Install
To start a new Drupal project with version 10.0.0:To update your site and all dependencies to the latest version of Drupal:
To update your site to this specific release:
Using Composer to manage Drupal site dependencies
Downloads
Release notes
This is the first supported release of the new Drupal 10 major version, and it is ready for use on production sites! Learn more about Drupal 10 and the Drupal core release cycles.
Drupal 10.0.0 has been released simultaneously with Drupal 9.5.0. Drupal 9.5 has most of the changes that Drupal 10 does, but retains backwards compatibility layers added through Drupal 9.5.0's release. Update to Drupal 9.5 before updating to Drupal 10 for the smoothest upgrade path.
If you are starting a new Drupal project, you have a choice between Drupal 9.5.0 and 10.0.0, and generally should choose Drupal 10 where possible for forward compatibility with future releases.
Regardless of which version you choose now, features will only be added to Drupal 10 minor releases. Plan to adopt Drupal 10 so that you can easily update to Drupal 10.1 and later.
Refer to Preparing your site to upgrade to a newer major version for tools you can use to check the Drupal 10 compatibility of modules, themes and sites. Then, upgrade from Drupal 9 to 10.
Both 10.0.0 and 9.5.0 include all the latest changes, and they have the same APIs and features aside from a few edge-cases. This also means modules and themes can be compatible with Drupal 9 and 10 at the same time! The key changes in 10.0.0 are:
- Deprecated code, including entire modules and themes, has been removed.
- Dependencies have been updated to new major versions as appropriate.
- Platform requirements (including supported PHP and database versions, Composer requirements, and supported browsers) have been updated.
For all other changes, refer to the 9.5.x branch.
Important update information
Sites must update to at least Drupal 9.4.4 before upgrading to Drupal 10
Drupal sites running 9.3.x or earlier versions must first update to 9.4.4 or later before updating to Drupal 10. All core updates added before 9.4.0 have been removed and the data upgrade path from CKEditor 4 to CKEditor 5 is not available before Drupal 9.4.4. In general, sites should update to the most recent release of their current major branch before updating to the next major release.
Sites using CKEditor 4 should upgrade to CKEditor 5 in Drupal 9.4 or 9.5 before updating to Drupal 10
Most Drupal sites using CKEditor 4 should upgrade to CKEditor 5. See the recommendations for CKEditor for details. Upgrading from CKEditor 4 to 5 is a manual process, because it requires human supervision.
Changes to site-owner-managed files
-
Performance has been improved for Apache serving gzipped JavaScript and CSS aggregates to browsers. Sites should update their .htaccess files to take advantage of this performance improvement.
-
yarn.lock
andpackage.json
are now blocked by Drupal's default web server configuration, sites should update any copies of.htaccess
orweb.config
to incorporate the changes. -
It is no longer necessary or recommended to configure fast 404s in
settings.php
. -
The default
robots.txt
file has been updated to disallow indexing of oEmbed media links. -
A new developer feature to show debug markup for render caching has been added. It can be configured in
services.yml
and is disabled by default. Sites should ensure that their site-specificservices.yml
includes the new section. -
For forward-compatibility with a deprecation in 10.1.x, a change has been made to the assertion handling defaults in
example.settings.local.php
. Site owners can update theirsettings.local.php
to maintain consistency and forward-compatibility.
Platform requirements changes
PHP requirements
-
Drupal 10 requires PHP 8.1 or higher.
PHP versions 8.1.0 through 8.1.5 have a bug with the PHP OPcache that may cause intermittent fatal errors at runtime for class autoloading, so PHP 8.1.6 or higher is recommended.
-
Warnings are displayed on the Drupal status report page when a site is using a PHP version that has reached its official end-of-life date. This won't prevent running, updating, or installing Drupal unless the version is below the absolute minimum requirement. Review the handbook documentation on unsupported PHP versions for more information.
Database requirements
The following minimum database versions are supported by Drupal 10 core:
- MySQL or Percona 5.7.8.
- MariaDB 10.3.7 (This is a more recent release than the MySQL version.)
- PostgreSQL 12 with the pg_trgm extension.
- SQLite 3.26 with the JSON1 extension. PHP does not always use the system-provided SQLite, so verify that your PHP is compiled with at least this version.
Browser support changes
- Internet Explorer 11 is not supported in Drupal 10.
- Support for older versions of UC Browser has been removed. Newer versions of the browser that rely on WebView should be unaffected.
See the browser support policy for more information.
Composer requirements
Drupal 10 recommends Composer version 2.3.6 or higher, which is required for compatibility with PHP 8.2 and the forthcoming Automatic Updates feature. Core developers must update to at least Composer 2.3.6 to work on Drupal core, and site owners will receive warnings on older versions. Drupal will not install or update with Composer versions lower than 2.1.
To update your host's version of Composer, run:
composer self-update
You can roll back to the previous version at any time by using:
composer self-update --rollback
Update to a specific version with:
composer self-update 2.3.6
More information on using Composer for Drupal .
Removed modules and themes
Numerous modules and themes have been removed from Drupal core and moved to contributed projects. In many cases, the removed extensions have little to no impact on site development.
Sites that depend on a removed module or theme should download the contributed project version (either manually, or by requiring it with Composer) before updating their sites to Drupal 10. Drush may bypass warning and error messages on update.php
related to missing modules or themes. The status report will display errors about missing modules after upgrading, but missing active themes will cause fatal errors and/or a white screen.
Removed modules
If a removed module is required for a site's functionality, the contributed version should be downloaded to the codebase or added to the Composer requirements before upgrading. Do not uninstall the module, since this would destroy the module configuration.
In addition to the below changes, some related CSS and templates have been removed from core base themes, so sites using the below modules may need to update their themes.
-
Aggregator
The Aggregator module has been removed from Drupal 10 and is available as the Aggregator contributed module.
-
CKEditor 4
Refer to the CKEditor 4 and 5 summary at the beginning of these release notes.
-
Color
The Color module has been removed from Drupal 10 and is available as a contributed module.
-
HAL
HAL has been removed from Drupal 10 and moved to a contributed project. In most cases, sites should be converted to use JSON:API instead. More information on replacing HAL.
-
Quick Edit
The Quick Edit module has been removed from Drupal 10 and moved to a contributed project. Most users do not use Quick Edit and it can usually be uninstalled safely. If you want to keep using this functionality, read the recommendations for Quick Edit.
-
RDF
The RDF module has been removed from Drupal 10 and moved to a contributed project.
RDF was previously installed as part of the standard install profile, but many sites do not use the functionality it provides. If you are not sure what RDF is, it is likely that you can safely uninstall it.
If you want to keep using the functionality provided by RDF, read the recommendations for RDF.
-
Entity Reference (stub module)
Entity Reference: If this module is installed on your site for some reason, simply uninstall it. (It is obsolete with no impact on site functionality.)
-
Migrate Drupal Multilingual (stub module)
Migrate Drupal Multilingual: This functionality is now provided by the core Migrate Drupal module. If this module is installed on your site for some reason, simply uninstall it. (It is obsolete with no impact on site functionality.)
Removed themes
Even if you do not use the below themes directly, you should check whether your installed themes extend them. This information is available in the .info.yml
file for the theme. For example, to see if themes/mytheme
uses Classy as a base theme, check in themes/mytheme/mytheme.info.yml
for this line:
base theme: classy
Base themes may extend other base themes, so if a non-core base theme is listed, you should also check whether or not that theme extends one of the below themes (especially Classy or Stable).
-
Bartik
The Bartik theme has been removed from Drupal 10, and is now available as a contributed theme. Sites using Bartik must install the contributed theme before updating to Drupal 10.
-
Seven
The Seven theme has been removed from Drupal core and is now available as a contributed theme. We recommend switching to the new core admin theme, Claro. In order to continue using Seven, sites must install the contributed theme version of Seven before updating to Drupal 10.
-
Classy
The Classy base theme has been removed from Drupal core and is now available as a contributed theme. Themes depending on Classy should add a dependency on the contributed Classy theme. Sites that use a theme that extends Classy must install the contributed project versions of both it and Stable (see below) before updating to Drupal 10.
Developers looking to create a new theme should now use the Starterkit theme generator that is provided with Drupal 10.
-
Stable
The Stable theme has been removed from Drupal core and is now available as a contributed theme. Themes depending on Stable should add a dependency on the contributed Stable theme or migrate to Stable 9. Sites that use a theme that extends Stable must install the contributed project version before updating to Drupal 10.
Composer integration changes
Composer 2.2 and higher require Composer projects to authorize individual plugins. This means that Composer commands to install and update Drupal projects will fail unless either the required plugins are allowed in the project configuration or the user manually replies y
to a prompt to allow the plugin. Existing projects may need to update their configuration to authorize these plugins. This can be done by running the following commands:
composer config --no-plugins "allow-plugins.composer/installers" true
composer config --no-plugins "allow.plugins.drupal/core-composer-scaffold" true
composer config --no-plugins "allow-plugins.drupal/core-vendor-hardening" true
composer config --no-plugins "allow-plugins.drupal/core-project-message" true
For more information, review Composer 2.2+ authorized plugins.
Change to the Standard profile
The 'Basic HTML' format provided with the Standard profile no longer allows the <span>
tag. This should simplify copying and pasting from Microsoft Word, Google Docs and similar programs into either version of CKEditor on new installs. Existing installs may want to consider removing the tag from text formats and reviewing existing content.
API changes
-
Entity API changes
-
hook_entity_view_mode_alter()
no longer receives the$context
argument, which was always an empty array. Existing implementations ofhook_entity_view_mode_alter()
should remove the$context
argument. See thehook_entity_view_mode_alter()
change record for more details. -
The range validator for entities now yields a more accurate 'value not in range' message for Symfony 6.1 compatibility, with its violation error code also more accurately being
Range::NOT_IN_RANGE_ERROR
.
-
-
Serializer changes
Code that extends Symfony's Serializer component has been updated with stricter typehints and an additional argument for compatibility with Symfony 6.1 and future releases. For more information, review the change record: Context argument added in code that extends from Symfony's Serializer component.
-
Drupal version constant changes
In order to provide sites with the most complete information on which PHP versions are supported and recommended for their current installation,
\Drupal::MINIMUM_SUPPORTED_PHP
is deprecated and replaced by\Drupal\Core\PhpRequirements::minimumSupportedPhp()
. -
Database API changes
-
Drupal previously supported per-table prefixing for complex multisite setups. This functionality has been deprecated since Drupal 8.2. Warnings are displayed on the status reports of sites that still use this functionality from Drupal 9.3.0 on, and the functionality has been removed from Drupal 10. See the change record for alternatives to per-table prefixing.
-
A new interface
Drupal\Core\Database\SupportsTemporaryTablesInterface
has been added for database drivers to indicate support of temporary tables.
-
-
SimpleTest support removed from the core test runner
The SimpleTest module was moved to contrib before Drupal 9.0.0. Drupal 10 removes support for SimpleTest from the core test runner. Projects that use SimpleTest should convert their tests to PHPUnit.
-
Ajax commands can now return promises
Ajax commands can now return promises when they need to ensure some code has been executed before executing the next Ajax command in the list.
When altering thesuccess
method of aDrupal.Ajax
object, please make sure aPromise
is returned to ensure proper execution. Read more about the API changes in the Ajax system.. -
Off-canvas/Settings Tray CSS modernized
The off-canvas dialog’s CSS has been completely refactored in Drupal 10.0.0. This means that if your module or theme previously implemented custom CSS for the off-canvas dialog, it may need to be re-implemented (or removed if it was solely bug fixes). Additionally, all of the off-canvas CSS has been removed from Stable and Stable 9 to ensure that as many themes as possible will be able to benefit from the improvements. Read more about the changes to the off-canvas and Settings Tray CSS.
-
Functional JavaScript tests will now fail on JavaScript errors
JavaScript errors in tests are now caught and raised as test failures.. Previously, any JavaScript error that occurs that did not interfere with the functionality of the test was ignored. Now those errors are surfaced to the test runner.
-
_serviceId property no longer added to container services
For compatibility with PHP 8.2, the _serviceId property is no longer added to services in the container. Developers who relied on this property in custom code should read the change record for alternatives to the _serviceId property.
Backend (PHP) dependency changes
Added PHP dependencies
-
Drupal core requires
guzzlehttp/psr7
2.4.3 for implementation of several core services for PSR-17.
Removed PHP dependencies
The following dependencies have been removed from Drupal core:
- Diactoros: PSR-7, PSR-17, and PSR-18 functionality is now provided by
guzzlehttp/psr7
. - Laminas Feed
symfony-cmf/routing
- EasyRDF
symfony/translation
TYPO3/phar-stream-wrapper
: this library is only needed for PHP 7.3 and earlier.doctrine/reflection
: Relevant APIs were previously moved to Drupal core.stack/builder
: The functionality is now provided by a core API. Thehttp_kernel
service's functionality is unaffected by this change.
Updated PHP dependencies
-
Drupal 10 requires Symfony 6.2. Several indirect dependencies have changed as a result of the Symfony 6 update.
Additionally, the
symfony/deprecation-contracts
,symfony/event-dispatcher-contracts
,symfony/service-contracts
, andsymfony/translation-contracts
libraries have been updated from 2.5.2 to 3.1.1. -
Twig has been updated from 2.x to 3.4.3. Review the Twig 3 changes for PHP developers and template creators.
-
guzzlehttp/guzzle
7.5 is now required. -
asm89/stack-cors
has been updated from version 1.3.0 to 2.1.1.Enabling CORS now preserves cacheability whenever possible.
Previously, enabling CORS would add
Vary: Origin
to all requests of a different origin. With this change, enabling CORS will only add this if absolutely necessary. -
Drupal core's other production Composer dependency versions have been updated where possible to the latest major, minor, and patch releases. Where appropriate, constraints have been increased to require the latest minor versions.
Frontend (CSS and JavaScript) dependency changes
Removed frontend dependencies
-
The public Backbone and Underscore core libraries have been removed. These dependencies are now deprecated and for internal use only. Consequently, the
drupal.editor.admin
anddrupal.filter.filter_html.admin
libraries no longer depend on Underscore. Backbone and Underscore will eventually be removed from core.Modules or themes that depend on these libraries should either refactor their code to remove the dependencies, or treat them as third-party dependencies for the contributed module.
Most Underscore functionality has simple replacements in modern ES6 JavaScript. Review the change record about the Underscore deprecation for more information on upgrading your code.
-
Since Internet Explorer 11 is no longer supported, Drupal 10 deprecates all polyfill libraries and removes the files. Additionally, the
details
HTML tag is available in all supported browsers, so the supporting code that provided this element for Internet Explorer has been removed. If you plan to continue supporting Internet Explorer 11 even when used with Drupal 10, your project will have to depend on or implement any required polyfills directly. -
The Farbtastic library has been removed from Drupal core. There is no replacement. Developers should consider using browser-native color pickers instead.
-
The jQuery Joyride JavaScript library has been removed.
-
The PopperJS JavaScript library has been removed as a direct dependency. It was used only by Quick Edit, which has been removed from core. If you need to use it, you should define the library in a custom module.
Updated frontend dependencies
-
CKEditor 5 has been updated to the latest 35.4.0 release. This update has a minor breaking change that could affect the development of certain contributed or custom CKEditor 5 integrations. For more information read the CKEditor 5 35.4.0 release notes.
-
jQuery has been updated from 3.6.0 to 3.6.2.
-
tabbable has been updated to 6.0.10.
-
The Shepherd.js JavaScript package has been updated to 10.0.1. Additionally, the public core library for this package has been deprecated. Shepherd.js should only be used internally by Drupal core.
-
Drupal core's other production JavaScript dependency versions have been updated to the latest major, minor, and patch releases where possible. Where appropriate, constraints have been increased to require the latest minor versions.
Development dependencies
-
The JavaScript ES6 build process has been removed given that all browsers supported by Drupal Core are now ES6-compatible. This means that once the build tooling is removed from Drupal 10, core developers are no longer required to run the commands when they make changes to core JavaScript. This also means that
babel/core
and all related dependencies are no longer used as core development dependencies. -
Node.js is a required development dependency for Drupal core and the minimum supported version has been updated from 12 to 16. (Information on changes in Node.js 16.) An updated version of Node.js can be installed directly or with
nvm
. This only affects sites that have installed Drupal core's JavaScript development dependencies withnpm
oryarn
. -
The PHPStan static analysis tool, version 1.9.1, has been added to Drupal core's development dependencies and is run against all core patches and merge requests.
-
PHPUnit has been upgraded from 8.5.21 to 9.5.24, and all its sub-packages have been updated. PHPUnit 9.5 or higher is required, and PHPUnit 8 is no longer supported.
phpspec/prophecy-phpunit
and Mink 1.10 or later are also now required for PHPUnit. -
Drupal 10 development now requires
composer/installers
version 2.0 or higher (up from version 1.9). -
The Nightwatch testing library has been updated to version 2.4.2. Reference the Nightwatch developer guide for a list of high level changes in the 2.0.0 release.
-
The JavaScript
chromedriver
package has been removed. If you were running Nightwatch tests locally, you may need to start Chromedriver manually. -
The JavaScript
raw-loader
package has been removed as it is no longer required by Drupal’s build process. -
The Stylelint development dependency has been updated to version 14, and minor changes have been made to whitespace and quoting in core CSS. Refer to the change record on the Stylelint 14 update for more information.
-
stylelint-config-standard
, which enforces Drupal's CSS style, has been upgraded from 23.0.0 to 28.0.0. Developers who relied on this ruleset may have to make minor tweaks to their CSS to comply with the new standards. -
cspell
has been updated from version 5 to 6.14.1. This results in some slight changes to the dictionary for core development. -
Chalk has been removed as a JavaScript development dependency.
-
PostCSS has been upgraded from 7.0.39 to 8.4.16. Developers who used custom PostCSS plugins may need to refer to the PostCSS 8 plugin migration guide.
-
The ESLint JavaScript development dependency has been updated to version 8.9.0.
core/.eslintrc.passing.json
has been updated to reflect the new rules. -
eslint-plugin-yml
, the YAML style checker for ESLint, has been upgraded from 0.14.0 to 1.2.0. -
Drupal core's other JavaScript and PHP development dependencies have been updated to the latest major, minor, and patch versions wherever possible.
Core developers should completely remove their
node_modules
directory and re-runyarn install
from within thecore/
directory.
Coding standards
The following coding standards checks have been enabled in core:
-
Drupal.Array.Array.ArrayClosingIndentation Drupal.Array.Array.ArrayIndentation Drupal.Commenting.FunctionComment.MissingReturnType
-
All YAML files are linted for correct indentation.
Known issues
Search the issue queue for known issues.
- #3327856: Performance regression introduced by container serialization solution
- #3328256: Not working with Drupal 9.5 and 10
All changes since 10.0.0-rc3
- Revert "Issue #2568889 by smustgrave, berenddeboer, Lendude, Anandhi Karnan, ckaotik, boromino, diaodiallo, Yago Elias, yashingole, Abhijith S, Amber Himes Matz, dawehner, Scott Weston: Views exposed text filter set to required shows an empty error and form error on page load"
- Issue #3327115 by Eric_A, alexpott, xjm, longwave, pandaski: .htaccess rules broken since yarn.lock got added
- Issue #3326896 by longwave, lauriii, Wim Leers, effulgentsia, catch, xjm: Update CKEditor 5 to 35.4.0
- Issue #3326874 by longwave, xjm: Update to jQuery 3.6.2
- Issue #2828724 by Spokje, alexpott, ravi.shankar, Lal_, malcomio, ElusiveMind, smaz, yogeshmpawar, ridhimaabrol24, semiaddict, piggito, f.mazeikis, tvhung, tatarbj, ranjith_kumar_k_u, vijaycs85, baikho, Jelle_S, kleinmp, bbrala, Mike_info, David_Rothstein, pwolanin, cburschka: Username enumeration via one time login route
- Issue #3325772 by andypost, mondrake: Fix wrong property typehinting in SchemaCheckTrait
- Issue #2810985 by _Archy_, smustgrave, GoZ, joelpittet, csheltonlcm, ayush.khare, Lendude: Remove duplicate condition
- Issue #3213752 by Spokje, bradjones1, quietone, _pratik_, ravi.shankar, rpayanm, bbrala, alexpott, catch: Remove dead code from JsonApiDocumentTopLevelNormalizerTest
- Issue #3259090 by Lendude, mr.york, Pandepoulus: Exposed filter equality check works differently in PHP 8.0
- Back to dev.