drupal 8.9.0

This is a minor version (feature release) of Drupal 8 and is ready for use on production sites. Learn more about Drupal 8 and the Drupal 8 release cycle.

This minor release provides improvements without breaking backward compatibility (BC) for public APIs. There may be changes in internal APIs and experimental modules that require updates to contributed and custom modules and themes per Drupal core's backwards compatibility and experimental module policies.

Minor releases may include string changes and additions. Translators can review the latest translation status on localize.drupal.org.

Drupal 8.9 is the final minor release of the 8.x series. It is a long-term support (LTS) version, and will be supported until November 2021. It also provides the same public API as Drupal 9.0 aside from deprecated code and dependency changes. For more information on the Drupal 9 release, read the Drupal 9.0.0 release notes.

Drupal 8.9 is a good choice to update to first if you have an existing Drupal site, to ensure maximum compatibility and the smallest necessary changes for the Drupal 9 update.

If you are starting a new Drupal project, start with Drupal 9.0 for forward compatibility with later releases.

Regardless of which version you choose now, new features will only be added to upcoming Drupal 9 minor releases, so you should prepare your site for Drupal 9 this year in order to continue receiving the new features in Drupal 9.1 and 9.2.

Important update information

Recommended PHP version increased

Drupal 8.9 runs on all PHP 7 versions; however, it is recommended to update to at least PHP 7.3. Only PHP 7.3 and 7.4 are supported by the PHP maintainers until Drupal 8.9's end-of-life in November 2021. Users will see a status report message with this information.

Database driver handling improvements

• The default database is now checked when Drupal is updated to ensure it complies with the minimum version supported by the database driver. (Previously, this only happened during installation.) Updates will not proceed if the requirement is not met.

• If you see an error about your database version when running update.php, ensure your database meets the minimum database requirements or install one of the legacy database drivers provided as contributed projects.

• Database drivers provided by modules can now be placed in src/Driver/Database. These drivers will be listed in the installer. Existing custom or contributed drivers do not need to make any changes and will continue to work as before.

Update system improvements and upgrade path fixes

• Drupal now shows a more user-friendly warning when a site tries to upgrade to a new version without having run required intermediate database updates first.
  If you see 'Unsupported schema version' when attempting to run updates, you should:

  1. Back up your site and codebase.
  2. Locate an older version of the contributed module which contains the updates you missed.
  3. Downgrade the module to that version in your code base, and attempt to run updates again.

  When this error is shown, it will now also prevent any updates from proceeding, so may make a persistent issue on an existing site more obvious.

  Ideally, you should always attempt updates of contributed modules and core on a backup of your site (such as a local development environment) prior to running them on production.

• Additionally, module developers may now specify when they have removed post-update hooks, using the new hook_removed_post_updates(). See the change record on hook_removed_post_updates() for more details.

• Previously, corrupt menu link or taxonomy term data could cause fatal errors when sites attempted to update to Drupal 8.7 from 8.6 or earlier, due to two separate issues with the upgrade path.

  Some of this data will now be repaired automatically on upgrade. In some cases, this could result in content that was not displayed reappearing. If you previously encountered this upgrade path issue, review the change notice on the fixed menu and taxonomy upgrade path for more details on how to check for possible side effects from this change.

  Other data integrity issues that cannot be automatically repaired will result in an error message when update.php is run. If you were unable to update to 8.7 due to issues with menu link or taxonomy term data, Drupal 8.9.0 now adds instructions for resolving this issue. Try installing 8.8.4 and running update.php again. If you see an error that there are "Integrity issues detected" for your site data, follow the instructions in this change record to attempt to repair the data so that updates can be run.

• The Views configuration fixes previously applied as post-updates in #2846614: Incorrect field name is used in views integration for multi-value base fields are now applied at every Views save in order to resolve an upgrade path bug. The old configurations are now formally deprecated in 9.0.0 and will be removed from 10.0.0. For more information on the changes that introduced this in previous releases, see the related change records:

  1. Multi-value base fields in views no longer use an incorrect field name
  2. Drupal\node\Plugin\views\field\Path deprecated, Drupal\views\Plugin\views\field\EntityLink now provides this functionality
  3. Exposed filters can now limit which operator they expose

Migration system improvements

The migration path from Drupal 6 and Drupal 7 to Drupal 8 or 9 is stable, including multilingual migrations and many features which were moved into core for Drupal 9. Drupal 9 contributed modules are responsible for providing their own migrations into Drupal 9 and this is something to audit during the process of migrating a Drupal 6 or 7 site. Read more on Upgrading from Drupal 6 or 7 to 8 and newer.

• Multilingual migrations are now stable and have been moved into the main Migrate Drupal module. The experimental Multilingual Drupal Migrate module is therefore no longer required, and will be uninstalled automatically on upgrade.

• A new complete node migration, d7_node_complete.yml (for Drupal 7) and d6_node_complete.yml (for Drupal 6) is now available. This migration will migrate all nodes and node revisions, including translated nodes and translated node revisions. The complete node migration will eventually replace the existing trio of node migrations. See change record on the new 'complete node migration' for more information on the new migrations.

PHPUnit forward-compatibility APIs

Drupal 9 updates PHPUnit to PHPUnit 8, which introduces backwards compatibility breaks and new deprecations. In order to provide a continuous upgrade path from Drupal 8 (which uses PHPUnit 6 and 7), we've added forward-compatibility shims to provide bc and support the new APIs on older PHPUnit versions. Read the change record on the forward-compatibility shims for more information on the methods you can implement in your PHPUnit tests.

Theme system changes

Theme functions were deprecated prior to Drupal 8.0.0's release in favor of Twig templates. However, the deprecation did not use Drupal's deprecation APIs to notify module and theme developers. Starting with Drupal 8.9.0 the use of theme functions will start to trigger deprecation notices. (In Drupal 9, this error will also be logged because theme functions bypass the sanitization functionality provided by Twig.)

Changes to page caching with the Shortcut module

The Shortcut module disabled the cache for Dynamic Page Cache for users with access to shortcuts. These pages will now be cached which should result in a performance improvement. In rare cases, cache coherency (invalidation) bugs which were previously hidden by the disabled cache may now be surfaced. If content for authenticated users with access to shortcuts is cached incorrectly after upgrading to this release, the module that provides the incorrectly cached content might need a fix to its cache handling code (for example, cache tags or contexts).

Corrected deprecation errors

A handful of deprecation errors triggered were not actually classified as deprecation errors, and were being raised as silenced notices instead. E_USER_DEPRECATED were added to each to correct the problem. This means a small number of sites or modules might see deprecation errors in their tests when they did not previously. Only a handful of methods are affected. See #3137713: [D8 only] Update deprecation notices in NodeNewComments constructor and #3138591: [D8 only] Add missing E_USER_DEPRECATED to deprecation notices for the affected APIs.

Backend (PHP) dependency changes

• Drupal is now using stable releases for behat/mink (1.8.0) and behat/mink-selenium2-driver (1.4.0). These were previously pinned to development versions because a critical bug affecting Drupal core had not been resolved in any stable release.

• Since the Zend Framework has become Laminas, Drupal 8.9 now uses the Laminas components for several dependencies in place of the previous Zend Framework components. Code should be updated to use the new Laminas classes. A backwards compatibility layer is provided by laminas/laminas-zendframework-bridge. See the change record on updating to the Laminas components for examples of how to change your code.

• The Composer plugins provided by Drupal -- the scaffold plugin, the vendor hardening plugin, and the project message plugin -- are now compatible with Composer 2, and Drupal core now allows either Composer 1 or 2.

  Additionally, Composer has been updated from 1.9.1 to 1.10.6, and other Composer components have received minor- and patch-level updates.

• The project composer/installers is no longer pinned in drupal/core-recommended. It may now be upgraded whenever a new version is available, and a Composer-managed site runs composer update. We are releasing this fix on 8.8.x for Composer 2 forward-compatibility and to mitigate against an unusual composer upgrade path problem See #3134648: [backport, needs scheduling] Don't pin the composer/installers version in drupal/core-recommended for background information on this bug, and #3135247: Composer's "prefer-stable" setting cannot be relied on to produce a stable release for the direction we are taking to prevent future such problems.

• The wikimedia/composer-merge-plugin dependency has been removed because it is incoƒmpatible with Composer 2. It was deprecated in Drupal 8.8.0, and has not been used in core since that release. Any sites that have a separate requirement for this project should add it as a direct dependency.

• Earlier this year, Symfony released an advisory for a security vulnerabilities, CVE-2019-18888. Drupal core was not affected by these vulnerabilities, so back in November, we updated Druapl's lock file to provide only the secure version of Symfony to tarball installations.

  In this release, the version constraint of symfony/http-foundation has been increased to 3.4.35, to ensure Composer-built sites are also secure. Going forward, we may adopt this strategy for other packages where Drupal is not affected by a security issue, or we might add an external dependency that adds constraints for insecure versions of packages.

  Additionally, all other Symfony components have been updated from 3.4.32 to 3.4.41 the lockfile.

• Drupal 8.9's production and development dependencies have all been updated to new patch and minor-level versions where appropriate. Some highlights:

  • Guzzle has been updated from 6.3.3 to 6.5.4.
  • The TYPO3 Phar Stream Wrapper has been updated from 2.1.2 to 3.1.4.
  • asm89/stack-cors has been updated from 1.2.0 to 1.3.0.
  • The seld/jsonlint development dependency has been updated from 1.7.0 to 1.8.0.
  • Various Symfony polyfills have been updated from 1.12.0 to 1.17.0.
  • New Symfony polyfills have been added for PHP 7.2 and for idn_to_ascii() and idn_to_utf8() functions.
  • brumann/polyfill-unserialize has been removed.

Frontend (CSS and JavaScript) dependency changes

• The jQuery library was updated from 3.4.1 to 3.5.1, which includes the full fix for the security issue mitigated by SA-CORE-2020-002. This change does not include the backwards compatibility layer that was added to Drupal 8.8.x for self-closing HTML tags, so contributed and custom code may need to be updated to account for the change. Read more in jQuery's release history. Review the ”Update to jQuery 3.5.1” issue for more information.

• The js-cookie library has been added as a Drupal-9-compatible replacement for jquery.cookie, which is deprecated. A core/js-cookie library has been introduced, and a backwards-compatible shim is provided as core/jquery.cookie for Drupal 9.

  8.9.0 uses js-cookie version 3.0.0-rc.0 and will update to the stable 3.0.0 release once it is available. Review the change record on js-cookie for more information.

• The Sortable library (added in Drupal 8.8 as a replacement for deprecated jQuery UI functionality) has been updated to 1.10.2. If your module or site depends directly on Sortable, review the changes listed here: Sortable 1.10.2 changelog

• Drupal core's minimist JavaScript development dependency requirement has been updated from 1.2.0 to 1.2.2.

• All of Drupal's JavaScript development packages have been updated to the latest secure versions. This does not affect production sites.

Changes to coding standards

• The development dependency drupal/coder has been updated from 8.3.7 to 8.3.9. New coding standards rules are now available with this update. php_codesniffer has also been updated from 3.5.0 to 3.5.5.

• The Drupal.Classes.ClassFileName rule is now enabled in the core ruleset to ensure classes are named properly so that they can be autoloaded.

• The DrupalPractice.General.ExceptionT rule has been enabled, to ensure that no exception messages are translated. Ourconventions for exceptions disallow using the string translation or formatting APIs because they interfere with exception handling and because exception messages that differ from the codebase complicate the debugging process for developers.

• Drupal.Commenting.DocComment.TagGroupSpacing has been enabled for better whitespace formatting of docblocks.

Known issues

Search the issue queue for known issues.

• #3135247: Composer's "prefer-stable" setting cannot be relied on to produce a stable release
• #3145501: updb error processMultivalueBaseFieldHandler()

All changes since 8.9.0-rc1

• #3134648 by alexpott, dww, greg.1.anderson, hussainweb, catch, xjm, Mixologic: [backport, needs scheduling] Don't pin the composer/installers version in drupal/core-recommended
• #3118741 by dww, lauriii, xjm, nod_, tedbow, longwave, catch: [Security] Update yarn dependencies to fix security issues
• by xjm: Revert PHPCS ruleset to 8.9.0-rc1 because enabling rules is not an allowed change during RC.
• #2824935 by idebr, mfernea, Deepak Goyal, pfrenssen, longwave, hgunicamp, jofitz, andypost, daffie: Fix Squiz.ControlStructures.SwitchDeclaration coding standard
• #3109795 by alexpott, Berdir: Entity plural label context is not set as expected
• #3144204 by alexpott, jungle, longwave: Update Drupal 8.9's dependencies prior to release
• #3143722 by shaal, jungle, xjm: Update symfony/http-foundation to 3.4.35 (a security release)
• #2891603 by eiriksm, alexpott, charlietoleary, Grayle, drclaw, fgm: Contextual links can't handle multiple occurrences of the same contextual links (again)
• #2983452 by ridhimaabrol24, Kwadz, cburschka, jungle, somersoft, julienjoye, dhirendra.mishra, beram, daffie, alexpott: Improve support for SQLite in memory database
• #3123095 by quietone, Neslee Canil Pinto, benjifisher, mikelutz, catch: Rollback of complete node migration fails
• #2710407 by bobbygryzynger, dww, Kingdutch, Krzysztof Doma≈Ñski, jp.stacey, johnny5th, tea.time, joachim, andileco, Lendude, xjm, percoction: Option for 'Transform dashes in URL to spaces in term name filter values' on term arguments doesn't affect the query
• #2969231 by quietone, NickDickinsonWilde, joachim, xjm: errors in migration process configuration don't give a clear message
• #3123065 by jungle, daffie: Fix 'Drupal.NamingConventions.ValidClassName' coding standard
• #3138774 by sja112, mohrerao, shalinigaur: Fix "DoesNot" relevant typos in core
• #3143085 by neclimdul: Define and optimize alias definition in OptimizedPhpArrayDumper
• #2901745 by kostyashupenko, pazhyn, MerryHamster, ridhimaabrol24, andypost, vacho, longwave, mfernea: Fix 'PSR2.Namespaces.UseDeclaration.UseAfterNamespace' coding standard
• #3123068 by longwave: Fix 'Drupal.Semantics.FunctionT.ConcatString' coding standard
• #2937552 by longwave: Fix 'Drupal.Commenting.DocComment.TagsNotGrouped' coding standard
• #3138793 by sja112, mohrerao: Fix "configuration" relevant typos in core
• #3138801 by sja112, ankit.singh: Fix "readily" relevant typos in core
• #3138787 by mohrerao, sja112: Fix "response" relevant typos in core
• #3138718 by sja112, longwave, dww, xjm, alexpott: Convert British English spellings to American English, for the umpteenth time
• #3138802 by sja112, kkalashnikov: Fix "snafus" relevant typos in core
• #3138803 by sja112: Fix "strength" relevant typos in core
• #3138792 by sja112, dww: Fix "compatibility" relevant typos in core
• #3138799 by sja112, kkalashnikov: Fix "description" relevant typos in core
• #3138786 by sja112, mohrerao: Fix "Protected" relevant typos in core
• #3138785 by sja112, ankit.singh: Fix "Picasso" relevant typos in core
• #3138775 by sja112, mohrerao: Fix "Monoceros" relevant typos in core
• #3143339 by mohrerao, mondrake, longwave: Clean up the arguments of calls to WebAssert::titleEquals() and AssertLegacyTrait::assertTitle()
• #3138591 by ankit.singh, benjifisher, xjm, mikelutz, andypost: [D8 only] Add missing E_USER_DEPRECATED to deprecation notices
• Revert "Issue #3128880 by daffie, alexpott, mondrake: Make ConnectionUnitTest also run for PostgreSQL"
• #3143115 by Ramya Balasubramanian, mrinalini9, atul4drupal, xjm: README.txt file format for Drupal
• #3139218 by sja112, mondrake, xjm, ketikagrover, daffie: Replace usages of AssertLegacyTrait::assertResponse(), which is deprecated
• #3133798 by Beakerboy, daffie: Semicolon removed from query even when it is allowed
• #3138789 by sja112, jungle, Maithri Shetty: Fix "blockquote" relevant typos in core
• #3138778 by sja112, jungle: Fix "Nourriture" relevant typos in core
• #3138783 by mohrerao, jungle, DevJoJodae: Fix "Partially" relevant typos in core
• #3138772 by sja112, kkalashnikov, jungle, DevJoJodae: Fix "Disable" relevant typos in core
• #1831560 by acbramley, CRZDEV, mvwensen, fago, David_Rothstein, harsha012, Lendude, mrinalini9, Devin Carlson, borisson_, Gábor Hojtsy: Remove Html::resetSeenIds() call during form processing
• #3002820 by daffie, pavnish, dww, sokru, mmjvb: PHP Warning in template_preprocess_update_report(): Invalid argument supplied for foreach()
• #3139439 by Bunty Badgujar, mondrake, xjm, daffie: Replace usages of deprecated AssertLegacyTrait::assertHeader()
• #3139403 by sja112, mondrake, xjm: Replace usages of deprecated AssertLegacyTrait::assertElement(Not)Present()
• #2766135 by hchonov, jeroen.b, amateescu, neclimdul, gordon, chipway, jmuzz, timmillwood, daffie: EntityQuery with condition on the revision field leads to wrong results
• #3128880 by daffie, alexpott, mondrake: Make ConnectionUnitTest also run for PostgreSQL
• #3134308 by quietone, mrinalini9, benjifisher, xjm: Change 'is was' to 'is' in comments
• #3101214 by mrinalini9, Sutharsan, Kristen Pol: Document that Core is implicitly allowed to scaffold files
• #3055055 by hash6, scott_euser, jhodgdon, amarphule, anmolgoyal74, Gayathri J, jenniferaube, alonaoneill, diqidoq, kishor_kolekar, abhisekmazumdar: Convert appearance-related modules: breakpoint, color, layout_builder, layout_discovery module hook_help() to topic(s)
• #3097651 by kishor_kolekar, sauravk, reinchek, Neslee Canil Pinto, Adam Szalapski, sibustephen, ravi.shankar, kostyashupenko, Krzysztof Doma≈Ñski, KondratievaS, lauriii, ckrina: Implement secondary tabs based on the designs
• #2974640 by ilya.no, Berdir: ExposedFormPluginBase::exposedFormAlter() sets a bogus weight key
• #3071682 by Sam152, Roensby, phenaproxima, Wim Leers: The oembed Resource value object should be more permissive for NULL dimensions
• #3044059 by jhodgdon, vadim.hirbu, Gayathri J, Vitor Faria, sukottokun, ChrisBee, BramDriesen, rkoller: Convert big_pipe, dynamic_page_cache, page_cache module hook_help() to topic(s)
• #3047806 by jhodgdon, Gayathri J, thejimbirch, anmolgoyal74, luwoldy, batigolix, shimpy, alonaoneill, volkswagenchick, tatarbj, Amber Himes Matz, rkoller, CelSki, xjm: Convert book.module hook_help() to topic(s)
• #3101210 by mrinalini9, Sutharsan, Kristen Pol, greg.1.anderson: Remove 'overwrite' as documented example in scaffold options