Subscribe to Drupal core announcements feed
Core announcement
Updated: 9 min 42 sec ago

Recording from July 31st 2015 Drupal 8 critical issues discussion

July 31, 2015 at 10:29am

We met again today to discuss critical issues blocking Drupal 8's release (candidate). (See all prior recordings). Here is the recording of the meeting video and chat from today in the hope that it helps more than just those who were on the meeting:

If you also have significant time to work on critical issues in Drupal 8 and we did not include you, let me know as soon as possible.

The meeting log is as follows (all times are CEST real time at the meeting):


[11:03am] jibran: I think it is sorted by name
[11:03am] jibran: the order in the hangout
[11:03am] WimLeers: y
[11:07am] jibran: We have to look at google hangout code base for that.
[11:08am] WimLeers: https://www.drupal.org/node/2499157#comment-10172426
[11:08am] Druplicon: https://www.drupal.org/node/2499157 => [meta] Auto-placeholdering [#2499157] => 5 comments, 4 IRC mentions
[11:11am] WimLeers: amateescu's issue link: https://www.drupal.org/node/2336627#comment-10160850
[11:11am] Druplicon: https://www.drupal.org/node/2336627 => Deadlock on cache_config (DatabaseBackend::setMultiple()) [#2336627] => 39 comments, 24 IRC mentions
[11:12am] WimLeers: plach: yay for vacation :D
[11:12am] GaborHojtsy: VACATIOOOOOON!
[11:12am] GaborHojtsy: sometime, sometime :)
[11:12am] alexpott: https://www.drupal.org/node/2542762 is the nearly ready issue
[11:12am] Druplicon: https://www.drupal.org/node/2542762 => hook_entity_type_update doesn't get the entity in the new revision after addTranslation and setNewRevision [#2542762] => 11 comments, 4 IRC mentions
[11:13am] alexpott: https://www.drupal.org/node/2542748 is the gnarly update issue
[11:13am] Druplicon: https://www.drupal.org/node/2542748 => Automatic entity updates are not safe to run on update.php by default [#2542748] => 21 comments, 7 IRC mentions
[11:15am] plach: WimLeers: :)
[11:15am] WimLeers: alexpott: yay :)
[11:15am] dawehner: https://www.drupal.org/node/2540416
[11:15am] Druplicon: https://www.drupal.org/node/2540416 => Decide whether we need hook_upgrade_N()/upgrade.php front controller [#2540416] => 27 comments, 4 IRC mentions
[11:16am] WimLeers: dawehner: cache tables are auto-created
[11:16am] naveenvalecha|af left the chat room. (Read error: Connection reset by peer)
[11:16am] WimLeers: but yeah, router table etc… #sadpanda
[11:19am] WimLeers: The issue that originally turned it from a separate PHP file into a route + controller: https://www.drupal.org/node/2250119
[11:19am] Druplicon: https://www.drupal.org/node/2250119 => Run updates in a full environment [#2250119] => 21 comments, 1 IRC mention
[11:34am] WimLeers: plach: ROFL
[11:34am] WimLeers: plach++
[11:43am] WimLeers: "a foam of circles" lol
[11:48am] alexpott: https://www.drupal.org/node/2542748
[11:48am] Druplicon: https://www.drupal.org/node/2542748 => Automatic entity updates are not safe to run on update.php by default [#2542748] => 21 comments, 8 IRC mentions
[11:55am] dawehner: WimLeers: well but those tables aren't auto fixed
[11:56am] dawehner: WimLeers: so just imagine what happens if you need to change the cache_ tables
[12:00pm] WimLeers: dawehner: ohhh!
[12:02pm] WimLeers: plach: is that the church bells in Venice that I'm hearing?
[12:03pm] WimLeers: dawehner: lol
[12:03pm] WimLeers: :)
[12:05pm] plach: WimLeers: yeah, sorry :)
[12:05pm] WimLeers: plach: made me feel like I was on vacation, ever so briefly
[12:05pm] WimLeers: :D
[12:05pm] plach: :)
[12:23pm] dawehner: alexpott: are the issues the new thing or the solutions ;)
[12:24pm] alexpott: dawehner: well we have better ideas

Categories: Planet Drupal

Drupal 8 core updates for July 27th, 2015

July 27, 2015 at 8:26pm

Since the last Drupal 8 core update, the API module maintainers started looking for co-maintainers, and Two-Factor Authentication was rolled out to anyone with the Community role on Drupal.org (among other improvements).

What's new with Drupal 8?

Drupal 8's minimum PHP version increased to 5.5.9, and minimum PostgreSQL version increased to 9.1.2. Also, tim-e handed off co-maintainership of the Contact module to Jibran Ijaz and Andrey Postnikov; and Frando stopped being a maintainer of the Entity, Form, and Render systems — special thanks to both tim-e and Frand for their amazing contributions!

Some other highlights of the month were:

How can I help get Drupal 8 finished?

See Help get Drupal 8 released! for updated information on the current state of the software and more information on how you can help.

We're also looking for more contributors to help compile these posts. Contact mparker17 if you'd like to help!

Drupal 8 In Real Life Whew! That's a wrap!

Do you follow Drupal Planet with devotion, or keep a close eye on the Drupal event calendar, or git pull origin 8.0.x every morning without fail before your coffee? We're looking for more contributors to help compile these posts. You could either take a few hours once every six weeks or so to put together a whole post, or help with one section more regularly. If you'd like to volunteer for helping to draft these posts, please follow the steps here!

Categories: Planet Drupal

Recording from July 24th 2015 Drupal 8 critical issues discussion

July 27, 2015 at 9:53am

This was our 9th critical issues discussion meeting to be publicly recorded in a row. (See all prior recordings). Here is the recording of the meeting video and chat from Friday in the hope that it helps more than just those who were on the meeting:

If you also have significant time to work on critical issues in Drupal 8 and we did not include you, let me know as soon as possible.

The meeting log is as follows (all times are GMT real time at the meeting):


10:08 WimLeers
https://www.drupal.org/project/issues/search/drupal?project_issue_followers=&status[0]=1&status[1]=13&status[2]=8&status[3]=14&status[4]=15&status[5]=4&priorities[0]=400&version[0]=8.x&issue_tags_op=%3D&issue_tags=D8%20cacheability

10:08 WimLeers
https://www.drupal.org/project/issues/search/drupal?project_issue_follow...

10:08 WimLeers
https://www.drupal.org/node/2524082
10:09 Druplicon
https://www.drupal.org/node/2524082 => Config overrides should provide cacheability metadata [
#2524082]
=> 147 comments, 39 IRC mentions

10:09 WimLeers
https://www.drupal.org/node/2429617
10:09 Druplicon
https://www.drupal.org/node/2429617 => [PP-1] Make D8 2x as fast: SmartCache: context-dependent page caching (for *all* users!) [
#2429617]
=> 226 comments, 21 IRC mentions

10:10 WimLeers
https://www.drupal.org/node/2499157
10:10 Druplicon
https://www.drupal.org/node/2499157 => Auto-placeholdering [
#2499157]
=> 2 comments, 3 IRC mentions

10:14 pfrenssen
https://www.drupal.org/node/2524082
10:14 Druplicon
https://www.drupal.org/node/2524082 => Config overrides should provide cacheability metadata [
#2524082]
=> 147 comments, 40 IRC mentions

10:14 pfrenssen
https://www.drupal.org/node/2525910
10:14 Druplicon
https://www.drupal.org/node/2525910 => Ensure token replacements have cacheability + attachments metadata and that it is bubbled in any case [
#2525910]
=> 176 comments, 29 IRC mentions

10:18 alexpott
http://drupal.org/node/2538228
10:18 Druplicon
http://drupal.org/node/2538228 => Config save dispatches an event - may conflict with config structure changes in updates [
#2538228]
=> 6 comments, 1 IRC mention

10:20 alexpott
https://www.drupal.org/node/2538514
10:20 Druplicon
https://www.drupal.org/node/2538514 => Remove argument support from TranslationWrapper [
#2538514]
=> 12 comments, 4 IRC mentions

10:25 WimLeers
lauriii: welcome!
10:29 lauriii
WimLeers: little late because I'm in a sprint and was helping people ;<

10:45 alexpott
The upgrade path we're talking about http://drupal.org/node/2528178
10:45 Druplicon
http://drupal.org/node/2528178 => Provide an upgrade path for #2354889 (block context manager) [#2528178]
=> 143 comments, 1 IRC mention

10:52 alexpott
https://www.drupal.org/node/2538514
10:52 Druplicon
https://www.drupal.org/node/2538514 => Remove argument support from TranslationWrapper [#2538514]
=> 12 comments, 5 IRC mentions

10:52 WimLeers
dawehner++

11:02 dawehner
core/modules/views/src/Plugin/Derivative/ViewsEntityRow.php:100
11:02 catch
\Drupal\block\Plugin\Derivative\ThemeLocalTask also.

11:19 alexpott
berdir: is talking about http://drupal.org/node/2513094

11:19 Druplicon
http://drupal.org/node/2513094 => ContentEntityBase::getTranslatedField and ContentEntityBase::__clone break field reference to parent entity [
#2513094]
=> 36 comments, 1 IRC mention

Categories: Planet Drupal

Recording from July 17th 2015 Drupal 8 critical issues discussion

July 17, 2015 at 1:18pm

This was our 8th critical issues discussion meeting to be publicly recorded in a row. (See all prior recordings). Here is the recording of the meeting video and chat from today in the hope that it helps more than just those who were on the meeting:

If you also have significant time to work on critical issues in Drupal 8 and we did not include you, let me know as soon as possible.

The meeting log is as follows (all times are CEST real time at the meeting):


[11:11am] jibran: https://www.drupal.org/node/2525910
[11:11am] Druplicon: https://www.drupal.org/node/2525910 => Ensure token replacements have cacheability + attachments metadata and that it is bubbled in any case [#2525910] => 149 comments, 22 IRC mentions
[11:12am] alexpott: https://www.drupal.org/node/2525910, https://www.drupal.org/node/2493911 is the issue dawehner is talking about
[11:12am] Druplicon: https://www.drupal.org/node/2525910 => Ensure token replacements have cacheability + attachments metadata and that it is bubbled in any case [#2525910] => 149 comments, 23 IRC mentions
[11:12am] Druplicon: https://www.drupal.org/node/2493911 => Update guzzle, goutte and mink-goutte-driver to the latest release [#2493911] => 140 comments, 6 IRC mentions
[11:13am] dawehner: GaborHojtsy++
[11:13am] dawehner: GaborHojtsy++
[11:13am] alexpott: https://www.drupal.org/node/2524082 is the config overrides https://www.drupal.org/node/2524082
[11:13am] Druplicon: https://www.drupal.org/node/2524082 => Config overrides should provide cacheability metadata [#2524082] => 110 comments, 32 IRC mentions
[11:13am] Druplicon: https://www.drupal.org/node/2524082 => Config overrides should provide cacheability metadata [#2524082] => 110 comments, 33 IRC mentions
[11:14am] GaborHojtsy: https://www.drupal.org/node/2338081
[11:14am] Druplicon: https://www.drupal.org/node/2338081 => Local Tasks, Actions, and Contextual links should use a TranslationWrapper to encapsulate safe translatable strings from YAML files [#2338081] => 62 comments, 16 IRC mentions
[11:14am] jibran: https://www.drupal.org/node/2493911
[11:14am] Druplicon: https://www.drupal.org/node/2493911 => Update guzzle, goutte and mink-goutte-driver to the latest release [#2493911] => 140 comments, 7 IRC mentions
[11:15am] WimLeers: https://www.drupal.org/node/2525910
[11:15am] Druplicon: https://www.drupal.org/node/2525910 => Ensure token replacements have cacheability + attachments metadata and that it is bubbled in any case [#2525910] => 149 comments, 24 IRC mentions
[11:15am] WimLeers: https://www.drupal.org/node/2532490
[11:15am] Druplicon: https://www.drupal.org/node/2532490 => Unrouted URLs break toolbar but are hidden by caching [#2532490] => 31 comments, 8 IRC mentions
[11:17am] WimLeers: https://www.drupal.org/node/507488?page=1#comment-10127746
[11:17am] Druplicon: https://www.drupal.org/node/507488 => Convert page elements (local tasks, actions) into blocks [#507488] => 280 comments, 57 IRC mentions
[11:22am] WimLeers: plach's issue: https://www.drupal.org/node/2351015
[11:22am] Druplicon: https://www.drupal.org/node/2351015 => URL generation does not bubble cache contexts [#2351015] => 300 comments, 57 IRC mentions
[11:23am] Fabianx-screen: https://drupalreleasedate.com/ shows 997 majors and 376 added in the last year.
[11:24am] jibran: https://www.drupal.org/node/2504141
[11:24am] Druplicon: https://www.drupal.org/node/2504141 => Information disclosure/open redirect vulnerability via blocks that contain a form [#2504141] => 66 comments, 12 IRC mentions
[11:28am] dawehner: https://github.com/guzzle/guzzle/issues/1166
[11:29am] dawehner: https://www.drupal.org/node/2493911
[11:29am] jibran: https://www.drupal.org/node/2493911#comment-10124104
[11:29am] Druplicon: https://www.drupal.org/node/2493911 => Update guzzle, goutte and mink-goutte-driver to the latest release [#2493911] => 140 comments, 8 IRC mentions
[11:29am] Druplicon: https://www.drupal.org/node/2493911 => Update guzzle, goutte and mink-goutte-driver to the latest release [#2493911] => 140 comments, 9 IRC mentions
[11:37am] dawehner: https://www.drupal.org/node/2528178
[11:37am] Druplicon: https://www.drupal.org/node/2528178 => Provide an upgrade path for #2354889 (block context manager) [#2528178] => 45 comments, 9 IRC mentions
[11:38am] dawehner: https://www.drupal.org/node/2528178#comment-10123746
[11:38am] Druplicon: https://www.drupal.org/node/2528178 => Provide an upgrade path for #2354889 (block context manager) [#2528178] => 45 comments, 10 IRC mentions
[11:43am] jibran: https://www.drupal.org/node/2464427#comment-10127680
[11:43am] Druplicon: https://www.drupal.org/node/2464427 => Replace CacheablePluginInterface with CacheableDependencyInterface [#2464427] => 94 comments, 9 IRC mentions
[12:14pm] dawehner: https://www.drupal.org/node/2338081
[12:14pm] Druplicon: https://www.drupal.org/node/2338081 => Local Tasks, Actions, and Contextual links should use a TranslationWrapper to encapsulate safe translatable strings from YAML files [#2338081] => 62 comments, 17 IRC mentions

Categories: Planet Drupal

Drupal 8 beta 13 on Wednesday, July 22, 2015

July 13, 2015 at 6:07pm
Start:  2015-07-22 00:00 - 23:30 UTC Online meeting (eg. IRC meeting) Organizers:  xjm catch

The next beta release for Drupal 8 will be beta 13! (Read more about beta releases.) The beta is scheduled for Wednesday, July 22, 2015.

To ensure a reliable release window for the beta, there will be a Drupal 8 commit freeze from 00:00 to 23:30 UTC on July 22.

Categories: Planet Drupal

Drupal core security release window on Wednesday, July 15

July 10, 2015 at 11:56pm
Start:  2015-07-15 (All day) America/New_York Online meeting (eg. IRC meeting) Organizers:  David_Rothstein

The monthly security release window for Drupal 6 and Drupal 7 core will take place on Wednesday, July 15.

This does not mean that a Drupal core security release will necessarily take place on that date for either the Drupal 6 or Drupal 7 branches, only that you should prepare to look out for one (and be ready to update your Drupal sites in the event that the Drupal security team decides to make a release).

There will be no bug fix/feature release on this date; the next window for a Drupal core bug fix/feature release is Wednesday, August 5.

For more information on Drupal core release windows, see the documentation on release timing and security releases, and the discussion that led to this policy being implemented.

Categories: Planet Drupal

Recording from July 10th 2015 Drupal 8 critical issues discussion

July 10, 2015 at 10:10am

This was our 7th critical issues discussion meeting to be publicly recorded in a row. (See all prior recordings). Here is the recording of the meeting video and chat from today in the hope that it helps more than just those who were on the meeting:

If you also have significant time to work on critical issues in Drupal 8 and we did not include you, let me know as soon as possible.

The meeting log is as follows (all times are CEST real time at the meeting):


[11:21am] berdir: pfrenssen: that's one scary profile picture ;)
[11:22am] pfrenssen: haha it zooms in nicely :D
[11:23am] jibran: berdir: yay! https://bugs.php.net/bug.php?id=69996&edit=1 got fixed.
[11:26am] jibran: https://www.drupal.org/project/issues/search/drupal?status[0]=1&status[1]=13&status[2]=8&status[3]=14&status[4]=4&priorities[0]=400&categories[0]=1&categories[1]=2&categories[2]=5&version[0]=8.x
[11:27am] jibran: https://www.drupal.org/node/2497243
[11:27am] Druplicon: https://www.drupal.org/node/2497243 => Rebuilding service container results in endless stampede [#2497243] => 139 comments, 34 IRC mentions
[11:27am] GaborHojtsy: jibran: that’s the one that Fabianx-screen is talking about, right? :)
[11:29am] Fabianx-screen: Issues I talked about:
[11:29am] Fabianx-screen: https://www.drupal.org/node/2529516
[11:29am] Druplicon: https://www.drupal.org/node/2529516 => Decouple tests from relying that $container is a container builder [#2529516] => 10 comments, 9 IRC mentions
[11:30am] jibran: https://www.drupal.org/node/2502785
[11:30am] Druplicon: https://www.drupal.org/node/2502785 => Remove support for $form_state->setCached() for GET requests [#2502785] => 119 comments, 23 IRC mentions
[11:30am] jibran: https://www.drupal.org/node/2505989
[11:30am] Druplicon: https://www.drupal.org/node/2505989 => Controllers render caching at the top level and setting a custom page title lose the title on render cache hits [#2505989] => 54 comments, 10 IRC mentions
[11:30am] pfrenssen: I can't talk
[11:30am] Fabianx-screen: https://www.drupal.org/node/2530586
[11:30am] Druplicon: https://www.drupal.org/node/2530586 => Read-Only Container is not working properly. [#2530586] => 0 comments, 4 IRC mentions
[11:30am] pfrenssen: nice construction noises :)
[11:30am] pfrenssen: https://www.drupal.org/node/2524082
[11:30am] Druplicon: https://www.drupal.org/node/2524082 => Config overrides should provide cacheability metadata [#2524082] => 82 comments, 24 IRC mentions
[11:31am] pfrenssen: That's what I am working on. Next steps are to address the last remarks.
[11:31am] pfrenssen: It's clear how to move forward.
[11:31am] GaborHojtsy: pfrenssen: :)
[11:32am] jibran: https://www.drupal.org/node/2525910
[11:32am] Druplicon: https://www.drupal.org/node/2525910 => Ensure token replacements have cacheability metadata and that it is bubbled in any case [#2525910] => 72 comments, 10 IRC mentions
[11:32am] jibran: https://bugs.php.net/bug.php?id=69996&edit=1
[11:33am] GaborHojtsy: https://www.drupal.org/node/2512718
[11:33am] Druplicon: https://www.drupal.org/node/2512718 => EntityManager::getTranslationFromContext() should add the content language cache context to the entity [#2512718] => 144 comments, 46 IRC mentions
[11:35am] GaborHojtsy: https://www.drupal.org/node/2529516
[11:35am] Druplicon: https://www.drupal.org/node/2529516 => Decouple tests from relying that $container is a container builder [#2529516] => 10 comments, 10 IRC mentions
[11:37am] jibran: https://www.drupal.org/node/2528178
[11:37am] Druplicon: https://www.drupal.org/node/2528178 => Provide an upgrade path for #2354889 (block context manager) [#2528178] => 36 comments, 7 IRC mentions
[11:40am] jibran: https://www.drupal.org/node/2454439
[11:40am] Druplicon: https://www.drupal.org/node/2454439 => [META] Support PHP 7 [#2454439] => 126 comments, 25 IRC mentions
[11:40am] berdir: jibran: http://d8php7bot.erwanderbar.de/
[11:42am] pfrenssen: yay! :D
[11:42am] GaborHojtsy: dawehner: alexpott: we are running out of topics to talk about :D any topics you wanted discussed while we are on the call?
[11:42am] GaborHojtsy: dawehner: alexpott: https://plus.google.com/hangouts/_/gspzs5s25ucfasw6puf7muif7ya
[11:43am] alexpott: GaborHojtsy: yep
[11:44am] jibran: https://www.drupal.org/node/2505989
[11:44am] Druplicon: https://www.drupal.org/node/2505989 => Controllers render caching at the top level and setting a custom page title lose the title on render cache hits [#2505989] => 54 comments, 11 IRC mentions
[11:45am] dawehner: GaborHojtsy: oh let me try to join
[11:45am] GaborHojtsy: dawehner: alexpott is discussing title filtering
[11:45am] alexpott: https://www.drupal.org/node/2530474
[11:45am] Druplicon: https://www.drupal.org/node/2530474 => Discuss whether => 0 comments, 1 IRC mention
[11:46am] • dawehner tries to join again
[11:49am] dawehner: alexpott: GaborHojtsy I can't talk probably (given the speed of the net, can kinda listen) but I think allowing is a thing, given that people wanted something like tags
[11:57am] jibran: https://www.drupal.org/node/2493911
[11:57am] Druplicon: https://www.drupal.org/node/2493911 => Update guzzle, goutte and mink-goutte-driver to the latest release [#2493911] => 76 comments, 2 IRC mentions
[11:58am] jibran: https://github.com/guzzle/guzzle/pull/1167
[11:59am] pfrenssen: yay! D:
[12:00pm] pfrenssen: 14
[12:00pm] dawehner: https://www.youtube.com/watch?v=P_yl2WuiW4g
[12:00pm] pfrenssen: have a nice weekend!

Categories: Planet Drupal

Drupal 8's minimum PHP version increased to 5.5.9

July 9, 2015 at 4:17am

Pursuant to the discussion at [policy] Require PHP 5.5, the minimum PHP version of Drupal 8 has been raised to 5.5.9, and this change will be included in the next Drupal 8 beta (8.0.0-beta13).

(PHP 5.5.9 was chosen because it is also the same minimum version as Ubuntu's LTS, which in turn influenced Symfony 3.0, Travis CI, etc.)

This is a future-proofing move which buys us a few things:

  • Some nice language features and a built-in opcode cache.
  • Compatibility with the latest versions of various external dependencies, including Guzzle 6 and the upcoming Symfony 3.0
  • Better security for our end users, since PHP 5.4 will become end of life September 15, 2015 (most likely prior to Drupal 8's release).

We looked extensively into the adoption and hosting support of PHP 5.5 prior to making this move. While there is not widespread adoption of PHP 5.5 as of today, we nevertheless found that most hosts offer the option for PHP 5.5, due to PHP's security policy.

Categories: Planet Drupal

API module seeking co-maintainer

July 8, 2015 at 10:24pm

For the past 8+ years, Neil Drumm (drumm) has been maintaining the API module, and I've been co-maintaining it for the past 3+ years. (This is the module that builds and displays the Drupal API reference site api.drupal.org). Both of us have "some" other responsibilities in the Drupal ecosystem, and we'd like to find a new co-maintainer.

The ideal person would be:
- A good PHP coder familiar with and willing to follow the Drupal project's coding standards
- Familiar with the api.drupal.org site and its features
- Familiar with the API docs standards
- Familiar with both Drupal 7 and Drupal 8 core code (or at least familiar with the kinds of code it contains and the Drupalisms that it has), since both are displayed on the site
Of course, all of these "ideals" are negotiable and/or learnable, and it could be that a few co-maintainers would be better than just one.

The next step would be for the person or people who are interested to start making patches for a few issues, and once a few of those have happened, we would consider making you an official co-maintainer. The project page has a link to documentation for how to get a local API site set up, and the module also has a robust set of tests. The code in the API module is somewhat obtuse, but I'd be happy to start anyone out with a quick tour (or help you find an issue to work on). The module runs on Drupal 7 only at this time, and this is unlikely to need to change anytime soon (it displays Drupal 8 code but runs on Drupal 7, like the other *.drupal.org sites).

So if you're interested, you can either jump in and find an API module issue to work on and make a patch, or use my contact form or IRC to contact me and discuss.

Sorry... by policy, comments on this post are disabled, since it is going into the Core group (as well as Documentation).

Categories: Planet Drupal

Drupal 8 core updates for July 7th, 2015

July 7, 2015 at 5:40pm

Since the last Drupal 8 Core Update, DrupalCon Los Angeles took place, the proposed organizational structure for the Drupal project was approved and MAINTAINERS.txt was updated to reflect this (although it still needs to be updated in the Drupal 7 branch), and the Drupal Association announced updates to their 2015 financial plan.

What's new with Drupal 8?

Drupal 8.0.0-beta11 and 8.0.0-beta12 were released, a new category for issues, plan, was added to categorize meta issues, the Drupal 8 Security bug bounty program was launched, Angie "webchick" Byron analyzed Drupal major version adoption and walked us through the new DrupalCI testing infrastructure, hook_update_N() became required for core patches that introduce data model changes, the number of outstanding criticals was reduced to a new all-time low of 15, and for a while, every single critical was RTBC or being addressed!

Some other highlights of the month were:

How can I help get Drupal 8 finished?

See Help get Drupal 8 released! for updated information on the current state of the software and more information on how you can help.

We're also looking for more contributors to help compile these posts. Contact mparker17 if you'd like to help!

Drupal 8 In Real Life Whew! That's a wrap!

Do you follow Drupal Planet with devotion, or keep a close eye on the Drupal event calendar, or git pull origin 8.0.x every morning without fail before your coffee? We're looking for more contributors to help compile these posts. You could either take a few hours once every six weeks or so to put together a whole post, or help with one section more regularly. If you'd like to volunteer for helping to draft these posts, please follow the steps here!

Categories: Planet Drupal

Recording from July 3rd 2015 Drupal 8 critical issues discussion

July 3, 2015 at 10:19am

This was our 6th critical issues discussion meeting to be publicly recorded in a row. (See all prior recordings). Here is the recording of the meeting video and chat from today in the hope that it helps more than just those who were on the meeting:

If you also have significant time to work on critical issues in Drupal 8 and we did not include you, let me know as soon as possible.

The meeting log is as follows (all times are CEST real time at the meeting):


[11:06am] alexpott: https://www.drupal.org/node/2280965
[11:06am] Druplicon: https://www.drupal.org/node/2280965 => [meta] Remove or document every SafeMarkup::set() call [#2280965] => 90 comments, 13 IRC mentions
[11:06am] alexpott: https://www.drupal.org/node/2506581
[11:06am] Druplicon: https://www.drupal.org/node/2506581 => Remove SafeMarkup::set() from Renderer::doRender [#2506581] => 49 comments, 9 IRC mentions
[11:07am] alexpott: https://www.drupal.org/node/2506195
[11:07am] Druplicon: https://www.drupal.org/node/2506195 => Remove SafeMarkup::set() from XSS::filter() [#2506195] => 40 comments, 3 IRC mentions
[11:09am] dawehner: https://www.drupal.org/node/2502785
[11:09am] Druplicon: https://www.drupal.org/node/2502785 => Remove support for #ajax['url'] and $form_state->setCached() for GET requests [#2502785] => 51 comments, 18 IRC mentions
[11:09am] Druplicon: dawehner: 5 hours 36 sec ago tell dawehner you might already be following https://www.drupal.org/node/1412090 but I figure you would be in favor.
[11:10am] alexpott: GaborHojtsy: do you what the you link is for the live hangout?
[11:11am] GaborHojtsy: live hangout page: http://youtu.be/rz_EissgU7Q
[11:11am] GaborHojtsy: alexpott: ^^^
[11:11am] GaborHojtsy: to watch that is
[11:11am] alexpott: GaborHojtsy: thanks!
[11:12am] plach: https://www.drupal.org/node/2453153
[11:12am] Druplicon: https://www.drupal.org/node/2453153 => Node revisions cannot be reverted per translation [#2453153] => 159 comments, 58 IRC mentions
[11:12am] plach: https://www.drupal.org/node/2453175
[11:12am] Druplicon: https://www.drupal.org/node/2453175 => Remove EntityFormInterface::validate() and stop using button-level validation by default in entity forms [#2453175] => 79 comments, 9 IRC mentions
[11:14am] plach: https://www.drupal.org/node/2478459
[11:14am] Druplicon: https://www.drupal.org/node/2478459 => FieldItemInterface methods are only invoked for SQL storage and are inconsistent with hooks [#2478459] => 112 comments, 29 IRC mentions
[11:14am] larowlan: https://www.drupal.org/node/2354889
[11:14am] Druplicon: https://www.drupal.org/node/2354889 => Make block context faster by removing onBlock event and replace it with loading from a BlockContextManager [#2354889] => 100 comments, 19 IRC mentions
[11:15am] larowlan: https://www.drupal.org/node/2421503
[11:16am] Druplicon: https://www.drupal.org/node/2421503 => SA-CORE-2014-002 forward port only checks internal cache [#2421503] => 46 comments, 11 IRC mentions
[11:16am] larowlan: https://www.drupal.org/node/2512460
[11:16am] Druplicon: https://www.drupal.org/node/2512460 => "Translate user edited configuration" permission needs to be marked as restricted [#2512460] => 20 comments, 8 IRC mentions
[11:17am] WimLeers: catch: pfrenssen is likely gonna be working on the "numerous paramconverters" issue
[11:17am] WimLeers: the issue catch talked about: https://www.drupal.org/node/2512718
[11:17am] Druplicon: https://www.drupal.org/node/2512718 => Numerous ParamConverters in core break the route / url cache context [#2512718] => 22 comments, 12 IRC mentions
[11:17am] catch: WimLeers: did you discuss last night's discussion with him already?
[11:18am] WimLeers: https://www.drupal.org/project/issues/search/drupal?project_issue_follow...
[11:19am] WimLeers: https://www.drupal.org/node/2450993
[11:19am] Druplicon: https://www.drupal.org/node/2450993 => Rendered Cache Metadata created during the main controller request gets lost [#2450993] => 132 comments, 27 IRC mentions
[11:20am] pfrenssen: catch: WimLeers: yes I'm working on that, for the moment just studying how it works
[11:20am] berdir: WimLeers: I think we can also demote it if all the other must issues are critical on their own
[11:20am] GaborHojtsy: https://www.drupal.org/node/2512460
[11:20am] Druplicon: https://www.drupal.org/node/2512460 => "Translate user edited configuration" permission needs to be marked as restricted [#2512460] => 20 comments, 9 IRC mentions
[11:20am] catch: pfrenssen: cool. I'll be around most of today so just ping if you want to discuss.
[11:21am] GaborHojtsy: https://www.drupal.org/node/2512466
[11:21am] Druplicon: https://www.drupal.org/node/2512466 => Config translation needs to be validated on input for XSS (like other t string input) [#2512466] => 34 comments, 3 IRC mentions
[11:21am] WimLeers: pfrenssen++
[11:21am] WimLeers: berdir: assuming you're talking about https://www.drupal.org/node/2429287 — then yes, that's exactly the plan :)
[11:21am] Druplicon: https://www.drupal.org/node/2429287 => [meta] Finalize the cache contexts API & DX/usage, enable a leap forward in performance [#2429287] => 112 comments, 10 IRC mentions
[11:21am] GaborHojtsy: https://www.drupal.org/node/2489024
[11:21am] Druplicon: https://www.drupal.org/node/2489024 => Arbitrary code execution via 'trans' extension for dynamic twig templates (when debug output is on) [#2489024] => 43 comments, 12 IRC mentions
[11:22am] GaborHojtsy: https://www.drupal.org/node/2512718
[11:22am] Druplicon: https://www.drupal.org/node/2512718 => Numerous ParamConverters in core break the route / url cache context [#2512718] => 22 comments, 13 IRC mentions
[11:22am] xjm: GaborHojtsy: I took care of updating the security polict with mlhess
[11:22am] xjm: GaborHojtsy: that's done
[11:23am] • xjm listening to the meeting but cannot join because of 10 person limit
[11:23am] GaborHojtsy: xjm: yay
[11:23am] GaborHojtsy: xjm++
[11:24am] WimLeers: Yes
[11:24am] WimLeers: I DO HAVE A MICROPHONE!!!
[11:24am] WimLeers: :P
[11:24am] xjm: GaborHojtsy: https://www.drupal.org/node/475848/revisions/view/7267195/8630716 now restrict access is mentioned explicitly, so any perm that has it is covered
[11:24am] Druplicon: https://www.drupal.org/node/475848 => Security advisories process and permissions policy => 0 comments, 1 IRC mention
[11:25am] larowlan: https://www.drupal.org/node/2509898
[11:25am] Druplicon: https://www.drupal.org/node/2509898 => Additional uncaught exception thrown while handling exception after service changes [#2509898] => 22 comments, 5 IRC mentions
[11:25am] alexpott: WimLeers: a working microphone :)
[11:28am] WimLeers: alexpott: all of you guys are breaking up for me from time to time. It looks like it's something with Chrome/Hangouts :(
[11:28am] xjm: WimLeers: yeah I had to use FF
[11:28am] WimLeers: My mic *works* if I test it locally.
[11:28am] WimLeers: xjm: lol, the beautiful irony
[11:30am] WimLeers: berdir: alexpott: I checked and I agree with the change you guys just asked me feedback on: https://www.drupal.org/node/2375695#comment-10082188
[11:30am] Druplicon: https://www.drupal.org/node/2375695 => Condition plugins should provide cache contexts AND cacheability metadata needs to be exposed [#2375695] => 117 comments, 40 IRC mentions
[11:32am] alexpott: https://www.drupal.org/node/2497243
[11:32am] Druplicon: https://www.drupal.org/node/2497243 => Rebuilding service container results in endless stampede [#2497243] => 97 comments, 22 IRC mentions
[11:33am] • larowlan using FF too, doesn't trust Google
[11:33am] alexpott: dawehner, catch: anyone got the nid of the chx container issue?
[11:33am] dawehner: https://www.drupal.org/node/2513326
[11:33am] catch: alexpott: https://www.drupal.org/node/2513326
[11:33am] Druplicon: https://www.drupal.org/node/2513326 => Performance: create a PHP storage backend directly backed by cache [#2513326] => 43 comments, 13 IRC mentions
[11:33am] Druplicon: https://www.drupal.org/node/2513326 => Performance: create a PHP storage backend directly backed by cache [#2513326] => 43 comments, 14 IRC mentions
[11:34am] catch: beat me.
[11:36am] larowlan: https://www.drupal.org/node/2511568 for the ctools issue I mentioned
[11:36am] Druplicon: https://www.drupal.org/node/2511568 => Create "context stack" service where available contexts can be registered [#2511568] => 0 comments, 3 IRC mentions
[11:41am] xjm: dropping off now to walk to the venue
[11:41am] alexpott: pfrenssen++
[11:50am] GaborHojtsy: for browser we are working on https://www.drupal.org/node/2430335
[11:50am] Druplicon: https://www.drupal.org/node/2430335 => Browser language detection is not cache aware [#2430335] => 47 comments, 21 IRC mentions
[11:50am] GaborHojtsy: Fabianx-screen: see above
[11:51am] berdir: and it's not a blocker
[11:51am] berdir: because right now it just kills page/smart cache
[11:51am] berdir: so if you use that, you are not seeing a cached page anyway
[11:51am] berdir: Fabianx-screen: we have a cache context for the content language
[11:52am] xjm: the youtube video has like a 20 second delay
[11:53am] GaborHojtsy: xjm: we get what we pay for :D
[11:54am] xjm: now I am talking
[11:55am] plach: https://www.drupal.org/node/2453175#comment-10080242
[11:55am] Druplicon: https://www.drupal.org/node/2453175 => Remove EntityFormInterface::validate() and stop using button-level validation by default in entity forms [#2453175] => 79 comments, 10 IRC mentions
[11:55am] xjm: more like 60s
[11:55am] GaborHojtsy: xjm: well, you’ll be in the recording forver now :D
[11:55am] xjm: :P
[11:56am] xjm: GaborHojtsy: is there any way to increase the number of participants or to include the chat sidebar in the video?
[11:56am] WimLeers1: catch: Can you leave a comment on https://www.drupal.org/node/2512718 with your POV/conclusion — sounds like you have the clearest grasp on this/completest view on the likely solution.
[11:56am] Druplicon: https://www.drupal.org/node/2512718 => Numerous ParamConverters in core break the route / url cache context [#2512718] => 23 comments, 14 IRC mentions
[11:56am] WimLeers1: xjm: chat is here, we don't use Google Hangout's chat sidebar
[11:56am] GaborHojtsy: xjm: the chat window is THIS ONE
[11:57am] larowlan: xjm: the chat one is lost soon as the call ends
[11:57am] xjm: WimLeers: GaborHojtsy: so the thing is that listening to the video it's very hard to figure out which issues people are discussing, even with Gábor's notes
[11:57am] larowlan: xjm: you can get more than 10 in the call if you have a corporate account I think
[11:57am] WimLeers: larowlan: Gábor copy/pastes this chat to the g.d.o post with the link of the recording
[11:57am] • larowlan nods
[11:57am] WimLeers: that was meant for xjm, oops
[11:58am] GaborHojtsy: xjm: the trick is if we would start on time, then my chat log shows timestamps which are sync with the video
[11:58am] GaborHojtsy: xjm: we have a few minute delay between the video start and the top of the hour
[11:58am] catch: WimLeers: yep will do.
[11:59am] GaborHojtsy: xjm: because people arrive later basically :)
[11:59am] WimLeers: catch++
[12:01pm] GaborHojtsy: xjm: its also hard to get Druplicon in google hangouts — as in impossible ÉD
[12:01pm] GaborHojtsy: xjm: and there was some interest for people watching to be able to follow links WHILE the meeting was on
[12:02pm] xjm: GaborHojtsy: but it doesn't work -- I'm trying that right now -- the delay is too big
[12:02pm] WimLeers: alexpott: regarding in title: https://api.drupal.org/comment/26#comment-26
[12:03pm] GaborHojtsy: xjm: well, then at least the Druplicon advantage is there :)
[12:03pm] GaborHojtsy: xjm: I am happy to use some way to get the comments in if there is one
[12:04pm] GaborHojtsy: xjm: I am not sure it helps if eg. someone shares their screen with an IRC client throughout the video
[12:04pm] GaborHojtsy: xjm: the links are not clickable either
[12:04pm] xjm: GaborHojtsy: shannon did that for the meeting we had 2y ago -- though the same problem with links not being clickable
[12:04pm] GaborHojtsy: xjm: but that may be a workaround

Categories: Planet Drupal

Portsmouth NH theme system critical sprint recap

July 3, 2015 at 3:16am

In early June a Drupal 8 theme system critical issues sprint was held in Portsmouth, New Hampshire as part of the D8 Accelerate program.

The sprint started the afternoon of June 5 and continued until midday June 7.

Sprint goals

We set out to move forward the two (at the time) theme system criticals, #2273925: Ensure #markup is XSS escaped in Renderer::doRender (created May 24, 2014) and #2280965: [meta] Remove or document every SafeMarkup::set() call (created June 6, 2014).

Sponsors

The Drupal Association provided the D8 Accelerate grant which covered travel costs for joelpittet and Cottser.

Bowst provided the sprint space.

As part of its NHDevDays series of contribution sprints, the New Hampshire Drupal Group provided snacks and refreshments during the sprint, lunch and even dinner on Saturday.

Digital Echidna provided time off for Cottser.

Summary

xjm committed #2273925: Ensure #markup is XSS escaped in Renderer::doRender Sunday afternoon! xjm’s tweet sums things up nicely.

As for the meta (which is comprised of about 50 sub-issues), by the end of the sprint we had patches on over 30 of them, 3 had been committed, and 7 were in the RTBC queue.

Thanks to the continued momentum provided by the New Jersey sprint, as of this writing approximately 20 issues from the meta issue have been resolved.

Friday afternoon

peezy kicked things off with a brief welcome and acknowledgements. joelpittet and Cottser gave an informal introduction to the concepts and tasks at hand for the sprinters attending.

After that, leslieg on-boarded our Friday sprinters (mostly new contributors), getting them set up with Drupal 8, IRC, Dreditor, and so on. leslieg and a few others then went to work reviewing documentation around #2494297: [no patch] Consolidate change records relating to safe markup and filtering/escaping to ensure cross references exist.

Meanwhile in "critical central" (what we called the meeting room where the work on the critical issues was happening)…

lokapujya and joelpittet got to work on the remaining tasks of #2273925: Ensure #markup is XSS escaped in Renderer::doRender.

cwells and Cottser started the work on removing calls to SafeMarkup::set() by working on #2501319: Remove SafeMarkup::set in _drupal_log_error, DefaultExceptionSubscriber::onHtml, Error::renderExceptionSafe.

Thai food was ordered in, and many of us continued working on issues late into the evening.

Saturday

joelpittet and Cottser gave another brief introduction to keep new arrivals on the same page and reassert concepts from the day before.

leslieg did some more great on-boarding Saturday and worked with a handful of new contributors on implementing #2494297: [no patch] Consolidate change records relating to safe markup and filtering/escaping to ensure cross references exist. The idea was that by reviewing and working on this documentation the contributors would be better equipped to work directly on the issues in the SafeMarkup::set() meta.

Mid-morning Cottser led a participatory demo with the whole group of a dozen or so sprinters, going through one of the child issues of the meta and ending up with a patch. This allowed us to walk through the whole process and think out loud the whole time.

Sprinters gathered around a table
The Benjamin Melançon XSS attack in action. Having some fun while working on our demo issue.

By this time we had identified some common patterns after working on enough of these issues.

By the end of Saturday all of the sprinters including brand new contributors were collaborating on issues from the critical meta and the issue stickies were flying around the room with fervor (a photo of said issue stickies is below).

15 Drupalists posing outside the sprint space after a long day of sprinting

10 Drupalists having dinner
Then we had dinner :)

Sunday morning

drupal.org was down for a while.

We largely picked up where we left off Saturday, cranked out more patches, and joelpittet and Cottser started to review the work that had been done the day before that was in the “Needs Human” column.

A whiteboard with many sticky notes representing drupal.org issues
Our sprint board looked something like this on the last day of the sprint.

Thank you

Thanks to the organizing committee (peezy, leslieg, cwells, and kbaringer), xjm, effulgentsia, New Hampshire DUG, Seacoast DUG, Bowst, Drupal Association, Digital Echidna, and all of our sprinters: cdulude, Cottser, cwells, Daniel_Rose, dtraft, jbradley428, joelpittet, kay_v, kbaringer, kfriend, leslieg, lokapujya, mlncn, peezy, sclapp, tetranz.

AttachmentSize 20150606_114556.jpg453.91 KB 20150606_184029.jpg549.46 KB 20150607_130317.jpg353.87 KB IMG_8589.JPG781.47 KB
Categories: Planet Drupal

No Drupal 6 or Drupal 7 core release on Wednesday, July 1

June 29, 2015 at 1:42pm

The monthly Drupal core bug fix/feature release window is scheduled for this Wednesday. However, there have not been enough changes to the development version since the last bug fix/feature release two months ago to warrant a new release, so there will be no Drupal core release on that date.

Upcoming release windows include:

  • Wednesday, July 15 (security release window)
  • Wednesday, August 5 (bug fix/feature release window)

For more information on Drupal core release windows, see the documentation on release timing and security releases, and the discussion that led to this policy being implemented.

Categories: Planet Drupal

Recording from June 26th 2015 Drupal 8 critical issues discussion

June 26, 2015 at 10:12am

This was our fifth critical issues discussion meeting to be publicly recorded in a row. (See all prior recordings). Here is the recording of the meeting video and chat from today in the hope that it helps more than just those who were on the meeting:

Unfortunately not all people invited made it this time. If you also have significant time to work on critical issues in Drupal 8 and we did not include you, let me know as soon as possible.

The meeting log is as follows (all times are CEST real time at the meeting):


[11:04am] jibran: Issues https://www.drupal.org/project/issues/search/drupal?status[0]=1&status[1]=13&status[2]=8&status[3]=14&status[4]=4&priorities[0]=400&categories[0]=1&categories[1]=2&categories[2]=5&version[0]=8.x
[11:07am] dawehner: https://www.drupal.org/node/2509300
[11:07am] Druplicon: https://www.drupal.org/node/2509300 => Path alias UI allows node/1 and /node/1 as system path then fatals [#2509300] => 55 comments, 5 IRC mentions
[11:07am] dawehner: https://www.drupal.org/node/2408371
[11:07am] Druplicon: https://www.drupal.org/node/2408371 => Proxies of module interfaces don't work [#2408371] => 71 comments, 14 IRC mentions
[11:13am] plach: alexpott: dawehner GaborHojtsy: WimLeers: hamletic questions in the critical meeting
[11:13am] GaborHojtsy: plach: :P
[11:13am] plach: :)
[11:14am] WimLeers: "hamletic", wow :D
[11:14am] plach: https://www.drupal.org/node/2478459
[11:14am] Druplicon: https://www.drupal.org/node/2478459 => FieldItemInterface methods are only invoked for SQL storage and are inconsistent with hooks [#2478459] => 105 comments, 26 IRC mentions
[11:14am] plach: https://www.drupal.org/node/2453153
[11:14am] Druplicon: https://www.drupal.org/node/2453153 => Node revisions cannot be reverted per translation [#2453153] => 134 comments, 42 IRC mentions
[11:14am] dawehner: alexpott: i mean our request context ->getCompleteBaseUrl is basically that
[11:15am] alexpott: dawehner: yep
[11:16am] dawehner: GH sadly does not allow you to filter by 3.0.issues
[11:16am] WimLeers: that's weird
[11:16am] jibran: https://www.drupal.org/node/2500523
[11:16am] Druplicon: https://www.drupal.org/node/2500523 => Rewrite views_ui_add_ajax_trigger() to not rely on /system/ajax. [#2500523] => 27 comments, 6 IRC mentions
[11:16am] dawehner: alexpott: https://github.com/symfony/symfony/issues/6406#issuecomment-58411133
[11:19am] catch: https://www.drupal.org/node/2470679
[11:19am] Druplicon: https://www.drupal.org/node/2470679 => [meta] Identify necessary performance optimizations for common profiling scenarios [#2470679] => 62 comments, 15 IRC mentions
[11:19am] catch: https://www.drupal.org/node/2497185
[11:19am] Druplicon: https://www.drupal.org/node/2497185 => Create standardized core profiling scenarios and start tracking metrics for them [#2497185] => 36 comments, 11 IRC mentions
[11:19am] GaborHojtsy: lol, my chrome died, is the meeting still running? :)
[11:19am] alexpott: GaborHojtsy: yes
[11:19am] WimLeers: https://docs.google.com/spreadsheets/d/1iTFR2TVP-9961RUQ4of-N7jZLTOtfwf3...
[11:19am] dawehner: GaborHojtsy: yes
[11:20am] GaborHojtsy: yay I got back the controls when it reopened
[11:20am] GaborHojtsy: huh
[11:20am] GaborHojtsy: will still be able to stop broadcast, etc.
[11:20am] WimLeers: nice!
[11:20am] Druplicon: darn tooting it sure is!
[11:21am] WimLeers: https://www.drupal.org/node/2429287
[11:21am] Druplicon: https://www.drupal.org/node/2429287 => [meta] Finalize the cache contexts API & DX/usage, enable a leap forward in performance [#2429287] => 105 comments, 8 IRC mentions
[11:22am] WimLeers: https://www.drupal.org/node/2450993
[11:22am] Druplicon: https://www.drupal.org/node/2450993 => Rendered Cache Metadata created during the main controller request gets lost [#2450993] => 104 comments, 20 IRC mentions
[11:22am] WimLeers: https://www.drupal.org/node/2351015
[11:22am] Druplicon: https://www.drupal.org/node/2351015 => Link CSRF tokens can be hijacked when cached with insufficient contexts [#2351015] => 98 comments, 35 IRC mentions
[11:24am] WimLeers: https://www.drupal.org/node/2429287
[11:24am] Druplicon: https://www.drupal.org/node/2429287 => [meta] Finalize the cache contexts API & DX/usage, enable a leap forward in performance [#2429287] => 105 comments, 9 IRC mentions
[11:25am] WimLeers: https://www.drupal.org/node/2487600
[11:25am] Druplicon: https://www.drupal.org/node/2487600 => #access should support access result objects or better has to always use it [#2487600] => 17 comments, 1 IRC mention
[11:27am] WimLeers: https://www.drupal.org/node/2493033
[11:27am] Druplicon: https://www.drupal.org/node/2493033 => Make 'user.permissions' a required cache context [#2493033] => 18 comments, 4 IRC mentions
[11:29am] WimLeers: https://www.drupal.org/node/2473873
[11:29am] Druplicon: https://www.drupal.org/node/2473873 => Add cacheablity support for entity operations [#2473873] => 26 comments, 3 IRC mentions
[11:34am] GaborHojtsy: https://www.drupal.org/node/2512460
[11:34am] Druplicon: https://www.drupal.org/node/2512460 => "Translate user edited configuration" permission needs to be marked as sensitive [#2512460] => 2 comments, 1 IRC mention
[11:36am] GaborHojtsy: https://localize.drupal.org/node/63903
[11:36am] Druplicon: https://localize.drupal.org/node/63903 => Test the staging version of localize.drupal.org on Drupal 7 NOW! => 0 comments, 4 IRC mentions
[11:36am] dawehner: alexpott: would you be okay with adding \Drupal\Core\Http to add things like TrustedRedirectResponse there?
[11:46am] plach: https://www.drupal.org/node/2507899#comment-10059322
[11:46am] Druplicon: https://www.drupal.org/node/2507899 => [policy, no patch] Require hook_update_N() for Drupal 8 core patches beginning June 29 [#2507899] => 34 comments, 5 IRC mentions
[11:48am] dawehner: https://www.drupal.org/node/2509898
[11:48am] Druplicon: https://www.drupal.org/node/2509898 => Additional uncaught exception thrown while handling exception after service changes [#2509898] => 3 comments, 1 IRC mention
[11:49am] • jibran hates this cycle of exception rendering.
[11:50am] WimLeers: https://www.drupal.org/node/2450993
[11:50am] Druplicon: https://www.drupal.org/node/2450993 => Rendered Cache Metadata created during the main controller request gets lost [#2450993] => 104 comments, 21 IRC mentions
[11:54am] dawehner: https://www.drupal.org/node/2489024
[11:54am] Druplicon: https://www.drupal.org/node/2489024 => Arbitrary code execution via 'trans' extension for dynamic twig templates (when debug output is on) [#2489024] => 24 comments, 9 IRC mentions
[12:03pm] WimLeers: https://www.drupal.org/project/issues/search/drupal?project_issue_follow...
[12:04pm] plach: WimLeers++
[12:04pm] plach: (oh boy :D)
[12:04pm] WimLeers: :P
[12:04pm] jibran: slow clap for WimLeers

Categories: Planet Drupal

Update: Drupal 8 beta 12 rescheduled for June 29; get ready for hook_update_N() in core

June 24, 2015 at 10:35pm

We've rescheduled Drupal 8 beta 12 for June 29, 2015 to provide a little more leeway time for Drupal 8 core issues that require an update function. Starting June 29, any Drupal 8 core issue that includes a data model change must include an update function and update path test. See the previously announced core policy on requiring hook_update_N() for more information.

Identify your data model changes now!

If you have any core patches that are currently under development, please start identifying the data model changes in those patches now. Tag any issue that requires a data model change with D8 upgrade path and document the specific data model changes in the issue summary. Or, help triage major issues with specific attention to the data model changes.

It's actually also a good idea to start writing hook_update_N() implementations for your patches now! This will ensure in-progress issues can be committed as soon as possible following the next beta, and if your patch is ready before June 29, your update function will still help provide the corresponding update for the head2head project. Plus, if you uncover a critical limitation with Drupal 8 core's update functionality while working on your update function during the next week, the upcoming D8 Accelerate critical issues sprint will be an opportunity to get that critical issue fixed and unblock your patch.

Note for Drupal site owners and developers

Betas are good testing targets for developers and site builders who are comfortable reporting (and where possible, fixing) their own bugs. Betas are not supported releases of Drupal, and generally are not recommended for non-technical users, nor for production websites. The current beta release includes known critical bugs, including publicly disclosed security vulnerabilities. More information on beta releases.

The addition of update functions for Drupal 8.0.x issues should make it easier for developers to update their existing development sites between beta releases using update.php. However, these update functions may include bugs or even introduce data integrity issues, so developers should always back up the site and be prepared to rebuild it from scratch or manually update or migrate the data in case update.php fails to update it properly.

Categories: Planet Drupal

Requiring hook_update_N() for Drupal 8 core patches beginning June 24

June 20, 2015 at 12:58am

In [policy, no patch] Require hook_update_N() for Drupal 8 core patches beginning June 24, the Drupal 8 release managers outline a policy to begin requiring hook_update_N() implementations for core patches that introduce data model changes starting after the next beta release. The goal of this policy change is to start identifying common update use-cases, to uncover any limitations we have for providing update functions in core, and to prepare core developers for considering upgrade path issues as we create the last few betas and first release candidates of Drupal 8. We need your help reviewing and communicating about this proposed policy, as well as identifying core issues that will be affected. Read the issue for more details.

Categories: Planet Drupal

Recording from June 19th 2015 Drupal 8 critical issues discussion

June 19, 2015 at 10:37am

This was our fourth critical issues discussion meeting to be publicly recorded in a row. (See all prior recordings). This time to make discussions easier to follow for all of us, we switched to #drupal-contribute in IRC to post links, so those following real time can follow the links and we can just paste the meeting log here as well. Here is the recording of the meeting from today in the hope that it helps more than just those who were on the meeting:

Unfortunately not all people invited made it this time. If you also have significant time to work on critical issues in Drupal 8 and we did not include you, let me know as soon as possible.

The meeting log is as follows (all times are CEST real time at the meeting):


[11:07am] plach: https://www.drupal.org/node/2478459
[11:07am] Druplicon: https://www.drupal.org/node/2478459 => FieldItemInterface methods are only invoked for SQL storage and are inconsistent with hooks [#2478459] => 93 comments, 19 IRC mentions
[11:07am] dawehner: https://www.drupal.org/node/2500527
[11:07am] Druplicon: https://www.drupal.org/node/2500527 => Rewrite \Drupal\file\Controller\FileWidgetAjaxController::upload() to not rely on form cache [#2500527] => 34 comments, 6 IRC mentions
[11:08am] plach: https://www.drupal.org/node/2453153
[11:08am] Druplicon: https://www.drupal.org/node/2453153 => Node revisions cannot be reverted per translation [#2453153] => 107 comments, 31 IRC mentions
[11:09am] jibran: https://www.drupal.org/node/2263569#comment-10039344
[11:10am] Druplicon: https://www.drupal.org/node/2263569 => Bypass form caching by default for forms using #ajax. [#2263569] => 219 comments, 35 IRC mentions
[11:11am] Fabianx-screen: https://www.drupal.org/node/2354889
[11:11am] Druplicon: https://www.drupal.org/node/2354889 => Make block context faster by removing onBlock event and replace it with loading from a BlockContextManager [#2354889] => 66 comments, 13 IRC mentions
[11:11am] WimLeers: https://www.drupal.org/node/2375695
[11:11am] Druplicon: https://www.drupal.org/node/2375695 => Condition plugins should provide cache contexts AND cacheability metadata needs to be exposed [#2375695] => 75 comments, 25 IRC mentions
[11:13am] GaborHojtsy: Fabianx-screen is talking about https://www.drupal.org/node/2354889
[11:13am] Druplicon: https://www.drupal.org/node/2354889 => Make block context faster by removing onBlock event and replace it with loading from a BlockContextManager [#2354889] => 66 comments, 14 IRC mentions
[11:14am] WimLeers: No, he was talking about https://www.drupal.org/node/2501989
[11:14am] Druplicon: https://www.drupal.org/node/2501989 => [meta] Page Cache Performance [#2501989] => 24 comments, 5 IRC mentions
[11:14am] WimLeers: (i.e. the very first part of what he said)
[11:14am] GaborHojtsy: (I directly copied the link he posted in hangouts :D)
[11:14am] WimLeers: lol ok :P
[11:16am] WimLeers: https://www.drupal.org/node/2429287
[11:16am] Druplicon: https://www.drupal.org/node/2429287 => [meta] Finalize the cache contexts API & DX/usage, enable a leap forward in performance [#2429287] => 102 comments, 7 IRC mentions
[11:17am] WimLeers: https://www.drupal.org/node/2450993
[11:17am] Druplicon: https://www.drupal.org/node/2450993 => Rendered Cache Metadata created during the main controller request gets lost [#2450993] => 35 comments, 14 IRC mentions
[11:18am] larowlan: GaborHojtsy: still working sorry, sent apology to dawehne_r this morning with my update
[11:18am] GaborHojtsy: larowlan: yeah jibran relayed that :)
[11:19am] GaborHojtsy: https://www.drupal.org/node/2495179
[11:19am] Druplicon: https://www.drupal.org/node/2495179 => Twig placeholder filter should not map to raw filter [#2495179] => 53 comments, 7 IRC mentions
[11:20am] GaborHojtsy: https://www.drupal.org/node/2487972
[11:20am] Druplicon: https://www.drupal.org/node/2487972 => [META] Results of testing localize.drupal.org on Drupal 7 in June 2015 [#2487972] => 18 comments, 5 IRC mentions
[11:21am] jibran: https://www.drupal.org/node/2453153
[11:21am] Druplicon: https://www.drupal.org/node/2453153 => Node revisions cannot be reverted per translation [#2453153] => 107 comments, 32 IRC mentions
[11:31am] larowlan: jibran++
[11:31am] larowlan: GaborHojtsy++
[11:31am] GaborHojtsy: Fabianx-screen: what’s the issue link?
[11:33am] jibran: https://www.drupal.org/node/2489024
[11:33am] dawehner: https://www.drupal.org/node/2508591
[11:33am] Druplicon: https://www.drupal.org/node/2489024 => Arbitrary code execution via 'trans' extension for dynamic twig templates (when debug output is on) [#2489024] => 18 comments, 7 IRC mentions
[11:33am] Druplicon: https://www.drupal.org/node/2508591 => Move Drupal into subdirectory and get external dependencies/libraries out of the web-accessible path [#2508591] => 8 comments, 3 IRC mentions
[11:42am] dawehner: https://www.drupal.org/node/2508654#comment-10039315
[11:42am] Druplicon: https://www.drupal.org/node/2508654 => File inclusion in transliteration service [#2508654] => 17 comments, 2 IRC mentions
[11:43am] GaborHojtsy: dawehner: that one yeah
[11:43am] GaborHojtsy: https://www.drupal.org/drupal8-security-bounty running for 2 more months
[11:43am] jibran: https://www.drupal.org/node/1305882
[11:43am] Druplicon: https://www.drupal.org/node/1305882 => drupal_html_id() considered harmful; remove ajax_html_ids to use GET (not POST) AJAX requests [#1305882] => 153 comments, 22 IRC mentions
[11:48am] dawehner: https://www.drupal.org/node/2500523
[11:48am] Druplicon: https://www.drupal.org/node/2500523 => Rewrite views_ui_add_ajax_trigger() to not rely on /system/ajax. [#2500523] => 6 comments, 2 IRC mentions

Categories: Planet Drupal

Recording from June 12th 2015 Drupal 8 critical issues discussion

June 15, 2015 at 9:56am

It came up multiple times at recent events that it would be very helpful for people significantly working on Drupal 8 critical issues to get together more often to talk about the issues and unblock each other on things where discussion is needed. While these do not by any means replace the issue queue discussions (much like in-person meetings at events are not), they do help to unblock things much more quickly. We also don't believe that the number of or the concrete people working on critical issues should be limited, so we did not want to keep the discussions closed. After our second meeting last week, here is the recording of the third meeting from today in the hope that it helps more than just those who were on the meeting:

Unfortunately not all people invited made it this time. If you also have significant time to work on critical issues in Drupal 8 and we did not include you, let me know as soon as possible.

The issues mentioned were as follows:

Alex Pott
Rebuilding service container results in endless stampede: https://www.drupal.org/node/2497243
Twig placeholder filter should not map to raw filter: https://www.drupal.org/node/2495179

Francesco Placella
https://www.drupal.org/project/issues/search/drupal?project_issue_followers=&status[]=Open&priorities[]=400&version[]=8.x&component[]=entity+system&component[]=field+system&component[]=language+system&component[]=content_translation.module&component[]=language.module&component[]=views.module&issue_tags_op=%3D
FieldItemInterface methods are only invoked for SQL storage and are inconsistent with hooks: https://www.drupal.org/node/2478459

Lee Rowlands
Make block context faster by removing onBlock event and replace it with loading from a BlockContextManager: https://www.drupal.org/node/2354889

Francesco Placella
FieldItemInterface methods are only invoked for SQL storage and are inconsistent with hooks: https://www.drupal.org/node/2478459

Alex Pott
Rewrite \Drupal\file\Controller\FileWidgetAjaxController::upload() to not rely on form cache https://www.drupal.org/node/2500527

Gábor Hojtsy
Twig placeholder filter should not map to raw filter: https://www.drupal.org/node/2495179

Daniel Wehner
drupal_html_id() considered harmful; remove ajax_html_ids to use GET (not POST) AJAX requests: https://www.drupal.org/node/1305882

Francesco Placella
Node revisions cannot be reverted per translation: https://www.drupal.org/node/2453153
https://www.drupal.org/project/issues/search/drupal?project_issue_followers=&status[]=Open&priorities[]=400&version[]=8.x&issue_tags_op=%3D&issue_tags=D8+upgrade+path

Daniel Wehner
SA-CORE-2014-002 forward port only checks internal cache: https://www.drupal.org/node/2421503

Francesco Placella
Nat: it would be good to have your feedback on the proposed solution the translation revisions issue aside from its criticality (see https://www.drupal.org/node/2453153#comment-9991563 and following)

Fabian Franz
[PP-2] Remove support for #ajax['url'] and $form_state->setCached() for GET requests: https://www.drupal.org/node/2502785
Condition plugins should provide cache contexts AND cacheability metadata needs to be exposed: https://www.drupal.org/node/2375695
Make block context faster by removing onBlock event and replace it with loading from a BlockContextManager: https://www.drupal.org/node/2354889

Alex Pott
[meta] Identify necessary performance optimizations for common profiling scenarios: http://drupal.org/node/2470679

Nathaniel Catchpole
Core profiling scenarios: https://www.drupal.org/node/2497185
Node::isPublished() and Node:getOwnerId() are expensive: https://www.drupal.org/node/2498919
And User:getAnonymousUser() takes 13ms due to ContentEntityBase::setDefaultLangcode() (https://www.drupal.org/node/2504849) is similar.

Categories: Planet Drupal

Drupal core security release window on Wednesday, June 17

June 12, 2015 at 10:30pm
Start:  2015-06-17 (All day) America/New_York Online meeting (eg. IRC meeting) Organizers:  David_Rothstein

The monthly security release window for Drupal 6 and Drupal 7 core will take place on Wednesday, June 17.

This does not mean that a Drupal core security release will necessarily take place on that date for either the Drupal 6 or Drupal 7 branches, only that you should prepare to look out for one (and be ready to update your Drupal sites in the event that the Drupal security team decides to make a release).

There will be no bug fix/feature release on this date; the next window for a Drupal core bug fix/feature release is Wednesday, July 1.

For more information on Drupal core release windows, see the documentation on release timing and security releases, and the discussion that led to this policy being implemented.

Categories: Planet Drupal

DrupalCI: It's coming!

June 11, 2015 at 6:25pm

DrupalCI is the next-generation version of our beloved testbot. The MVP ("minimum viable product") is coming soon (rolled out in parallel with the old testbot for awhile).

Here's a sneak peak at what it'll look like and some of its new capabilities: https://groups.drupal.org/node/471473

Categories: Planet Drupal

Pages