added an empty "datatype" attribute to taxonomy term and username links to make the RDFa markup upward compatible with RDFa 1.1 (minor markup addition).
  • Fixed a bug which caused the denial-of-service protection added in Drupal 7.20 to break certain valid image URLs that had an extra slash in them.
  • Fixed a bug with update queries in the SQLite database driver that prevented Drupal from being installed with SQLite on PHP 5.4.
  • Fixed enforced dependencies errors updating to recent versions of Drupal 7 on certain non-MySQL databases.
  • Refactored the Field module's caching behavior to obtain large improvements in memory usage for sites with many fields and instances (API addition: http://drupal.org/node/1915646).
  • Fixed entity argument not being passed to implementations of hook_file_download_access_alter(). The fix adds an additional context parameter that can be passed when calling drupal_alter() for any hook (API change: http://drupal.org/node/1882722).
  • Fixed broken support for translatable comment fields (API change: http://drupal.org/node/1874724).
  • Added an assertThemeOutput() method to Simpletest to allow tests to check that themed output matches an expected HTML string (API addition).
  • Added a link to "Install another module" after a module has been successfully downloaded via the Update Manager (UI change).
  • Added an optional "exclusive" flag to installation profile .info files which allows Drupal distributions to force a profile to be selected during installation (API addition).
  • Fixed a bug which caused the database API to not properly close database connections.
  • Added a link to the URL for running cron from outside the site to the Cron settings page (UI change).
  • Fixed a bug which prevented image styles from being reverted on PHP 5.4.
  • Made the default .htaccess rules protocol sensitive to improve security for sites which use HTTPS and redirect between "www" and non-"www" versions of the page.
  • All changes since 7.21:
  • #1821906 followup by David_Rothstein: Validate that the new $options parameter in various Field API public API functions is actually an array, to prevent conflicts with contrib modules.
  • #1664784 by effulgentsia, mikeytown2: Allow drupal_http_request() to be overridden.
  • #1693398 by donquixote, pounard, sun, Sylvain Lecoy: Allow PSR-0 test classes to be used in D7.
  • #1952354 by robertcharlesfox | laurence_m: Fixed Typo in drupal_add_html_head() API doc.
  • #1797506 by dcam, xjm, Lars Toomre, sivaji: Remove t() from assertion messages in tests for the rdf module.
  • #1945066 by chertzog, dcam | joachim: Fixed node_theme() doesn't declare the file for theme_node_admin_overview() .
  • #1049050 by mfb, TwoD, David_Rothstein, jpsoto: Removed dead code in file_stream_wrapper_uri_normalize().
  • #946118 by droplet, lyricnz, dcam | rvilar: Fixed The machine name isn't updating correctly when the user selects a previous input value.
  • #799356 by vijaycs85, m1n0, jaffaralia, effulgentsia: Fixed _form_set_class() is too aggressive in assigning the 'error' class.
  • #1575060 by Spleshka, andypost, serm, mcjim, nod_: Fixed ajax_html_ids() are broken for forms with file element (encoding=multipart/form-data).
  • #1728122 by rymo | HonoredMule: Fixed Sticky Table header tables don't inherit parent table's outer width.
  • #1229014 by bfroehle, jackbravo, illmasterc: Fixed Content-Disposition header makes private files show open/save prompts, but public files show inline.
  • #1821906 by Wim Leers, nod_: Allow more Field API public API functions to act on a single field within an entity.
  • #985642 by kiamlaluno, Berdir, Damien Tournoud, Deciphered, B-Prod, galooph, David_Rothstein, drzraf, yched: Add back field_attach_load() to file_field_update() under certain circumstances in Drupal 7.
  • #124689 by cck | Dio: Fixed hook_user()/hook_user_presave() documentation needs clarification on how to modify values.
  • #1915088 by openminds, bfroehle: Fixed SkipDotsRecursiveDirectoryIterator not skipping dot-files when they are the first entry.
  • #1937860 by mikeytown2: Fixed seven_css_alter() does not set the type.
  • #1940404 by danpros: Fix URL typo in PHP module filter tips.
  • #1096208 by zambrey, mr.baileys: Fixed PHP notices when creating menu link '#'.
  • #1564996 by greggles: Added Make one-time login link watchdog more useful for auditing.
  • #1705536 by pfrenssen: Fixed typo in docblock block_block_list_alter().
  • #1716036 by larowlan, xjm: Use range() to create option list for forum block options.
  • #1886876 by IRuslan, swentel: Fixed Useless variable assignment in node_feed().
  • #1723828 by hass: Fixed incorrect log message when theme() is called for a theme hook that does not exist.
  • #1648004 by dcam, Devin Carlson, Rob Loach: Removed inaccurate code comment about using l() in update_helpful_links().
  • #1035292 by Désiré, vijaycs85, wizonesolutions, oriol_e9g, ACF, achton, darkadept: Fixed Dynamic tokens can't have spaces.
  • #1901476 by caiosba | mstef: Fixed Uncaught TypeError: Cannot read property 'command' of undefined in ajax.js.
  • #1242602 by swentel, JvE, babruix | Chi: Fixed Notices in taxonomy_autocomplete().
  • #771036 by ojohansson, Albert Volkman, Gábor Hojtsy: Fixed Overlay overwrites existing target attribute.
  • #1429442 by Jody Lynn, mathankumarc, gnuget, nrambeck, dcam | sun: Fixed Access denied page shown after submitting form that creates a unpublished node.
  • #1605040 by TravisCarden, mitron | EdgarPE: Fixed drupal_send_headers() ignores headers with valid but falsy values.
  • #1907704 by acrollet, ultimateboy, totten: Restrict temporary files created by text editors.
  • #1379056 by Barrett: Fixed if more than one hook_openid() implementation returns a given parameter, the resulting value is an array and request is invalid.
  • #1926758 by balsama, mitron: Fix code comment in system.module
  • #1797514 by disasm, dicam, Gaelan, Lars Toomre: Remove t() from test assert messages in simpletest module
  • #1884840 by Pix, pwolanin: Remove reference to md5 in ajax code comments
  • #1920340 by yched: Fixed Update URL of change notification for '_field_info_collate_fields() memory usage'.
  • #1324058 by isay, barraponto, shameemkm: Fixed forum-rtl.css does not overide #forum div.indent from margin-left to margin-right.
  • #1886812 by kiamlaluno: theme_form_element() initialize a variable that is never used.
  • #1215404 by brianV, pillarsdotnet: Fixed Remove assignment to unused variable $export_data from book_export_html() function.
  • #1886796 by kiamlaluno: Fixed theme_checkbox() initialize a variable that is never used.
  • #1886870 by IRuslan: Fixed Useless node_type_get_type() call in node_validate().
  • #1848774 by IshaDakota, kiamlaluno: Fixed search_view() initializes a variable that is never used.
  • #1898314 by droplet | xjm: Rename $user to $account in WebTestBase::drupalLogin().
  • #1751054 by borisbaldinger, Berdir, vomiand: Fixed serious documentation problem with the $name variable in taxonomy-term.tpl.php (incorrectly documented as being sanitized when in fact it is not).
  • #1586542 followup by andypost: Workaround for an issue where system update #7061 fails due to a memory leak and can't be run again.
  • #1475342 by iamEAP | Kasper Souren: Fixed D6->D7 upgrade: system_update_7007() fail.
  • #1827136 by amatzies, patrickd, posulliv | earnie: Add severity index to watchdog table.
  • #1848464 by scor | jneubert: Fixed Make RDFa markup upward compatible with RDFa 1.1.
  • #1890754 by Berdir, pwolanin, tim.plunkett: [Tests] Private Images visible by url.
  • #1932354 by Alexander Pyle: Fix up documentation for image_scale()
  • #1916928 by Alexander Pyle, YesCT, twistor: Document that clickLink is case sensitive
  • #1347914 by Albert Volkman, Lars Toomre, batigolix, NROTC_Webmaster, xjm, sven.lauer: Fix up API docs for Filter module
  • #1923554 by David_Rothstein, pwolanin, mitron | alfaguru: Fixed New anti-DoS measure breaks for some file URIs.
  • #1266572 by znerol, joshf: Fixed Workaround in UpdateQuery_sqlite() for affected rows count causes certain updates to be suppressed.
  • #1012620 by Berdir, kbasarab, YesCT: Fixed Unique key on date_formats().(format|type) is problematic for case insensitive collations.
  • #1792380 by theo_: Fixed DatabaseCondition not cloning SelectQuery value object.
  • #1794012 by dcam, Crell, Lars Toomre: Remove t() from asserts in database system tests
  • #1908192 by mitron: Document what happens in drupal_get_filename() if the file is not found
  • #1908194 by richard.c.allen2386: Document what happens in drupal_get_path if the file is not found
  • #1889738 by andybroomfield: Add information to documentation of hook_custom_theme
  • #1397346 by Albert Volkman, kristiaanvandeneynde, larowlan, bobbyaldol, tim-e, shiff2kl, FatGuyLaughing: Add and fix up documentation in image and node module files
  • #1885000 by cck: Add link in hook_theme docs to theme layer page
  • #1879022 by omegamonk: Fixed Enforced dependencies errors updating to recent versions of Drupal 7.
  • #1040790 by yched, swentel, geerlingguy, justin.randell, Berdir | catch: Fixed _field_info_collate_fields() memory usage.
  • #1893530 by alippai: Document that bundles element is not required for one-bundle entities in hook_entity_info
  • #1894850 by ben.bunk: Fix typo in code example in drupal_prerender_links docs
  • #1875858 by j.slemmer, cck: Fix documentation for a couple of menu hooks
  • #1317628 by Albert Volkman, Gaelan, disasm, mjonesdinero, xjm: Clean up API docs for include files n-z
  • #1888454 by kiamlaluno: Remove irrelevant information from form_process_vertical_tabs() documentation
  • #1807556 by Albert Volkman, Lars Toomre: API docs fixup for Aggregator module
  • #1807688 by Albert Volkman, Lars Toomre: API docs fixes for Book module
  • #1156576 by pixelite, Ryan Weal, jhodgdon, plach, Albert Volkman: Better documentation for language negotiation
  • #1851788 by cck, blake.thompson: Add docs for hook_menu for expanded property
  • #1870612 by David_Rothstein, plach, greggles: Add tests for SA-CORE-2012-004 - Drupal core - Arbitrary code execution via file upload.
  • #1565322 by Jorrit: Fixed Notice in locale_languages_edit_form_validate().
  • #1857956 by catch, David_Rothstein: Do not re-prepare comment update timestamp if it's the same as the created timestamp (performance improvement).
  • #1815930 by slashrsm, gbrands, amontero: Fixed Update watchdog message in file_unmanaged_copy() with correct string/variable replacement values.
  • #1143460 by WorldFallz, Dave Reid, colette, typhonius, David_Rothstein | localhost: Fixed hook_file_download_access_alter() missing entity argument (by allowing an additional context argument to be passed to drupal_alter()).
  • #1862198 by plopesc: Make it clearer where to find placeholder docs for t
  • #1873608 by David_Rothstein: Clarify documentation on when to use t vs format_string
  • #1333400 by Albert Volkman, Chi: Add parameter docs for hook_install_tasks
  • #1864216 by larowlan, marvin_B8: Fixed No docblock for several functions in user.module.
  • #1864360 by oadaeh: Fixed Clean up some inconsistencies with @link...@endlink.
  • #1864188 by johnshortess | hefox: Fixed user_filters() invokes hook_permission() with argument 'permission' ($function('permission')).
  • #1741386 by lazysoundsystem, rasmusluckow, andypost, Lars Toomre, dcam: Removing t() from asserts in simpletests in book module.
  • #1534674 by plach, slowflyer: Fixed Comment field language is completely broken.
  • #1874342 by erikwebb: Fixed Undefined constant STEAM_WRAPPERS_LOCAL used in file_get_stream_wrappers() documentation.
  • #1873608 by David_Rothstein: Improve documentation of format_string() to emphasize that it is used to prepare variables for HTML display.
  • #1854620 by marvin_B8, droplet: Fixed hook_menu_local_tasks_alter() help texts.
  • #1629994 by Aron Novak, oadaeh, yurtboy, jhodgdon, kingandy: Fixed Mail functions reference obsolete RFC.
  • #1606946 follow-up by David_Rothstein: Remove note about const from D7 docs since we don't require PHP 5.3.
  • #1868206 by kiamlaluno: Fixed Word is repeated.
  • #1847382 by thehong, pingwin4eg, 63reasons: Fixed Undefined index: access in includes/menu.inc (when custom access_callback() does not exist or does not get included).
  • #1706878 by tim.plunkett, lazysoundsystem: Added DrupalWebTestCase::assertThemeOutput() to allow modules to test theme function output.
  • #1446650 by superspring | drupalsven: Added After installing module display link to 'install another module'.
  • #1727430 by tedbow, webchick, fubhy | amontero: Added 'exclusive' flag to install profiles to auto-select them during installation.
  • #843114 by sun, quicksketch, Berdir | c960657: Fixed DatabaseConnection::__construct() and DatabaseConnection_mysql()::__construct() leaks $this (Too many connections).
  • #1117780 by amontero, naxoc | ogi: Display cron url in admin/config/system/cron page.
  • #1494676 by Liam Morland, cam8001: Removed unused variable $http_protocol in drupal_settings_initialize().
  • #1672694 by Devin Carlson, JulienD, jibran, kalabro: Fixed Field UI continues to use t() for $instance['label'] in field_ui().admin.inc.
  • #1550892 by david.mckay | fgm: Fixed reset() on function call in image_update_7002() to avoid an E_STRICT notice.
  • #1833028 by michaelmol | rmfleet: Fixed bug which prevented image styles from being reverted on PHP 5.4.
  • #1817680 by haydeniv | netol: Fixed Update notification is printed more than one time.
  • #1733476 by greggles, BMDan: Fixed Make default htaccess rules protocol sensitive to avoid man-in-the-middle-attacks if users don't fully customize the rule.
  • #1851886 by Albert Volkman: Fix up documentation for cache_set() function
  • #1247812 by Albert Volkman, jzacsh: Add docs for user_admin() function
  • #1853050 by Jerenus: Fix up docs for drupal_send_headers()
  • #1857984 by Ivan Zugec: Fix sample code for hook_field_widget_form so it would actually work
  • #1858508 by TravisCarden: Add see also to hook_theme docs
  • #1856142 by kiamlaluno: Fix typo in node_query_node_access_alter() comment
  • #1606946 by Albert Volkman: Fix grammar in docs in update.php
  • #1853574 by Albert Volkman: Fix spelling error in drupal_mail_system() docs
  • #1787876 by Albert Volkman, cirage, BrockBoland: Add return docs for drupal_get_token() function
  • #1606946 by Albert Volkman, udaksh, bunthorne: Fix up API docs for top-level PHP files
  • #1851538 by willkaxu: Fix docs typo in cache.inc
  • #1313980 by Albert Volkman, Lars Toomre, jn2, xjm, jhodgdon: Clean up API docs for Node module
  • #1846510 by Tor Arne Thune: Remove duplicate that in code comment
  • #1846510 by larowlan, kim.pepper: Fix spelling error in field UI module comment
  • #1848516 by IshaDakota: Fix coding style in hook_schema() example function body
  • #1423090 by Albert Volkman: Fix invalid function see reference in field.module
  • #1837840 by amontero, tstoeckler: Add clarification to l() docs as to when to use t() instead
  • #1326600 by dcam, Lars Toomre, batigolix, kid_icarus, xjm: Clean up API docs for dblog module
  • #1492378 by kbasarab: follow-up docs correction on autocomplete paths
  • #1831408 by kotnik: Fix spelling of entity in docs
  • #1829366 by gcassie: Fix up grammar and caps in default settings.php file

New in version 7.21 (March 12th, 2013)

  • Drupal 7.20 fixed a fundamental security flaw in the Drupal core Image module and therefore introduced incompatibilities with a number of contributed modules and sites (see the Drupal 7.20 release notes). To help mitigate the effect of these changes, an optional 'image_allow_insecure_derivatives' variable was provided, which sites could use to turn off the security fix.
  • Drupal 7.21 adds additional security protection for sites that use this variable. Although they will still not receive the full benefit of the security fix, they will now have protection against the most damaging and easiest-to-inflict vulnerabilities that were addressed in Drupal 7.20.
  • If you encountered problems when upgrading or attempting to upgrade to Drupal 7.20, then you should upgrade to Drupal 7.21 following the instructions below:
  • First check if upgrading to Drupal 7.21 (and applying any patches or fixes recommended in the Drupal 7.20 release notes) allows you to upgrade your site without any issues. Unset the 'image_allow_insecure_derivatives' variable if you previously set it while upgrading to Drupal 7.20.
  • If your site experiences problems that do not yet have a fix (and the problems are severe enough that you are unable to tolerate them on your site), set the 'image_allow_insecure_derivatives' variable to TRUE. This can be done using Drush, or by placing code such as $conf['image_allow_insecure_derivatives'] = TRUE; in your settings.php file. (There is also an experimental module you can install which will provide a user interface for turning the variable on.)
  • If you choose to set this variable, understand that your site is not fully secure; it will still be vulnerable to some forms of denial-of-service attacks which use image derivatives as described in SA-CORE-2013-002 (although not the most serious and easiest-to-inflict ones). You should therefore monitor the issue queues of any modules which were giving you trouble and remove the variable from your site as soon as fixes become available which you are able to apply.
  • There is one behavior change introduced in this release for sites using the 'image_allow_insecure_derivatives' variable. Previously, setting the variable would allow you to generate any image derivative without including a token in the URL. Now, although tokens will still be optional for most image derivatives, they will be required in the unlikely case of an image derivative which was itself generated from an image derivative (for example, if you first generate a thumbnail image by visiting http://example.com/sites/default/files/styles/thumbnail/public/field/image/example.png, and then want to take that thumbnail image and generate a "medium" image based off of it by visiting http://example.com/sites/default/files/styles/medium/public/styles/thumbnail/public/field/image/example.png, the second case will require a token in the URL in order to work). This change was necessary in order to provide the security improvements and is not believed to have a practical effect in realistic scenarios.

New in version 7.20 (February 22nd, 2013)

  • This release fixes security vulnerabilities. Sites are urged to upgrade immediately after reading the security announcement...
  • SA-CORE-2013-002 - Drupal core - Denial of service
  • No other fixes are included.

New in version 7.19 (January 17th, 2013)

  • This release fixes security vulnerabilities. Sites are urged to upgrade immediately!

New in version 7.18 (December 20th, 2012)

  • This release fixes security vulnerabilities.

New in version 7.17 (November 13th, 2012)

  • Changed the default value of the '404_fast_html' variable to have a DOCTYPE declaration.
  • Made it possible to use associative arrays for the 'items' variable in theme_item_list().
  • Fixed a bug which prevented required form elements without a title from being given an "error" class when the form fails validation.
  • Prevented duplicate HTML IDs from appearing when two forms are displayed on the same page and one of them is submitted with invalid data (minor markup change).
  • Fixed a bug which prevented Drupal 6 to Drupal 7 upgrades on sites which had stale data in the Upload module's database tables.
  • Fixed a bug in the States API which prevented certain types of form elements from being disabled when requested.
  • Allowed aggregator feed items with author names longer than 255 characters to have a truncated version saved to the database (rather than causing a fatal error).
  • Allowed aggregator feed items to have URLs longer than 255 characters (schema change which results in several columns in the Aggregator module's database tables changing from VARCHAR to TEXT fields).
  • Added hook_taxonomy_term_view() and standardized the process for rendering taxonomy terms to invoke hook_entity_view() and otherwise make it consistent with other entities (API change: http://drupal.org/node/1808870).
  • Added hook_entity_view_mode_alter() to allow modules to change entity view modes on display (API addition: http://drupal.org/node/1833086).
  • Fixed a bug which made database queries running a "LIKE" query on blob fields fail on PostgreSQL databases. This caused errors during the Drupal 6 to Drupal 7 upgrade.
  • Changed the hook_menu() entry for Drupal's rss.xml page to prevent extra path components from being accidentally passed to the page callback function (data structure change).
  • Removed a non-standard "name" attribute from Drupal's default Content-Type header for file downloads.
  • Fixed the theme settings form to properly clean up submitted values in $form_state['values'] when the form is submitted (data structure change).
  • Fixed an inconsistency by removing the colon from the end of the label on multi-valued form fields (minor string change).
  • Added support for 'weight' in hook_field_widget_info() to allow modules to control the order in which widgets are displayed in the Field UI.
  • Updated various tables in the OpenID and Book modules to use the default "empty table" text pattern (string change).
  • Added proxy server support to drupal_http_request().
  • Added "lang" attributes to language links, to better support screen readers.
  • Fixed double occurrence of a "ul" HTML tag on secondary local tasks in the Seven theme (markup change).
  • Fixed bugs which caused taxonomy vocabulary and shortcut set titles to be double-escaped. The fix replaces the taxonomy vocabulary overview page and "Edit shortcuts" menu items' title callback entries in hook_menu() with new functions that do not escape HTML characters (data structure change).
  • Modified the Update manager module to allow drupal.org to collect usage statistics for individual modules and themes, rather than only for entire projects.
  • Modified the node listing database query on Drupal's default front page to add table aliases for better query altering (this is a data structure change affecting code which implements hook_query_alter() on this query).
  • Improved the translatability of the "Field type(s) in use" message on the modules page (admin-facing string change).
  • Fixed a regression which caused a "call to undefined function drupal_find_base_themes()" fatal error under rare circumstances.
  • Numerous API documentation improvements.
  • Additional automated test coverage.

New in version 7.14 (May 3rd, 2012)

  • This is a maintenance release to fix 17 miscellaneous bugs.

New in version 7.12 (February 2nd, 2012)

  • This version fixes a wide variety of miscellaneous bugs.

New in version 7.10 (December 6th, 2011)

  • Fixed Content-Language HTTP header to not cause issues with Drush 5.x.
  • Reduce memory usage of theme registry (performance).
  • Fixed PECL upload progress bar for FileField
  • Fixed running update.php doesn't always clear the cache.
  • Fixed PDO exceptions on long titles.
  • Fixed Overlay redirect does not include query string.
  • Fixed D6 modules satisfy D7 module dependencies.
  • Fixed the ordering of module hooks when using module_implements_alter().
  • Fixed "floating" submit buttons during AJAX requests.
  • Fixed timezone selected on install not propogating to admin account.
  • Added msgctx context to JS translation functions, for feature parity with t().
  • Profiles' .install files now available during hook_install_tasks().
  • Added test coverage of 7.0 -> 7.x upgrade path.
  • Numerous notice fixes.
  • Numerous documentation improvements.
  • Additional automated test coverage.

New in version 7.4 (July 1st, 2011)

  • Drupal 7.4 fixes other issues reported through the bug tracking system.

New in version 7.2 (May 27th, 2011)

  • Get CHANGELOG.txt caught up to speed with changes in Drupal 6 and Drupal 5 in the past three years.
  • #1137074 by plach, Jose Reyero: notices and wrong links on translation tab for unpublished nodes.
  • #1021270 by larowlan, wojtha: Fixed Blocks for custom menus are impossible to theme.
  • #1096340 by plach, fietserwin, sun: Fixed Stale language types/negotation info after enabling/disabling modules.
  • #1019352 by Jody Lynn: delete blog module's variable on hook_uninstall().
  • #1019292 by TR, Jody Lynn: remove random nbsp characters.
  • Merge branch '7.x' of git.drupal.org:project/drupal into 7.x
  • #1164226 by TR: token_find_with_prefix() has typos, token.inc not up to doc standards.
  • #1154822 by lyricnz, Starminder: Fixed User Schema mismatch after upgrade D6 to D7.
  • #1154820 by lyricnz, marcingy, Starminder: Fixed System Schema mismatch after upgrade D6 to D7.
  • #1154812 by lyricnz, Starminder: Fixed Poll Schema mismatch after upgrade D6 to D7.
  • #1154808 by lyricnz, Starminder: Fixed Node Schema mismatch after upgrade D6 to D7.
  • #1154802 by lyricnz, Starminder: Fixed Block Schema mismatch after upgrade D6 to D7.
  • #1154806 by lyricnz, marcingy, Starminder: Fixed Comment Schema mismatch after upgrade D6 to D7.
  • #1089174 follow-up by plach: Fix notices and expand tests.
  • #1017832 by benjifisher, droplet, aspilicious, tim.plunkett, johnv, Jeff Burnz: fieldset CSS for node forms needs to be more specific.
  • #1120412 by skwashd: comment_save() doesn't support additional columns added by hook_schema_alter().
  • Merge branch '7.x' of git.drupal.org:project/drupal into 7.x
  • #1078980 by plach: language neutral not available when there are disabled languages.
  • #1038788 by wojtha, sign: drupal_find_theme_functions() removes all theme 'prefix_' occurences.
  • #1013864 by agentrickard, JimmyAx: book navigation block fails with Node Access modules.
  • #1096446 by plach: Fixed entity_label() is not passing along the () parameter.
  • Rollback of #1076366. This is not quite ready to go yet, because it depends on another issue (#1120290).
  • #1089174 by plach: Fixed Prepare view hooks do not receive the language parameter.
  • #1001146 by edhaber, droplet: Fixed Cannot theme links in a menu when menu_name() contains a hyphen.
  • #1105848 by cafuego: Fixed Unsafe query comments possible via UI.
  • #999004 by pillarsdotnet, fago, sun, marcingy: user_save() relies on edit instead of account.
  • #1017672 by catch, q0rban: Fixed D6 to D7 update process permanently deletes comment bodies and other data, and throws fatal SQL errors.
  • Rolled back.
  • #784856 by dmitrig01: menu_get_names() is dead code, remove it.
  • #1132364 by CrookedNumber, David_Rothstein: hook_modules_enabled() could be less ambiguous.
  • #1149002 by droplet, hansfn: 'Machine name' not translatable on the content type overview page .
  • #705912 by jherencia, bleen18: template_preprocess_node() makes an useless comprobation.
  • #1158730 by TR: documentation problem with hook_user_load().
  • #843162 by pwolanin, Scott Falconer, Berdir, jhodgdon, a.mikheychik, mtift: creating vocabularies with machine-names 'List' or 'Add' breaks links in taxonomy overview admin area. .
  • #1157426 by Gábor Hojtsy: field system uses t() incorrectly and inconsistently.
  • #1119158 by skwashd: Added user_role_save() doesn't implement a presave hook.
  • #1149912 by grendzy, sun: recent comments block displays old, out-of-order comments.
  • #1034248 by jhodgdon, drewish, jn2: hook_block_view() example should return a render array.
  • #876282 by tim.plunkett, amateescu: small layout glitch on 'Password match' line during installation.
  • #1150340 by aspilicious: CSS gradient background doesn't work with newest opera and IE versions.
  • #988030 by mr.baileys, linclark: document correct sequence of hooks in node deletion.
  • #759844 by jpmckinney, dixon_, plach, ksenzee, fabsor, pillarsdotnet: overlay does not work with prefixed URL paths.
  • #802856 by catch, pillarsdotnet: make lock_wait() wait less.
  • #936844 by bleen18: cannot override comment author to or from Anonymous.
  • #843162 by pwolanin, Scott Falconer, Berdir, jhodgdon, a.mikheychik, mtift: creating vocabularies with machine-names 'List' or 'Add' breaks links in taxonomy overview admin area.
  • #834848 by Berdir: warning message regarding hook_update_last_removed() is not displayed.
  • #1029606 by fago, bojanz, Damien Tournoud: hook_menu() should not be called during uninstallation.
  • #1060246 by plach: translation alters language switch links even if node translation is disabled.
  • #690544 by bleen18, andypost, marcvangend, dbeheydt, rschwab, robertom: blocks admin (admin/structure/block) requires menu_rebuild() to display settings for current theme.
  • #761648 by lyricnz, andypost, ksenzee, Jody Lynn, Gábor Hojtsy, Damien Tournoud, Shawn DeArmond, David_Rothstein: menu items disappear after upgrade or manual menu entry.
  • Merge branch '7.x' of git.drupal.org:project/drupal into 7.x
  • Hm. Rollback of previous patch. I think I just broke testbot. NOOB.
  • Merge branch '7.x' of git.drupal.org:project/drupal into 7.x
  • #1017672 by catch, q0rban: D6 to D7 update process permanently deletes comment bodies and other data, and throws fatal SQL errors.
  • #534594 by catch, Frando: add registry_rebuild() to update.php.
  • #1076366 by wojtha: OpenID discovery spec violation - fragments are removed from claimed id .
  • #1017672 by catch, q0rban: D6 to D7 update process permanently deletes comment bodies and other data, and throws fatal SQL errors.
  • #1003308 by andypost: further forum module fix.
  • #958850 by bellHead: Postgres password containing backslashes don't work.
  • #1076414 by wojtha, c960657: Openid discovery - OpenID v1 OP service with lower priority is chosen instead OpenID v2 Claimed id service.
  • #1055234 by jhodgdon, linclark: field_bundle_settings() doc example is wrong.
  • #1024684 by linclark: omit & in @param statements (for consistency).
  • #796692 by dman, cross, andypost, aaronbauman, yched, BarisW: only show the term heading if the term has a description.
  • #1060304 by plach: misleading help text for the translation support settings.
  • #1086066 by drewish, Mile23: get_t() should describe what it does and why.
  • #852120 by cygri: batch operations example doesn't do proper sanitizing.
  • #1063046 by guidocecilio, linclark: hook_requirements() API documentation needs doc on 'update' phase.
  • #1051870 by boombatower: remove unused variable initialization.
  • #1099396 by Désiré, droplet, plach: language_count() is never decremented when removing a language.
  • #711650 by marcvangend, cha0s: when index.php appears in the URL (or is automatically added by the server) users get a 'page not found' message.
  • #1139638 by DamZ: the SQLite driver cannot update a column to NULL.
  • #61856 by bfroehle, jredding, andypost, blakehall, Pancho: in user.module, trim() user-submitted email address before validation.
  • #716348 by mikey_p: fixed description.
  • #1097538 by davidtrainer: update drupal_set_message() docs.
  • #1067806 by starsinmypockets: _field_info_prepare_instance() calls, but does not use, field_info_field_types().
  • #917492 by kvanderw, rfay, claar, Bok Choy: add a sensible .gitignore file.
  • #817482 by Stevel, bfroehle: user_save() issues a warning when saving without changing mail attribute.
  • #908282 by jbrown, pillarsdotnet: add width and height attributes to increase front-end performance.
  • #1003308 by bfroehle: Fix upgrade path for Forum module by hard-coding vocabulary machine name (with tests).
  • #1111288 by yched: Fix file permissions on field_ui tests.
  • #1110810 by JohnAlbin, TR: CVS $ tag lurks in .htaccess file (and other dank corners of Drupal).
  • #733192 by pillarsdotnet, Sutharsan, Letharion, clemens.tolboom: tokens enclosed in [ ] are not recognized.
  • #1032024 by grendzy: comment_form_submit() overwrites author/visitor cookie when moderating/administering comments.
  • #1008410 by droplet: forum list header sorting broken.
  • #183435 by gregmac, TR: drupal_http_request() and malformed responses.
  • #1122880 by jn2: DatabaseConnection::defaultOptions has incorrect php.net link.
  • #1111288 by droplet: wrong instance definition in field_ui().test.
  • #1107384 by droplet: wrong instance definition in node.module.
  • #1126370 by kim-day, jn2: menu_link_save() needs more detail.
  • #1097538 by davidtrainer: update drupal_set_message() docs.
  • #1026058 by plach, droplet add back Language switcher block help message.
  • #1132364 by CrookedNumber: hook_modules_enabled() could be less ambiguous.
  • #965272 by larowlan, bellHead, TR: items defined with type MENU_CALLBACK show 'Home' as a title.
  • #1048006 by jyyna, wojtha, David_Rothstein: name of vocabulary (Tags) created during install cannot be localized.
  • #919596 by boombatower: -MultiViews in .htaccess requires odd AllowOverride Options=All,MultiViews.
  • #984456 by Dave Reid, bfroehle: cleanup file_field_widget_uri() and its token replacement.
  • #1096842 by nanotube: typo in EntityFieldQuery documentation.
  • #1127312 by niklas: undefined variable items in theme_user_list() when displaying empty user/new block.
  • #1043552: fixed typo in comment inside theme_disable().
  • #1043566: fixed typo on BlockAdminThemeTestCase description.
  • #545518 by bfroehle: move Locale module specific code out of module.inc and system.module.
  • #1066118 by Barrett: hook_field_widget_form() has punctuation error.
  • #1107376 by jhedstrom: weight not a property of a field instance, so doc shouldn't say it is.
  • #1110064 by jeffschuler: two @defgroup comment fixes.
  • #1095498 by ohnobinki: toolbar toggle link rendered without escaping ampersand as an html entity.
  • #766624 by aspilicious: dashboard lacks rtl styling.
  • #766624 by aspilicious: dashboard lacks rtl styling.
  • #1017882 by Gábor Hojtsy: required elements buggy with #states.
  • #1118502 by pwolanin: path module should use a different weight than search module on admin/config.
  • #1120928 by catch: {history} table is owned by system module.
  • #1012768 by agentrickard: fire hook_menu_link_delete() before removing the data row.
  • #1023190 by Berdir: wrong merge query in aggregator_save_item().
  • #839556 by dalin, jrchamp, effulgentsia, dmitrig01, David_Rothstein: fix isset regression in tablesort, add tests, and cleanup theme_process_registry().
  • #999538 by Josh The Geek: default.settings.php still refers to 'aggressive caching'.
  • #1031148 by Berdir: select-all checkbox is not added when updating a table with #ajax.
  • #985982 by iLLin: overlay resizes toolbar after closing.
  • #935258 by Stevel, Josh Waihi: defaults not changed in changeField on postgresql.
  • #998612 by longwave: drupal_render() doesn't render 0 when set into #markup property.
  • #1062370 by mikeryan: vocabulary machine_name() length limited to 21, in UI only.
  • #1032024 by grendzy: comment_form_submit() overwrites author/visitor cookie when moderating/administering comments.
  • #1037358 by sanduhrs, Azol: locale.datepicker.js minor fixes (js consistency).
  • #1099254 by hansfn: typo in modules/system/system.admin.inc.
  • #897140 by fgm: system.methodSignature returns incorrect and incomplete data.
  • #1120698 by skwashd, Dave Reid: typo in MAINTAINERS.txt.
  • #1065020 by Berdir: fixed E_STRICT warning when downloading/viewing a file or image.
  • #733306 by atchijov, carlos8f: add static caching for drupal_parse_info_file().
  • #1075886 by franz: typo on help text.
  • #598586 by grendzy, deekayen: watchdog() assumes is defined.
  • #608478 by David_Rothstein: remove leftover code and variables
  • #1050686 by David_Rothstein: theme region names are no longer translated.
  • #722920 by andypost: slightly optimize the block upgrade path.
  • #1110862 by Reidsy: remove reference to search-theme-form.tpl.php in search.module.
  • #1089430 by manarth: improved code comment.
  • #749992 by jhodgdon: menu system / menu module distinction is not obvious to folks new to Drupal.
  • #988318 by jhodgdon: translation_form_node_form_alter() doc says it implements the wrong hook.
  • #1106528 by joachim: field_attach_form_validate() documentation indentation is incorrect.
  • #1106636 by pwolanin: use system_get_info() API function instead of unserializing from DB to get module names.
  • #1105384 by claar: system_admin_menu_block_page() description not one line.
  • #1021406 by ygerasimov: fixed typo in documentation
  • #1037352 by David_Rothstein: clarified usage of 'warning' parameter.
  • #1097972 by boombatower: Fixed hook_field_extra_fields_display_alter() incorrect example code.
  • #1041440 by jhodgdon: hook_cron() falsely claims it will only be called if cron.php is run.
  • #1041902 by jhodgdon: hook_entity_info() doc header has a couple of omissions.
  • #1037352 by jhodgdon: hook_permission() is missing doc about 'warning'.
  • #1082624 by Barrett: hook_form() doc references example project and shouldn't in D7/8.
  • #1031692 by jhodgdon: entity_load() doc should not say to use for more than one load only.
  • #1022924 by yched, chx: Fixed critical bug: Updates are broken for deleted fields in installs upgraded from rc1.
  • #1087092 by danillonunes: Fix documentation for drupal_map_assoc() function
  • #1065968 by droplet: fixed function node_get_recent().
  • #1076394 by pillarsdotnet: improved test code.
  • #1071494 by Takafumi: typo in menu.module.
  • Stripping CVS keywords
  • #1064212 by catch: page caching performance has regressed by 30-40%.
  • #1068184 by bfroehle: _openid_get_math_library() should not use drupal_static().
  • #1067662 by mfb: optimize file_uri_scheme().
  • #1059184 by yched: warnings in list_update_7001 (edge cases).
  • #545518 by sun, Xano: move Locale module specific code out of module.inc and system.module.
  • #953010 by steinmb, droplet: locale.css causes vertical tabs to overlap the language selection drop-down menu in node edit forms.
  • #1067980 by Takafumi, Damien Tournoud: missing t() in image.admin.inc.
  • #1051164 by betz: remove unnecessary ['submitted'] override in template.php.
  • #1006838 by coltrane: upgrade to 7 glaring timezone invalid notice.
  • #1062616 by benanderson: failed integration with Amazon's Simple Email Service (SES).
  • Rollback of accidentical commit #1064882.
  • #1024806 by Jody Lynn: Fixed dblog_uninstall() needed.
  • #1025372 by rschwa: hook_block_info() should document max length of delta/array key.
  • #880278 by RoboPhred: cleanup _locale_import_read_po().
  • #892864 by pwolanin, pounard: remove drupal_static() in _drupal_bootstrap_full().
  • #1019596 by RoboPhred: field_read_instance() doc says it will not return deleted instance, but that is a parameter option.
  • #1020906 by RoboPhred: differentiate process/preprocess hook documentation.
  • #942006 by jhodgdon, heyrocker: documentation for drupal_write_record() doesn't state what happens to missing values on existing records.
  • #1014130 by catch, carlos8f, David_Rothstein: install_profile_info() does a file system scan on every request to admin/config (and etc.).
  • #1051184 by mr.baileys: fix doxygen formatting and punctuation in documentation for drupal_parse_info_file().
  • #1063178 by Haza: line break filter will ignore everything following a xxx.
  • #1058762 by montesq: hook_user_delete doc has wrong order of operations
  • #1064264 by rfray: get the tests ready for the Great Git Migration.
  • #847324 by jhodgdon, yang_yi_cn: fix formatting of documentation.
  • #1056108 by 1V: consistent use of 'JavaScript' and 'Ajax'.
  • #1046784 by Dave Reid: strings in simpletest_requirements() are not using ().
  • #1042706 by 1V: clean up INSTALL.txt and update links.
  • #1052364 by agentrickard: documentation error in hook_modules_uninstalled().
  • #1049528 by sreynen: change script example for drupal_parse_info_file() from .css to .js.
  • #859602 by catch, bfroehle: #cache does not record the #attached declared in child elements.
  • ##1041474 by 1V: Fixed INSTALL.pgsql.txt and INSTALL.mysql.txt cleanup of various grammatical errors.
  • #1020642 by amateescu: improved coding standards for toolbar.css.
  • #1031686 by rschwab: User_load() documentation should reference drupal_save_session(), not session_save_session().
  • #1027578 by droplet: missing period in the documentation for drupal_convert_to_utf8().
  • #1045606 by droplet, montesq: hook_block_info() doc should use visibility constants.
  • #1029346 by David_Rothstein: Changed INSTALL.txt and UPGRADE.txt should mention that you can download Drupal as a .zip file also.
  • #1025124 by catch, jbrown: remove cruft from theme_image_style() and image_style_url(). Should be faster too.
  • #1049116 by solotandem, David_Rothstein: module_enable() doesn't account for version strings in dependencies[].
  • #1049144 by boombatower: remove unnecessary return statements.
  • #933498 by eojthebrave, aaron: image effects table created with incorrect table name in upgrade path.
  • #1019710 by stephenh: Changed Standardize @file comments in .test files.
  • #1051038 by mr.baileys: incorrect return info on image_style_create_derivative().
  • #690980 by Dave Reid, grendzy, cwgordon7: Security hardening: Ensure password fields are empty on display.
  • #321063 by eMPee584, Kars-T: Fixed book/export/html/N with a non-book nid should abort and return 404 not found.
  • #932584 by duellj: Fixed Forum has two 'select' options
  • #1022172 by montesq: Fixed Missing return in example hook_menu code
  • #1027454 by amateescu, montesq, jhodgdon: Fixed _aggregator_parse_opml() documentation contains escaped HTML tags that should be removed.
  • #1029358 by benjifisher: Fixed blockquote messes up ol lists in Bartik.
  • #934726 by yched, jinglemansweep: Fixed Undefined index: taxonomy_term in taxonomy_field_formatter_view()
  • #740182 follow-up: Committing new shortcut.png image.
  • #1024608 by yched: Move help text setting above field-specific settings on field UI page.
  • #1026654 by amateescu: Fix regression with background colours in Bartik maintenance page.
  • #1019834 by bfroehle: Fixed No .info files reported on theme upload when zip created with certain programs
  • #936620 by reglogge, aspilicious: Fixed Vertical tabs broken in Seven theme for RTL
  • #1038934 by tsi: Add missing RTL styling for system messages.
  • #1040190 by 1V: Fix typo in comment for cookie_domain in settings.php
  • #789186 follow-up by eojthebrave: Better documentation for drupalPostAJAX()
  • #1041484 by 1V: INSTALL.sqlite.txt cleanup of documentation.
  • #1041512 by 1V: Add .zip mention in README.txt.
  • #932426 by duellj: Fix second file uploaded is displayed when display option is unchecked.
  • #1018714 by effulgentsia: Fixed Image Upload Widget Not Working in IE8
  • #1036718 by montesq: incorrect watchdog log messages.
  • #1036246 by Jody Lynn: typo in ajax.inc comment.
  • #1024898 by ilo, amateescu: wrong definition of Bartik's fieldset description in css.
  • #1016930 by joachim: too much space above vertical tabs fieldsets.
  • #1001624 by pillarsdotnet: avoid 'Undefined index' notice in field_info_max_weight() function of modules/field/field.info.inc.
  • #1037416 by Jody Lynn: typos in user-picture.tpl comment.
  • #1027630 by jhodgdon: unclear documentation for 'custom' and 'locked' attributes for content type.
  • #488062 by David_Rothstein: fixed some broken English.
  • #973328 by gopherspidey, amateescu: special characters are encoded twice in taxonomy term title.
  • #1024840 by Jody Lynn: whitespace fixes for field module.
  • #1027762 by droplet: remove non necessary space.
  • #740182 by aspilicious, tsi, yoroy, casey, realityloop, Jeff Burnz: toolbar and shortcuts lack RTL styling.
  • #1014708 by bfroehle, thekevinday: hook_field_read_field() reference parameter problem.
  • #460448 follow-up by ridgerunner: Further optimize CSS aggregation regex.
  • #1015012 by sun: Fix URL filter so that it recognizes valid URLs with # in them, e.g. twitter.
  • #488062 by catch, walkah, spiderman, paul.lovvik, klausi: speed up OpenID by using GMP instead of BCMath if available.
  • #1015150 by redndahead: clean-up 'getsize' remnants since it has been removed.
  • #997884 by jhodgdon: improved t() documentation.
  • #1019922 by Jody Lynn: corrections to the comment_access() function description.
  • #674352 by jersu: correct variable name.
  • #1016458 by Jody Lynn: code style cleanup of aggregator.module.
  • #1015650 by droplet: use of example domain(s) in CHANGELOG.txt.
  • #971812 by mfb: aggregator should interpret Atom entry id as equivalent to RSS item guid.
  • #930000 by jhodgdon, bleen18: show(), hide(), and render() documentation is misleading.
  • #375064 by c960657, catch: Performance: Multilanguage checking on admin/content/node slow.
  • #1023742 by pillarsdotnet: remove cruft from user_save().
  • #1014762 by jhodgdon: hook_entity_info() documentation outdated.
  • #924982 by swentel: alignment of dashboard block titles.
  • #1021724 by droplet: documentation problem with forum-icon.tpl.php.
  • #1022426 by bfroehle: _registry_update() invalid arguments to ->rollback().
  • #1001242 follow-up by bfroehle, Steven Jones: Fix EXISTS tests for SQLite and PostgreSQL.
  • Back to 7.0-dev

New in version 7.0 (January 5th, 2011)

  • #1006302 by aspilicious, bfroehle: Fixed can't install projects packed as zip in Update Manager.
  • #971120 by bec, dereine, bojanz, chx: Fixed Radio button values get run through check_plain() twice
  • #986992 follow-up by yched, saintiss: Fix to field_sql_storage_update_7001().
  • #1001242 by agentrickard, pwolanin, Crell, chx: Add DBTNG support for EXISTS conditions.
  • #1008628 by plach: Fixed Fatal error: Call to undefined function language_negotiation_get_switch_links() when using only one language
  • #1010376 by danillonunes: Fixed drupal_add_js() documentation makes reference to drupal_add_css()
  • #1011496 by danillonunes: Fixed Duplicate comment line for drupal_render_cid_parts()
  • #1003828 by rfay: Fixed Drupal.ajaxError may itself throw an exception, causing silent 'AJAX Error 0' events
  • #1011308 by droplet: Fixed Call to undefined function decode_entities IN common.inc
  • #1003968 by David_Rothstein, jhodgdon: Fixed Explain in INSTALL.txt that on some servers, the automated settings.php creation isn't expected to work
  • #761212 follow-up by jbrown: Better method of changing to DRUPAL_ROOT.
  • #1006478 follow-up by Stevel: Fix table prefixes to prevent random testbot failures.
  • #987384 by h_peter, jhodgdon: Fixed Topics/groups in D7 need cleanup
  • #1012822 by dww: Fixed exception handling while downloading/verifying a tarball in update manager.
  • #1005934 by rfw, dww: Fixed UpdateTestUploadCase->testUploadModule() raises an exception during testing with E_STRICT
  • #936490 by dww, fago: Fixed Update module should verify downloaded tarballs and propagate errors correctly
  • #754760 by sun, chx, dmitrig01, manarth, EvanDonovan, derjochenmeyer, joachim: Fixed all possible problems with comment links, using new generatePermutations testing function.
  • #1009862 by neclimdul, threewestwinds: Update to jQuery UI 1.8.7
  • #1008022 by droplet, jhodgdon, aspilicious: Fixed search-block-form.tpl.php refers to ['submit'], which no longer exists
  • #994870 by sun: Fixed Custom #type machine_name 'exists' callbacks cannot access other form elements/values
  • #1012138 by tstoeckler: Fixed hook_init() example violates what doc says to do
  • #969456 follow-up by effulgentsia, threewestwinds: Upgrade jQuery Form library to 2.52.
  • #997802 by David_Rothstein, dww: Fixed Update manager doesn't allow you to install a project if it finds a single 'broken' module in it
  • #1010506 by dww, chx, hgurol: Fixed FileTransfer doesn't properly handle any advanced settings nor the ssh username
  • #1013058 by bfroehle: Fixed SSH connection class has wrong port in error string.
  • #686060 by Crell, David_Rothstein, dww, yoroy, carlos8f, et al: Fixed Explain that the Update manager only works if you have FTP or SSH access to your server
  • #976328 by bfroehle, dww: Fixed Update manager should not take you out of maintenance mode unless you asked it to
  • #904214 by moshe weitzman: Fixed administer comments does not respect node access.
  • #295697 by boombatower, maartenvg, agentrickard, bfroehle, beeradb: Fixed warn of PHP memory limit < 64MB for Testing module.
  • #989366 by jhodgdon: Improved documentation of hook_date_formats()
  • #925398 by ptrl: Fixed Overlay title jumps when active
  • #746470 by follow-up by aspilicious, Jacine, jbrown, sgabe, et al: Add border-radius for IE9 / Opera 10.50
  • #589440 by Booba, willmoy, JanZ, pwolanin, mlncn: Fixed Reordering fails with more than 31 book pages in a book
  • #992376 by larowlan: Fixed Paths containing a hyphen aren't compatible with page theme_hook_suggestions
  • #1007488 by Gábor Hojtsy, plach, droplet: Fixed Drupal cannot be installed in a non-predefined language
  • #987384 follow-up by h_peter, jhodgdon: Further clean-ups to group topics.
  • #989886 by bfroehle: Fixed _system_date_format_types_build improper use of in_array()
  • #989366 follow-up by jhodgdon: EVEN better docs for format_date() and friends.
  • #1013496 by Dave Reid: Remove Dave Reid as update.module maintainer. :(
  • #1000610 by markabur, Jeff Burnz: Fixed borked Bartik comment layout.
  • #1012914 by dww: Fix regex in Updater classes.
  • #884960 follow-up by bfroehle: Remove phantom empty column on date settings.
  • #932846 by bfroehle, dww: Fixed authorize.php connection settings form broken (doesn't degrade, pointless fieldset)
  • #988026 by Jeff Burnz: Fixed Move background color from body to #page-wrapper in Bartik
  • #916086 by mcarbone, jhodgdon: Fixed search_excerpt() doesn't highlight words that are matched via search_simplify()
  • #1013808 by threewestwinds, redndahead: Fixed update.php displays misleading messages for modules that return no messages.
  • - Patch #1014096 by chx: don't load schema on every page view.
  • - Patch #1000674 by Jeff Burnz, jensimmons: Bartik comment submit form is a bit janky.
  • #1014170 by rooby: Fixed East Timor is now Timor-Leste.
  • #994870 follow-up by eaton: Add missing element argument to machine name exists callback.
  • #1014714 by janusman: Fixed Installer-created Home item on main-menu not translatable

New in version 7.0 RC4 (January 2nd, 2011)

  • We are proud to present to you the fourth (and likely final) release candidate of Drupal 7.0. This is a bug fix release for some critical upgrade path issues.
  • We're back down to 0 critical issues again!
  • We've announced a January 5 release date for Drupal 7!
  • There are release parties being thrown worldwide on January 7. Please set one up in your town! (tips)
  • So. It's officially GO time for final testing!
  • Since the last release candidate a week ago, we have fixed numerous bugs, including bugs with PostgreSQL and a critical issue with the password upgrade path which corrupts password hashes. Affected sites' users will need to reset passwords after their second log-in. Sorry about that!

New in version 7.0 RC3 (December 27th, 2010)

  • Since the last release candidate two weeks ago, we have fixed numerous bugs, improved the AJAX framework, field UI etc. Also alternate database systems have seen serious improvement thanks to http://ci.drupal.org/. PostgreSQL 9.0 now installs without errors, and we have 100% tests passing on SQLite! And files[] is no longer required in .info files for each file! Only if the file in question registers a class or interface. $cruft--;

New in version 7.0 Alpha 5 (June 3rd, 2010)

  • Our fourth Drupal 7 alpha version was released just over a month ago. Today, we're proud to announce the release of the fifth alpha version of Drupal 7.x for your further testing and feedback. The first alpha announcement provided a comprehensive list of improvements made since Drupal 6.x, so in this announcement we'll concentrate on how you can help ensure that Drupal 7 is released as soon as possible and is as rock solid as the previous Drupal releases that you've grown to love!
  • This release includes many critical bug fixes, especially around the upgrade path, security issues, JavaScript, performance, and other areas.

New in version 6.17 (June 3rd, 2010)

  • Drupal 6.17, a maintenance release fixing issues reported through the bug tracking system, is now available for download. There are no security fixes in this release. Upgrading your existing Drupal 6 sites is recommended. For more information about the Drupal 6.x release series, consult the Drupal 6.0 release announcement.
  • Highlights of changes in this release include improvements of session cookie handling, better processing of big XML-RPC payloads, improved PostgreSQL compatibility, better PHP 5.3 and PHP 4 compatibility, improved Japanese support in search module, better browser compatibility of CSS and JS aggregation and improved logging for login failures. An incompatibility of Drupal 6.16's new lock subsystem with some contributed modules was also resolved. In total there were about 55 patches committed to improve Drupal 6.
  • The full list of changes between the 6.16 and 6.17 releases can be found by reading the 6.17 release notes. A complete list of all bug fixes in the stable DRUPAL-6 branch can be found at http://drupal.org/project/cvs/3060/?branch=DRUPAL-6.
  • Given enough bug fixes (not just bug reports) more maintenance releases will be made available.

New in version 7.0 Alpha 4 (May 10th, 2010)

  • Color module now usable by themes other than Garland.
  • Usability improvements including re-weightable roles and saner Forum module defaults.
  • A variety of optimizations made to data import-related functions to make migrations faster.
  • Lots of previously missing documentation for hooks has now been documented. Hooray!
  • Increased test coverage, particularly core Tokens.
  • Lots of smaller bug fixes, security patches, and improvements.

New in version 7.0 Alpha 1 (January 17th, 2010)

  • Revamped User Interface:
  • An incredible amount of work has gone into improving the user experience and administration interface. The new administration theme "Seven", the overlay module, the dashboard and the configurable shortcut bar, all lead to a much more user-friendly interface. In-place editing is enabled for blocks and nodes by default, so modifying the content of a site becomes much simpler.
  • Custom Fields:
  • Drupal 7 bundles in the ability to add custom fields, similar in functionality to the Content Construction Kit (CCK) module. However, fields are no longer limited only to content types; they can be added to users, taxonomy terms, and other entities. Fields also have support for translations.
  • Image Handling:
  • Drupal 7 brings native image handling to core. Image fields may be added to content, and have image styles applied to them, such as scaling, cropping, and other effects.
  • Update Manager:
  • Building on Drupal 6's Update module, which keeps site administrators informed when new module and theme releases are available, the new Update Manger module can also install and upgrade modules and themes.
  • Front-end "under-the-hood" improvements:
  • A new render API allows for highly granular theming, core template files have been revamped to provide more semantic markup, Drupal 7 now has built-in RDFa support, includes jQuery UI and a new AJAX framework, and a new core theme "Stark" which exposes Drupal's markup directly for those who want to dive in and start theming.
  • In addition, Drupal 7 has several major accessibility enhancements, making it the most accessible release of Drupal to date!
  • Back-end "under-the-hood" improvements:
  • A revamped database layer resolving nearly all limitations in the Drupal 6 database layer, automated testing framework, new PHP stream-based file API that supports private and public files simultaneously, revamped node access system, new hooks for more flexible system interaction, an Entity API, a job queue API, and many, many, many more improvements.
  • Drupal 7 is also the most scalable release to date, with features such as built-in proxy server support, advanced caching techniques, and Content Delivery Network support for static files.

New in version 6.15 (December 17th, 2009)

  • Maintenance release which fix issues reported through the bug tracking system, as well as non critical security vulnerabilities, are now available for download. Both releases fix other smaller issues as well.

New in version 6.14 (September 17th, 2009)

  • This release fixes security vulnerabilities. Sites are urged to upgrade immediately.
  • In addition to this security vulnerability, the following bugs have been fixed since the 6.13 release:
  • #482646 follow up by Dave Reid: only check the db prefix for simpletest if it was a string (not running a multisite)
  • #284392 by Passionate_Lass, Anselm Heaton, tassoman, agentrickard: DISTINCT handling in db_distinct_field()'s MySQL implementations was resulting in bogus queries
  • #310139 by fonant, c960657, pwolanin: drupal_urlencode() and Drupal.encodeURIComponent was used to encode query strings and other components it should not have been used for
  • #499254 by chx: Drupal lacked support for positive integer values in database queries, beyond PHP_INT_MAX; caused issues with twitter integration and big numbers in general
  • #392688 by will_in_wi, jeffschuler, jhodgdon: document type argument on action_save()
  • #293322 by minorOffense: Incorrectly documented parameter name on flood_is_allowed()
  • #265265 by neochief, jhodgdon: missing phpdoc @code tags on PHP code examples in form.inc and actions.inc
  • #409994 by Wesley Tanaka, jhodgdon: better documentation on how the cid and wildcard arguments interact on cache_clear_all()
  • #495964 by jhodgdon: theme_admin_block_content() had wrong argument name documented
  • #506096 by axjo: node.tpl.php mistakenly mentions theme_user(); should reference theme_username() instead
  • #280240 by skiminki, casperbiering, anypost, pwolanin: Only add Content-Length if we actually have any content or if it is a POST or PUT request.
  • #359276 by lyricnz, Heine, Frando: Fix named entity handling in filter_xss(), so it does not clash with other entities and result in wrong encoding
  • #454462 by JohnAlbin: MODULE_preprocess_maintenance_page() functions were never called, even if the database is online
  • #276615 by JacobSingh, Robin Monks, mikeytown2: drupal_clear_css_cache() should not be called on all invocations to the themes admin page; should be called only on submit - consistent with the modules admin page
  • #295895 by Michelle, JohnAlbin: Garland mistakenly used phptemplate_comment_wrapper() to override comment-wrapper.tpl.php; should use a preprocess function instead to complement the core comment-wrapper.tpl.php
  • #517606 by jerdiggity, JuliaKM: minimal whitespace fix in user.module
  • #107824 by Frando, heyrocker, Dave Reid, AlexisWilke, andypost: the dblog referer and the statistics url columns were not in line with how we store URLs elsewhere (like the dblog location column); could result in data loss due to length truncation
  • #480044 by JohnAlbin: fix system component listing lookup priorities, so the sites/all/* items will override the profile shipped items as documented
  • #107824 follow up by myself: ensure that the newly added updates are in the 6.x-extra group and not disguised as 5.x to 6.x updates
  • #302240 by fago: forms were rebuilt on validation errors and when #ahah was used #cache was turned on, but form storage was not actually stored
  • #395132 by jhodgdon: Fix phpdoc comment on poll_node_form_submit(); there is no hook_submit() in Drupal 6 and this gets called based on the form's key
  • #232321 by munzirtaha, brianV: There is no body field in the node table, so fix misleading example in database.inc to query for node.nid instead
  • #315047 by Island Usurper, Crell, brianV, Josh Waihi: names of database columns were not escaped when changed; caused problems with using reserved words
  • #334826 by maartenvg, Dave Reid, brianV: when editing an anonymous comment, the uid was set to NULL, which is not valid as a database value for the uid; set to zero
  • #346450 by snoble, Damien Tournoud, Dave Reid, Josh Waihi, neilnz: the 'length' Schema API property was documented to be only applicable to string types but was applied to others nonetheless; should only apply to char, varchar and text
  • #318453 by svdoord and ahmed.othman, slightly modified: ensure that the user registration guidelines show above form fields added by the profile module by setting a low enough weight
  • #371458 by Gerhard Killesreiter, David Strauss, Damien Tournoud, smk-ka, catch, febbraro: add index on tab_root, weight and title in menu_router to improve performance of retrieving tabs
  • #537276 by tic2000, alex.k: feed titles in blog_feed_user() and blog_feed_last() were concatenated English strings, lacked translatability
  • #336627 by EliseVanLooij, Tresler, jhodgdon: node_type_form_validate() was documented to implement hook_form_validate() but is just a function called back due to how it is named after the form ID, no such hook exists
  • #332890 by Alan D., sharda_ram, andypost: slightly better documentation for base_url in settings.php
  • #530950 by catch, andypost: use !isset() instead of is_null() in user_access() to be consistent and more performant
  • #215080 by robertDouglass, jaydub, drifter, Dave Reid, andypost: added index on system table's name and type column to improve bootstrap performance
  • #470998 by cwgordon7, bleen18, Psicomante: Fix top padding for logo in Garland, so the logo is placed at the right position with the background
  • #550770 by dww: bump year numbers in COPYRIGHT.txt to 2009
  • #538032 by Gerhard Killesreiter, webchick: document the pcre limitation which might result in empty looking posts; include examples to fix on a Drupal deployment
  • #493678 by threexk, tic2000: fix issue with disappearing Garland tabs in Internet Explorer
  • #551574 by ramsey, emmajane: cross-link variable_*() functions via phpdoc @see comments
  • #534480 by solotandem, jhodgdon: fix phpdoc documentation of what $delimiter means in drupal_get_content()
  • #360830 by sammys: fix block update query in system_update_6027() which was casting block deltas to integers when filling in the cache values so did not apply to string deltas; fixed PostgreSQL incompatibility of the update
  • #489762 by JohnAlbin: include subtheme and base theme list with processed theme .info file data; prerequisite to improve theme security and fix a possible WSOD on theme selection
  • #292565 second follow up by John Morahan: fix login destination again on 403/404 pages and make the search form work there if displayed
  • #290887 by atuyo60, Wanjee, Dave Reid: fix stale blog module permission that was left untouched in one place only, but renamed elsewhere
  • #193383 by JirkaRybka, Arancaytar, Bart Jansens, gpk, TheRec: check correctly for function_exists() on set_time_limit() instead of infering that safe_mode has an effect on it or that that is the only thing which might disable time limit setting
  • #228971 by maq0r, JuliaKM: as of December, 2007, Venezuela is GMT/UTC-0430, but that timezone was not in the list of our supported zones
  • #555128 by Dave Reid: Fix node_access() return value to work how it is documented and include a slight performance improvement
  • #447916 by jhodgdon: fix minor spelling error on taxonomy_check_vocabulary_hierarchy()'s phpdoc
  • #228971 follow up by drumm: forward port -2.5h timezone from Drupal 5, made time zone list consistent with Drupal 5
  • - Patch #578470 by jbrauer, Gabor, Dries: XML-RPC error handling was incomplete.
  • #360605 by Berdir et al.: make Drupal core work with PHP 5.3.0 out of the box (fixes for incompatibilities introduced with PHP 5.3.0)
  • #193366 follow up (rollback) by Anthony Hersey, Senpai, moshe weitzman: remove all cache clearing feature of the system module listing page; instead point to the performance page where we have a dedicated button for this; the trick caused lots of issues with speed
  • #460594 by nonsie, LiliVG, elliotttf: node_assign_owner_action_form() limited username input to 7 characters, while usernames are limited to 60 chars

New in version 6.12 (May 14th, 2009)

  • This release fixes security vulnerabilities.
  • SA-CORE-2009-006 - Drupal core - Cross site scripting
  • In addition to this security vulnerability, the following bugs have been fixed since the 6.11 release:
  • #353328 by catch, BrianV: When a new commment is added, the redirection path should point to page, where the new comment is.
  • #239945 by Xano, JeremyFrench, Damien Tournoud, andypost: Should not iterate over the children in taxonomy_get_tree() anymore if we reached max_depth.
  • #292565 by grendzy, John Morahan, Jody Linn: remove path munging on 403/404 pages, which caused problems for login redirects
  • #448268 by dww: Make sure that submitting the themes admin form clears out the update status cache, just like the modules admin form does.

New in version 6.10 (February 26th, 2009)

  • - Patch #298722 by pwolanin: _menu_translate returns FALSE before to_arg is available. Drupal.org upgrade blocker.
  • #310863 by bangpound, dboulet, catch, lee20: Locale variable results in locale module install, so skip adding empty variable when not needed.
  • #275796 by Gribnif, Damien Tournoud, Dave Reid, vaish: module_list() should set its static variable to NULL instead of unset()-ing it, so it does not retain its value
  • #328110 by marcingy, swentel, Damien Tournoud, pwolanin, David_Rothstein: the link argument is passed by reference to menu_link_save(), so avoid overwriting local variables in menu_enable().
  • #62926 by karschsp: increase the free tagging field maximum length to 1024; the database limits are per-tag.
  • #220559 by eMPee584, Desbeers, Damien Tournoud: only ever add the active class to links in l() and theme_links(), if the language was set and is the current language or if the language was not set on the link
  • #365183 by Eaton: node_feed() did not use the same API functions as node_view() did, so custom fields were missing from the output
  • #356721 by c960657, Dave Reid: remove static caching of the clean URLs setting in url() to help automated tests; the setting is cached through variable_get(), which however allows altering of the setting
  • #290282 by kratib, jvandyk, ainigma32: Only track/limit the recursive invocations of actions_do(), instead of tracking/limiting them all.
  • #320395 by qutoz, swentel: Set node format to 0 in node_submit() if the body was turned off to avoid a minor notice.
  • #359918 by Dave Reid: database.inc documents the 'unique key' key, while it should be 'unique keys'
  • #152098 by hunthunthunt, mgifford, Dave Reid: add 'for' attribute to 'label' tags on checkboxes and radio buttons, even if the 'label' wraps the element - accessibility best practice
  • #314286 backport of some of #229129 by assimonds: disbaled checkboxes did not receive their values properly from the default value set
  • #243524 by christefano, chx: our phpinfo page was very limited; give all info possible instead
  • #203323 by JirkaRybka, robertgarrigos, lilou, thePanz, c960657, sun: move the LANGUAGE_* constants to bootstrap.inc and remove several defined() checks on them now that they are always defined
  • #276174 by nbz, John Morahan, slightly modified: do not escape username more then once at multiple places in blog.module
  • #310768 by bob_hirnlego, cdale: missing primary table and field specification in db_rewrite_sql() when called from taxonomy_overview_terms()
  • #363262 by catch, chx: in Drupal 6, the url_alias table introduced a language column, but did not extend its index to that; though queries are formed on src and language
  • #326210 by AlexisWilke, grendzy, jhedstrom: Take the menu item in its first submission and menu_nodeapi() by reference, so that any modifications of the item in the saving process will carry over to other submit handlers; making itpossible to write modules extending menu item manipulation
  • - Patch #383318 by mr.baileys: incorrect memory shortage warning when memory limit is unlimited.
  • #337162 by midkemia and ainigma32: keep the Drupal 5 menu items descriptions when upgrading to Drupal 6
  • - Patch #381438 by drumm: do not use page cache for drupal.sh requests.
  • #109588 by fago, cdale: use the existing user account objects instead of arg() checks, as well as fix use of where it should be
  • #296082 by jandd, stefanor, nigel: avoid table aliasing in UPDATE query in system_update_6001() since PostreSQL does not support that
  • #376408 by ajevans85, pwolanin: Prevent an empty anchor tag and parenthesis appearing in the output for the search index in search_nodeapi()
  • #383724 by Heine, bjaspan: SA-CORE-2009-003