Come together with the global Drupal community in Rotterdam, 28 Sept – 1 Oct 2026. Sessions, contribution, connection, and Early Bird savings until 8 June.Problem/Motivation
The intent of this issue is to help the maintainer(s) coordinate community efforts in the creation of a stable release. Community involvement is only intended as a suggestion; it is up to maintainers to ultimately decide the creation of, and what goes into, a stable release. If you are not interested in using this issue, please mark the issue as Fixed or Closed (works as designed).
As of the creation of this issue, this project presently does not have a stable release compatible with Drupal 8+. There are many benefits to publishing a stable release for a module.
Release-blocker issues
- #3042321: Last access by a user should not change after masquerade as that user (D8)
- #2923845: Avoid adding masquerade as field to compact
- #2962970: Provide a foolproof way to unmasquerade
- #3181882: "Masquerade as ROLE" does not grant access when user does not also have "masquerade as authenticated user" permission
- #2900413: Allow UnMasquerade link in the "Masquerade" block
- #2688499: Negate role permissions
- #2695779: Unmasquerade link appears for users with the permission: 'link to any page', regardless of masquerade status.
- #2975124: Masquarade Saml compatibility issue
Good-to-fix issues
- issues tbd
Above and beyond tasks
- Create issue fix list for stable release using the grn tool.
Remaining tasks
- Establish a list of release-blockers and 'good-to-fix' issues for a stable release.
- Resolve above issues blocking the release of a stable release.
- Craft changelog for new release.
- Create new release.
Do you have resources you'd like to contribute to this template? Have feedback on the stable release request issue template? We want your feedback: #3239062: 'Stable Release Request' Issue Template
Original issue
Checked https://www.drupal.org/drupal-security-team/security-advisory-process-an...
That means no security advisories for development releases (-dev), ALPHAs, BETAs or RCs.
So we need a stable release before application
IMO main blocker are
- #3042321: Last access by a user should not change after masquerade as that user (D8)
- #2923845: Avoid adding masquerade as field to compact
- #2962970: Provide a foolproof way to unmasquerade
- #3181882: "Masquerade as ROLE" does not grant access when user does not also have "masquerade as authenticated user" permission
- #2900413: Allow UnMasquerade link in the "Masquerade" block
Done
- #2688499: Negate role permissions
- #2695779: Unmasquerade link appears for users with the permission: 'link to any page', regardless of masquerade status.
- #2975124: Masquarade Saml compatibility issue
Comments
Comment #2
plato1123 commentedI'm in the same boat, feel uneasy putting a module that doesn't pass security muster on a production site. Can we get this last hoop jumped through?
Comment #3
andypostgood point! will apply for coverage
Comment #4
andypostChecked https://www.drupal.org/drupal-security-team/security-advisory-process-an...
So we need a stable release before application
IMO main blocker are
- #2688499: Negate role permissions
- #2923845: Avoid adding masquerade as field to compact
- #2695779: Unmasquerade link appears for users with the permission: 'link to any page', regardless of masquerade status.
- #2975124: Masquarade Saml compatibility issue
Comment #5
andypostComment #6
andypostAdded #3042321: Last access by a user should not change after masquerade as that user (D8) as it affects like flag stored also needs to check config schema for block
Comment #7
wellsAdding #3181882: "Masquerade as ROLE" does not grant access when user does not also have "masquerade as authenticated user" permission and #2900413: Allow UnMasquerade link in the "Masquerade" block (which may replace #2962970: Provide a foolproof way to unmasquerade?).
Comment #8
WebbehUpdated issue summary.
Comment #9
WebbehComment #10
WebbehComment #11
adamevertsson commentedAny progress on this? It seems like the main blockers are either completed or hasn't had any work done to them for several years. Perhaps a stable version can be released now?
Comment #12
andypostI think only #3042321: Last access by a user should not change after masquerade as that user (D8) is a strong requirement for stable release as I said in #6
Comment #13
liquidcms commentedWas going to raise an issue about 2.0-rc1 not working; but perhaps that is what this issue is for?
Anyway, -rc1 does not work. Code in validateForm is incorrect.
The latest -dev does work; although the patch from here: #2900413: Allow UnMasquerade link in the "Masquerade" block, although it still applies, it now breaks functionality.
hmm, although now have reverted back to last working version (2.0-beta4) and it still fails with same error:
TypeError: Argument 1 passed to masquerade_switch_user_validate() must implement interface Drupal\user\UserInterface, null given, called in E:\www\myssc\html\modules\contrib\masquerade\src\Form\MasqueradeForm.php on line 101 in masquerade_switch_user_validate() (line 223 of modules\contrib\masquerade\masquerade.module).
Comment #14
finn lewisAny update on a likely stable release soon?
We're having to use the module less and less as it is not covered by security advisories.
Comment #15
andypostFew days ago I created another RC5 so if no issues with Drupal 11 the stable release can be created, let's get a 3 weeks round
Comment #16
andypostComment #18
andypostI fixed pipelines and released 8.x-2.0