drupal 8.9.15

This is a patch (bugfix) release of Drupal 8 and is ready for use on production sites. Learn more about Drupal 8.

Drupal 8.9 is the final minor release of the 8.x series. It is a long-term support (LTS) version, and will receive security coverage until November 2021. It provides the same public API as Drupal 9.0 aside from deprecated code and dependency changes. (Learn more about Drupal 9.) Note that features will only be added to Drupal 9 minor releases, so plan to adopt Drupal 9 as soon as possible so that you can easily update to Drupal 9.2 and later.

If you are upgrading to this release from 8.8.x, read the Drupal 8.9.0 release notes before you upgrade.

Known issues

Search the issue queue for known issues.

Important changes

The default glossary view did not previously include a filter to exclude unpublished content. This view now includes such a filter by default, and an update function is provided with this release to add a status filter to the view on existing installations which do not have it.

Dependency updates

The composer/composer development dependency has been updated from 1.10.6 to 1.10.22.

Archive_Tar has been updated to 1.4.13 for security hardening.

Drupal core's development dependency on the Nightwatch npm package has been increased from 1.2.1 to 1.6.3 and all locked versions of dependencies have been updated to address security issues in these dependencies.
The minimum version of node.js for 8.9.x development has been increased to version 10.

Underscore.js has been updated to 1.13.1

Changes since 8.9.14:

• #3209456 by kpa, piggito, mherchel: Update Underscore.js to the latest version (1.13.1)
• #3211810 by alexpott, xjm, Spokje, Amber Himes Matz, Kristen Pol, lauriii: [security] Update Nightwatch and locked dev dependencies to address security issues
• #3212177 by alexpott, lauriii: Update caniuse-lite as it is outdated
• #3211805 by xjm, Kristen Pol, longwave: Update composer/composer dev dependency in metapackages to 2.0.13
• Revert "Issue #3211164 by alexpott: Random errors in Javascript Testing"
• #3211164 by alexpott: Random errors in Javascript Testing
• #3128389 by clayfreeman, jungle, cliddell, john.oltman, acbramley, larowlan: [backport] LocaleTranslation is not serializable
• #2571475 by mglaman, tstoeckler, tedbow, eiriksm, Jaesin, phenaproxima, alexpott: Outbound HTTP requests fail with KernelTestBase
• Back to dev.
• Merged 8.9.14.
• #2958588 by cainaru, lauriii, DamienMcKenna, clayfreeman, longwave, galactus86, bkosborne, pawandubey, doublealpha, Blackstallion, alexpott, tim.plunkett, kpaxman, justcaldwell, mark_fullmer: Off-canvas style resets are overriding styles (especially SVGs) resulting in display issues
• #3120301 by alexpott, zestagio, Wim Leers: RoutePreloader: prevent preloading of routes generated by JSON:API
• #3207086 by benjifisher, larowlan, mondrake, Spokje: [HEAD BROKEN] Consistent failure in MonthDatePluginTest
• #3202440 by jonathanshaw, ravi.shankar, catch, longwave: [backport] EntityQuery accessCheck: field ui cardinality validation should not be access sensitive
• #3206540 by yechaozheng, longwave: Set access check to FALSE for entityQuery of user in user_is_blocked function
• #3183301 by mcdruid, longwave, markwittens, nathandentzau, marcaddeo, janusman, -nrzr-, David_Rothstein, Heine, vijaycs85, xjm, tim.plunkett, pandaski, Wim Leers, larowlan: Add tests for SA-CORE-2020-009
• #3201393 by Lendude, dww, imalabya, dawehner, anmolgoyal74, Abhijith S: Filter glossary view by status
• #3169212 by int_ua, Matroskeen, anmolgoyal74, Krzysztof Domański, alexpott, biblos, init90, xjm: Improve transliteration of Ukrainian letters
• #3184650 by geek-merlin, quietone, benjifisher, alexpott: ContentEntity migration source adds revision ID as source key, incompatible with Drupal 8.8 and earlier
• #3201470 by jonathanshaw, catch, longwave: EntityQuery accessCheck: Cron functions should never check access
• #3192260 by danflanagan8, longwave, jhodgdon, dww: [random test failure] Random fail in media_library CKEditorIntegrationTest
• #3199205 by xjm, mcdruid: Update Archive_Tar to 1.4.13
• #2857444 by nedjo, alexpott, jofitz, gaurav.kapoor, Wim Leers: Editor module fails to track usage of files embedded in non-core fields
• #2969107 by raman.b, alexpott, matiasmiranda, L-four, kkalashnikov, catch, daffie, Lendude, xjm: 500 error on passing invalid month to MonthDate view argument handler
• Revert "Issue #2969107 by raman.b, matiasmiranda, kkalashnikov, L-four, daffie, Lendude: 500 error on passing invalid month to MonthDate view argument handler"
• #2969107 by raman.b, matiasmiranda, kkalashnikov, L-four, daffie, Lendude: 500 error on passing invalid month to MonthDate view argument handler
• #3192231 by larowlan, xjm, catch, Mixologic, kim.pepper: UnroutedUrlTest is failing on dev versions of PHP
• #3054510 by greggles, Spokje, bas123, fchandler, effulgentsia, Wim Leers, mr.baileys, patchman-jelmerverkleij: Make a minor docs improvement to NormalizerBase.php in order for Patchman to see it as a newer version than it was prior to SA-CORE-2019-003
• Merge 8.9.13, resolve merge conflicts, and update lockfile and dev versions.