Subscribe to Drupal core announcements feed
Core announcement
Updated: 2 hours 39 min ago

*All* external PHP / JS libraries updated in Drupal 8 HEAD. Please test!

September 5, 2015 at 3:48am

Drupal 8 hit the single digits for critical issues this week, so we have officially started in on the RC1 Release Checklist! :D Two of the items on there are:

In an effort to get as much testing in front of RC1 as possible, today with the help of numerous awesome people such as hussainweb, DuaelFr, tarekdj, klausi, dawehner, Wim Leers, cilefen, and many more, we were able to get all of the external libraries in Drupal 8 updated! :D

While we have a green board as far as automated tests go, nevertheless these changes could use additional eyeballs, so please be on the lookout for any weirdness, esp. in front-end functionality, for which we lack automated test coverage.

Categories: Planet Drupal

Recording from Sept 4th 2015 Drupal 8 critical issues discussion

September 4, 2015 at 11:48am

We met again today to discuss critical issues blocking Drupal 8's release (candidate). (See all prior recordings). Here is the recording of the meeting video and chat from today in the hope that it helps more than just those who were on the meeting:

If you also have significant time to work on critical issues in Drupal 8 and we did not include you, let me know as soon as possible.

The meeting log is as follows (all times are CEST real time at the meeting):


[11:09am] alexpott: https://www.drupal.org/node/2545972
[11:09am] Druplicon: https://www.drupal.org/node/2545972 => Remove all usages SafeMarkup::checkPlain() and rely more on Twig autoescaping [#2545972] => 157 comments, 29 IRC mentions
[11:09am] catch: https://www.drupal.org/node/2563023
[11:09am] Druplicon: https://www.drupal.org/node/2563023 => drupal 8.0.0-beta15 => 0 comments, 1 IRC mention
[11:09am] GaborHojtsy: catch: woot :)
[11:10am] alexpott: https://www.drupal.org/node/2560863
[11:10am] Druplicon: https://www.drupal.org/node/2560863 => #options often is escaped by the code that creates the render array, the render element should do this itself [#2560863] => 19 comments, 6 IRC mentions
[11:11am] alexpott: https://www.drupal.org/node/1031122
[11:11am] Druplicon: https://www.drupal.org/node/1031122 => postgres changeField() is unable to convert to bytea column type correctly [#1031122] => 98 comments, 6 IRC mentions
[11:12am] dawehner: https://www.drupal.org/node/2538108
[11:12am] Druplicon: https://www.drupal.org/node/2538108 => Add an API for data value updates to reliably run after data format updates [#2538108] => 37 comments, 11 IRC mentions
[11:15am] plach: https://www.drupal.org/node/2561129
[11:15am] Druplicon: https://www.drupal.org/node/2561129 => Composite indexes are not correctly deleted/re-created when updating a field storage definition [#2561129] => 38 comments, 9 IRC mentions
[11:16am] plach: https://www.drupal.org/node/2504139
[11:16am] Druplicon: https://www.drupal.org/node/2504139 => Blocks containing a form include the form action in the cache, so they always submit to the first URL the form was viewed at [#2504139] => 113 comments, 20 IRC mentions
[11:18am] plach: https://www.drupal.org/node/2341575
[11:18am] Druplicon: https://www.drupal.org/node/2341575 => [meta] Provide a beta to beta/rc upgrade path [#2341575] => 69 comments, 32 IRC mentions
[11:22am] GaborHojtsy: https://www.drupal.org/node/2506445
[11:22am] Druplicon: https://www.drupal.org/node/2506445 => Replace remaining !placeholder with @placeholder [#2506445] => 97 comments, 16 IRC mentions
[11:23am] GaborHojtsy: https://www.drupal.org/node/2562903
[11:23am] Druplicon: https://www.drupal.org/node/2562903 => Drupal 8's APIs Defined => 0 comments, 1 IRC mention
[11:23am] GaborHojtsy: https://www.drupal.org/node/2560783
[11:23am] Druplicon: https://www.drupal.org/node/2560783 => Replace !placeholder with @placeholder in hook_help() text [#2560783] => 38 comments, 5 IRC mentions
[11:32am] dawehner: https://www.drupal.org/node/2538108
[11:32am] Druplicon: https://www.drupal.org/node/2538108 => Add an API for data value updates to reliably run after data format updates [#2538108] => 37 comments, 12 IRC mentions
[11:49am] Fabianx-screen: hook_post_update()
[11:55am] Fabianx-screen: node.post_update.php

Categories: Planet Drupal

Drupal 8 beta 15 on Friday, September 4, 2015

September 2, 2015 at 4:38pm
Start:  2015-09-04 00:00 - 23:30 UTC User group meeting Organizers:  catch xjm

The next beta release for Drupal 8 will be beta 15! (Read more about beta releases.) The beta is scheduled for Friday, September 4, 2015. To ensure a reliable release window for the beta, there will be a Drupal 8 commit freeze from 00:00 to 23:30 UTC on September 4.

Beta 15 will include a couple of important API changes. See SafeMarkup::set(), SafeMarkup::checkPlain(), and other methods are removed from Drupal 8 core for details.

Categories: Planet Drupal

SafeMarkup::set(), SafeMarkup::checkPlain(), and other methods are removed from Drupal 8 core

September 2, 2015 at 4:21pm

Before the release of the first Drupal 8 beta, Twig's autoescape functionality was enabled in Drupal 8 core. At the time, the SafeMarkup class was added in order to integrate Drupal core's own filtering and escaping APIs with Twig's.

Following extensive critical work on Drupal 8's sanitization APIs, most of the public API for the SafeMarkup class has been removed. Of particular note: for the next beta (beta 15), SafeMarkup::set() will be removed and SafeMarkup::checkPlain() will be deprecated for removal before 8.0.0.

SafeMarkup::set() will be removed

The SafeMarkup::set() method was documented for internal use when it was originally added. However, Drupal 8 core (as well as some contrib and custom modules) used it incorrectly to avoid unwanted escaping, because at the time there were not good examples for all usecases, particularly for code that assembled together multiple different strings of markup. Now, all core usages have been removed, and the change record has been updated to include recommended strategies for concatenating markup strings. Refer to this change record to replace any remaining usages of SafeMarkup::set().

SafeMarkup::checkPlain() is deprecated and will be removed

In Drupal 7 and earlier, check_plain() was important for sanitizing untrusted input for output to the page. In Drupal 8, Twig's autoescape provides this functionality for any variables passed to a Twig template, and other APIs are used in other circumstances.

When explicit escaping is needed, the most direct replacement for check_plain() or SafeMarkup::checkPlain() is Html::escape(). See the change record section on escaping text in Drupal 8 for details.

The correct use of t() and SafeMarkup::format() is not affected and these functions will still automatically escape input passed in the second parameter for a @variable or %variable placeholder. See the SafeMarkup::format() documentation for details.

Categories: Planet Drupal

No Drupal 6 or Drupal 7 core release on Wednesday, September 2

August 31, 2015 at 3:12pm

The monthly Drupal core bug fix/feature release window is scheduled for this Wednesday. However, there have not been enough changes to the development version since the last bug fix/feature release to warrant a new release, so there will be no Drupal core release on that date. (I had hoped to get a release done, but scheduling issues plus the work involved in putting out a large security release in August made it impossible.) A Drupal 7 bug fix/feature release during the October window is likely instead.

Upcoming release windows include:

  • Wednesday, September 16 (security release window)
  • Wednesday, October 7 (bug fix/feature release window)

For more information on Drupal core release windows, see the documentation on release timing and security releases, and the discussion that led to this policy being implemented.

Categories: Planet Drupal

Recording from August 28th 2015 Drupal 8 critical issues discussion

August 28, 2015 at 12:01pm

We met again today to discuss critical issues blocking Drupal 8's release (candidate). (See all prior recordings). Here is the recording of the meeting video and chat from today in the hope that it helps more than just those who were on the meeting:

If you also have significant time to work on critical issues in Drupal 8 and we did not include you, let me know as soon as possible.

The meeting log is as follows (all times are CEST real time at the meeting):


[11:08am] GaborHojtsy: https://www.drupal.org/node/2555183
[11:08am] Druplicon: https://www.drupal.org/node/2555183 => Fix the filled update tests, they are broken [#2555183] => 60 comments, 10 IRC mentions
[11:08am] GaborHojtsy: https://www.drupal.org/node/2555665
[11:08am] Druplicon: https://www.drupal.org/node/2555665 => When index is added for content_translation_uid, the corresponding stored schema definition is not updated [#2555665] => 30 comments, 7 IRC mentions
[11:09am] plach: https://www.drupal.org/node/2542748
[11:09am] Druplicon: https://www.drupal.org/node/2542748 => Automatic entity updates can fail when there is existing content, leaving the site's schema in an unpredictable state [#2542748] => 184 comments, 38 IRC mentions
[11:10am] plach: https://www.drupal.org/node/2558905
[11:10am] Druplicon: https://www.drupal.org/node/2558905 => Content translation module - Information disclosure by insufficient access checking [#2558905] => 9 comments, 3 IRC mentions
[11:11am] plach: https://www.drupal.org/node/2555665
[11:11am] Druplicon: https://www.drupal.org/node/2555665 => When index is added for content_translation_uid, the corresponding stored schema definition is not updated [#2555665] => 30 comments, 8 IRC mentions
[11:13am] WimLeers: https://www.drupal.org/node/2429617#comment-10256775
[11:13am] Druplicon: https://www.drupal.org/node/2429617 => Make D8 2x as fast: SmartCache: context-dependent page caching (for *all* users!) [#2429617] => 265 comments, 34 IRC mentions
[11:13am] WimLeers: https://www.drupal.org/node/2556889
[11:13am] Druplicon: https://www.drupal.org/node/2556889 => [policy, no patch] Decide if SmartCache is still in scope for 8.0 and whether remaining risks require additional mitigation [#2556889] => 62 comments, 4 IRC mentions
[11:19am] alexpott: xjm: https://www.drupal.org/node/2558791
[11:19am] Druplicon: https://www.drupal.org/node/2558791 => !placeholder should Xss::adminFilter but not affect safeness [#2558791] => 11 comments, 1 IRC mention
[11:20am] alexpott: xjm: your issue might be a duplicate
[11:26am] WimLeers: plach: https://www.drupal.org/node/2558905#comment-10267715
[11:26am] Druplicon: https://www.drupal.org/node/2558905 => Content translation module - Information disclosure by insufficient access checking [#2558905] => 9 comments, 4 IRC mentions
[11:28am] plach: WimLeers: replied
[11:33am] jibran: https://www.drupal.org/node/2538108
[11:33am] Druplicon: https://www.drupal.org/node/2538108 => Add an API for data value updates to reliably run after data format updates [#2538108] => 19 comments, 4 IRC mentions
[11:46am] WimLeers: https://www.drupal.org/node/2557815#comment-10266477
[11:46am] Druplicon: https://www.drupal.org/node/2557815 => Automatically assign node grants cache context in node_query_node_access_alter() [#2557815] => 17 comments, 2 IRC mentions
[11:53am] jibran: https://www.drupal.org/node/2538108
[11:53am] Druplicon: https://www.drupal.org/node/2538108 => Add an API for data value updates to reliably run after data format updates [#2538108] => 19 comments, 5 IRC mentions
[11:55am] WimLeers: https://www.drupal.org/node/2464427
[11:55am] Druplicon: https://www.drupal.org/node/2464427 => Replace CacheablePluginInterface with CacheableDependencyInterface [#2464427] => 176 comments, 27 IRC mentions
[11:55am] jibran: https://www.drupal.org/node/2538108
[11:55am] Druplicon: https://www.drupal.org/node/2538108 => Add an API for data value updates to reliably run after data format updates [#2538108] => 19 comments, 6 IRC mentions
[11:56am] xjm: Is that another update path test we need? a test contrib module?
[12:05pm] • xjm finds herself wondering if plach hears churchbells again :)
[12:05pm] plach: xjm: I'm doing right now :)
[12:05pm] xjm: :D
[12:13pm] xjm: Given the complexity here, I find myself wondering how on earth it was we ever expected this to work for major version upgrades :) Thank goodness for migrate

Categories: Planet Drupal

Recording from August 21st 2015 Drupal 8 critical issues discussion

August 28, 2015 at 11:54am

We met again last Friday to discuss critical issues blocking Drupal 8's release (candidate). (See all prior recordings). Here is the recording of the meeting video and chat from last Friday in the hope that it helps more than just those who were on the meeting:

If you also have significant time to work on critical issues in Drupal 8 and we did not include you, let me know as soon as possible.

The meeting log is as follows (all times are GMT real time at the meeting):


10:12 plach entity updates issue: https://www.drupal.org/node/2542748
10:12 Druplicon https://www.drupal.org/node/2542748 => Automatic entity updates can fail when there is existing content, leaving the site's schema in an unpredictable state [ #2542748] => 152 comments, 31 IRC mentions

10:25 alexpott https://www.drupal.org/node/2554151
10:25 Druplicon https://www.drupal.org/node/2554151 => Test content/configuration in update database dump [#2554151] => 23 comments, 2 IRC mentions

10:32 WimLeers https://www.drupal.org/node/2554233
10:32 Druplicon https://www.drupal.org/node/2554233 => Port Cross-site Request Forgery - Form API fixes from SA-CORE-2015-003 to Drupal 8 [#2554233] => 26 comments, 1 IRC mention

10:33 larowlan plach: https://www.drupal.org/node/2542748#comment-10244733 point 2 - I think that's a c/p error
10:33 Druplicon https://www.drupal.org/node/2542748 => Automatic entity updates can fail when there is existing content, leaving the site's schema in an unpredictable state [#2542748] => 152 comments, 33 IRC mentions

10:34 plach larowlan: definitely :)
10:34 plach thanks for catching that

10:42 alexpott https://www.drupal.org/node/2497243
10:42 Druplicon https://www.drupal.org/node/2497243 => Replace Symfony container with a Drupal one, stored in cache [#2497243] => 245 comments, 53 IRC mentions

10:44 WimLeers dawehner: "we're in the middle of nowhere of the DrupalKernel" — that sounds bizarre :D

10:53 alexpott https://www.drupal.org/node/2464427
10:53 Druplicon https://www.drupal.org/node/2464427 => Replace CacheablePluginInterface with CacheableDependencyInterface [#2464427] => 175 comments, 25 IRC mentions

10:59 dawehner jibran: new \Drupal\views\Entity\View();
11:03 jibran UpgradePath--
11:03 jibran UpgradePath--
11:03 jibran UpgradePath--
11:03 jibran UpgradePath--
11:09 WimLeers jibran: hahahaha
11:09 WimLeers jibran++
11:09 pfrenssen jibran: lol :D
11:10 WimLeers alexpott: amazingly, *during* our call, pretty much every SafeMarkup issue has been updated!
11:10 WimLeers stefan_r++

Categories: Planet Drupal

Drupal 8 core updates for August 19th, 2015

August 19, 2015 at 2:06pm
What's new with Drupal 8?

Since the last Drupal 8 Core Update, Drupal 8 got a UI for responsive image mapping, a proposal for a new Drupal.org content model was put forward and a bunch of improvements were made to Drupal.org, notably: the first comment to an issue is now automatically generated to make it easier to see the original issue summary, test result output was improved, and it's now possible to test patches on PHP 5.4, 5.5, 5.6, and 7 simultaneously.

Some other highlights of the month were:

How can I help get Drupal 8 finished?

See Help get Drupal 8 released! for updated information on the current state of the software and more information on how you can help.

We're also looking for more contributors to help compile these posts. Contact mparker17 if you'd like to help!

Drupal 8 In Real Life Whew! That's a wrap!

Do you follow Drupal Planet with devotion, or keep a close eye on the Drupal event calendar, or git pull origin 8.0.x every morning without fail before your coffee? We're looking for more contributors to help compile these posts. You could either take a few hours once every six weeks or so to put together a whole post, or help with one section more regularly. If you'd like to volunteer for helping to draft these posts, please follow the steps here!

Categories: Planet Drupal

This Month in Drupal Documentation - August 2015

August 15, 2015 at 4:51am

It's been a busy month in Drupal documentation land. Here's an update from the Documentation Working Group (DocWG) on what has been happening in Drupal Documentation in the last month or so. Sorry... because this is posted in the Core group as well as Documentation, comments are disabled.

If you have comments or suggestions, please see the DocWG home page for how to contact us. Thanks!

Notable Documentation Updates

(pages or sections that have been worked on recently, see notes below)

See the DocWG home page for how to contact us, if you'd like to be listed here in our next post!

Thanks for contributing!

(list of how many people have made updates in the last month, and the top few contributors, see notes below)

Since July 15th (our previous TMIDD post), 234 contributors have made 705 total Drupal.org documentation page revisions, including 4 people that made more than 30 edits -- thanks everyone!

Extra big shout-out to these contributors.

  • lolandese (111 revisions)
  • Wim Leers (49 revisions)
  • jhodgdon (41 revisions)
  • Francewhoa (30 revisions)

In the core issue queue there's been a lot of movement to improve in-line documentation as we continue to get closer to a release of Drupal 8. This patch to improved the TypedData documentation is a great example of the kind of work that's being done. https://www.drupal.org/node/2548279

In addition, there were many many commits to Drupal Core and contributed projects that improved documentation -- these are hard to count, because many commits combine code and documentation -- but they are greatly appreciated too!

Documentation Priorities

The Current documentation priorities page is always a good place to look to figure out what to work on, and has been updated recently.

Work on the Drpual 8 User Guide is moving along splendidly. We had two IRC meetings in the last month and the level of involvement has been great. Helping with this documentation is a great way to get started with documentation and to learn a bit about Drupal 8 while you're at it. The focus right now is on writing a first draft of each of the topics in the guide, and work is also underway to figure out a final home for the new guide in https://www.drupal.org/node/2522024. Follow https://groups.drupal.org/documentation for announcements and join us for our next IRC meeting.

If you're new to contributing to documentation, these projects may seem a bit overwhelming -- so why not try out a New contributor task to get started?

The Drupal Association staff have recently updated their 2015 roadmap and it currently includes a couple of big wins for documentation. Including work to convert sections of the community documentation into a more maintainable format. The issue here https://www.drupal.org/node/2533684 doesn't have a lot of information soon, but keep on eye on it. And/or watch this recording of the presentation from DrupalCon LA about the work being done on content strategy for Drupal.org to get an idea of what's coming. https://events.drupal.org/losangeles2015/sessions/content-strategy-drupa...

Upcoming Events

  • DrupalCon Barcelona, Spain, 21-25 September, with a session Let's talk about documentation and a documentation sprint on Drupal 8 documentation and the D8 User Guide. Please sign up for the sprint! Members of the DocsWG will be in attendence at DrupalCon and would love to chat with you about your ideas for improving Drupal's documentation or to help you find ways to get involved so come say hello anytime during the week.

If you're attending or helping to organize a Drupal event that will feature a documentation related sprint, or sessions let us know and we'll get it added to the list.

Report from the Working Group

We just recently had our regular monthly meeting, though it had actually been over a month since the last time we met. We didn't have a whole lot to discuss in that period, and had been putting a lot of time and effort into getting the Drupal 8 User Guide project underway. At our last meeting the big thing that came up was the need to develop a clear set of guidelines for when it is appropriate to delete a comment from either the community documentation or the api.drupal.org documentation. https://www.drupal.org/node/2515002. We've jotted down some ideas and plan to discuss this further at our next meeting in September. Afer which we'll post the ideas we've come up with for consideration before making anything official. Let us know in the issue if you've got any thoughts about what this should look like.

Categories: Planet Drupal

Drupal core security release window on Wednesday, August 19

August 14, 2015 at 2:14pm
Start:  2015-08-19 (All day) America/New_York Online meeting (eg. IRC meeting) Organizers:  David_Rothstein

The monthly security release window for Drupal 6 and Drupal 7 core will take place on Wednesday, August 19.

This does not mean that a Drupal core security release will necessarily take place on that date for either the Drupal 6 or Drupal 7 branches, only that you should prepare to look out for one (and be ready to update your Drupal sites in the event that the Drupal security team decides to make a release).

There will be no bug fix/feature release on this date; the next window for a Drupal core bug fix/feature release is Wednesday, September 2.

For more information on Drupal core release windows, see the documentation on release timing and security releases, and the discussion that led to this policy being implemented.

Categories: Planet Drupal

Recording from August 14th 2015 Drupal 8 critical issues discussion

August 14, 2015 at 11:46am

We met again today to discuss critical issues blocking Drupal 8's release (candidate). (See all prior recordings). Here is the recording of the meeting video and chat from today in the hope that it helps more than just those who were on the meeting:

If you also have significant time to work on critical issues in Drupal 8 and we did not include you, let me know as soon as possible.

The meeting log is as follows (all times are CEST real time at the meeting):


[11:07am] alexpott: https://www.drupal.org/node/2501931
[11:07am] Druplicon: https://www.drupal.org/node/2501931 => Remove SafeMarkup::set in twig_render_template() and ThemeManager and FieldPluginBase:advancedRender [#2501931] => 117 comments, 34 IRC mentions
[11:08am] alexpott: https://www.drupal.org/node/2549943
[11:08am] Druplicon: https://www.drupal.org/node/2549943 => [plan] Remove as much of the SafeMarkup class's methods as possible [#2549943] => 16 comments, 6 IRC mentions
[11:14am] plach: https://www.drupal.org/node/2542748
[11:14am] Druplicon: https://www.drupal.org/node/2542748 => EntityDefinitionUpdateManager::applyUpdates() can fail when there's existing content, leaving the site's schema in an unpredictable state, so should not be called during update.php [#2542748] => 100 comments, 24 IRC mentions
[11:56am] catch: https://www.drupal.org/node/2551341
[11:56am] Druplicon: https://www.drupal.org/node/2551341 => Update test database dump should be based on beta 12 and contain content [#2551341] => 0 comments, 1 IRC mention
[11:58am] jibran: https://www.drupal.org/node/2464427
[11:58am] Druplicon: https://www.drupal.org/node/2464427 => Replace CacheablePluginInterface with CacheableDependencyInterface [#2464427] => 157 comments, 22 IRC mentions
[12:01pm] jibran: plach: is it bells time on the call? :P
[12:02pm] plach: jibran: yeah :)
[12:08pm] jibran: https://www.drupal.org/node/2349819
[12:08pm] Druplicon: https://www.drupal.org/node/2349819 => String field type doesn't consider empty string as empty value [#2349819] => 89 comments, 8 IRC mentions

Categories: Planet Drupal

Recording from Aug 7th 2015 Drupal 8 critical issues discussion

August 7, 2015 at 12:00pm

We met again today to discuss critical issues blocking Drupal 8's release (candidate). (See all prior recordings). Here is the recording of the meeting video and chat from today in the hope that it helps more than just those who were on the meeting:

If you also have significant time to work on critical issues in Drupal 8 and we did not include you, let me know as soon as possible.

The meeting log is as follows (all times are GMT real time at the meeting):


10:10 WimLeers https://www.drupal.org/node/2543332
10:10 Druplicon https://www.drupal.org/node/2543332 => Auto-placeholdering for #lazy_builder without bubbling [#2543332] => 40 comments, 8 IRC mentions

10:11 WimLeers https://www.drupal.org/node/2503963
10:11 Druplicon https://www.drupal.org/node/2503963 => XSS in Quick Edit: entity title is not safely encoded [#2503963] => 27 comments, 2 IRC mentions

10:12 plach https://www.drupal.org/node/2544954
10:12 Druplicon https://www.drupal.org/node/2544954 => SqlContentEntityStorageSchema does not detect column-level schema changes in non-base-fields [#2544954] => 16 comments, 1 IRC mention

10:12 plach https://www.drupal.org/node/2542748
10:12 Druplicon https://www.drupal.org/node/2542748 => Automatic entity updates are not safe to run on update.php by default [#2542748] => 60 comments, 14 IRC mentions

10:14 dawehner https://www.drupal.org/node/2540416
10:14 Druplicon https://www.drupal.org/node/2540416 => Decide whether we need hook_upgrade_N()/upgrade.php front controller [#2540416] => 43 comments, 11 IRC mentions

10:17 webchick https://assoc.drupal.org/d8accelerate

10:17 webchick https://www.drupal.org/node/2485119
10:17 Druplicon https://www.drupal.org/node/2485119 => [meta] The Drupal 8.0.0-rc1 Release Checklist [#2485119] => 32 comments, 11 IRC mentions

10:17 webchick https://www.drupal.org/node/2042447
10:17 Druplicon https://www.drupal.org/node/2042447 => Install a module user interface does not install modules (or themes) [#2042447] => 178 comments, 25 IRC mentions

10:18 webchick https://www.drupal.org/node/2267715
10:18 Druplicon https://www.drupal.org/node/2267715 => [meta] Drupal.org (websites/infra) blockers to a Drupal 8 release [#2267715] => 53 comments, 17 IRC mentions

10:19 alexpott https://www.drupal.org/node/2280965
10:19 Druplicon https://www.drupal.org/node/2280965 => [meta] Remove or document every SafeMarkup::set() call [#2280965] => 109 comments, 24 IRC mentions

10:19 alexpott
https://docs.google.com/document/d/1wBSwpCa0tm_CKAV1_R0xTAdKZSsVSUc2fQuS...

10:21 dawehner https://www.drupal.org/node/2503963
10:21 Druplicon https://www.drupal.org/node/2503963 => XSS in Quick Edit: entity title is not safely encoded [#2503963] => 27 comments, 3 IRC mentions

10:23 WimLeers dawehner: catch: alexpott: https://www.drupal.org/node/2547127#comment-10194525
10:23 Druplicon https://www.drupal.org/node/2547127 => [regression] Empty messages container appearing when a Notice occurs [#2547127] => 19 comments, 4 IRC mentions

10:37 alexpott https://www.drupal.org/node/2527360
10:37 Druplicon https://www.drupal.org/node/2527360 => Review all usages of Xss::filter(), Xss::filterAdmin(), SafeMarkup::checkPlain() and SafeMarkup::escape() [#2527360] => 0 comments, 2 IRC mentions

10:38 alexpott https://www.drupal.org/node/2546232
10:38 Druplicon https://www.drupal.org/node/2546232 => Remove SafeMarkup::checkPlain() from UrlHelper [
#2546232] => 3 comments, 1 IRC mention

10:40 dawehner https://www.drupal.org/node/2540416
10:40 Druplicon https://www.drupal.org/node/2540416 => Decide whether we need hook_upgrade_N()/upgrade.php front controller [#2540416] => 43 comments, 12 IRC mentions

10:55 webchick https://www.drupal.org/node/2542748
10:55 Druplicon https://www.drupal.org/node/2542748 => Automatic entity updates are not safe to run on update.php by default [#2542748] => 60 comments, 15 IRC mentions

10:58 alexpott https://www.drupal.org/node/2544932
10:58 dawehner https://www.drupal.org/node/2497243
10:58 Druplicon https://www.drupal.org/node/2544932 => Do not rely on loading php from shared file system [#2544932] => 6 comments, 2 IRC mentions
10:58 Druplicon https://www.drupal.org/node/2497243 => Rebuilding service container results in endless stampede [#2497243] => 208 comments, 48 IRC mentions

11:02 webchick Ok. Time to pass out. ;)

Thanks to @alexpott for the video and log.

Categories: Planet Drupal

Drupal 8 core updates for August 5th, 2015

August 5, 2015 at 2:45pm
What's new with Drupal 8?

Since the last Drupal 8 Core Update, 8.0.0-beta13 and 8.0.0-beta14 were released, work started on the Drupal 8 User guide, Code Drop and PreviousNext merged, and Holly Ross gave a summary of the latest Drupal Association board meeting.

Some other highlights of the month were:

How can I help get Drupal 8 finished?

See Help get Drupal 8 released! for updated information on the current state of the software and more information on how you can help.

We're also looking for more contributors to help compile these posts. Contact mparker17 if you'd like to help!

Drupal 8 In Real Life
  • Drupalaton 2015 - The Hungarian Drupal community meet will happen between 6-9 Aug 2015 at Lake Balaton in Hungary. The event will have great sessions, sprints, fun-filled beach sports and many more. Dont miss your chance to join the fun. Their schedule include sessions like:

    • Forms and Validation in Symfony2 by Márk Kiss
    • Build a Drupal 8 site with cutting-edge frontend technologies by Gergely Pap, Tamás Barna
    • Storing data with Drupal 8 by Károly Négyesi

    ... and many more

  • Drupal 8 Ready - Australian Seminar Series is going to be held on 6th Aug 2015 across all major cities in Australia. The seminars will provide a high level overview of the changes coming in Drupal 8, specific considerations for different types of users, and approaches for adopting the new CMS. The talk will be relevant to developers, content editors and decision makers alike, and we’ll finish the session with an in-depth Q&A. Feel free to check the venue details of your city and join here.
  • The Seacoast Drupal User Group meetup is on 6th Aug 2015 from 18:00 to 20:00 at Portsmouth, NH.
  • The Berlin Drupal User group meetup is going to be held on 6th Aug 2015 from 19:30 at betahaus. The topic is "Scaffolding with DrupalConsole".
  • The DrupalCamp Wisconsin Hackathon will be on 7th Aug 2015 from 12:00 to 17:00 at NuCivic office in Madison, WI
  • Drupal Rush in Sprints will be held on 8th Aug 2015 from 10:30 to 16:00 at Srijan office in Delhi, India.
  • CADUG Advanced Drupal Meet Up will be held on 11th Aug 2015 from 19:00 to 21:00 at Lake Street Suite 301, Chicago, IL. The event consists of few lightning talks (including one on the Demo Framework for Drupal 8), advanced Drupal discussions and many more.
Whew! That's a wrap!

Do you follow Drupal Planet with devotion, or keep a close eye on the Drupal event calendar, or git pull origin 8.0.x every morning without fail before your coffee? We're looking for more contributors to help compile these posts. You could either take a few hours once every six weeks or so to put together a whole post, or help with one section more regularly. If you'd like to volunteer for helping to draft these posts, please follow the steps here!

Categories: Planet Drupal

No Drupal 6 or Drupal 7 core release on Wednesday, August 5

August 3, 2015 at 2:59pm

The monthly Drupal core bug fix/feature release window is scheduled for this Wednesday. However, there have not been enough changes to the development version since the last bug fix/feature release to warrant a new release, so there will be no Drupal core release on that date. A Drupal 7 bug fix/feature release during the September window is likely instead.

Upcoming release windows include:

  • Wednesday, August 19 (security release window)
  • Wednesday, September 2 (bug fix/feature release window)

For more information on Drupal core release windows, see the documentation on release timing and security releases, and the discussion that led to this policy being implemented.

Categories: Planet Drupal

Recording from July 31st 2015 Drupal 8 critical issues discussion

July 31, 2015 at 10:29am

We met again today to discuss critical issues blocking Drupal 8's release (candidate). (See all prior recordings). Here is the recording of the meeting video and chat from today in the hope that it helps more than just those who were on the meeting:

If you also have significant time to work on critical issues in Drupal 8 and we did not include you, let me know as soon as possible.

The meeting log is as follows (all times are CEST real time at the meeting):


[11:03am] jibran: I think it is sorted by name
[11:03am] jibran: the order in the hangout
[11:03am] WimLeers: y
[11:07am] jibran: We have to look at google hangout code base for that.
[11:08am] WimLeers: https://www.drupal.org/node/2499157#comment-10172426
[11:08am] Druplicon: https://www.drupal.org/node/2499157 => [meta] Auto-placeholdering [#2499157] => 5 comments, 4 IRC mentions
[11:11am] WimLeers: amateescu's issue link: https://www.drupal.org/node/2336627#comment-10160850
[11:11am] Druplicon: https://www.drupal.org/node/2336627 => Deadlock on cache_config (DatabaseBackend::setMultiple()) [#2336627] => 39 comments, 24 IRC mentions
[11:12am] WimLeers: plach: yay for vacation :D
[11:12am] GaborHojtsy: VACATIOOOOOON!
[11:12am] GaborHojtsy: sometime, sometime :)
[11:12am] alexpott: https://www.drupal.org/node/2542762 is the nearly ready issue
[11:12am] Druplicon: https://www.drupal.org/node/2542762 => hook_entity_type_update doesn't get the entity in the new revision after addTranslation and setNewRevision [#2542762] => 11 comments, 4 IRC mentions
[11:13am] alexpott: https://www.drupal.org/node/2542748 is the gnarly update issue
[11:13am] Druplicon: https://www.drupal.org/node/2542748 => Automatic entity updates are not safe to run on update.php by default [#2542748] => 21 comments, 7 IRC mentions
[11:15am] plach: WimLeers: :)
[11:15am] WimLeers: alexpott: yay :)
[11:15am] dawehner: https://www.drupal.org/node/2540416
[11:15am] Druplicon: https://www.drupal.org/node/2540416 => Decide whether we need hook_upgrade_N()/upgrade.php front controller [#2540416] => 27 comments, 4 IRC mentions
[11:16am] WimLeers: dawehner: cache tables are auto-created
[11:16am] naveenvalecha|af left the chat room. (Read error: Connection reset by peer)
[11:16am] WimLeers: but yeah, router table etc… #sadpanda
[11:19am] WimLeers: The issue that originally turned it from a separate PHP file into a route + controller: https://www.drupal.org/node/2250119
[11:19am] Druplicon: https://www.drupal.org/node/2250119 => Run updates in a full environment [#2250119] => 21 comments, 1 IRC mention
[11:34am] WimLeers: plach: ROFL
[11:34am] WimLeers: plach++
[11:43am] WimLeers: "a foam of circles" lol
[11:48am] alexpott: https://www.drupal.org/node/2542748
[11:48am] Druplicon: https://www.drupal.org/node/2542748 => Automatic entity updates are not safe to run on update.php by default [#2542748] => 21 comments, 8 IRC mentions
[11:55am] dawehner: WimLeers: well but those tables aren't auto fixed
[11:56am] dawehner: WimLeers: so just imagine what happens if you need to change the cache_ tables
[12:00pm] WimLeers: dawehner: ohhh!
[12:02pm] WimLeers: plach: is that the church bells in Venice that I'm hearing?
[12:03pm] WimLeers: dawehner: lol
[12:03pm] WimLeers: :)
[12:05pm] plach: WimLeers: yeah, sorry :)
[12:05pm] WimLeers: plach: made me feel like I was on vacation, ever so briefly
[12:05pm] WimLeers: :D
[12:05pm] plach: :)
[12:23pm] dawehner: alexpott: are the issues the new thing or the solutions ;)
[12:24pm] alexpott: dawehner: well we have better ideas

Categories: Planet Drupal

Drupal 8 core updates for July 27th, 2015

July 27, 2015 at 8:26pm

Since the last Drupal 8 core update, the API module maintainers started looking for co-maintainers, and Two-Factor Authentication was rolled out to anyone with the Community role on Drupal.org (among other improvements).

What's new with Drupal 8?

Drupal 8's minimum PHP version increased to 5.5.9, and minimum PostgreSQL version increased to 9.1.2. Also, tim-e handed off co-maintainership of the Contact module to Jibran Ijaz and Andrey Postnikov; and Frando stopped being a maintainer of the Entity, Form, and Render systems — special thanks to both tim-e and Frand for their amazing contributions!

Some other highlights of the month were:

How can I help get Drupal 8 finished?

See Help get Drupal 8 released! for updated information on the current state of the software and more information on how you can help.

We're also looking for more contributors to help compile these posts. Contact mparker17 if you'd like to help!

Drupal 8 In Real Life Whew! That's a wrap!

Do you follow Drupal Planet with devotion, or keep a close eye on the Drupal event calendar, or git pull origin 8.0.x every morning without fail before your coffee? We're looking for more contributors to help compile these posts. You could either take a few hours once every six weeks or so to put together a whole post, or help with one section more regularly. If you'd like to volunteer for helping to draft these posts, please follow the steps here!

Categories: Planet Drupal

Recording from July 24th 2015 Drupal 8 critical issues discussion

July 27, 2015 at 9:53am

This was our 9th critical issues discussion meeting to be publicly recorded in a row. (See all prior recordings). Here is the recording of the meeting video and chat from Friday in the hope that it helps more than just those who were on the meeting:

If you also have significant time to work on critical issues in Drupal 8 and we did not include you, let me know as soon as possible.

The meeting log is as follows (all times are GMT real time at the meeting):


10:08 WimLeers
https://www.drupal.org/project/issues/search/drupal?project_issue_followers=&status[0]=1&status[1]=13&status[2]=8&status[3]=14&status[4]=15&status[5]=4&priorities[0]=400&version[0]=8.x&issue_tags_op=%3D&issue_tags=D8%20cacheability

10:08 WimLeers
https://www.drupal.org/project/issues/search/drupal?project_issue_follow...

10:08 WimLeers
https://www.drupal.org/node/2524082
10:09 Druplicon
https://www.drupal.org/node/2524082 => Config overrides should provide cacheability metadata [
#2524082]
=> 147 comments, 39 IRC mentions

10:09 WimLeers
https://www.drupal.org/node/2429617
10:09 Druplicon
https://www.drupal.org/node/2429617 => [PP-1] Make D8 2x as fast: SmartCache: context-dependent page caching (for *all* users!) [
#2429617]
=> 226 comments, 21 IRC mentions

10:10 WimLeers
https://www.drupal.org/node/2499157
10:10 Druplicon
https://www.drupal.org/node/2499157 => Auto-placeholdering [
#2499157]
=> 2 comments, 3 IRC mentions

10:14 pfrenssen
https://www.drupal.org/node/2524082
10:14 Druplicon
https://www.drupal.org/node/2524082 => Config overrides should provide cacheability metadata [
#2524082]
=> 147 comments, 40 IRC mentions

10:14 pfrenssen
https://www.drupal.org/node/2525910
10:14 Druplicon
https://www.drupal.org/node/2525910 => Ensure token replacements have cacheability + attachments metadata and that it is bubbled in any case [
#2525910]
=> 176 comments, 29 IRC mentions

10:18 alexpott
http://drupal.org/node/2538228
10:18 Druplicon
http://drupal.org/node/2538228 => Config save dispatches an event - may conflict with config structure changes in updates [
#2538228]
=> 6 comments, 1 IRC mention

10:20 alexpott
https://www.drupal.org/node/2538514
10:20 Druplicon
https://www.drupal.org/node/2538514 => Remove argument support from TranslationWrapper [
#2538514]
=> 12 comments, 4 IRC mentions

10:25 WimLeers
lauriii: welcome!
10:29 lauriii
WimLeers: little late because I'm in a sprint and was helping people ;<

10:45 alexpott
The upgrade path we're talking about http://drupal.org/node/2528178
10:45 Druplicon
http://drupal.org/node/2528178 => Provide an upgrade path for #2354889 (block context manager) [#2528178]
=> 143 comments, 1 IRC mention

10:52 alexpott
https://www.drupal.org/node/2538514
10:52 Druplicon
https://www.drupal.org/node/2538514 => Remove argument support from TranslationWrapper [#2538514]
=> 12 comments, 5 IRC mentions

10:52 WimLeers
dawehner++

11:02 dawehner
core/modules/views/src/Plugin/Derivative/ViewsEntityRow.php:100
11:02 catch
\Drupal\block\Plugin\Derivative\ThemeLocalTask also.

11:19 alexpott
berdir: is talking about http://drupal.org/node/2513094

11:19 Druplicon
http://drupal.org/node/2513094 => ContentEntityBase::getTranslatedField and ContentEntityBase::__clone break field reference to parent entity [
#2513094]
=> 36 comments, 1 IRC mention

Categories: Planet Drupal

Recording from July 17th 2015 Drupal 8 critical issues discussion

July 17, 2015 at 1:18pm

This was our 8th critical issues discussion meeting to be publicly recorded in a row. (See all prior recordings). Here is the recording of the meeting video and chat from today in the hope that it helps more than just those who were on the meeting:

If you also have significant time to work on critical issues in Drupal 8 and we did not include you, let me know as soon as possible.

The meeting log is as follows (all times are CEST real time at the meeting):


[11:11am] jibran: https://www.drupal.org/node/2525910
[11:11am] Druplicon: https://www.drupal.org/node/2525910 => Ensure token replacements have cacheability + attachments metadata and that it is bubbled in any case [#2525910] => 149 comments, 22 IRC mentions
[11:12am] alexpott: https://www.drupal.org/node/2525910, https://www.drupal.org/node/2493911 is the issue dawehner is talking about
[11:12am] Druplicon: https://www.drupal.org/node/2525910 => Ensure token replacements have cacheability + attachments metadata and that it is bubbled in any case [#2525910] => 149 comments, 23 IRC mentions
[11:12am] Druplicon: https://www.drupal.org/node/2493911 => Update guzzle, goutte and mink-goutte-driver to the latest release [#2493911] => 140 comments, 6 IRC mentions
[11:13am] dawehner: GaborHojtsy++
[11:13am] dawehner: GaborHojtsy++
[11:13am] alexpott: https://www.drupal.org/node/2524082 is the config overrides https://www.drupal.org/node/2524082
[11:13am] Druplicon: https://www.drupal.org/node/2524082 => Config overrides should provide cacheability metadata [#2524082] => 110 comments, 32 IRC mentions
[11:13am] Druplicon: https://www.drupal.org/node/2524082 => Config overrides should provide cacheability metadata [#2524082] => 110 comments, 33 IRC mentions
[11:14am] GaborHojtsy: https://www.drupal.org/node/2338081
[11:14am] Druplicon: https://www.drupal.org/node/2338081 => Local Tasks, Actions, and Contextual links should use a TranslationWrapper to encapsulate safe translatable strings from YAML files [#2338081] => 62 comments, 16 IRC mentions
[11:14am] jibran: https://www.drupal.org/node/2493911
[11:14am] Druplicon: https://www.drupal.org/node/2493911 => Update guzzle, goutte and mink-goutte-driver to the latest release [#2493911] => 140 comments, 7 IRC mentions
[11:15am] WimLeers: https://www.drupal.org/node/2525910
[11:15am] Druplicon: https://www.drupal.org/node/2525910 => Ensure token replacements have cacheability + attachments metadata and that it is bubbled in any case [#2525910] => 149 comments, 24 IRC mentions
[11:15am] WimLeers: https://www.drupal.org/node/2532490
[11:15am] Druplicon: https://www.drupal.org/node/2532490 => Unrouted URLs break toolbar but are hidden by caching [#2532490] => 31 comments, 8 IRC mentions
[11:17am] WimLeers: https://www.drupal.org/node/507488?page=1#comment-10127746
[11:17am] Druplicon: https://www.drupal.org/node/507488 => Convert page elements (local tasks, actions) into blocks [#507488] => 280 comments, 57 IRC mentions
[11:22am] WimLeers: plach's issue: https://www.drupal.org/node/2351015
[11:22am] Druplicon: https://www.drupal.org/node/2351015 => URL generation does not bubble cache contexts [#2351015] => 300 comments, 57 IRC mentions
[11:23am] Fabianx-screen: https://drupalreleasedate.com/ shows 997 majors and 376 added in the last year.
[11:24am] jibran: https://www.drupal.org/node/2504141
[11:24am] Druplicon: https://www.drupal.org/node/2504141 => Information disclosure/open redirect vulnerability via blocks that contain a form [#2504141] => 66 comments, 12 IRC mentions
[11:28am] dawehner: https://github.com/guzzle/guzzle/issues/1166
[11:29am] dawehner: https://www.drupal.org/node/2493911
[11:29am] jibran: https://www.drupal.org/node/2493911#comment-10124104
[11:29am] Druplicon: https://www.drupal.org/node/2493911 => Update guzzle, goutte and mink-goutte-driver to the latest release [#2493911] => 140 comments, 8 IRC mentions
[11:29am] Druplicon: https://www.drupal.org/node/2493911 => Update guzzle, goutte and mink-goutte-driver to the latest release [#2493911] => 140 comments, 9 IRC mentions
[11:37am] dawehner: https://www.drupal.org/node/2528178
[11:37am] Druplicon: https://www.drupal.org/node/2528178 => Provide an upgrade path for #2354889 (block context manager) [#2528178] => 45 comments, 9 IRC mentions
[11:38am] dawehner: https://www.drupal.org/node/2528178#comment-10123746
[11:38am] Druplicon: https://www.drupal.org/node/2528178 => Provide an upgrade path for #2354889 (block context manager) [#2528178] => 45 comments, 10 IRC mentions
[11:43am] jibran: https://www.drupal.org/node/2464427#comment-10127680
[11:43am] Druplicon: https://www.drupal.org/node/2464427 => Replace CacheablePluginInterface with CacheableDependencyInterface [#2464427] => 94 comments, 9 IRC mentions
[12:14pm] dawehner: https://www.drupal.org/node/2338081
[12:14pm] Druplicon: https://www.drupal.org/node/2338081 => Local Tasks, Actions, and Contextual links should use a TranslationWrapper to encapsulate safe translatable strings from YAML files [#2338081] => 62 comments, 17 IRC mentions

Categories: Planet Drupal

Drupal 8 beta 13 on Wednesday, July 22, 2015

July 13, 2015 at 6:07pm
Start:  2015-07-22 00:00 - 23:30 UTC Online meeting (eg. IRC meeting) Organizers:  xjm catch

The next beta release for Drupal 8 will be beta 13! (Read more about beta releases.) The beta is scheduled for Wednesday, July 22, 2015.

To ensure a reliable release window for the beta, there will be a Drupal 8 commit freeze from 00:00 to 23:30 UTC on July 22.

Categories: Planet Drupal

Drupal core security release window on Wednesday, July 15

July 10, 2015 at 11:56pm
Start:  2015-07-15 (All day) America/New_York Online meeting (eg. IRC meeting) Organizers:  David_Rothstein

The monthly security release window for Drupal 6 and Drupal 7 core will take place on Wednesday, July 15.

This does not mean that a Drupal core security release will necessarily take place on that date for either the Drupal 6 or Drupal 7 branches, only that you should prepare to look out for one (and be ready to update your Drupal sites in the event that the Drupal security team decides to make a release).

There will be no bug fix/feature release on this date; the next window for a Drupal core bug fix/feature release is Wednesday, August 5.

For more information on Drupal core release windows, see the documentation on release timing and security releases, and the discussion that led to this policy being implemented.

Categories: Planet Drupal

Pages