Install

Works with Drupal: ^10.4 || ^11

Using Composer to manage Drupal site dependencies

Alternative installation files

Download tar.gz 186 KB
MD5: 42415baae1984163603582bc424c31b8
SHA-1: e9c739ed4dda43f931123f5d09e582693a28aca7
SHA-256: 49531be91eee21a331d4cf16b4784344d4220fdf3a07d2522547655ac99bfbee
Download zip 233.42 KB
MD5: e2b26fbf93f362d340b9b39988f4745b
SHA-1: 7b2672eb2b576a8c110070fb53e6924b95aca8a2
SHA-256: 205b78713186e46d044d2d8219097dd1fd8a04b0c2d869f4045287948e8b8ebd
Downloads are for manual installation, which is not recommended when using Drupal 8 or later.

Release notes

Security and code quality hardening. This release aligns ETM with the Enhanced Manager module family security baseline.

Changes

  • Strict types: Added declare(strict_types=1) to the main and ETM AI .module and .install files.
  • Description format: Replaced hardcoded plain_text with filter_fallback_format() in term clone and bulk import so description fields use the site’s fallback text format and reduce stored XSS risk.
  • XSS: Escaped child term labels in the Merge Terms form impact list via Html::escape().
  • Type safety: Added (int) casts for entity and user IDs in JSON responses (tree/range controllers) and in revision/snapshot database inserts (TermForm, TermEditForm, MergeTermsForm, SnapshotController) for consistency with strict types.

No functional changes for end users. Upgrades from 2.2.0-beta24 are straightforward.

Created by: thronedigital
Created on: 16 Feb 2026 at 00:34 UTC
Last updated: 16 Feb 2026 at 00:34 UTC
Git tag 2.2.0-beta25
Bug fixes
New features

Other releases