drupal 8.3.0

Update: Drupal 8.3.1 is available and fixes a security vulnerability. After updating to Drupal 8.2.8 for the security fix and then reading the release notes below, you should update directly to 8.3.1 instead of 8.3.0.

This is a minor version (feature release) of Drupal 8 and is ready for use on production sites. See the CHANGELOG.txt for a summary of changes and improvements since the last minor release. Learn more about Drupal 8 and the Drupal 8 release cycle.

If you encounter errors when updating to this release, see the known issues listed below. If you use Drush, update to Drush 8.1.10 prior to using it to update Drupal. There are known issues updating to Drupal 8.3.0 using older versions of Drush.

This minor release provides new improvements and functionality without breaking backward compatibility (BC) for public APIs except where noted below. Note that there may be changes in internal APIs and experimental modules that require updates to contributed and custom modules and themes per Drupal core's backwards compatibility and experimental module policies.

See the Drupal core change records for additional information on API changes. Translators should take note of a handful of minor string changes since the last release.

Backwards compatibility break to correct Serialization module output

#2751325: All serialized values are strings, should be integers/booleans when appropriate corrects a bug that would output all scalar values as strings rather than the correct data type in serialized output, including REST responses. This fix may require some client application updates if the application relies on these values being strings.

An opt-in backwards compatibility mode is configurable at the site level, but not enabled by default. Read the change record for more information on this change and on configuring the backwards compatibility mode.

Important bug fixes since 8.2.x

The following important bugs have been resolved since the final 8.2.x bugfix release:

• #2640496: Revision ID in {node} and {node_revision} can get out of sync as well as a blocking issue #2640496: Store revision ID in originalRevisionId property to use after revision id is updated are resolved to address data integrity issues with the revisioning system.
• #2606772: Long Twig cache directories can cause failures on some filesystems shortens directories to a predictable length, prevents installs to directories that are too deep, and warns on existing and moved sites where the files directory is too deep. This will mitigate errors on Windows/IIS and some other environments.
• #2665152: Simplify module form structure and fix bugs when Suhosin is used resolves an issue where some modules (including experimental modules) could not be enabled on sites using Suhosin.
• #2846782: Bulk operation actions might not act on the selected items resolves a recently discovered issue where the wrong data might be deleted by Views bulk forms on high-traffic sites.
• #2822190: PathValidator validates based on a RequestContext leaked from the current request, resulting in false negatives during CLI requests and POST submissions

New stable features

The BigPipe module has become stable in 8.3.0. This module provides an advanced implementation of Facebook's BigPipe page rendering strategy, leading to greatly improved perceived performance for pages with dynamic, personalized, or uncacheable content. See the BigPipe handbook page.

Improved authoring features

• #2831442: Switch to CKEditor 4.6's new "Moono-Lisa" skin
• #2421427: Can now drag and drop images into image fields in Quick Edit mode.
• #2307451: Improved usability for image fields on mobile devices.
• #2239419: CKEditor now utilizes the AutoGrow plugin to better take advantage of larger screen sizes.

Improved site building and administrative features

• #665790: Redesign the status report page
• #2656278: Convert "Limit allowed HTML tags" input field to a textarea
• #2574767: Standardized display of Views overview page to more closely match that of other administrative overview pages.
• #2830449: Views filter order now matches the table column order below in Content and People overview pages.
• #2840832: Add layout templates based on Panels layouts to core
• Resolved #2858852: [8.3.x regression] Extra fields cannot be used with tabledrag in Manage Display, which was a regression following entity display improvements that support the Layout Initiative.
• #2075889: Make Drupal handle incoming paths in a case-insensitive fashion for routing resolves a usability, DX, and migration path bug where case variants of the same path would result in 404s for routes. Path aliases in Drupal 8 were already case-insensitive, but route paths were not. With this change, exact matches are still supported for route paths with different cases, but the normal behavior is changed to be case-insensitive for consistency with Drupal 7, path aliases, and user expectations.
• #2826728: Block layout action removes instance, but contextual link deletes all instances.

Improved web services features

Drupal 8.3.0 significantly improves REST and API-first support with the following new features, API and developer experience improvements, and bug fixes.

• #2808233: REST 403 responses don't tell the user *why* access is not granted: requires deep Drupal understanding to figure out
• #2815845: Importing (deploying) REST resource config entities should automatically do the necessary route rebuilding
• #2291055: REST API now supports the registering of users.
• #2807501: Anonymous REST API performance increased by 60% by utilizing the internal page cache.
• Improved the response bodies and status codes for requests with incorrect request headers or request bodies, in dozens of situations.
• #2737719: Massive overhaul of the test coverage
• #2808233: 403 responses now return reason why access was denied

Improved performance and scalability

• #2556025: Optimized class loader detection made more generic to support class loaders other than ApcClassLoader.
• #1446932: Improve statistics performance by adding a swappable backend.
• #2824548: Move token info cache to data cache bin and #2824547: Change ViewsData to use the default cache bin instead of discovery move caches to the default cache bin to prevent APCu memory from being filled too quickly.

Testing improvements

• #2605664: Align TestDiscovery and bootstrap.php's non-permissive loading of PSR-4 namespaces for traits
• #2809117: Integrated PHPUnit verbose output in SimpleTest UI.
• Improved backward compatibility between BrowserTestBase and WebTestBase.
• Expanded automated test coverage for JavaScript.
• #2294731: Simpletest fails to run PHPUnit on Windows
• #2849222: settings.testing.php / testing.services.yml not picked up by BrowserTestBase
• #2770921: Convert chunk of WTB to BTB by just moving classes, changing use statements adding traits updates many core tests to use a more modern testing API.

Experimental modules

The modules listed in this section are considered experimental for this release. Experimental modules are provided with Drupal core for testing purposes, but are not yet fully supported.

New experimental modules

Workflows (alpha stability)

This module abstracts the transitions and states system from Content Moderation into a separate component so that it can be reused by modules that implement non-publishing workflows (such as for users or products) as well as content publishing workflows. The module also includes support for default workflow states and transitions.

Layout Discovery (alpha stability)

Provides an API for modules or themes to register layouts as well as five common default layouts. By providing this API in core, we help make it possible for core and contributed layout solutions to be compatible with each other. The following contributed modules already have development versions that support the new API:

• Display Suite 8.3.x (beta version available).
• Panels 8.4.x (in development).
• Panelizer 8.4.x (beta version available).

See the layout roadmap for the next steps for this module.

Field Layout (alpha stability)

This module provides the ability for site builders to rearrange fields on content types, block types, etc. into new regions, for both the form and display, on the same forms provided by the normal field user interface. See the entity display layout roadmap for the next steps for this module.

Updated experimental modules

Migrate (beta stability)

As of 8.3.0, the Migrate API now has beta stability, meaning that no future backwards-incompatible API changes are anticipated, so developers can leverage these APIs in custom migrations. Migrate will be considered completely stable after the issues tagged Migrate critical are resolved, to ensure the base API fully supports critical functionality.

Migrate Drupal and Migrate Drupal UI (alpha stability)

• This release adds configuration translation support to migrations.
• Core provides migrations for most Drupal 6 data and can be used for migrating Drupal 6 sites to Drupal 8. A critical issue with user picture IDs is addressed in this release, and the Drupal 6 to 8 migration path is nearing beta stability. Some gaps remain, such as for dates, references, and some internationalization data. (Outstanding issues for the Drupal 6 to Drupal 8 migration)
• The Drupal 7 to Drupal 8 migration is incomplete, but is suitable for developers who would like to help improve the migration, and can be used to test upgrades especially for simple Drupal 7 sites. This release adds support for migration of Drupal 7 core node translations and most high-priority migrations are available. (Outstanding issues for the Drupal 7 to Drupal 8 migration)
• Drush support is currently only available in the Drupal Upgrade contributed module. (See the pull request to add support to Drush.)

Content Moderation (alpha stability)

Content Moderation allows content workflow states such as Draft, Archived, and Published, and now depends on the new experimental Workflows module (described above) to supply workflows and transitions for these states. See the Workflows change record for more information.

Important: If you previously installed Content Moderation in 8.2.x, you must uninstall it before upgrading to 8.3.0 or you will encounter fatal errors. You will need to reconfigure and reapply your workflows and transitions with the new module after upgrading and re-enabling Content Moderation, so be sure to back them up beforehand. (No upgrade path is supplied since the module is still alpha stability.)

Content Moderation includes many additional improvements in this release:

• #2787881: Non-translatable entity types can now be moderated.
• #2799785: Entity types without bundles can be moderated, as long as they have revisions.
• #2809123: When reverting a moderated revision, the moderation state is now reverted too.
• The module now publishes any entity type that implements EntityPublishedInterface, not just Nodes.
• #2830581: Fix ContentModeration workflow type to calculate correct dependencies
• #2850601: ContentModeration workflow type plugin incorrectly preserves bundle keys on sorting and does not sort entity types

See the Content Moderation roadmap for the next steps for this module. Both Workflow and Content Moderation must reach beta stability within six months for Content Moderation to remain in core.

Settings Tray (alpha stability)

This is a prototype of Dries's proposed Outside-In usability enhancements. It allows configuring page elements such as blocks and menus from the frontend of your site. See the roadmap of outstanding issues, which includes both planned improvements and known accessibility and interaction bugs. The module is more polished in this release, but still considered alpha stability. It needs to become stable within the next six months to remain in core.

DateTime Range (alpha stability)

The DateTime Range module provides a field type that allows end dates. This is important for contributed modules like the Calendar module to work with Drupal 8 core. The DateTime Range module plan is mostly complete and DateTime Range is expected to be beta stability soon, with only a couple of usability issues remaining. This module needs to become stable within the next six months to remain in core.

Place Block (alpha stability)

This feature allows the user to place a block on any page and see the region where it will be displayed, without having to navigate to a backend administration form. The Place Block module needs to reach stability within the next six months to remain in core.

Inline Form Errors (alpha stability)

This provides a proof-of-concept for showing form errors inline for improved accessibility. Since the last minor release, Inline Form Errors has improved significantly, including usability and accessibility fixes as well as underlying fixes to the form system. The Inline Form Errors experimental module's functionality is now automatically disabled while editing a field with Quick Edit because its method of displaying errors was not compatible with Quick Edit's. (There is a followup to allow any form to opt out of Inline Form Errors.) See the outstanding issues for Inline Form Errors for additional issues that remain before Inline Form Errors can become stable.

Package management improvements

• #2758737: Add a packages.drupal.org to root composer.json
• #2866109: Composer/installers update to 1.2.0 adding support for installing custom modules and themes to directories other than /vendor
• #2809477: Added Package.json enabling new JavaScript language features

Other API improvements

Modules requiring Drupal 8.3.0 or later can take advantage of these additional API improvements:

• #2810303: Deprecated several routing services in favor of two unified services.
• #2287073: Allow Views contextual filters to expose the context using argument validation plugins
• #2721179: Replaced the deprecated Symfony ExecutionContextInterface for better Symfony compatibility
• #2789315: EntityPublishedInterface and #2810381: EntityPublishedTrait have been added to give a #2812811: generic publishing API, and are being used by Node and Comment entity types.
• #2767025: Add entity type label for a collection of entities

Third-party library updates

In addition to the vendor updates and coding standards changes described below, PHP CodeSniffer and Drupal Coder have been added as development requirements: #2744463: Add phpcs/coder to dev requirements. (As a reminder, dev dependencies should never be added to production or Internet-facing sites. See Drupal 8 will no longer include dev dependencies in release packages for more information.)

• #2804365: Update Twig to 1.25
• #2763787: Upgraded random_compat to 2.0.2 and then to 2.0.10 (see below).
• Provided upstream fixes for Mink and Symfony for #2808085: Pipe char in locators break Mink and Symfony element search, and updated dependencies accordingly.
• #2852636: Update jQuery to version 2.2.4
• #2848215: Update CKEditor library to 4.6.2
• #2859772: Update Symfony components to ~2.8.18
• Finally, #2862254: Update non-Symfony dependencies before 8.3.0 adds patch-level updates to the latest versions for all dependencies wherever possible. Minor updates are also included for the Symfony PSR-7 Bridge and Zend Stdlib, which Drupal does not depend on directly.

Changed coding standards

Drupal 8.3.0 has adopted the following coding standards changes:

• Drupal core itself and the coding standards were updated to now use the short PHP array syntax.
• Most global constants in Drupal 8 have been deprecated in favor of class constants. As a best practice, use appropriate class constants rather than global constants.

Known issues

We've received reports of the following issues with this release:

1. Sites that have the HAL module enabled and are upgrading from 8.1.x have encountered #2867444:
   Configuration schema errors whilst updating to 8.3.0. Possible workarounds include updating to 8.2.7 first and then to 8.3.0, or (for sites using Drush) updating to Drush 8.1.10. (Note that 8.1.x has been end-of-life since September 2016, so we generally do not provide full support for updates that skip minor releases.)
2. Some users have reported #2867253: Upgrade to 8.3.0: Call to a member function get() on array in CacheCollector.php. If you encounter this error, please provide a list of installed contributed modules and any other information about your site on the linked issue.
3. There is a small BC break in statistics_get() when it is used with an invalid node ID. #2867493: Error: Call to a member function getTotalCount() on boolean in statistics_get() provides a fix for this issue.

Drupal 8 currently has a number of known issues related to incorrect tracking of file usage, which can result in files being unexpectedly deleted from a site. Site owners experiencing unexplained file loss should consider setting "Delete orphaned files" to "Never" on /admin/config/media/file-system until these issues are resolved, and note the following issues:

• #2801777: Give users the option to prevent Drupal from automatically marking unused files as temporary
• #2708411: File usage not incremented when adding new translation
• #1239558: Deleting a node with revisions does not release file usage
• #2666700: User profile images unexpectedly deleted
• #2810355: Images lost when changing node language

Search the issue queue for all known issues.

All changes since 8.3.0-rc2

• #2846830 by wturrell, Gábor Hojtsy, timmillwood, Wim Leers, webchick, cilefen, anavarre, dawehner, dagmar, naveenvalecha, xjm, jibran, effulgentsia, drpal: Add changelog for Drupal 8.3.0
• #2867113 by Berdir, Wim Leers: Fatal error in serialization_update_8302() when updating to 8.3.0-rc2
• Revert "Issue #2861745 by Yutaro Ohno: Detailed cron log description is not translatable"
• #2861745 by Yutaro Ohno: Detailed cron log description is not translatable
• #2865757 by kristiaanvandeneynde: Fix wrong example for chained tokens in hook_tokens()
• #2866109 by Eric_A: Add composer installer-paths for drupal-custom-modules/themes before 8.3.0
• #2862947 by michielnugter, Jo Fitzgerald, boaloysius, klausi, alexpott, GoZ: Incorrect field assertions in AssertLegacyTrait
• #2865413 by Jo Fitzgerald, GoZ, klausi: Move RegisterSerializationClassesCompilerPassTest.php to correct location
• #2865829 by mpdonadio: DateTimePlus test of validate_format = FALSE
• #2864257 by GoZ, Jo Fitzgerald, klausi: Convert web tests AssertNoPattern to Browser Test
• #2861622 by alexpott: Running \Drupal\KernelTests\Config\DefaultConfigTest creates a directory called : in DRUPAL_ROOT
• #2857580 by vegantriathlete: Correct documentation on assertLinkByHref
• #2851759 by FeyP: Properly document pathProcessor property of PathBasedBreadcrumbBuilder class
• #2854909 by arshadcn: Update documentation for \Drupal\Core\Render\ElementInfoManagerInterface
• #2843752 by arshadcn, Wim Leers: EntityResource: Provide comprehensive test coverage for Item entity
• #2843750 by vaplas, sumanthkumarc, Wim Leers: EntityResource: Provide comprehensive test coverage for Shortcut entity
• #2843786 by arshadcn: EntityResource: Provide comprehensive test coverage for ImageStyle entity
• #2650910 by drpal, Anishnirmal, markdorison, Tom Robert, psend, yannickoo, rachel_norfolk, Wim Leers, droplet: Contextual links button is always rendered even when no links are available (with warm client-side cache)
• #2843693 by droplet, michielnugter, xjm, Mixologic, klausi: Random test failure in CKEditor AjaxCss
• #2843777 by arshadcn, Wim Leers: EntityResource: Provide comprehensive test coverage for NodeType entity
• #2843775 by arshadcn, Wim Leers: EntityResource: Provide comprehensive test coverage for CommentType entity
• #2843759 by vaplas, Wim Leers: EntityResource: Provide comprehensive test coverage for SearchPage entity
• Revert "Issue #2843756 by vaplas, brentschuddinck, Wim Leers: EntityResource: Provide comprehensive test coverage for FieldStorageConfig entity"
• #2826047 by heddn, Jo Fitzgerald, mikeryan, catch, alexpott: 6-8 user picture migration must create new fids, which can conflict with fids used by other migrations
• #2853211 by vaplas, Wim Leers, arshadcn: EntityResource::post() incorrectly assumes that every entity type has a canonical URL
• #2843756 by vaplas, brentschuddinck, Wim Leers: EntityResource: Provide comprehensive test coverage for FieldStorageConfig entity
• #2843761 by vaplas, Wim Leers: EntityResource: Provide comprehensive test coverage for ConfigurableLanguage entity
• #2843762 by vaplas, Wim Leers: EntityResource: Provide comprehensive test coverage for Action entity
• #2822837 by vaplas, martin107, chiranjeeb2410, klausi, dawehner: Replace @expectedException @expectedExceptionMessage with $this->setExpectedException
• #2843757 by vaplas, Wim Leers, alexpott: EntityResource: Provide comprehensive test coverage for FilterFormat entity
• #2847664 by tedbow, drpal, ifrik, lauriii: Edit mode behaves differently if entered in by clicking "quick edit" vs toolbar
• Revert "Issue #2847664 by tedbow, drpal, ifrik, lauriii: Edit mode behaves differently if entered in by clicking "quick edit" vs toolbar"
• #2498291 by Jo Fitzgerald, neclimdul, quietone, KarenS, mikeryan, mitrpaka, phenaproxima: Fields hidden in some view modes abort migration (D6)
• #2863993 by slv_: Convert web tests to browser tests for path module
• #2863969 by GoZ: Convert web tests to browser tests for options module
• #2862254 by slasher13, jibran, pwolanin: Update non-Symfony dependencies before 8.3.0
• #2831924 by tedbow, samuel.mortenson, drpal, Devin Carlson, tim.plunkett, droplet: Outside In is intermittently unable to bind dialog events to the window
• #2504607 by juanjesustrigo, sasanikolic, mgifford, dawehner: Change the return of fieldFilterXss to FieldFilteredMarkup
• #2863411 by alexpott: Adding symfony/dom-crawler with a version limit like ">=2.8.13 <3.0" is problematic
• #2538956 by HeyLodyM, Wim Leers: Document that MemoryBackend::prepareItem()/::set() uses unserialize()/serialize() to break references
• #2862630 by xjm: Syslog maintainer list still incorrect after removing inactive maintainers
• #2862634 by xjm: Add dagmar as maintainer for Database Logging module
• #2667716 by dagmar, YoyoS, Lendude, swentel: Cannot sort a large group of filters items when using the Exposed Grouped information
• #2845482 by Jo Fitzgerald, Yogesh Pawar, quietone, phenaproxima, ultimike: Add documentation to Get process plugin
• #2862470 by Jo Fitzgerald, klausi: Add assertOptionByText() to AssertLegacyTrait for better browser test compatibility
• #2795049 by Jo Fitzgerald, boaloysius, legovaer, borisson_, klausi, dawehner: Convert web tests to browser tests for history module
• #2862463 by hchonov, Jo Fitzgerald, tstoeckler: Cloning an entity with initialized translations leaves $values pointing to the old entity object
• #2795111 by Jo Fitzgerald, GoZ, dawehner, klausi: WTB to BTB, add getRawContent() in BTB
• #2862494 by klausi, GoZ, Jo Fitzgerald: Convert web tests to browser tests for basic_auth module
• #2860663 by mpdonadio, xjm, Mile23: UserTimeZoneTest fails on PHP 7.0.x-dev and 7.1.x-dev
• #2828073 by hchonov, tstoeckler: Cloning an entity with initialized translations leaves $entityKeys and $translatableEntityKeys pointing to the old entity object
• Revert "Issue #2527866 by andypost, larowlan: Investigate why comment.manager service doesn't exist when comment_entity_storage_load() is fired in ConfigImportAllTest"
• #2527866 by andypost, larowlan: Investigate why comment.manager service doesn't exist when comment_entity_storage_load() is fired in ConfigImportAllTest
• #2856808 by amateescu, catch: Break out the 'entity_test_update' entity type into its own module and add additional test db dumps
• #2492513 by JeroenT, Nitesh Pawar, wturrell, Jo Fitzgerald, rashidkhan, alx_benjamin, gaurav.kapoor, NikitaJain, amit.drupal, Shabbir, alexpott, xjm, cilefen: Cannot edit the user/login menu link as an admin
• #2859772 by slasher13, jibran: Update Symfony components to ~2.8.18
• #2811887 by Lendude, sdstyles, DeFr, louisnagtegaal, d.olaresko, _Archy_, mpdonadio: Exposed date filter leads to a notice
• #2858295 by mpdonadio, GoZ, Wim Leers, alexpott: DateTimePlus doesn't track errors properly
• #2369119 by Lendude, olli, mpdonadio, alexpott, dagmar, mikeker, vprocessor, tlyngej, rakesh.gectcr, herved, Blanca.Esqueda, lomasr, anavarre, tacituseu, ronaldtebrake, aleevas, dawehner, Grayside: Fatal error when trying to save a View with grouped filters using other than string values
• #2763013 by Jo Fitzgerald, claudiu.cristea, klausi: Convert web tests to browser tests for link module
• #2861793 by klausi, Mile23, martin107: Upgrade Coder to 8.2.12
• #2861127 by lauriii, themeninja, Berdir: Useful Class Removed From Search Block
• #2857853 by vegantriathlete: Correct typos in DefaultConfigTest.php
• #2859502 by chiranjeeb2410, joachim: class docblock is badly worded and could use more detail
• #2853823 by Jo Fitzgerald, claudiu.cristea, Munavijayalakshmi, phenaproxima, alexpott, heddn: Explode processor is too strict regarding to the input value
• #2615496 by amateescu, joseph.olstad, amcgowanca, alexpott, Fabianx, djdevin, greggles, tstoeckler: A serial/primary key field can not be added to an existing table
• #2820238 by ultimike, Jo Fitzgerald: Remove ultimike from migration in MAINTAINERS.txt
• #2817745 by Wim Leers: Add test coverage to prove that REST resource's "auth" configuration is also not allowing global authentication providers like "cookie" when not listed