drupal 10.0.0-alpha7

This is an alpha release for the next major version of Drupal. This alpha release is intended for module or theme authors to test whether their code is compatible with recent significant changes in Drupal 10.0.x. Drupal 10 alpha releases should not be used in production. No upgrade path will be provided between Drupal 10 alpha releases, nor to Drupal 10.0.0-beta1.

This release fixes security vulnerabilities present in 10.0.0-alpha6. Sites are urged to update immediately after reading the notes below and the security announcements:

• Drupal core - Moderately critical - Information Disclosure - SA-CORE-2022-012
• Drupal core - Moderately critical - Access Bypass - SA-CORE-2022-013
• Drupal core - Critical - Arbitrary PHP code execution - SA-CORE-2022-014
• Drupal core - Moderately critical - Multiple vulnerabilities - SA-CORE-2022-015

Additionally, this release also updates core dependencies for the following third-party security advisories:

• CVE-2022-31109: Diactoros before 2.11.1 vulnerable to HTTP Host Header Attack
• CVE-2022-31175: Cross-site scripting (XSS) caused by the editor instance destroying process

This alpha includes many changes that are also included in Drupal 9.5.x.

Several more breaking changes will be added before Drupal 10.0.0-beta1

Drupal 10 alphas do not include all the breaking changes that will be included in 10.0.0. Any further alpha releases as well as the first beta release will include more dependency updates and remove more APIs that are (or that will be) deprecated in Drupal 9, including several core modules and themes that will be moved to contributed projects. Refer to How to prepare your Drupal 7 or 8 site for Drupal 9 for tools you can use to check the Drupal 10 compatibility of modules, themes, and sites.

Specific, highly disruptive changes that are not complete in 10.0.0-alpha7:

1. CKEditor 4 will be removed from Drupal 10 core, and content created with CKEditor 4 might not work in CKEditor 5 because of upstream changes. You must either install the CKEditor 4 module in contrib (which will receive security fixes until Drupal 9's end-of-life in 2023), or update your site and content to CKEditor 5. There is a beta-stability CKEditor 5 module available for testing in Drupal 9 and 10.

2. Various core modules and themes will be moved to contributed projects.

3. Numerous JavaScript libraries and APIs will be removed, including the JavaScript build step.

For more information on 10.0.x development, see #3118143: [meta] Release Drupal 10 on December 14... or 15... 2022.

The 10.0.x branch also includes all the latest commits that will be backported to 9.5.x and earlier branches. 10.0.x will be nearly identical to 9.5.x except for the following:

1. Deprecated code will be removed, including entire deprecated modules.
2. Dependencies will be updated to new major versions as appropriate.

For all other changes, refer to the 9.5.x branch.

Important update information

For additional changes from Drupal 9, review the release notes of the previous alpha releases:

1. Drupal 10.0.0-alpha1
2. Drupal 10.0.0-alpha2
3. Drupal 10.0.0-alpha3
4. Drupal 10.0.0-alpha4
5. Drupal 10.0.0-alpha5
6. Drupal 10.0.0-alpha6

Changes to site-owner-managed files

• Following this release, Drupal will assume by default that custom stream wrappers (like Remote Stream Wrapper or Flysystem, among many others) should be private by default so that Drupal will manage downloads and access control. If a module intentionally wishes to serve files with no access checking or management by Drupal, the module should implement hook_file_download().

  Since various contributed stream wrapper modules might not be able to update immediately, site owners may also specify which stream wrappers should be treated as public stream wrappers (with no access control). If content from a stream wrapper on your site stops working after this update, you can add the following line to settings.php:

  $settings['file_additional_public_schemes'] = ['example'];
  

  …where example is replaced by the name of the affected stream wrapper. (For example, s3 or https.) The name of the stream wrapper will depend on the affected module and its configuration.

  You should also locate or submit an issue in the module's queue to implement hook_file_download() for SA-CORE-2022-012.

• If the private files directory is inside the public files directory (e.g. drupal/sites/files/private), a site file field misconfiguration or other issue might lead to the site relying on the previous access bypass. If parts of your file or image content become inaccessible after this release, add the following line to your site's settings.php:

  $settings['sa_core_2022_012_override'] = TRUE;
  

  This setting is a temporary backward-compatibility layer for misconfigured sites and will be removed in a future release. In the long term, you should migrate your uploaded files to the correct public or private directories.

• Drupal\Component\Assertion\Handle will be deprecated in a future release. For this reason, example.settings.local.php has been updated to change the default assertion handling from:

  assert_options(ASSERT_ACTIVE, TRUE);
  \Drupal\Component\Assertion\Handle::register();
  

  to:

  assert_options(ASSERT_ACTIVE, TRUE);
  assert_options(ASSERT_EXCEPTION, TRUE);
  

  Site owners using settings.local.php for development sites should update their workflow with this change.

Platform requirements changes

• PHP versions 8.1.0-8.1.5 have a bug with the PHP OPcache that may cause intermittent fatal errors at runtime for class autoloading. Therefore, the minimum recommended PHP version for Drupal 9.5 and above has been increased to 8.1.6.

Composer integration changes

• Drupal no longer specifies core modules in the 'replace' section of composer.json. This allows contributed versions of core modules to be downloaded with the canonical namespace using Composer.

Changes to CKEditor integration

• Previously, plugin settings for all CKEditor 4 plugins were stored in the editor configuration. This included disabled plugins.
  To keep the editor configuration in a consistent state, plugin settings are now only stored for CKEditor plugins that are enabled. Stored editor configuration entities were updated in Drupal 9.4.4 to remove the disabled plugin data.
  This change allows data created with CKEditor 4 to be updated to CKEditor 5, without the CKEditor 4 module being installed.
  To ensure CKEditor data is upgraded to CKEditor 5 correctly, sites using CKEditor should update to Drupal 9.4.4 or higher prior to updating to Drupal 10.

Dependency updates

• CKEditor 5 has been updated from 34.1.0 to 35.0.1 for a security update. This update also introduces backwards compatibility breaks, so maintainers of CKEditor 5 integrations should review the CKEditor 35.0.0 release notes.

• egulias/email-validator has been upgraded to 3.2.1. Support for 2.1 is removed as the version is no longer supported by the upstream project.

• symfony/http-foundation has been updated to 6.1.3 to resolve a bug with destructable services.

• Core's jQuery UI assets have been updated from 1.13.1 to 1.13.2 for a security update. (The security issue does not affect Drupal core.)

Development dependencies

• Core now requires composer/composer 2.3.6 (up from 2.3.5) for PHP 8.2 support. The installed version has been updated to 2.3.10.

• Core now requires version 1.8.2 of the phpstan/phpstan development dependency (up from 1.6.8), version 1.1.25 of mglaman/phpstan-drupal (up from 1.1.21), and 1.6.11 of mikey179/vfsstream (up from 1.6.8). These updates are necessary for automated tests to run on PHP 8.2.

• cspell has been updated from version 5 to 6. This results in some slight changes to the dictionary for core development.

• Terser has been updated from 5.3.4 to 5.14.2 to address several security issues.

Removed dependencies

• Drupal 10 has dropped support for Internet Explorer 11. This includes deprecating all polyfill libraries in Drupal 10 and removing the files. If you plan to continue supporting Internet Explorer 11 even when used with Drupal 10, your project will have to depend on or implement any required polyfills directly.

• In Drupal 10, the details HTML tag is available in all supported browsers, so the supporting code that provided this element for Internet Explorer has been removed.

Known issues

Search the issue queue for known issues.

All changes since Drupal 10.0.0-alpha6

• Issue #3296481 by xjm, kostyashupenko, nod_: Update terser and terser-webpack-plugin to the latest versions
• Issue #3292780 by nod_, Spokje: Move Quick Edit related Javascript from core/modules/ckeditor5/js/ckeditor5.es6.js::detach() to the Quick Edit module
• Issue #3300040 by xjm, benjifisher, jlariza, cilefen, quietone: Update jQuery UI to the latest versions
• Issue #3166561 by Matroskeen, ravi.shankar, andregp, mohit_aghera, golddragon007, ranjith_kumar_k_u: Comment being deleted instead of reassigned to Anonymous user
• Issue #3301495 by lauriii, xjm, nod_, quietone: Update CKEditor 5 to 35.0.1
• Revert "Issue #3296481 by kostyashupenko, nod_: Update terser and terser-webpack-plugin to the latest versions"
• Issue #1988968 by nod_, droplet, bnjmnm, viappidu, extect, jansete, olli, martin107, pmagunia, bartlangelaan, Wim Leers, zrpnr, KapilV, yogeshmpawar, Spleshka, Phil Wolstenholme, DuaelFr, agata.guc, alwaysworking, dawid_nawrot, andriic, keithdoyle9, gapple, lauriii, Martijn de Wit, jefuri, JMOmandown, larowlan, rubens.arjr, borisson_, joseph.olstad, jberube, gilgabar, Poindexterous, Aless86, jessebeach, bojanz, phma, aheimlich, heddn, phenaproxima, acbramley, codebymikey, cmlara, das-peter, matthiasm11, acolden, xjm, jrockowitz, pianomansam, clairemistry, John Pitcairn: Drupal.ajax does not guarantee that "add new JS file to page" commands have finished before calling said JS
• Issue #3296481 by kostyashupenko, nod_: Update terser and terser-webpack-plugin to the latest versions
• Issue #3275843 by danflanagan8, smustgrave: Search Tests should not rely on Classy
• Issue #3292560 by danflanagan8, smustgrave: Field Layout tests should not rely on Classy
• Issue #3298319 by nod_: Update ExtensionDiscoveryTest to not use seven
• Issue #3061148 by vsujeetkumar, Ramya Balasubramanian, raman.b, ankithashetty, pmagunia, lauriii, karishmaamin, priyanka.sahni, quietone, Anishnirmal, Akhildev.cs, mitthukumawat, joachim, xjm: a disabled block's admin title gets double-escaped
• Issue #3280302 by anoopsingh92, Shashwat Purav, arunkumark, bbrala: JsonApiDocumentTopLevelNormalizerTest::generateProphecies called with extra arguments
• Issue #3293090 by longwave, pooja saraah, mondrake, alexpott, Gábor Hojtsy: Fail JavaScript tests on JavaScript errors
• Issue #3281444 by ravi.shankar, _shY, nod_, Vighneshh, deviantintegral, lauriii: Update Installer tests to not use Bartik and Seven
• Issue #3116405 by Spokje, Mile23, Hardik_Patel_12, jofitz, Sahana _N, andypost, alexpott, fgm: Warnings generated when using an optimized autoload file with Composer 1.10 / Composer 2
• Issue #3296096 by Gábor Hojtsy, smustgrave, catch, Spokje: Update tabbable deprecation messages to 11.x
• Issue #3242538 by danflanagan8, mounir_abid, cilefen, DigitalFrontiersMedia, super_romeo, smustgrave: Term creation fail with php 8 when override_selector = TRUE
• Issue #3284881 by Aditya4478, mherchel, sasanikolic: Refactor Claro's accordion stylesheet
• Issue #2568889 by smustgrave, berenddeboer, Lendude, Anandhi Karnan, ckaotik, boromino, diaodiallo, Yago Elias, yashingole, Abhijith S, Amber Himes Matz, dawehner, Scott Weston: Views exposed text filter set to required shows an empty error and form error on page load
• Issue #2796045 by Lendude, abarrio, ranjith_kumar_k_u, megan_m, joachim, alexpott, estoyausente, larowlan: Adding a field with relationship results in confusing error message when relationship is not present
• Issue #2967627 by quietone, yunke: Hook preprocess function always added
• Issue #3056652 by yogeshmpawar, mashermike, aalin, ranjith_kumar_k_u: Link options attributes removed on save
• Issue #3298717 by Libbna, alison, longwave: Twig macro documentation link goes to Twig 1.x docs
• Issue #3299890 by andypost: Refactor views.views_data_helper service usage of self
• Issue #3300773 by bradjones1, andypost: Fix failed test on `symfony/http-foundation` 4.4.44/6.1.3 and later
• Issue #2774399 by mohit_aghera, joebot, Munavijayalakshmi, rensingh99, borisson_, Chi, quietone: Fatal error on accessing module uninstall page with Forum enabled
• Issue #3105880 by peterkokot, Spokje, smustgrave: Remove unused TestContextAwareBlockInterface
• Issue #3298396 by andypost, Vighneshh, ameymudras, Spokje: Upgrade composer requirement to 2.3.6 to prevent warnings on PHP 8.2
• Issue #3281427 by quietone, nod_, deviantintegral, Spokje: Update Block and Theme setting migrations to not use Bartik and Seven
• Issue #3295735 by nod_, alexpott, lauriii: Fix ConfigImportUITest with olivero
• Issue #3299213 by andypost: Require mikey179/vfsstream ^1.6.11 to allow tests running on PHP 8.2
• Issue #3295935 by lauriii: Follow-up to #3268983: Move test case to correct group
• Issue #3299327 by andypost, Berdir: Replace deprecated static::method() calls for PHP 8.2
• Issue #3299853 by andypost, kim.pepper: Apply #[\AllowDynamicProperties] attribute to base classes to make PHP 8.2 log size sane
• Issue #3281429 by tinto, nod_, deviantintegral, lauriii: Update Block non-Migration tests to not use Bartik and Seven
• Issue #3243121 by Spokje, alexpott, longwave, yogeshmpawar, skipper-vp, andregp, Rinku Jacob 13, catch, andypost, quietone, lauriii: Remove RDF module from the Standard profile
• Issue #3295813 by andypost, Berdir: ViewsEntitySchemaSubscriber access undefined property of View
• Issue #3295487 by Anjali Rathod, apaderno: HtmlFormController's contructor says it constructs a new \Drupal\Core\Routing\Enhancer\FormEnhancer object
• Issue #3266589 by idebr, mfb, longwave: Remove redundant Link canonical/shortlink response headers
• Issue #3296112 by Spokje, dww, catch, smustgrave: Remove ViewsConfigUpdater::processSortFieldIdentifierUpdateHandler
• Issue #3280773 by danflanagan8: Path Tests should not rely on Classy
• Issue #2939237 by Anjali Rathod, pooja saraah, apaderno, eojthebrave: Update the description given for $form_id
• Issue #3295972 by Munavijayalakshmi, nitin_lama, arunkumark, cilefen, Krilo_89: Wrong documentation since Drupal 8 for 'initial_form_field'
• Issue #3188327 by DeFr, longwave, ravi.shankar, quietone: Docblock of BaseFieldDefinition::setDisplayOptions still mentions setting type = hidden instead of region = hidden
• Issue #3281996 by rpayanm, Fabianx: UncaughtExceptionTest is not working when using recommended-project
• Issue #3281439 by nod_, Spokje, deviantintegral, _shY, andregp, lauriii: Update Help Topics tests to not use Bartik and Seven
• Issue #3299606 by Spokje, andypost, mondrake, longwave: Update mglaman/phpstan-drupal to 1.1.25 to unblock testing on PHP 8.2
• Issue #3298199 by andypost: Upgrade phpstan/phpstan to 1.8.2 for support of PHP 8.2 #[\AllowDynamicProperties] attribute
• Issue #2464041 by Mile23, quietone, andrewsuth: Test unit behavior of EntityStorageBase::load(), loadMultiple() with invalid ID, UUID
• Issue #3119840 by raman.b, hugovk, johnwebdev, dawehner: Support syntax highlighting on GitHub for non-standard PHP extension files
• Issue #3298343 by andypost, Spokje: upgrade egulias/email-validator to 3.2.1 to support PHP 8.2
• Issue #3085219 by mherchel, jwilson3, lauriii, andy-blum, javi-er, deviantintegral, raman.b, kostyashupenko, komalk, rootwork, rkoller, saschaeggi, Abhijith S, cindytwilliams, benjifisher, AaronMcHale, nod_, Gábor Hojtsy, ckrina, alexpott, huzooka: Installer is not very usable in Claro
• Issue #3291100 by mherchel, Rinku Jacob 13, rkoller, andy-blum: Nested details element within content type's "manage display" UI changes width when opened
• Issue #2852361 by Xano, smustgrave, pwolanin, mpdonadio, wolffereast, ranjith_kumar_k_u, John Cook, xjm, alexpott: Ignore repeated slashes in the incoming path like Drupal <= 7
• Issue #2647778 by ranjith_kumar_k_u, NickDickinsonWilde, Rakhi Soni, smustgrave, jhodgdon: AssetResolver::sort() param documentation improvements
• Issue #3281449 by longwave, nod_, deviantintegral: Update Core unit tests to not use Bartik and Seven
• Issue #3212691 by Sakthivel M, Gauravmahlawat, immaculatexavier, sauravkashyap, longwave: Olivero: remove placeholder CSS for IE11
• Issue #3298821 by alexpott, catch, Spokje: Remove test that tests drupal/core-composer-scaffold when it is not allowed
• Issue #2820580 by anavarre, hardikpandya, Wim Leers, Berdir, cilefen: Drupal >=8.2.x doesn't allow to override all cache bins with $settings['cache']['default'] anymore, documentation says otherwise
• Issue #3292980 by benjifisher, mikelutz, quietone: Testing system should explain why Guzzle responses can be unreadable
• Issue #3204929 by longwave, donquixote, andypost: Html::load() inconsistent space removal with old libxml2 versions
• Issue #3279279 by phenaproxima, dww, tedbow: Remove "Download" link from Available Updates report
• SA-CORE-2022-015 by Heine, larowlan, alexpott, samuel.mortenson, xjm, pandaski, vijaycs85, effulgentsia, drumm, benjifisher, jenlampton, longwave
• SA-CORE-2022-014 by elarlang, pwolanin, xjm, mcdruid, effulgentsia, greggles, jenlampton, larowlan, longwave
• SA-CORE-2022-013 by prudloff, tim.plunkett, Heine, effulgentsia, xjm, lauriii, longwave, larowlan
• SA-CORE-2022-012 by cmlara, GuyPaddock, larowlan, mondrake, effulgentsia, xjm, longwave, Dave Reid, lauriii, David Strauss, benjifisher, alexpott, mcdruid, Fabianx
• Issue #3292908 by alexpott, dww, longwave, catch, Berdir, Charlie ChX Negyesi, mradcliffe, kndr: Fast 404s are slower than regular 404s
• Issue #2563995 by Temoor, Rakhi Soni, andypost: Remove duplicated check for isAdmin() in RoleStorage::isPermissionInRoles()
• Issue #3283602 by urvashi_vora, eleonel, mrinalini9, ankithashetty, alexpott, Munavijayalakshmi: Fix repeated words
• Issue #3088234 by tim.plunkett: Use $defaultTheme for using views_test_classy_subtheme
• Issue #3296108 by catch, dww, Spokje, mondrake: mysql_requirements() assumes it's used for the default connection
• Issue #3295709 by immaculatexavier, ravi.shankar, longwave: .views-progress-indicator CSS is unused
• Issue #3245967 by bnjmnm, Wim Leers, nod_, lauriii, tim.plunkett, andregp, Antoniya, AaronMcHale, rkoller, cedewey, worldlinemine, shaal: Messages upon switching to CKEditor 5 are overwhelming
• Issue #2958241 by fjgarlin, thetwentyseven, Wim Leers, joachim, immaculatexavier, fulgent, larowlan, lastlink, andypost, nnevill: Impossible to reply to comments: commented entity considered unreferencable because CommentSelection::entityQueryAlter() joins on {node_field_data} table
• Issue #3268983 by nod_, iSoLate, plach, Wim Leers, acbramley, larowlan, scott_euser, catch: [regression] FilterHtml throws Unsupported operand types error when * used in tag attribute
• Issue #3295898 by Spokje, nod_: Remove core/modules/ckeditor5/ckeditor5.libraries.yml.orig
• Issue #3278124 by catch, nod_, andregp, quietone, deviantintegral, alexpott: Convert various tests that use bartik/seven to olivero/claro
• Issue #3295650 by Spokje, BR0kEN, Berdir, catch, Krzysztof Domański, longwave, voleger, neclimdul: Stop recommending using \Drupal\Component\Assertion\Handle::register() in example.settings.local.php
• Issue #3281454 by _shY, pooja saraah, deviantintegral, quietone, alexpott, nod_: Update various module tests to not use Bartik and Seven
• Issue #3281440 by _shY, nod_: Update Shortcut tests to not use Bartik and Seven
• Issue #3295626 by longwave, catch: Remove BC layer in Drupalile\Plugin
  est
  esource\FileUploadResource
• Issue #3295625 by longwave, catch: Remove deprecated code from FormattableMarkup
• Issue #3291887 by alexpott, Spokje: Fix outdated references to form_type_checkboxes_value()
• Issue #3267900 by Spokje, longwave: Unneeded argument $root for ::provideTemplateCreateProject() in \Drupal\BuildTests\Composer\Template\ComposerProjectTemplatesTest::testVerifyTemplateTestProviderIsAccurate
• Issue #3021898 by longwave, alexpott, AaronBauman, daffie, opdavies: Support _defaults key in service.yml files for public, tags and autowire settings
• Issue #2473877 by Lendude, quietone, pefferen: Views UI progress indicator styled as pager and placed on strange location
• Issue #3264987 by marciaibanez, apaderno, Pasqualle, longwave: $data['node_field_revision']['langcode']['help'] is set twice
• Issue #3246246 by Wim Leers, effulgentsia, lauriii, xjm, nod_: CKEditor 5 plugins needing more complex conditions: point to handbook page
• Issue #3294850 by Spokje, longwave: Update to cspell 6
• Issue #3293933 by andypost: Upgrade phpstan/phpstan to 1.8.1
• Issue #3295421 by Gábor Hojtsy, catch, atuliet05: Update TranslationWrapper deprecation to removal in 11.0.0
• Issue #3252587 by longwave, smustgrave, Chalk, borisson_, alexpott: Extend the $skip_protocol_filtering list of attributes to use Tailwind CSS classes with prefix ":"
• Issue #3281452 by longwave, mrinalini9, deviantintegral, Spokje: Update Core kernel tests to not use Bartik and Seven
• Issue #3263823 by Spokje, nod_, kostyashupenko, murilohp, adityasingh, pooja saraah, ravi.shankar, catch: Empty out and deprecate drupal libraries which are related to Internet Explorer 11 polyfills in 10.0.x for removal in 11.0.0
• Issue #1198120 by ravi.shankar, Jody Lynn, mdupont, Everett Zufelt, borisson_, quietone: "Edit own " nodes permission for anonymous users is misleading and dangerous
• Issue #3255887 by murilohp, mrinalini9, heddn, catch, neclimdul, longwave, Berdir, xjm, daffie: MediaThumbnailFormatter => Calling ImageFormatter::__construct() without the $file_url_generator argument is deprecated in drupal:9.3.0
• Issue #3293431 by longwave: Remove obsolete AppRootFactory and SitePathFactory
• Issue #3266123 by smustgrave, tinto, rkoller, Lendude, larowlan, Amber Himes Matz: On the user interface translation page the outline of all four focusable elements in the filter translatable strings fieldset lacks the left border
• Issue #2588013 by sumthief, aneek, tic2000, droplet, nod_, GuyPaddock, arunkumark, Manjit.Singh, anil280988, Wim Leers, larowlan, Lendude: causes unwanted whitespace
• Issue #2916682 by Matroskeen: Defaults not working for grouped filter with multiple selections
• Issue #3086075 by jhodgdon, andypost, Charlie ChX Negyesi, Spokje: Use Twig to strip Twig syntax from help topics files in the syntax checker
• Issue #3294720 by abramm: The attachBehaviors() for document is only called after Big Pipe chunks are processed
• Revert "Issue #3082211 by quietone, Pooja Ganjage, danflanagan8, Spokje, benjifisher, Wim Leers, mikelutz: Migrate UI tests should provide the complete log message on failure"
• Issue #3295157 by mondrake: Fix 'Access to an undefined property' PHPStan L0 errors - public properties
• Issue #3271094 by Wim Leers, lauriii, xjm, catch: Move Media CKEditor 4 integration into CKEditor
• Issue #3291744 by lauriii, xjm, Abhijith S, Wim Leers, bnjmnm, catch: Ensure Editor config entities using CKEditor 4 only store plugins settings for actually enabled plugins
• Issue #3117291 by NitinLama, smustgrave, silverham, Chi: Element::isEmpty() should check for #weight property
• Issue #3291949 by alexpott, daffie: Improve the MySQL transaction isolation warning
• Issue #3293122 by lauriii: Document \Drupal\Core\Template\TwigExtension::getPath $parameters argument as optional
• Issue #3082211 by quietone, Pooja Ganjage, danflanagan8, Spokje, benjifisher, Wim Leers, mikelutz: Migrate UI tests should provide the complete log message on failure
• Issue #2994000 by Lendude, Pasqualle, quietone, pameeela: Notice in logs when setting invalid translation config for a content type
• Issue #3121325 by uqjhawk3, Berdir: FieldUiTestTrait::fieldUIAddExistingField() can randomly fail in javascript tests when no label is provided
• Issue #3270564 by quietone: Handle NULL for data blob in User source plugin
• Issue #3275585 by dspachos, apaderno, joachim: Implementations of getInstance() return the wrong type
• Issue #2494617 by Lendude, danflanagan8, Bès, Shreya Shetty, stBorchert, Boobaa, DuaelFr, joey-santiago, drubb, nikitagupta, dawehner, alexpott: TermName views argument_validator is not working as expected
• Issue #3207771 by scott_euser, quietone, immaculatexavier, ravi.shankar, joachim: Menu UI node type form documentation points to non-existent function
• Issue #2859197 by Wim Leers, Abhijith S, borisson_, lauriii, swentel, joachim: Document that block_content entities are not designed to be displayed outside of blocks
• Issue #3292380 by Spokje, effulgentsia, larowlan, catch: Remove the "replace" section from core/composer.json
• Revert "Revert "Issue #3137119 by munish.kumar, johnwebdev, Jaypan, jungle, xjm, catch: User::setExistingPassword() does not return $this for chaining""
• Issue #3137119 follow-up: User::setExistingPassword() does not return $this for chaining
• Revert "Issue #3137119 by munish.kumar, johnwebdev, Jaypan, jungle, xjm, catch: User::setExistingPassword() does not return $this for chaining"
• Issue #3137119 by munish.kumar, johnwebdev, Jaypan, jungle, xjm, catch: User::setExistingPassword() does not return $this for chaining
• Issue #3284665 by arunkumark, Rashmisoni, Jimaginary, Rakhi Soni, longwave: Minor typo in @see reference ("ManyTonOneHelper")
• Issue #3294883 by marcoscano: Fix inaccurate code comment in Media.php
• Issue #3293288 by Spokje, alexpott, longwave, quietone: Remove the /core/modules/simpletest folder
• Issue #3282315 by mondrake, mallezie, alexpott, andypost, longwave, daffie, xjm: Update phpstan/phpstan and mglaman/phpstan-drupal to latest versions
• Issue #3294938 by xjm, catch, dww: Increase RECOMMENDED_PHP to 8.1.6