drupal 11.1.0

This is a a feature minor release of Drupal 11 and is ready for use on production sites. Learn more about Drupal 11 and the Drupal core release cycle.

This minor release provides improvements and new functionality. It does not break backward compatibility (BC) for public APIs. There may be changes in internal APIs and experimental modules. If so, contributed and custom modules and themes may need updating. This is according to Drupal core's backward compatibility and experimental module policies.

This release may include string changes and additions. Translators can review the latest translation status on localize.drupal.org.

Drupal 11.1.x will receive security support until December 2025. Drupal 11.0.x will continue to receive security support until June 2025.

Important update information

11.1.0 tag has been moved

Due to a packaging issue the 11.1.0 tag has been moved and recreated. This will not affect anything unless you fetched tags between Friday December 13th 2024 and Monday December 16th 2024.

Changes to site-owner-managed files

• A directive has been added to the default .htaccess file that attaches the correct image/webp header for webp images when the MIME Apache module is enabled. This is needed for sites hosted on Apache web servers running on operating systems that do not support the webp image MIME type. These sites should update their .htaccess files to take advantage of this improvement.

• The sid_length and sid_bits_per_character configuration options are no longer supported in PHP 8.4 or Symfony 7.2, so they have been removed from default.services.yml. Sites should remove these settings from any services.yml files.

The "Access the Content blocks overview page" permission is no longer required to create blocks. This means that roles that have "Create new content block" permission for a given block type will be able to create these blocks when they could not in previous releases. Site owners should audit their Block Content permissions to ensure that block creation access is granted intentionally in all cases, and can also now consider revoking access to the content block overview listing for roles that do not need it.

API and behavior changes

• Most procedural hooks are now implemented in classes. We recommend that sites that are altering core hook implementations review those implementations and update as needed. For more details, review the following two change records:

  1. Hooks can now be implemented in classes (information on the new API)
  2. (information on the conversion of core implementations)

• Assets are now ordered by dependencies instead of relying on the order that libraries were attached to the page. This is a bug fix that resolves various issues with asset handling. However, there may be side effects in some situations (for example, if a library specifies an individual asset weight that conflicts with its dependencies). Module or theme authors should review their projects for library dependencies that specify custom weights and evaluate any that do to determine if they are affected by this change.

• The default value of the Account setting, "Who can register accounts?" has changed from "Visitors, but administrator approval is required" to "Administrators only" . This change only applies to new sites built with either the "Standard" or "Minimal" installation profile.

• Using Composer is the only way to safely and correctly add new code to a Drupal installation. Therefore, the following pages (which supported installing modules and themes via file uploads) have been removed without replacement:

  • The "Add new module" page at /admin/modules/install
  • The "Add new theme" page at /admin/theme/install
  • The "Add new module or theme" page at /admin/reports/updates/install

  See the Additional information, deprecations, and API changes related to installing an extension through the user interface.

• The Page Cache and Dynamic Page Cache response headers have been improved to include more details about the cacheability.

• A new Workspaces UI module has been added which provides the Workspace module's routes and toolbar integration. This is to allow alternative user interface implementations in core or contrib.

  Sites already using workspaces will automatically have workspaces_ui enabled in an update.

Automated testing changes

declare(strict_types=1);

Experimental module changes

• Package Manager has been added as a hidden, experimental module. This is to allow Automatic Updates and Project Browser to be tested and eventually added to future versions of Drupal core.

PHP dependency changes

• Symfony has been updated to 7.2.0.

• Twig has been updated to 3.14.2.

• Numerous other dependencies have received minor- and patch-level updates to the latest versions.

PHP development dependency changes

• Composer has been updated to 2.8.1.

• OpenTelemetry has been updated to 1.1.0. This adds additional development dependencies including the tbachert/spi Composer plugin. When this package is installed by Composer you may be asked whether to trust this plugin. Unless you are using OpenTelemetry performance testing, in Drupal you can safely answer "no" to this question.

Frontend (CSS and JavaScript) production dependency changes

• CKEditor has been updated to 44.0.0.

• jQuery UI has been updated to 1.14.0.

Development dependencies

The Nightwatch testing library has been updated to version 3.7.0. Reference the Nightwatch developer guide for a list of high-level changes in the 3.0.0 release.

Known issues

Search the issue queue for known issues.

All changes since Drupal 10.4.0-rc1

• Issue #3493182 by tim.plunkett, catch, lauriii: Block visibility settings have summary duplicated in the title
• Issue #3493146 by spokje, smustgrave: Update all JavaScript dependencies which cause no changes
• Issue #2962753 by ivnish, asawari, sagarmohite0031, phenaproxima, smustgrave, longwave, pameeela, sime, joelpittet, quietone: Remove oEmbed security warning
• Issue #3493287 by phenaproxima, alexpott, longwave, tim.plunkett: The default content importer should handle Layout Builder section data
• Issue #3456417 by eugene bocharov, pablo_pukha, smustgrave, oily, andypost: [regression] DateHelper::dayOfWeekName() returns untranslated name
• Issue #3493141 by spokje, quietone: Bump cspell to 8.16.1
• Issue #3489022 by mondrake, larowlan, catch, el7cosmos, bbrala, alexpott, fjgarlin, longwave, xurizaemon, rosk0, poker10, mstrelan, nick_schuch: Remove drupalci.yml
• Issue #2533756 by quietone, jhodgdon, xjm: Revisit large numbers of @see in text element docs
• Issue #3487488 by kim.pepper, mondrake, dakwamine, smustgrave: ExtensionMimeTypeGuesser::guessMimeType must support file names with "0" (zero) in the extension parts like foo.0.zip
• Issue #3463226 by quietone, dww, smustgrave, catch, xjm: Use the new equivalent updates API to prevent updates from 10.4.0 to 11.0.0
• Issue #3491256 by amateescu: Improve the exception message for unsupported entity types in a workspace
• Issue #3492453 by larowlan, catch, longwave, alexpott, godotislate: Memory leak in DrupalKernel when installing modules
• Issue #3490163 by spokje, andypost, longwave: Update Composer dependencies for 11.1.0
• Issue #3486170 by godotislate, bbrala, finnsky, longwave: Remove use of deprecated "spaceless" filter in core templates
• Issue #3491386 by nicxvan: Using hooks_converted container parameter changes $dir during hook collection breaking collection of oop hooks.
• Issue #3491464 by longwave, spokje, salmonek: Update CKEditor 5 to 44.0.0
• Issue #3488005 by spokje: Update stylelint* to latest releases
• Issue #3490355 by nicxvan, godotislate, catch: Add procedural hook short circuit per module or file
• Issue #3487826 by catch: package_manager kernel tests are slow
• Issue #3486995 by nicxvan: Clean up how ModuleInstaller invokes hooks around installing other modules
• Issue #3490296 by nicxvan: Mark hook_install_tasks and hook_install_tasks_alter as procedural only
• Issue #3490298 by nicxvan: Profiles can be missed in OOP hooks
• Back to dev.