drupal 9.1.8

This is a patch (bugfix) release of Drupal 9 and is ready for use on production sites. Learn more about Drupal 9.

Drupal 9.1.x will receive security coverage until December 8, 2021 when Drupal 9.3.0 is released.

If you are upgrading from Drupal 8, read upgrading a Drupal 8 site to Drupal 9, 9.0.0 release notes, and the 9.1.0 release notes before upgrading to this release.

If your site is on 8.8.x or earlier, you may wish to upgrade to Drupal 8.9.13 instead. Regardless of which version you choose now, features will only be added to Drupal 9 minor releases, so plan to adopt Drupal 9 as soon as possible so that you can easily update to Drupal 9.2 and later.

Known issues

Search the issue queue for known issues.

Dependency updates

The composer/composer development dependency has been updated from 2.0.2 to 2.0.13. This version also requires the composer/metadata-minifier library, which has been added as a development dependency.

Most Symfony components have been updated to 4.4.19 for multiple bugfixes including a security hardening. Symfony 5.x components have been updated to 5.1.11.

Underscore.js has been updated to 1.13.1.

Drupal core's development dependency on the Nightwatch npm package has been increased from 1.2.1 to 1.6.3 and all locked versions of dependencies have been updated to address security issues in these dependencies.

Changes since 9.1.7:

• #3209456 by kpa, piggito, mherchel: Update Underscore.js to the latest version (1.13.1)
• #3211810 by alexpott, xjm, Spokje, Amber Himes Matz, Kristen Pol, lauriii: [security] Update Nightwatch and locked dev dependencies to address security issues
• #3212177 by alexpott, lauriii: Update caniuse-lite as it is outdated
• #3211164 by alexpott, catch: Random errors in Javascript Testing
• #3211805 by xjm, Kristen Pol, longwave: Update composer/composer dev dependency in metapackages to 2.0.13
• #3199209 by xjm, andypost: Update Drupal 9 branches to the latest patch releases of Symfony components
• Revert "Issue #3211164 by alexpott: Random errors in Javascript Testing"
• #3211164 by alexpott: Random errors in Javascript Testing
• #3203476 by mondrake, longwave, alexpott: Convert assertions involving use of xpath on divs to WebAssert
• #3205037 by longwave, neclimdul: Drupal\Tests\Component\Annotation\PluginIdTest tests a non-existent constructor
• #3210694 by longwave, quietone, Spokje: Ignore i18n-prefixed words in spellcheck
• #3210502 by longwave, quietone, Spokje: Convert UpdateDescriptionTest to a kernel test
• #3207893 by alexpott, Spokje, larowlan, catch: Set system.css_js_query_string during install
• Revert "Issue #3207893 by alexpott: Set system.css_js_query_string during install"
• #3199284 by Indrajith KB, markconroy: Umami includes non-existing css/components/regions/page-title/page-title.css
• #2823914 by danflanagan8: Render caching in DisplayPluginInterface::buildRenderable is broken when arguments are provided
• #3207893 by alexpott: Set system.css_js_query_string during install
• #3209048 by jedihe, jplana: Core themes are not added to the test autoloader
• #3204763 by longwave: Fix mismatched sprintf calls
• #1624278 by quietone, longwave: cleanup of docblock to UI text in update_get_update_list() is weak
• #3205026 by longwave: Missing use statement in Drupal\Core\KeyValueStore\DatabaseStorage
• #3202434 by paulocs, codebymikey, catch, guilhermevp, joachim: The RequestPath ("request_path") condition plugin summary is inaccurate
• Back to dev.
• Merged 9.1.7.
• #2496913 by larowlan, jungle, mohit_aghera, attiks, andypost, jonathanshaw, Bojhan, yoroy: Don't expose entity types with string ids as a target option when creating comment types
• #2488302 by mohit_aghera, mohit.bansal623, mikemadison, pameeela, guilhermevp, Abhijith S: Update message that displays when configuration translation is saved without changes
• #3208267 by jonathanshaw, longwave: EntityQuery accessCheck: InlineBlockEntityOperations should not check access
• #3208265 by jonathanshaw, longwave: EntityQuery accessCheck: comment_user_predelete() should not check access
• #2944846 by quietone, masipila, jibran, jhodgdon, heddn, phenaproxima: Improve description of key concepts in migrate.api.php documentation
• #3136107 by himanshu_sindhwani, lauriii, Spokje, RoshniPatel.addweb, ranjith_kumar_k_u, Bunty Badgujar, generalredneck, nod_, jcmartinez: Wrapper gets removed while adding html textfield or textarea using replacement patterns
• #3206939 by Matroskeen, quietone: Add documentation for Migrate and Migrate Drupal source plugins
• #3199428 by clayfreeman, quietone: Remove testing the internals of DependencySerializationTrait from LocaleTranslationTest
• #3208222 by jibran: Tables::addNextBaseTable() doesn't use square brackets syntax
• #3120301 by alexpott, zestagio, Wim Leers: RoutePreloader: prevent preloading of routes generated by JSON:API
• #2927500 by quietone, ridhimaabrol24, kristiaanvandeneynde, phenaproxima, Kristen Pol: Set entity type ID and field name in EntityFieldManager::buildFieldStorageDefinitions
• #3208225 by alexpott, Spokje: Do less unnecessary work in FieldHelpTest
• #3186821 by mohit_aghera, Dom., ankithashetty, Kristen Pol: Attribute “hreflang” not allowed on element “span” and “button” at this point
• #2414019 by Hardik_Patel_12, mpp, swelljoe, jungle, quietone, mohit_aghera: Use of strtoupper for URLs in MailFormatHelper.php's htmlToText() method triggers spam filters
• #3182970 by acbramley, paulocs, vakulrai, chandrashekhar_srijan, dww, sonam.chaturvedi, Madhu kumar, vikashsoni: Logout option is displayed for anonymous users
• #3123058 by longwave, jungle, xjm, daffie: Fix 'Drupal.Commenting.DocComment.ParamGroup' coding standard
• #3207308 by longwave: Fix 'Generic.Formatting.DisallowMultipleStatements' coding standard
• #3207654 by jonathanshaw, andypost: EntityQuery accessCheck: more aggregator fixes