Install
To start a new Drupal project with version 8.7.0:To update your site and all dependencies to the latest version of Drupal:
To update your site to this specific release:
Using Composer to manage Drupal site dependencies
Downloads
Release notes
This is a minor version (feature release) of Drupal 8 and is ready for use on production sites. Learn more about Drupal 8 and the Drupal 8 release cycle.
This minor release provides new improvements and functionality without breaking backward compatibility (BC) for public APIs. There may be changes in internal APIs and experimental modules that require updates to contributed and custom modules and themes per Drupal core's backwards compatibility and experimental module policies. Developers should review the Drupal 8.7.x change records for information on API additions and internal backwards compatibility breaks.
Minor releases may include string changes and additions. Translators can review the latest translation status on localize.drupal.org.
These release notes provide important update information for Drupal 8 site owners. You can also read about the new features in Drupal 8.7.0.
Important update information
Site update and module owners planning to update to this release should take note of the following important changes:
PHP 5 support, automatic entity updates, and Internet Explorer 9 workarounds have been removed
-
PHP 5.5 and 5.6 will no longer be supported as of Drupal 8.7.0.
As of December 2018, PHP 5.6 no longer receives security support from the maintainers of PHP. Anyone running Drupal 8 on PHP 5.5 or 5.6 should upgrade their PHP version to at least 7.1. PHP 7.2 is now recommended. Read more in the change record for the PHP requirement update. -
Starting with 8.7.0, Drupal core no longer provides support for automatic entity updates as these have resulted in conflicts with regular database updates and data integrity issues. Whenever an entity type or field storage definition needs to be created, changed or deleted, it has to be done with an explicit update function as provided by the Update API, and using the API provided by the entity definition update manager. (Note that using the API has always been the recommended way for developers to trigger entity updates.)
drush entup
is also no longer supported by Drupal core. These three change records provide further details: -
Workarounds for the stylesheet limit in Internet Explorer 9 (IE9) and earlier have been removed. Drupal dropped support for Internet Explorer 9 and 10 in 8.4.0, but Drupal 8.5 and 8.6 retained a workaround to allow 32 or more stylesheets to be included. This workaround has been removed in 8.7. Sites still requiring Internet Explorer 9 support for the work around of IE's limit of 31 style sheets per page, should enable CSS aggregation (preferred) or install the IE9 Compatibility contributed module.
Entity and field system changes
-
Entity schema operations will now leave backup tables in place for inspection. See the change record on entity update backup data for more details including how to disable this functionality.
-
Custom menu links and taxonomy terms are now revisionable, which allows them to be used in editorial workflows (similarly to nodes, media, and custom blocks). These changes involve an upgrade path and updates to the respective entity storages. Custom code updating these entities programmatically may need to update to take account revision creation. This may also impact API clients, exported default content, and custom database queries. See the change records for details:
-
Serialized properties of base fields are now automatically unserialized to be consistent with configurable fields. Existing workarounds for this bug might need to be adjusted if they relied on the old behavior of passing a string to those fields. Read the change record about loading serialized field properties.
Changes for Symfony 4 and 5 compatibility
-
Drupal\Component\DependencyInjection\Container
no longer implementsSymfony\Component\DependencyInjection\ResettableContainerInterface
for future compatibility with Symfony 5. If you are type-hinting on this interface, update your type-hint to instead useDrupal\Component\DependencyInjection\Container
Read the change record about the Container Symfony component. -
In the interest of supporting deprecations in Symfony 4 leading up to Symfony 5,
\Drupal\Core\Validation\TranslatorInterface
no longer extends\Symfony\Component\Translation\TranslatorInterface
.
Read the change record about the TranslatorInterface Symfony component. -
Additionally, numerous critical Symfony 4 and 5 compatibility issues are resolved in this release.
Plugin system changes
-
ConfigurablePluginInterface
, which is used by many, many plugins, is deprecated in favor of a combination of two interfaces:ConfigurableInterface
andDependentPluginInterface
. If the plugin does not have external module dependencies, then developers may opt to just implementConfigurableInterface
by itself and not implementDependentPluginInterface
.
Read the change record on deprecation of ConfigurablePluginInterface. -
For context-aware plugins defined by annotation the
context
key is deprecated. To define context definitions, use thecontext_definitions
key. Interacting with the context definitions of a plugin is unchanged, see\Drupal\Component\Plugin\ContextAwarePluginInterface
.
Read the change record on context definitions for plugins.
Changes to base themes (Stable, Classy)
This release includes some small changes to core's base themes (Stable, Classy). Themes that extend one of these base themes should review the following changes.
New stable module: Layout Builder
Layout Builder allows content editors and site builders to easily and quickly create visual layouts for displaying content. Users can customize how content is arranged on a single page, or across types of content, with an easy to use drag-and-drop interface.
This module was introduced as an experimental core module in Drupal 8.5.0, but is now stable and ready for production use! For sites using the experimental module prior to 8.7.0 there are some important changes:
-
The Layout Builder module is designed to support extensible storage for layouts, so that layouts can be created and saved for various use cases. (For example, the core module has two storages, one for default content layouts and another for individual entity layouts.) A serious bug with the beta API prevented other storages from being used and API changes were required to resolve this issue.
Layout Builder section storage plugins must adapt to changes to their interface and rely on the context system instead of external setter calls. Additionally, those interacting with the Layout Builder API must use the new methods for loading SectionStorage plugins.
-
Layout Builder overrides are now stored in non-translatable fields. This means that on entities with overridable layouts, when Content Translation is enabled, the Layout tab is only available when viewing the entity in its default language (not from a translation) and layout changes made from there apply to all translations.
For sites that installed Layout Builder and enabled layout overrides for some entity bundles while it was still Experimental, this release retains the site's existing translatability configuration of those fields. For those sites, manually setting the layout field to non-translatable is strongly recommended unless there is existing layout translation data. See the change record on Layout Builder translation changes for more details. Layout translatability is planned as a feature for a future release.
-
Layout Builder now has more granular permissions Previously, it only provided a single permission to access all aspects of Layout Builder (configuring/deleting layouts, adding or removing inline blocks, etc.). One example of Layout Builder's more granular permission options means users will only be able to manipulate the layout of content if they have access to edit that content. Review Layout Builder's permissions after updating and change to permissions where appropriate for better access control.
-
CSS classes used in Layout Builder's user interface have been renamed in accordance with BEM standards. For example, classes like
.layout-section
are now.layout-builder__section
.
Read the change record on BEM standards for Layout Builder's user interface classes.
New stable module: JSON:API
JSON:API is now included in core. Contributed modules that depend on the contrib JSON:API project should remove this dependency now that the module is in core.
Sites currently using the 8.x-2.x branch of the JSON:API contributed module should remove the contributed module from the codebase, ensuring that any contrib modules depending on the contributed project are updated at the same time. Use composer remove drupal/jsonapi
to remove the JSON:API contributed project when updating core, and rm -rf modules/jsonapi
if not using composer, when updating to Drupal 8.7.0.
The contributed module will not receive further updates aside from security fixes.
Sites using the 8.x-1.x branch may require changes to API clients, but the contributed module may be left in place with Drupal 8.7 until any needed conversions are complete. You may experience difficulties upgrading with Composer to Drupal 8.7.0 with drupal/jsonapi installed, or, are unable to install drupal/jsonapi into Drupal 8.7.0 with Composer. See #3053700: Impossible to update drupal/core to 8.7.0 with Composer >= 1.7.3 if drupal/jsonapi is installed for information about how to work around this problem.
Note that the core version of JSON:API uses a read-only mode by default for security reasons. This is configurable at /admin/config/services/jsonapi
. Sites requiring create, update, or delete access should review the JSON:API security considerations documentation.
Third-party library updates
The following third-party libraries are updated in this release:
-
Guzzle has been updated from 6.3.0 to 6.3.3. With this update, the http_client service also now supports empty headers.
-
Previously, Drupal packaged a copy of the PEAR Archive_Tar library in a Drupal core namespace. In 8.7, this has been deprecated and replaced with a proper Composer dependency on this library. The dependency has also been updated to version 1.4.6.
-
drupal/coder
has been updated to ˆ8.3.1. You may need to re-install coder if you have automated coding standards checks as part of your workflow, since the update includes new coding standards checks. -
CKEditor has been updated to 4.11.3.
-
Twig has been updated to 1.38.4.
-
A number of other PHP dependencies have also been updated, including:
composer/installers
to 1.6.0composer/semver
to 1.5.0egulias/email-validator
to 2.1.7paragonie/random_compat
to v2.0.18- Most
symfony/*
components to v3.4.26 symfony/http-foundation
to v3.4.27symfony/polyfill-*
to v1.11.0typo3/phar-stream-wrapper
to v2.1.0
Other important update information
-
Previously, a fix was committed following upstream Symfony issue with lazy session data in Symfony 3.4.24. Symfony has now reverted the commit in Symfony 3.4.27 (released May 1). Drupal 8.7 has therefore reverted the workaround for the issue and updated symfony/http-foundation to 3.4.27. Other Symfony components remain on 3.4.26 as of Drupal 8.7.0. Any site owners encountering issues with lazy session data should review the above issue and ensure that http-foundation is updated to 3.4.27.
-
datetime
fields that store both date and time now specify a time zone when normalized,datetime
fields that store only a date no longer expose a (meaningless) time when normalized.daterange
fields behave the same way asdatetime
fields, because both field types use the same "data type" under the hood, and hence get the same normalization. Finally, there is now automatic time zone conversion whenPOST
ing orPATCH
ingdatetime
ordaterange
fields: the client can specify any time zone, and the necessary transformations to match the site's timezone are applied.
Read the change record about normalization of the Date and Date range fields. -
The
session_handler.write_check
service has been removed fromcore.services.yml
. In the unlikely event that this service is being swapped out, the functionality has been moved to\Drupal\Core\Session\WriteSafeSessionHandler
- thesession_handler.write_safe
service.
Read the change record on removal of the session handler proxy. -
In order to resolve a critical issue affecting the PostgreSQL database, The naming scheme for PostgreSQL sequence generators has been changed.
-
For all changes that may affect contributed or custom code, search the Drupal 8.7.x change records.
Important bug fixes
In addition to those already listed above, the following critical and important issues have been fixed in Drupal 8.7.0.
-
The Entity system now provides an API for retrieving an entity variant that is safe for editing and previewing in editorial workflows, depending on the specified context, by default the current context.
-
#2942675: Layout builder should use the active variant of an entity to avoid orphaned revisions
-
#2891754: [regression] UserMailRequiredValidator fails on new user entities
-
#2787185: track_changes does not work when the map is joinable
-
#3033653: InvalidArgumentException when adding reference field without Media type
Beginning with the Drupal 8.7.0-beta1 release, the Drupal Association and Drupal core maintainers have partnered with agencies and site owners in an official beta testing program for Drupal core minor releases. A number of issues were identified and resolved directly as a result of this initiative. Participating in the beta program is an important way to contribute to the Drupal project. Special thanks to the following individuals and organizations for participating, and directly contributing to the quality of this release:
- larowlan at PreviousNext for Charles Darwin University, Brisbane City Council, Wyndham City Council
- plach
- RoSk0 at Catalyst IT
- alexpott at Thunder
- thursday_bw at Catalyst IT
- Juterpillar at Catalyst IT
- Joseph Zhao at govCMS (Australian Government Department of Finance)
- daniel.bosen at Thunder
- kim.pepper at PreviousNext
Known issues
- #3052431: layout_builder_post_update_make_layout_untranslatable() still attempts to query all revisions for non-revisionable entities
- #3052147: comment_update_8701 fails if there are comments without field_name
- #3052140: Cannot convert custom entity types from non-revisionable to revisionable with pre-8.7.x compatible methods
- #3044211: SectionStorage objects in tempstore are broken when updating from 8.6.x to 8.7.x
- #3026560: After upgrade to 7.63, 8.5.10, 8.6.7, 9.4.0 get TYPO3 phar error for drush
- #3026443: \Drupal\Core\Security\PharExtensionInterceptor is incompatible with GeoIP and other libraries that use phar aliases or Phar::mapPhar()
- #3044682: Permission denied creating /tmp/twig
- #3053700: Impossible to update drupal/core to 8.7.0 with Composer >= 1.7.3 if drupal/jsonapi is installed
Search the issue queue for all known issues.
All changes since 8.7.0-rc1
- #3045349 by alexpott, mikelutz, geerlingguy, catch, mglaman, larowlan: Lazy started sessions with session data are not saved with symfony/http-foundation 3.4.24
- #3051826 by tim.plunkett, mikemadison: 8.7.0-rc1 database updates fail on media_library configuration dependencies due to missing form and view modes
- #2981393 by quietone, masipila, heddn, Gábor Hojtsy, maxocub: Migrate D6 comment type language settings
- #2987956 by mariancalinro, amateescu, vijaycs85, mheip, mallezie: Entity queries with sorting and ordering are not working in a non-default workspace
- Revert "Issue #2987956 by mariancalinro, amateescu, vijaycs85, mheip, mallezie: Entity queries with sorting and ordering are not working in a non-default workspace"
- #3022137 by quietone, heddn: Update migrate fixtures for remaining active issues
- #3045966 by partyka, shaal, Wim Leers, Gábor Hojtsy, mglaman, tedbow, Berdir, kjay: Set author and editor passwords to the admin password in the demo to make demoing easier
- #3049737 by shaal, smaz: Demonstrate per item layout customization in Umami, make finding layout editing much easier
- #3050180 by alexpott, shaal, smaz: Cannot install Umami in Spanish
- #2904550 by tim.plunkett, Sam152, jwilson3, neclimdul, eelkeblok, amateescu, DuaelFr, K3vin_nl, alexpott, tedbow, andypost: PluginDependencyTrait::calculatePluginDependencies() does not handle theme provided plugins
- #3048698 by Sam152, alexpott, tedbow, fenstrat: Content moderation layout builder integration fails when a node has an associated menu item
- #3046992: Add @ckrina as a usability maintainer
- #3040166 by oriol_e9g, Mile23, willzyx, Berdir, alexpott, catch, cilefen: mkdir() fails in BrowserHtmlDebugTrait.php:141 because of a race condition
- #3048699 by shaal: Taxonomies are only displayed in English
- #3029669 by tim.plunkett, K3vin_nl, mpdonadio: Layout Builder must adjust #states for formatters written expecting to be used by the Field UI
- #3010825 by mark_fullmer, tim.plunkett, tedbow, johndevman: Back to site link returns user to manage layout for defaults
- #3046121 by shaal, pawandubey, kjay: Umami tabs are too wide for mobile screens
- #3019824 by nord102, tim.plunkett: Layout Builder's isOverridable()/setOverridable() do not respect the result of isLayoutBuilderEnabled()
- #2955065 by tim.plunkett, phenaproxima, pixlkat, andypost, mtodor, dmsmidt: Customized layout does not display for node with customizations enabled when using full content view mode
- #3040645 by mark_fullmer, tim.plunkett, porkloin, xjm, andrewmacpherson, mgifford: Add a role=region wrapper to the Layout Builder action form to fix screen reader navigation barriers
- #2802803 by Berdir, AdamPS, Darren Oh, alexpott, Munavijayalakshmi, jackbravo, slashrsm, mmbk, Dane Powell, larowlan, LittleCoding, gapple, catch, wiifm, quantumized, acbramley: Temporary files whose files are missing on the disk result in never-ending error log messages
- #2995655 by awm, Sam152, jedgar1mx, lpeabody, axel.rutz: Invalid translation language (und) specified. in Drupal\Core\Entity\ContentEntityBase when changing language of an entity