1.24.0-preview

This is the preview release of Backdrop 1.24.0. Please use this version if you would like to help us test the features in the new version of Backdrop prior to the official release on January 15th, 2023.

Notes for updating

• The .htaccess file has been modified to include settings for PHP 8. (See #5906)
• No changes have been made to the robots.txt or default settings.php files in this release. Updating customized versions of those files is not necessary.
• It will be necessary to run the update script (located at /core/update.php) for this release.

Changes since version 1.23.1 are listed below.**

New features

• Add a views field handler for project properties from the database. #5820
• Add descriptions for user roles. #5748
• Add a configuration option for database log message length. #5553
• Make File::access consistent with other entity classes. #5480
• Add "Rebuild search index" process to replace "Invalidate search index". #4182
• Add a "Back to site" button into the Admin Bar. #2709
• Add an instant search filter to the permissions page. #980

Bug fixes

• Instant search filter for the permissions page doesn't reset on role-specific pages #5909

1.23.1

Maintenance release for Backdrop CMS. This update contains bug fixes and usability improvements only.

Notes for updating

• It will be necessary to run the update script (located at /core/update.php) for this release.
• No changes have been made to the .htaccess, robots.txt or default settings.php files in this release. Updating customized versions of those files is not necessary.

Changes since version 1.23.0 are listed below.

Bug fixes

• Fixed: Views query/distinct settings issues when setting "This page (override)" in PHP8. #5854
• Fixed: Exports of flexible templates throw PHP 8 error when System language is not English. #5853
• Fixed: node_cron_last state is stored as a string. Similar dates are stored as integer. #5849
• Fixed: HTML5 date field widget produces a fatal error on a Paragraph. #5847
• Fixed: Files lose permanent status when in edited in CKEditor link dialog. #5843
• Fixed: misspelling of dialog's "resizable" JS setting option in system_token_output(). #5842
• Fixed: Token browser disappears below viewport when resized. #5841
• Fixed: Existing Image library popup does not show all images. #5835
• Fixed: Deprecated function: preg_replace(): Passing null to parameter no 3. #5832
• Fixed: Upgrade from Drupal 7 should respect UTF8-MB4 variable. #5818
• Fixed: Layouts and Taxonomy Term view context conflict. #5809
• Fixed: Preview of menu machine name is inaccurate while adding a menu. #5807
• Fixed: Table alias missing in query condition in taxonomy_select_nodes(). #5806
• Fixed: Method DatabaseCondition::__toString() must return a string value. #5805
• Fixed: Some tests throw stat failed exceptions. #5799
• Fixed: Apache setup failure in the php 5.6 runners for GitHub Actions. #5790
• Fixed: File Access Checks Fail if no Type is defined. #5777
• Fixed: Forms user_register_form and user_pass hard-code the page title. #5731
• Fixed: node_type_delete() doesn't check the value returned from node_type_get_type(). #5726
• Fixed: _views_tokenized_clean_css_identifier() should clean the complete class. #5561
• Fixed: Possible Drupal 7 upgrade regression caused by user/1 path alias update hook. #5497
• Fixed: Language field can't be moved around reliably (terms). #5060

User Experience Improvements

• Improve field block labels when copying the Layout title from a block. #5704
• Add "Flush all caches > Views" to admin bar. #5737
• Add welcome message to help people find the Dashboard. #5624
• Improve File Type configuration form. #4014

Documentation updates

• Update all documentation URLs in core. #5706
• Fix minor spelling mistake in views plugins documentation. #5772
• Remove $settings from docblock for hook_block_view_MODULE_DELTA_alter(). #5827
• Remove the reference to the files property from image.inc documentation. #5717

Miscellaneous changes

• Remove the messages about the GD toolkit being installed or the missing GD extension from image_gd_settings(). #5723
• Place all term tokens together in taxonomy_token_info(). #5709

1.23.0

The Backdrop community is proud to release version 1.23.0 of Backdrop CMS, following our 4-month release cycle.

Notes for updating

• No changes have been made to the .htaccess, robots.txt or default settings.php files in this release. Updating customized versions of those files is not necessary.
• It will be necessary to run the update script (located at /core/update.php) for this release.
• This release includes an API Change. While we try hard to maintain compatibility as much as possible between releases, this change was needed to facilitate the inclusion of Entity Reference module in core. Please see the change record File::uri() Now Returns Path to File Entity Page, Not the File Path for more information.

Changes since version 1.22.3 are listed below.

New features

• Added Entity Reference module to core. #1301
• Added new setting to allow the comment title to be hidden. #4569
• Added new Date field widget to utilize HTML5 #date input type. #4255
• Added a "Taxonomy term: Depth" Visibility condition for blocks and layouts. #2955

API Changes

• Fixed: File::uri() is not consistent with other Entity types. #2300

API Enhancements

• Added form API properties to support custom validation and error messages for required fields. #5348
• Added config->getData() to match config->setData(). #3902
• Added 'bundle cache' property to support enabling/disabling entity caching on a per-bundle basis. #5632

Documentation updates

• Include the NOT operator in documentation for backdrop_process_states(). #4228

User Experience Improvements

• Added vertical tabs to clean up the user account edit form. #3872
• Fixed: Don't convert fieldset to vertical tab if there is only one in the group. #5747

Miscellaneous changes

• Fixed: Standardize on the spelling of "email" across all interfaces. #4521
• Fixed: Remove blank lines before @file docblocks. #4824

1.22.3

Maintenance release for Backdrop CMS. This update contains bug fixes and usability improvements only.

Notes for updating

• It will be necessary to run the update script (located at /core/update.php) for this release.
• No changes have been made to the .htaccess, robots.txt or default settings.php files in this release. Updating customized versions of those files is not necessary.

Changes since version 1.22.2 are listed below.

Bug Fixes

• Fixed: second value of Datestamp stays empty when defaults have value2 same as value. #5744
• Fixed: PHP 8.1 error: strlen() Passing null to parameter #1 ($string) of type string is deprecated in backdrop_random_bytes(). #5727
• Fixed: Docblock should reference $settings['page_cache_invoke_hooks'] (not $settings['invoke_page_cache_hooks']). #5700
• Fixed potentially broken installer.settings.json configuration file. #5696
• Fixed: Missing Views handler: watchdog reports "Missing join" with relationship+contextual filter+taxonomy term. #5695
• Fixed: Make path_autocomplete() alterable queries more robust against column ambiguity. #5684
• Fixed: Remove duplicate files when moved (but not deleted) by previous core update. #5650
• Fixed: Server 500 error on image resource for Promoted Card in view. #5631
• Fixed: Remove comment "Ensure the current toolkit supports the effect." from image_effect_definitions(). #5720
• Fixed: The title for the ui.menu library was mistakenly set to "jQuery UI: Mouse" (already used by the ui.mouse library). #5714
• Fixed: Views filters and/or positioning makes logic unclear. #1598

User Experience improvements

• [UX] Fixed: Node deletion message references "posts" when not Posts: "Deleted @count posts". #5724
• [UX] Fixed: Time picker in Date Pop-up calendar does not respect time format. #5703
• [UX] Fixed: Path should not autocomplete for the source field on "Add URL Alias" page. #5686
• [UX] Fixed: Export links are shown even when the Configuration Manager module is disabled. #5294
• [UX] Fixed: Group name "Node types" in the "Configuration group" should be "Content types" instead. #5736
• [UX] Fixed typo in Date module admin help text. #5713

Miscellaneous changes

• [A11Y] Fixed: Issues and Confusion with "You are here" screen reader heading for breadcrumbs. #5269
• Added: Collect the name of the installation profile for Telemetry module. #5187

1.23.0-preview

The Backdrop community is happy to offer the 1.23.0-preview release. This release includes all the new features that will be shipped in the upcoming 1.23.0 release on September 15, 2022. This preview release is intended to allow for testing by a wider audience. It is not recommended to run the preview release in production environments.

Notes for updating

Important to note that this release includes an API Change. See the change record at the Docs site: File::uri() Now Returns Path to File Entity Page, Not the File Path. While we try hard to maintain compatibility as much as possible between releases, this change was needed to facilitate the inclusion of Entity Reference module in core. Please see that change record for more information.

No changes have been made to the .htaccess, robots.txt or default settings.php files in this release. Updating customized versions of those files is not necessary.

It will be necessary to run the update script (located at /core/update.php) for this release.

Changes since version 1.22.2 are listed below.

New features

• Add entity reference module to core #1301
• Allow admin to hide the title on comments #4569
• Add new Date field widget to utilize HTML5 #date input type #4255
• Add a "Taxonomy term: Depth" Visibility condition to Layout blocks #2955
• Clean up account edit page with vertical tabs #3872

API Changes

• Make File::uri() consistent with other Entity types #2300

API Enhancements

• Allow forms to set custom validation error messages on required fields #5348
• Add config->getData() to match config->setData() #3902
• Add a 'bundle cache' property to support enabling/disabling entity caching on a per-bundle basis. #5632

Documentation updates

• Mention NOT operator in backdrop_process_states() #4228

Miscellaneous changes

• Don't convert fieldset to vertical tab if there is only one in the group #5747
• Remove blank lines before @file docblocks #4824
• Standardize on the spelling of "email" across Backdrop #4521

1.22.2

Maintenance release for Backdrop CMS. This update contains bug fixes only. An update hook was incorrectly included in the 1.22.1 version that advised removing Entity Reference module. That update was intended to be part of Backdrop 1.23.0, which will be released September 15, 2022. The incorrect update message was removed in this version.

Please see the release notes for 1.22.1 if you have not previously updated to that version.

Notes for updating

• The database update script does not need to be run.
• No changes have been made to the .htaccess, robots.txt or default settings.php files in this release. Updating customized versions of those files is not necessary.

Changes since version 1.22.1 are listed below.

• Fixed: Update hook in 1.22.1 mistakenly recommends removing entity reference.
• Fix type hint in doc block for function arg().
• Fix Error 1002 missing schema on project installer.

1.22.1

Security release for Backdrop CMS. This release fixes 1 security vulnerability:

• Backdrop core - Moderately critical - Information Disclosure - BACKDROP-SA-CORE-2022-004

Notes for updating

• It will be necessary to run the update script (located at /core/update.php) for this release.
• No crucial changes have been made to the .htaccess, robots.txt or default settings.php files in this release. However, examples and documentation about how to use the new file_additional_public_schemes configuration value have been added to the default settings.php file. Updating your site settings.php with this documentation is optional.

Important information

Sites that use modules that provide alternative file systems (or "stream wrappers"), such as the S3 or remote file system module, may be affected by changes in this release. Backdrop now treats these alternative file systems as private by default. If a module intentionally wishes to serve files with no access checking or management by Backdrop, the module must now implement hook_file_download().

Since contributed modules that provide alternative stream wrappers might not be updated immediately for this security release, site owners may also specify which stream wrappers should be treated as public stream wrappers (with no access control). If content from a stream wrapper on your site stops working after this update, you can add the following line to settings.php:

$config['system.core']['file_additional_public_schemes'] = array('example');

...where example is replaced by the name of the affected stream wrapper. (For example, s3 or https.) The name of the stream wrapper will depend on the affected module and its configuration.

If you encounter this problem, please also verify or submit an issue in the module's queue to implement hook_file_download() for this security advisory.

Changes since version 1.22.0 are listed below.

Bug fixes

• Fixed: Custom logo/favicon should have 'permanent' status. #5660
• Added flood protection to the Password Reset form. #5659
• Fixed: PHP Notice: Undefined index: header in bartik_preprocess_layout(). #5652
• Fixed: PHP Notice: Undefined variable: links in node_revision_overview(). #5649
• Fixed: When upgrading from Drupal 7, the required File module should be automatically enabled. #5648
• Fixed: Unable to removing custom contexts from layouts. #5645
• Fixed: PHP Notice: Undefined offset: 0 in views_many_to_one_helper->ensure_my_table. #5643
• Fixed: Display the 'broken block' notice when fields blocks for deleted fields are displayed. #5627
• Fixed: Bulk Operations displayed should always match the entity selected for the operations. #5603
• Fixed: The configuration diff page throws an error if visited directly (which not intended). #5559
• Fixed: Views hooks are not invoked without a defined path in hook_views_api(). #5512
• Fixed: PHP 8.1 support for Default layouts (when path is NULL). #5501
• Fixed: Incorrect context data passed by LayoutRelationshipAuthorFromNode. #5482
• Fixed: Only print class attributes when attribute values are provided (no more class=""). #4977
• Fixed: Drupal 7 upgrade path must include setting for 'Error messages to display'. #4364
• Fixed: PHP notice: Undefined index in theme_get_setting(). #3981

User Experience Improvements

• A11y: Remove automatic focus on node form title fields. #5386
• People without permission to "Administer Book Outlines" can see the "Book outline" tab. #5626
• Change cursor to a hand when hovering over a button #5601
• Update hook descriptions should not have special characters removed. #4610
• Style "The update process was aborted prematurely..." message, as an error. #5392
• Choose better names for Admin Bar components, and add descriptions. #5284
• Choose a better default value for the 'Site name' setting, when installing Backdrop. #4675

Documentation and Developer Experience Improvements

• Fixed function description in docblock for system_theme_settings(). #5315
• Updated documentation for hook_schema_alter(). #3129
• Update docblock for template_preprocess_page(): correct the reference to system_element_info(). #4779

Miscellaneous changes

• Update the html5shiv library to version 3.7.3. #3880
• Add a views field for Menu link ID for books. #5565
• Optimize path_admin_form(): Avoid calling url() multiple times. #4963

1.21.6

Security release for Backdrop CMS. This release fixes 1 security vulnerability only:

Changes since version 1.21.5

• Backdrop core - Moderately critical - Information Disclosure - BACKDROP-SA-CORE-2022-004

Notes for updating

• The database update script does not need to be run.
• No crucial changes have been made to the .htaccess, robots.txt or default settings.php files in this release. However, examples and documentation about how to use the new file_additional_public_schemes configuration value have been added to the default settings.php file. Updating your site settings.php with this documentation is optional.

Important information

Sites that use modules that provide alternative file systems (or "stream wrappers"), such as the S3 or remote file system module, may be affected by changes in this release. Backdrop now treats these alternative file systems as private by default. If a module intentionally wishes to serve files with no access checking or management by Backdrop, the module must now implement hook_file_download().

Since contributed modules that provide alternative stream wrappers might not be updated immediately for this security release, site owners may also specify which stream wrappers should be treated as public stream wrappers (with no access control). If content from a stream wrapper on your site stops working after this update, you can add the following line to settings.php:

$config['system.core']['file_additional_public_schemes'] = array('example');

...where example is replaced by the name of the affected stream wrapper. (For example, s3 or https.) The name of the stream wrapper will depend on the affected module and its configuration.

If you encounter this problem, please also verify or submit an issue in the module's queue to implement hook_file_download() for this security advisory.

1.22.0

The Backdrop community is pleased to present the 1.22.0 release.

Notes for updating

• Note that the .htaccess file has been modified in this release compared with 1.21.4. It is suggested to copy changes from this latest version into your copy.
• No changes have been made to the robots.txt or default settings.php files in this release. Updating customized versions of those files is not necessary.
• It will be necessary to run the update script (located at /update.php) for this release.

Very important: This version of Backdrop now requires PHP 5.6 or higher. Previous versions of Backdrop supported anything from 5.3 or higher, so if your site is running one of these very old installations of PHP, you will need to upgrade your server prior to upgrading.

Changes since version 1.21.4 are listed below.

New features

• Provide "Cards" by default – a new hidden-path content type (for new installations). #4903
• Add a new component to the Admin Bar with information about the current page. #2626
• Allow blocks to be disabled in Layouts. #1936
• Configure default date formats based on timezone/country (for new installations). #4645
• Add a new cropped image style specifically for cards (for new installations). #5607
• Add the ability to enable Backdrop-only required modules during an upgrade from Drupal 7. #5499
• Add a warning flag in the Status report if there are duplicate copies of a module. #5464
• Add various UI improvements in the Book module. #5331
• Add a link in the module browser to each module's BackdropCMS.org project page. #5003
• Add a setting to specify which Views display(s) get created by default. #2978

Bug fixes

• Fix incorrect links to GitHub in module browser for core modules. #5623
• Fix views-related tests after recent changes for default Cards functionality. #5615
• Fix default sort order for front page card view. #5608
• Fix extraneous gray stripe left over when removing Cards grid. #5599
• Fix output buffer notices. #5594

Miscellaneous changes

• Add new screenshot for Basis which includes the new Cards content. #5621
• Remove unnecessary path pattern for Cards. #5597
• Add description text to the 'Administer custom blocks' permission. #5544
• Drop support for PHP versions less than 5.6. #3992
• Separate "Administer comments and comment settings" into two distinct permissions. #336

1.21.5

Maintenance release for Backdrop CMS. This update contains bug fixes and usability improvements only.

Notes for updating

• Note that the .htaccess file has been modified in this release compared with 1.21.4. It is suggested to copy changes from this latest version into your copy.
• No changes have been made to the robots.txt or default settings.php files in this release. Updating customized versions of those files is not necessary.
• The database update script does not need to be run.

Changes since version 1.21.4 are listed below.

Bug fixes

• Fixed: ViewsUpgradeTestCase is (partly) obsolete. #5620
• Fix main class and add more space to bottom of admin theme (Seven). #5600
• Fix: Contextual menu blocks access to dismiss link on notifications. #5595
• Fixed: Backdrop fails to alert admin user to rebuild content access permissions. #5589
• Fixed: 'Page not found' when trying to delete field attached to a non-node entity type. #5580
• Fixed: Generated .htaccess file missing newline at EOF. #5579
• Fixed: Documentation clarification on system_settings_form. #5574
• Fixed: deprecated function taxonomy_get_term_by_name() does not return any value. #5570
• Fixed: Admin bar's 'search' component doesn't work if 'menu' component is disabled. #5567
• Add better description text for administer layouts. #5552
• Fixed: Views cache causes validation errors. #5551
• Fixed: The layout context system is called way too many times. #5483
• Fixed: [UX] Clean up English on number form validation failure. #5264
• Fixed: Dashboard: Either hide the "Check manually" button, or the entire "Available updates" block, if user doesn't have the required permission. #5213
• Fixed: Number field #max values allow settings impossible to save in the database, causing exceptions. #4751
• Fixed: [UX] Admin Bar drop-downs go off-screen. #4549
• Fixed: With multiple image fields, only one thumbnail shows up per save. #4284
• Fixed: File Settings form supports tokens but doesn't display them. #4257
• Fixed: Redirect from cron.php to core/cron.php is too greedy (.htaccess change). #3903
• Fixed: [UX] Increase the width of the admin bar search results list (so that fewer results wrap in two lines). #1001

Documentation updates

• Add Documentation for hook_schema_0(). #5560

User Experience improvements

• Added: Improve the styling of color input elements in the admin theme. #4155
• Add: Modify .htaccess to allow backdrop to serve .well-known URIs. #5583
• [UX] Provide details about why a permission 'has security implications'. #5536
• Added: "Show as Expanded" help text needs revising. #5397
• Added: Distinguish layout-created/module-provided/missing-callback paths on the layout listing page. #5077
• Added: [UX] Show a message when viewing hidden/pageless content. #3339
• Added: [UX] Views: Update help text for option to create exposed form block. #1322