Maintenance release of the Drupal 7 series. Includes bug fixes and small API/feature improvements only (no major, non-backwards-compatible new functionality).
No security fixes are included in this release.
No changes have been made to the .htaccess, web.config, robots.txt or default settings.php files in this release, so upgrading custom versions of those files is not necessary.
A change has been made to the .htaccess file that Drupal generates to prevent PHP execution in files directories. See the Change Record for more details of how to ensure your site's .htaccess files are up-to-date.
This release includes improved support for PHP 8.1 (and other recent PHP releases), but there may still be problems not revealed by Drupal core's test suite, especially on sites with contrib (and custom) modules. Please test, and report any problems in the appropriate issue queue.
This release also includes some major performance improvements for PostgreSQL. Special thanks to poker10 for providing several backports that make a significant difference.
As always, many thanks to everyone that contributed to this release of Drupal 7.
Major changes in 7.90:
- Editing a comment in D7 no longer changes the creation date
- D7 adds a "X-Content-Type-Options: nosniff" header to cached page responses
- D7's Field API now supports entity ids that are strings (the entity system already did)
- D7 no longer accepts trailing dots in entity_ids which may affect some URLs
- CSRF token added to admin/reports/status/run-cron in Drupal 7
- Added PHP 8 support to .htaccess files in Drupal 7
All changes:
- #3283311 by poker10, hubaishan, daffie, andypost, alexpott, jhmnieuwenhuis, lamigo, xekon, x0r1x, puddyglum, qdelance: D7 backport support for Postgresql 12
- #2819535 by mcdruid, Kingdutch, SumeetJaggi, cafuego, liannario, David_Rothstein, Diego_Mow, Fabianx: x-content-type-options nosniff ignored for anonymous cached pages
- #2828455 by poker10, klausi: User mail token PHP notices for anonymous
- #3212398 by jake_milburn: [D7] Field API assumes serial/integer entity IDs, but the entity system does not
- #3270543 by mcdruid, poker10: PHP 8.1 preg_split(): Passing null to parameter #2 ($subject) of type string is deprecated in _locale_parse_js_file()
- #3270881 by poker10, mfb: PHP 8.1 strpos(): Passing null to parameter #1 ($haystack) of type string is deprecated in text_summary()
- #1973278 by mcdruid, drasgardian, alesr, AaronBauman: Error in image_styles when an effect has no definition
- #2830428 by telecjose, mcdruid, ansebul, Rajender Rajan, Fabianx: Fix behaviour of entity_load when passed ids with a trailing dot
- #3265842 by poker10: Backport DatabaseSchema_pgsql::findTables() improvements
- #2370593 by poker10, daffie, joseph.olstad, nathanweeks, Sivaji_Ganesh_Jojodae, bzrudi71, webchick, mcdruid, Fabianx: Database::tableExists optimization for PostgreSQL
- #1374090 by droplet, mcdruid, Pancho, G.I.Joe, marthinal, brenda003, lmeurs, asirjacques, jfhovinne, dcam, pfrenssen, opdavies, andypost, webchick, lokapujya, diqidoq, le72, drumm, ofauravi, TD44, mgifford, mpv, David_Rothstein, rob.barnett, izmeez, xanderol, matt_c, Fabianx, cachee, rodrigoaguilera, wryz, stefan.r, tvn: Editing a comment still changes creation date
- #2823488 by poker10, mradcliffe, mcdruid: Backport DatabaseSchema_pgsql::queryTableInformation() improvements
- #2431283 by willzyx, salvis, David_Rothstein, thalles, Berdir, Fabianx, tstoeckler, alexpott, Dave Reid, mcdruid: Cron CSRF vulnerability
- #3281663 by mcdruid: D7 backport: Fix htaccess files for PHP 8
- #3266018 by poker10: Backport Make core aware of Nginx and PHP-FPM to D7
- #3281772 by mcdruid: Hide the "Only For Testing" package by default on the modules admin page
- #3182785 by mcdruid, mar4ehk0, elsteff1385, John Franklin: PHP 7.4 notice in /modules/system/system.admin.inc when a module has an invalid configure path
- #2112325 by mfb, lazysoundsystem: Warning: gzinflate(): data error in drupal_serve_page_from_cache()
- #2790857 by poker10, dalin, richardcanoe, mcdruid, yogeshmpawar, Rishi Kulshreshtha: Log completely unusable when an entry has corrupt serialized data
- #3270546 by mcdruid, poker10, mfb: PHP 8.1 str_replace(): Passing null to parameter #3 ($subject) of type array|string is deprecated in filter_xss()
- #3265837 by poker10, mcdruid, Fabianx: Backport DatabaseSchema_pgsql::fieldExists() improvements
- #3166668 by akhilavnair, arx-e, poker10, mcdruid, igorbarato, Fabianx: PHP 7.4 and empty entity_keys for taxonomy term result in notices