drupal 8.7.0

This is a minor version (feature release) of Drupal 8 and is ready for use on production sites. Learn more about Drupal 8 and the Drupal 8 release cycle.

This minor release provides new improvements and functionality without breaking backward compatibility (BC) for public APIs. There may be changes in internal APIs and experimental modules that require updates to contributed and custom modules and themes per Drupal core's backwards compatibility and experimental module policies. Developers should review the Drupal 8.7.x change records for information on API additions and internal backwards compatibility breaks.

Minor releases may include string changes and additions. Translators can review the latest translation status on localize.drupal.org.

These release notes provide important update information for Drupal 8 site owners. You can also read about the new features in Drupal 8.7.0.

Important update information

Site update and module owners planning to update to this release should take note of the following important changes:

PHP 5 support, automatic entity updates, and Internet Explorer 9 workarounds have been removed
 

• PHP 5.5 and 5.6 will no longer be supported as of Drupal 8.7.0.
  As of December 2018, PHP 5.6 no longer receives security support from the maintainers of PHP. Anyone running Drupal 8 on PHP 5.5 or 5.6 should upgrade their PHP version to at least 7.1. PHP 7.2 is now recommended. Read more in the change record for the PHP requirement update.

• Starting with 8.7.0, Drupal core no longer provides support for automatic entity updates as these have resulted in conflicts with regular database updates and data integrity issues. Whenever an entity type or field storage definition needs to be created, changed or deleted, it has to be done with an explicit update function as provided by the Update API, and using the API provided by the entity definition update manager. (Note that using the API has always been the recommended way for developers to trigger entity updates.) drush entup is also no longer supported by Drupal core. These three change records provide further details:

  1. Support for automatic entity updates has been removed
  2. Kernel tests have to install entity type schemas for all the entity types they are testing, and before installing any other configuration
  3. New helper method available to set up the "current_user" service in kernel tests

• Workarounds for the stylesheet limit in Internet Explorer 9 (IE9) and earlier have been removed. Drupal dropped support for Internet Explorer 9 and 10 in 8.4.0, but Drupal 8.5 and 8.6 retained a workaround to allow 32 or more stylesheets to be included. This workaround has been removed in 8.7. Sites still requiring Internet Explorer 9 support for the work around of IE's limit of 31 style sheets per page, should enable CSS aggregation (preferred) or install the IE9 Compatibility contributed module.

Entity and field system changes
 

• Entity schema operations will now leave backup tables in place for inspection. See the change record on entity update backup data for more details including how to disable this functionality.

• Custom menu links and taxonomy terms are now revisionable, which allows them to be used in editorial workflows (similarly to nodes, media, and custom blocks). These changes involve an upgrade path and updates to the respective entity storages. Custom code updating these entities programmatically may need to update to take account revision creation. This may also impact API clients, exported default content, and custom database queries. See the change records for details:

  • Custom menu links are revisionable
  • Taxonomy terms are revisionable

• Serialized properties of base fields are now automatically unserialized to be consistent with configurable fields. Existing workarounds for this bug might need to be adjusted if they relied on the old behavior of passing a string to those fields. Read the change record about loading serialized field properties.

Changes for Symfony 4 and 5 compatibility
 

• Drupal\Component\DependencyInjection\Container no longer implements Symfony\Component\DependencyInjection\ResettableContainerInterface for future compatibility with Symfony 5. If you are type-hinting on this interface, update your type-hint to instead use Drupal\Component\DependencyInjection\Container
  Read the change record about the Container Symfony component.

• In the interest of supporting deprecations in Symfony 4 leading up to Symfony 5, \Drupal\Core\Validation\TranslatorInterface no longer extends \Symfony\Component\Translation\TranslatorInterface.
  Read the change record about the TranslatorInterface Symfony component.

• Additionally, numerous critical Symfony 4 and 5 compatibility issues are resolved in this release.

Plugin system changes
 

• ConfigurablePluginInterface, which is used by many, many plugins, is deprecated in favor of a combination of two interfaces: ConfigurableInterface and DependentPluginInterface. If the plugin does not have external module dependencies, then developers may opt to just implement ConfigurableInterface by itself and not implement DependentPluginInterface.
  Read the change record on deprecation of ConfigurablePluginInterface.

• For context-aware plugins defined by annotation the context key is deprecated. To define context definitions, use the context_definitions key. Interacting with the context definitions of a plugin is unchanged, see \Drupal\Component\Plugin\ContextAwarePluginInterface.
  Read the change record on context definitions for plugins.

Changes to base themes (Stable, Classy)
 

This release includes some small changes to core's base themes (Stable, Classy). Themes that extend one of these base themes should review the following changes.

• JavaScript messages template changes
• Pager CSS ID changed from "pagination-heading" to a unique ID

New stable module: Layout Builder
 

Layout Builder allows content editors and site builders to easily and quickly create visual layouts for displaying content. Users can customize how content is arranged on a single page, or across types of content, with an easy to use drag-and-drop interface.

This module was introduced as an experimental core module in Drupal 8.5.0, but is now stable and ready for production use! For sites using the experimental module prior to 8.7.0 there are some important changes:

• The Layout Builder module is designed to support extensible storage for layouts, so that layouts can be created and saved for various use cases. (For example, the core module has two storages, one for default content layouts and another for individual entity layouts.) A serious bug with the beta API prevented other storages from being used and API changes were required to resolve this issue.

  Layout Builder section storage plugins must adapt to changes to their interface and rely on the context system instead of external setter calls. Additionally, those interacting with the Layout Builder API must use the new methods for loading SectionStorage plugins.

• Layout Builder overrides are now stored in non-translatable fields. This means that on entities with overridable layouts, when Content Translation is enabled, the Layout tab is only available when viewing the entity in its default language (not from a translation) and layout changes made from there apply to all translations.

  For sites that installed Layout Builder and enabled layout overrides for some entity bundles while it was still Experimental, this release retains the site's existing translatability configuration of those fields. For those sites, manually setting the layout field to non-translatable is strongly recommended unless there is existing layout translation data. See the change record on Layout Builder translation changes for more details. Layout translatability is planned as a feature for a future release.

• Layout Builder now has more granular permissions Previously, it only provided a single permission to access all aspects of Layout Builder (configuring/deleting layouts, adding or removing inline blocks, etc.). One example of Layout Builder's more granular permission options means users will only be able to manipulate the layout of content if they have access to edit that content. Review Layout Builder's permissions after updating and change to permissions where appropriate for better access control.

• CSS classes used in Layout Builder's user interface have been renamed in accordance with BEM standards. For example, classes like .layout-section are now .layout-builder__section.
  Read the change record on BEM standards for Layout Builder's user interface classes.

New stable module: JSON:API
 

JSON:API is now included in core. Contributed modules that depend on the contrib JSON:API project should remove this dependency now that the module is in core.

Sites currently using the 8.x-2.x branch of the JSON:API contributed module should remove the contributed module from the codebase, ensuring that any contrib modules depending on the contributed project are updated at the same time. Use composer remove drupal/jsonapi to remove the JSON:API contributed project when updating core, and rm -rf modules/jsonapi if not using composer, when updating to Drupal 8.7.0.

The contributed module will not receive further updates aside from security fixes.

Sites using the 8.x-1.x branch may require changes to API clients, but the contributed module may be left in place with Drupal 8.7 until any needed conversions are complete. You may experience difficulties upgrading with Composer to Drupal 8.7.0 with drupal/jsonapi installed, or, are unable to install drupal/jsonapi into Drupal 8.7.0 with Composer. See #3053700: Impossible to update drupal/core to 8.7.0 with Composer >= 1.7.3 if drupal/jsonapi is installed for information about how to work around this problem.

Note that the core version of JSON:API uses a read-only mode by default for security reasons. This is configurable at /admin/config/services/jsonapi. Sites requiring create, update, or delete access should review the JSON:API security considerations documentation.

Third-party library updates
 

The following third-party libraries are updated in this release:

• Guzzle has been updated from 6.3.0 to 6.3.3. With this update, the http_client service also now supports empty headers.

• Previously, Drupal packaged a copy of the PEAR Archive_Tar library in a Drupal core namespace. In 8.7, this has been deprecated and replaced with a proper Composer dependency on this library. The dependency has also been updated to version 1.4.6.

• Stylelint has been updated from 9.1.1 to 9.10.1.

• drupal/coder has been updated to ˆ8.3.1. You may need to re-install coder if you have automated coding standards checks as part of your workflow, since the update includes new coding standards checks.

• CKEditor has been updated to 4.11.3.

• Twig has been updated to 1.38.4.

• A number of other PHP dependencies have also been updated, including:

  • composer/installers to 1.6.0
  • composer/semver to 1.5.0
  • egulias/email-validator to 2.1.7
  • paragonie/random_compat to v2.0.18
  • Most symfony/* components to v3.4.26
  • symfony/http-foundation to v3.4.27
  • symfony/polyfill-* to v1.11.0
  • typo3/phar-stream-wrapper to v2.1.0

Other important update information
 

• Previously, a fix was committed following upstream Symfony issue with lazy session data in Symfony 3.4.24. Symfony has now reverted the commit in Symfony 3.4.27 (released May 1). Drupal 8.7 has therefore reverted the workaround for the issue and updated symfony/http-foundation to 3.4.27. Other Symfony components remain on 3.4.26 as of Drupal 8.7.0. Any site owners encountering issues with lazy session data should review the above issue and ensure that http-foundation is updated to 3.4.27.

• datetime fields that store both date and time now specify a time zone when normalized, datetime fields that store only a date no longer expose a (meaningless) time when normalized. daterange fields behave the same way as datetime fields, because both field types use the same "data type" under the hood, and hence get the same normalization. Finally, there is now automatic time zone conversion when POSTing or PATCHing datetime or daterange fields: the client can specify any time zone, and the necessary transformations to match the site's timezone are applied.
  Read the change record about normalization of the Date and Date range fields.

• The session_handler.write_check service has been removed from core.services.yml. In the unlikely event that this service is being swapped out, the functionality has been moved to \Drupal\Core\Session\WriteSafeSessionHandler - the session_handler.write_safe service.
  Read the change record on removal of the session handler proxy.

• In order to resolve a critical issue affecting the PostgreSQL database, The naming scheme for PostgreSQL sequence generators has been changed.

• For all changes that may affect contributed or custom code, search the Drupal 8.7.x change records.

Important bug fixes

In addition to those already listed above, the following critical and important issues have been fixed in Drupal 8.7.0.

• The Entity system now provides an API for retrieving an entity variant that is safe for editing and previewing in editorial workflows, depending on the specified context, by default the current context.

• #2942675: Layout builder should use the active variant of an entity to avoid orphaned revisions

• #2990517: Adding a display mode to a content type using layout, and disabling layout on that new display mode removes the layout_builder__layout field and breaks layout in already configured display modes.

• #3033686: Saving Layout override will revert other field values to their values when the Layout was started.

• #3037823: The system.theme.data key remains corrupted in state causing performance issues and is not used in >= 8.7

• #3042993: Translatable and revisonable installed entity type definitions are missing the 'revision_translation_affected' entity key

• #2554235: Make the content entity storage and entity query use the last installed definitions instead of the ones living in code

• #2891754: [regression] UserMailRequiredValidator fails on new user entities

• #2787185: track_changes does not work when the map is joinable

• #3033653: InvalidArgumentException when adding reference field without Media type

• #3051826: 8.7.0-rc1 database updates fail on media_library configuration dependencies due to missing form and view modes

Beginning with the Drupal 8.7.0-beta1 release, the Drupal Association and Drupal core maintainers have partnered with agencies and site owners in an official beta testing program for Drupal core minor releases. A number of issues were identified and resolved directly as a result of this initiative. Participating in the beta program is an important way to contribute to the Drupal project. Special thanks to the following individuals and organizations for participating, and directly contributing to the quality of this release:

• larowlan at PreviousNext for Charles Darwin University, Brisbane City Council, Wyndham City Council
• plach
• RoSk0 at Catalyst IT
• alexpott at Thunder
• thursday_bw at Catalyst IT
• Juterpillar at Catalyst IT
• Joseph Zhao at govCMS (Australian Government Department of Finance)
• daniel.bosen at Thunder
• kim.pepper at PreviousNext

Known issues

• #3052431: layout_builder_post_update_make_layout_untranslatable() still attempts to query all revisions for non-revisionable entities
• #3052147: comment_update_8701 fails if there are comments without field_name
• #3052140: Cannot convert custom entity types from non-revisionable to revisionable with pre-8.7.x compatible methods
• #3044211: SectionStorage objects in tempstore are broken when updating from 8.6.x to 8.7.x
• #3026560: After upgrade to 7.63, 8.5.10, 8.6.7, 9.4.0 get TYPO3 phar error for drush
• #3026443: \Drupal\Core\Security\PharExtensionInterceptor is incompatible with GeoIP and other libraries that use phar aliases or Phar::mapPhar()
• #3044682: Permission denied creating /tmp/twig
• #3053700: Impossible to update drupal/core to 8.7.0 with Composer >= 1.7.3 if drupal/jsonapi is installed

Search the issue queue for all known issues.

All changes since 8.7.0-rc1

• #3045349 by alexpott, mikelutz, geerlingguy, catch, mglaman, larowlan: Lazy started sessions with session data are not saved with symfony/http-foundation 3.4.24
• #3051826 by tim.plunkett, mikemadison: 8.7.0-rc1 database updates fail on media_library configuration dependencies due to missing form and view modes
• #2981393 by quietone, masipila, heddn, Gábor Hojtsy, maxocub: Migrate D6 comment type language settings
• #2987956 by mariancalinro, amateescu, vijaycs85, mheip, mallezie: Entity queries with sorting and ordering are not working in a non-default workspace
• Revert "Issue #2987956 by mariancalinro, amateescu, vijaycs85, mheip, mallezie: Entity queries with sorting and ordering are not working in a non-default workspace"
• #3022137 by quietone, heddn: Update migrate fixtures for remaining active issues
• #3045966 by partyka, shaal, Wim Leers, Gábor Hojtsy, mglaman, tedbow, Berdir, kjay: Set author and editor passwords to the admin password in the demo to make demoing easier
• #3049737 by shaal, smaz: Demonstrate per item layout customization in Umami, make finding layout editing much easier
• #3050180 by alexpott, shaal, smaz: Cannot install Umami in Spanish
• #2904550 by tim.plunkett, Sam152, jwilson3, neclimdul, eelkeblok, amateescu, DuaelFr, K3vin_nl, alexpott, tedbow, andypost: PluginDependencyTrait::calculatePluginDependencies() does not handle theme provided plugins
• #3048698 by Sam152, alexpott, tedbow, fenstrat: Content moderation layout builder integration fails when a node has an associated menu item
• #3046992: Add @ckrina as a usability maintainer
• #3040166 by oriol_e9g, Mile23, willzyx, Berdir, alexpott, catch, cilefen: mkdir() fails in BrowserHtmlDebugTrait.php:141 because of a race condition
• #3048699 by shaal: Taxonomies are only displayed in English
• #3029669 by tim.plunkett, K3vin_nl, mpdonadio: Layout Builder must adjust #states for formatters written expecting to be used by the Field UI
• #3010825 by mark_fullmer, tim.plunkett, tedbow, johndevman: Back to site link returns user to manage layout for defaults
• #3046121 by shaal, pawandubey, kjay: Umami tabs are too wide for mobile screens
• #3019824 by nord102, tim.plunkett: Layout Builder's isOverridable()/setOverridable() do not respect the result of isLayoutBuilderEnabled()
• #2955065 by tim.plunkett, phenaproxima, pixlkat, andypost, mtodor, dmsmidt: Customized layout does not display for node with customizations enabled when using full content view mode
• #3040645 by mark_fullmer, tim.plunkett, porkloin, xjm, andrewmacpherson, mgifford: Add a role=region wrapper to the Layout Builder action form to fix screen reader navigation barriers
• #2802803 by Berdir, AdamPS, Darren Oh, alexpott, Munavijayalakshmi, jackbravo, slashrsm, mmbk, Dane Powell, larowlan, LittleCoding, gapple, catch, wiifm, quantumized, acbramley: Temporary files whose files are missing on the disk result in never-ending error log messages
• #2995655 by awm, Sam152, jedgar1mx, lpeabody, axel.rutz: Invalid translation language (und) specified. in Drupal\Core\Entity\ContentEntityBase when changing language of an entity