Feed aggregator

After one holiday season lost to the pandemic and another curtailed by Omicron, seasonal staples including “The Nutcracker,” “A Christmas Carol” and “Messiah” are back in force.

The playwright of “The Far Country” is using a contemporary lens to show “the way in which memory becomes hereditary.”

Stephen Adly Guirgis’s 2014 play finally comes to Broadway, its hilarious, loving and unvarnished vision of the universal human hustle intact.

Anthony McCarten’s biodrama about the artists’ work together lifts the curtain on their friendship, or at least it thinks it does.

The Emmy-winning “Big Bang Theory” actor “could’ve done anything he wanted.” Now starring in the tear-jerker film “Spoiler Alert,” he’s forging his own path.

The show, a passion project for Cameron Crowe, opened on Broadway in early November, but has faced soft sales in a competitive market.

The deal, ratified by members of Actors’ Equity, provides salary increases for performers and stage managers, and allows producers to make short-term hires.

Memoirs by his collaborators are among the works available now, and several others are on the horizon.

This release fixes a few compatibility bugs for PHP 8.1 and PHP 8.2. Thanks to everyone who collaborated on the release.

Contributors (9)

tikaszvince, DamienMcKenna, joseph.olstad, Liam Morland, awasson, jonnyToomey, Chase., Anybody, mfb

Changelog

Issues: 6 issues resolved.

Changes since 7.x-3.27:

Bug

• #3326384 by tikaszvince, DamienMcKenna: htmlspecialchars_decode(): Passing null to parameter #1 ($string) of type string is deprecated.
• #3323955 by joseph.olstad, Liam Morland, DamienMcKenna: Fully support PHP 8.2 - Fix deprecated dynamic properties.
• #3313970 by awasson, DamienMcKenna: trim(): Passing null to parameter #1 ($string) of type string is deprecated.
• #3319405 by jonnyToomey, DamienMcKenna: Deprecated function: strtotime(): Passing null to parameter.
• #3312595 by awasson, Chase., DamienMcKenna, Anybody: strlen(): Passing null to parameter #1 ($string) of type string is deprecated.
• #3315509 by mfb, DamienMcKenna: phpcs endless loop with "Drupal" rules due to missing @endcode.

Release type: Bug fixes

A new production of Denis Johnson’s final play showcases many of his signatures: deadpan absurdism, misfit characters, heavy drinking and statements on the bleak fact of human mortality.

Here are the actors, pop stars, dancers and artists who broke away from the pack this year, delighting us and making us think.

The York Theater Company’s production is enthusiastically performed by a cast of seven. But the nostalgic revue pushes the limits of its case for the songwriter’s music.

Jonathan Groff, Lindsay Mendez and Daniel Radcliffe, now starring in an Off Broadway revival, will lead the Broadway production as well.

The British comedian Eddie Izzard plays every part in this relatively straightforward adaptation of Charles Dickens’s classic story.

This is the first supported release of the new Drupal 10 major version, and it is ready for use on production sites! Learn more about Drupal 10 and the Drupal core release cycles.

Drupal 10.0.0 has been released simultaneously with Drupal 9.5.0. Drupal 9.5 has most of the changes that Drupal 10 does, but retains backwards compatibility layers added through Drupal 9.5.0's release. Update to Drupal 9.5 before updating to Drupal 10 for the smoothest upgrade path.

If you are starting a new Drupal project, you have a choice between Drupal 9.5.0 and 10.0.0, and generally should choose Drupal 10 where possible for forward compatibility with future releases.

Regardless of which version you choose now, features will only be added to Drupal 10 minor releases. Plan to adopt Drupal 10 so that you can easily update to Drupal 10.1 and later.

Refer to Preparing your site to upgrade to a newer major version for tools you can use to check the Drupal 10 compatibility of modules, themes and sites.

Both 10.0.0 and 9.5.0 include all the latest changes, and they have the same APIs and features aside from a few edge-cases. This also means modules and themes can be compatible with Drupal 9 and 10 at the same time! The key changes in 10.0.0 are:

1. Deprecated code, including entire modules and themes, has been removed.
2. Dependencies have been updated to new major versions as appropriate.
3. Platform requirements (including supported PHP and database versions, Composer requirements, and supported browsers) have been updated.

For all other changes, refer to the 9.5.x branch.

Important update information Sites must update to at least Drupal 9.4.4 before upgrading to Drupal 10

Drupal sites running 9.3.x or earlier versions must first update to 9.4.4 or later before updating to Drupal 10. All core updates added before 9.4.0 have been removed and the data upgrade path from CKEditor 4 to CKEditor 5 is not available before Drupal 9.4.4. In general, sites should update to the most recent release of their current major branch before updating to the next major release.

Sites using CKEditor 4 should upgrade to CKEditor 5 in Drupal 9.4 or 9.5 before updating to Drupal 10

Most Drupal sites using CKEditor 4 should upgrade to CKEditor 5. See the recommendations for CKEditor for details. Upgrading from CKEditor 4 to 5 is a manual process, because it requires human supervision.

Changes to site-owner-managed files

• Performance has been improved for Apache serving gzipped JavaScript and CSS aggregates to browsers. Sites should update their .htaccess files to take advantage of this performance improvement.

• yarn.lock and package.json are now blocked by Drupal's default web server configuration, sites should update any copies of .htaccess or web.config to incorporate the changes.

• It is no longer necessary or recommended to configure fast 404s in settings.php.

• The default robots.txt file has been updated to disallow indexing of oEmbed media links.

• A new developer feature to show debug markup for render caching has been added. It can be configured in services.yml and is disabled by default. Sites should ensure that their site-specific services.yml includes the new section.

• For forward-compatibility with a deprecation in 10.1.x, a change has been made to the assertion handling defaults in example.settings.local.php. Site owners can update their settings.local.php to maintain consistency and forward-compatibility.

Platform requirements changes PHP requirements

• Drupal 10 requires PHP 8.1 or higher.

  PHP versions 8.1.0 through 8.1.5 have a bug with the PHP OPcache that may cause intermittent fatal errors at runtime for class autoloading, so PHP 8.1.6 or higher is recommended.

• Warnings are displayed on the Drupal status report page when a site is using a PHP version that has reached its official end-of-life date. This won't prevent running, updating, or installing Drupal unless the version is below the absolute minimum requirement. Review the handbook documentation on unsupported PHP versions for more information.

Database requirements

The following minimum database versions are supported by Drupal 10 core:

• MySQL or Percona 5.7.8.
• MariaDB 10.3.7 (This is a more recent release than the MySQL version.)
• PostgreSQL 12 with the pg_trgm extension.
• SQLite 3.26 with the JSON1 extension. PHP does not always use the system-provided SQLite, so verify that your PHP is compiled with at least this version.

Browser support changes

• Internet Explorer 11 is not supported in Drupal 10.
• Support for older versions of UC Browser has been removed. Newer versions of the browser that rely on WebView should be unaffected.

See the browser support policy for more information.

Composer requirements

Drupal 10 recommends Composer version 2.3.6 or higher, which is required for compatibility with PHP 8.2 and the forthcoming Automatic Updates feature. Core developers must update to at least Composer 2.3.6 to work on Drupal core, and site owners will receive warnings on older versions. Drupal will not install or update with Composer versions lower than 2.1.

To update your host's version of Composer, run:

composer self-update

You can roll back to the previous version at any time by using:

composer self-update --rollback

Update to a specific version with:

composer self-update 2.3.6

More information on using Composer for Drupal .

Removed modules and themes

Numerous modules and themes have been removed from Drupal core and moved to contributed projects. In many cases, the removed extensions have little to no impact on site development.

Sites that depend on a removed module or theme should download the contributed project version (either manually, or by requiring it with Composer) before updating their sites to Drupal 10. Drush may bypass warning and error messages on update.php related to missing modules or themes. The status report will display errors about missing modules after upgrading, but missing active themes will cause fatal errors and/or a white screen.

Removed modules

If a removed module is required for a site's functionality, the contributed version should be downloaded to the codebase or added to the Composer requirements before upgrading. Do not uninstall the module, since this would destroy the module configuration.

In addition to the below changes, some related CSS and templates have been removed from core base themes, so sites using the below modules may need to update their themes.

• Aggregator

  The Aggregator module has been removed from Drupal 10 and is available as the Aggregator contributed module.

• CKEditor 4

  Refer to the CKEditor 4 and 5 summary at the beginning of these release notes.

• Color

  The Color module has been removed from Drupal 10 and is available as a contributed module.

• HAL

  HAL has been removed from Drupal 10 and moved to a contributed project. In most cases, sites should be converted to use JSON:API instead. More information on replacing HAL.

• Quick Edit

  The Quick Edit module has been removed from Drupal 10 and moved to a contributed project. Most users do not use Quick Edit and it can usually be uninstalled safely. If you want to keep using this functionality, read the recommendations for Quick Edit.

• RDF

  The RDF module has been removed from Drupal 10 and moved to a contributed project.

  RDF was previously installed as part of the standard install profile, but many sites do not use the functionality it provides. If you are not sure what RDF is, it is likely that you can safely uninstall it.

  If you want to keep using the functionality provided by RDF, read the recommendations for RDF.

• Entity Reference (stub module)

  Entity Reference: If this module is installed on your site for some reason, simply uninstall it. (It is obsolete with no impact on site functionality.)

• Migrate Drupal Multilingual (stub module)

  Migrate Drupal Multilingual: This functionality is now provided by the core Migrate Drupal module. If this module is installed on your site for some reason, simply uninstall it. (It is obsolete with no impact on site functionality.)

Removed themes

Even if you do not use the below themes directly, you should check whether your installed themes extend them. This information is available in the .info.yml file for the theme. For example, to see if themes/mytheme uses Classy as a base theme, check in themes/mytheme/mytheme.info.yml for this line:

base theme: classy

Base themes may extend other base themes, so if a non-core base theme is listed, you should also check whether or not that theme extends one of the below themes (especially Classy or Stable).

• Bartik

  The Bartik theme has been removed from Drupal 10, and is now available as a contributed theme. Sites using Bartik must install the contributed theme before updating to Drupal 10.

• Seven

  The Seven theme has been removed from Drupal core and is now available as a contributed theme. We recommend switching to the new core admin theme, Claro. In order to continue using Seven, sites must install the contributed theme version of Seven before updating to Drupal 10.

• Classy

  The Classy base theme has been removed from Drupal core and is now available as a contributed theme. Themes depending on Classy should add a dependency on the contributed Classy theme. Sites that use a theme that extends Classy must install the contributed project versions of both it and Stable (see below) before updating to Drupal 10.

  Developers looking to create a new theme should now use the Starterkit theme generator that is provided with Drupal 10.

• Stable

  The Stable theme has been removed from Drupal core and is now available as a contributed theme. Themes depending on Stable should add a dependency on the contributed Stable theme or migrate to Stable 9. Sites that use a theme that extends Stable must install the contributed project version before updating to Drupal 10.

Composer integration changes

Composer 2.2 and higher require Composer projects to authorize individual plugins. This means that Composer commands to install and update Drupal projects will fail unless either the required plugins are allowed in the project configuration or the user manually replies y to a prompt to allow the plugin. Existing projects may need to update their configuration to authorize these plugins. This can be done by running the following commands:

composer config --no-plugins "allow-plugins.composer/installers" true composer config --no-plugins "allow.plugins.drupal/core-composer-scaffold" true composer config --no-plugins "allow-plugins.drupal/core-vendor-hardening" true composer config --no-plugins "allow-plugins.drupal/core-project-message" true

For more information, review Composer 2.2+ authorized plugins.

Change to the Standard profile

The 'Basic HTML' format provided with the Standard profile no longer allows the <span> tag. This should simplify copying and pasting from Microsoft Word, Google Docs and similar programs into either version of CKEditor on new installs. Existing installs may want to consider removing the tag from text formats and reviewing existing content.

API changes

• Entity API changes

  • hook_entity_view_mode_alter() no longer receives the $context argument, which was always an empty array. Existing implementations of hook_entity_view_mode_alter() should remove the $context argument. See the hook_entity_view_mode_alter() change record for more details.

  • The range validator for entities now yields a more accurate 'value not in range' message for Symfony 6.1 compatibility, with its violation error code also more accurately being Range::NOT_IN_RANGE_ERROR.

• Serializer changes

  Code that extends Symfony's Serializer component has been updated with stricter typehints and an additional argument for compatibility with Symfony 6.1 and future releases. For more information, review the change record: Context argument added in code that extends from Symfony's Serializer component.

• Drupal version constant changes

  In order to provide sites with the most complete information on which PHP versions are supported and recommended for their current installation, \Drupal::MINIMUM_SUPPORTED_PHP is deprecated and replaced by \Drupal\Core\PhpRequirements::minimumSupportedPhp().

• Database API changes

  • Drupal previously supported per-table prefixing for complex multisite setups. This functionality has been deprecated since Drupal 8.2. Warnings are displayed on the status reports of sites that still use this functionality from Drupal 9.3.0 on, and the functionality has been removed from Drupal 10. See the change record for alternatives to per-table prefixing.

  • A new interface Drupal\Core\Database\SupportsTemporaryTablesInterface has been added for database drivers to indicate support of temporary tables.

• SimpleTest support removed from the core test runner

  The SimpleTest module was moved to contrib before Drupal 9.0.0. Drupal 10 removes support for SimpleTest from the core test runner. Projects that use SimpleTest should convert their tests to PHPUnit.

• Ajax commands can now return promises

  Ajax commands can now return promises when they need to ensure some code has been executed before executing the next Ajax command in the list.
  When altering the success method of a Drupal.Ajax object, please make sure a Promise is returned to ensure proper execution. Read more about the API changes in the Ajax system..

• Off-canvas/Settings Tray CSS modernized

  The off-canvas dialog’s CSS has been completely refactored in Drupal 10.0.0. This means that if your module or theme previously implemented custom CSS for the off-canvas dialog, it may need to be re-implemented (or removed if it was solely bug fixes). Additionally, all of the off-canvas CSS has been removed from Stable and Stable 9 to ensure that as many themes as possible will be able to benefit from the improvements. Read more about the changes to the off-canvas and Settings Tray CSS.

• Functional JavaScript tests will now fail on JavaScript errors

  JavaScript errors in tests are now caught and raised as test failures.. Previously, any JavaScript error that occurs that did not interfere with the functionality of the test was ignored. Now those errors are surfaced to the test runner.

• _serviceId property no longer added to container services

  For compatibility with PHP 8.2, the _serviceId property is no longer added to services in the container. Developers who relied on this property in custom code should read the change record for alternatives to the _serviceId property.

Backend (PHP) dependency changes Added PHP dependencies

• Drupal core requires guzzlehttp/psr7 2.4.3 for implementation of several core services for PSR-17.

Removed PHP dependencies

The following dependencies have been removed from Drupal core:

• Diactoros: PSR-7, PSR-17, and PSR-18 functionality is now provided by guzzlehttp/psr7.
• Laminas Feed
• symfony-cmf/routing
• EasyRDF
• symfony/translation
• TYPO3/phar-stream-wrapper: this library is only needed for PHP 7.3 and earlier.
• doctrine/reflection: Relevant APIs were previously moved to Drupal core.
• stack/builder: The functionality is now provided by a core API. The http_kernel service's functionality is unaffected by this change.

Updated PHP dependencies

• Drupal 10 requires Symfony 6.2. Several indirect dependencies have changed as a result of the Symfony 6 update.

  Additionally, the symfony/deprecation-contracts, symfony/event-dispatcher-contracts, symfony/service-contracts, and symfony/translation-contracts libraries have been updated from 2.5.2 to 3.1.1.

• Twig has been updated from 2.x to 3.4.3. Review the Twig 3 changes for PHP developers and template creators.

• guzzlehttp/guzzle 7.5 is now required.

• asm89/stack-cors has been updated from version 1.3.0 to 2.1.1.

  Enabling CORS now preserves cacheability whenever possible.

  Previously, enabling CORS would add Vary: Origin to all requests of a different origin. With this change, enabling CORS will only add this if absolutely necessary.

• Drupal core's other production Composer dependency versions have been updated where possible to the latest major, minor, and patch releases. Where appropriate, constraints have been increased to require the latest minor versions.

Frontend (CSS and JavaScript) dependency changes Removed frontend dependencies

• The public Backbone and Underscore core libraries have been removed. These dependencies are now deprecated and for internal use only. Consequently, the drupal.editor.admin and drupal.filter.filter_html.admin libraries no longer depend on Underscore. Backbone and Underscore will eventually be removed from core.

  Modules or themes that depend on these libraries should either refactor their code to remove the dependencies, or treat them as third-party dependencies for the contributed module.

  Most Underscore functionality has simple replacements in modern ES6 JavaScript. Review the change record about the Underscore deprecation for more information on upgrading your code.

• Since Internet Explorer 11 is no longer supported, Drupal 10 deprecates all polyfill libraries and removes the files. Additionally, the details HTML tag is available in all supported browsers, so the supporting code that provided this element for Internet Explorer has been removed. If you plan to continue supporting Internet Explorer 11 even when used with Drupal 10, your project will have to depend on or implement any required polyfills directly.

• The Farbtastic library has been removed from Drupal core. There is no replacement. Developers should consider using browser-native color pickers instead.

• The jQuery Joyride JavaScript library has been removed.

• The PopperJS JavaScript library has been removed as a direct dependency. It was used only by Quick Edit, which has been removed from core. If you need to use it, you should define the library in a custom module.

Updated frontend dependencies

• CKEditor 5 has been updated to the latest 35.4.0 release. This update has a minor breaking change that could affect the development of certain contributed or custom CKEditor 5 integrations. For more information read the CKEditor 5 35.4.0 release notes.

• jQuery has been updated from 3.6.0 to 3.6.2.

• tabbable has been updated to 6.0.10.

• The Shepherd.js JavaScript package has been updated to 10.0.1. Additionally, the public core library for this package has been deprecated. Shepherd.js should only be used internally by Drupal core.

• Drupal core's other production JavaScript dependency versions have been updated to the latest major, minor, and patch releases where possible. Where appropriate, constraints have been increased to require the latest minor versions.

Development dependencies

• The JavaScript ES6 build process has been removed given that all browsers supported by Drupal Core are now ES6-compatible. This means that once the build tooling is removed from Drupal 10, core developers are no longer required to run the commands when they make changes to core JavaScript. This also means that babel/core and all related dependencies are no longer used as core development dependencies.

• Node.js is a required development dependency for Drupal core and the minimum supported version has been updated from 12 to 16. (Information on changes in Node.js 16.) An updated version of Node.js can be installed directly or with nvm. This only affects sites that have installed Drupal core's JavaScript development dependencies with npm or yarn.

• The PHPStan static analysis tool, version 1.9.1, has been added to Drupal core's development dependencies and is run against all core patches and merge requests.

• PHPUnit has been upgraded from 8.5.21 to 9.5.24, and all its sub-packages have been updated. PHPUnit 9.5 or higher is required, and PHPUnit 8 is no longer supported.

  phpspec/prophecy-phpunit and Mink 1.10 or later are also now required for PHPUnit.

• Drupal 10 development now requires composer/installers version 2.0 or higher (up from version 1.9).

• The Nightwatch testing library has been updated to version 2.4.2. Reference the Nightwatch developer guide for a list of high level changes in the 2.0.0 release.

• The JavaScript chromedriver package has been removed. If you were running Nightwatch tests locally, you may need to start Chromedriver manually.

• The JavaScript raw-loader package has been removed as it is no longer required by Drupal’s build process.

• The Stylelint development dependency has been updated to version 14, and minor changes have been made to whitespace and quoting in core CSS. Refer to the change record on the Stylelint 14 update for more information.

• stylelint-config-standard, which enforces Drupal's CSS style, has been upgraded from 23.0.0 to 28.0.0. Developers who relied on this ruleset may have to make minor tweaks to their CSS to comply with the new standards.

• cspell has been updated from version 5 to 6.14.1. This results in some slight changes to the dictionary for core development.

• Chalk has been removed as a JavaScript development dependency.

• PostCSS has been upgraded from 7.0.39 to 8.4.16. Developers who used custom PostCSS plugins may need to refer to the PostCSS 8 plugin migration guide.

• The ESLint JavaScript development dependency has been updated to version 8.9.0. core/.eslintrc.passing.json has been updated to reflect the new rules.

• eslint-plugin-yml, the YAML style checker for ESLint, has been upgraded from 0.14.0 to 1.2.0.

• Drupal core's other JavaScript and PHP development dependencies have been updated to the latest major, minor, and patch versions wherever possible.

  Core developers should completely remove their node_modules directory and re-run yarn install from within the core/ directory.

Coding standards

The following coding standards checks have been enabled in core:

• Drupal.Array.Array.ArrayClosingIndentation Drupal.Array.Array.ArrayIndentation Drupal.Commenting.FunctionComment.MissingReturnType

• All YAML files are linted for correct indentation.

Known issues

Search the issue queue for known issues.

All changes since 10.0.0-rc3

• Revert "Issue #2568889 by smustgrave, berenddeboer, Lendude, Anandhi Karnan, ckaotik, boromino, diaodiallo, Yago Elias, yashingole, Abhijith S, Amber Himes Matz, dawehner, Scott Weston: Views exposed text filter set to required shows an empty error and form error on page load"
• Issue #3327115 by Eric_A, alexpott, xjm, longwave, pandaski: .htaccess rules broken since yarn.lock got added
• Issue #3326896 by longwave, lauriii, Wim Leers, effulgentsia, catch, xjm: Update CKEditor 5 to 35.4.0
• Issue #3326874 by longwave, xjm: Update to jQuery 3.6.2
• Issue #2828724 by Spokje, alexpott, ravi.shankar, Lal_, malcomio, ElusiveMind, smaz, yogeshmpawar, ridhimaabrol24, semiaddict, piggito, f.mazeikis, tvhung, tatarbj, ranjith_kumar_k_u, vijaycs85, baikho, Jelle_S, kleinmp, bbrala, Mike_info, David_Rothstein, pwolanin, cburschka: Username enumeration via one time login route
• Issue #3325772 by andypost, mondrake: Fix wrong property typehinting in SchemaCheckTrait
• Issue #2810985 by _Archy_, smustgrave, GoZ, joelpittet, csheltonlcm, ayush.khare, Lendude: Remove duplicate condition
• Issue #3213752 by Spokje, bradjones1, quietone, _pratik_, ravi.shankar, rpayanm, bbrala, alexpott, catch: Remove dead code from JsonApiDocumentTopLevelNormalizerTest
• Issue #3259090 by Lendude, mr.york, Pandepoulus: Exposed filter equality check works differently in PHP 8.0
• Back to dev.

Release type: Bug fixesNew features

This is the final minor version (feature release) of Drupal 9 and is ready for use on production sites. Learn more about Drupal 9 and the Drupal core release cycle.

This minor release provides new improvements and functionality without breaking backward compatibility (BC) for public APIs. Note that there may be changes in internal APIs and experimental modules that require updates to contributed and custom modules and themes per Drupal core's backward compatibility and experimental module policies.

Minor releases may include string changes and additions. Translators can review the latest translation status on localize.drupal.org.

Drupal 9.5 is the final minor release of the 9.x series. It will be supported until November 2023. It provides almost the same public API as Drupal 10.0 aside from deprecated code and dependency changes. For more information on the Drupal 10 release, read the Drupal 10.0.0 release notes.

Existing Drupal 9 sites will get the smoothest upgrade experience by updating to Drupal 9.5 prior to updating to Drupal 10. This ensures the smallest necessary changes to upgrade to Drupal 10.

If you are starting a new Drupal project, start with Drupal 10.0 for forward compatibility with later releases.

Regardless of which version you choose now, new features will only be added to upcoming Drupal 10 minor releases, so you should prepare your site for Drupal 10 this year in order to continue receiving the new features in Drupal 10.1 and 10.2.

9.3.x will no longer receive security support, so sites on a Drupal 8 or Drupal 9 version earlier than 9.4.x should upgrade to a supported release as soon as possible.

Important update information Updating from Drupal 8

For information on updating from Drupal 8 to Drupal 9, see Upgrading from Drupal 8 to Drupal 9.

Upgrading from Drupal 6 and 7

Drupal 6 and 7 users can continue to migrate to Drupal 9.5. The migration paths from Drupal 6 and Drupal 7 to Drupal 9 will remain supported throughout Drupal 9's release cycle.

Recommended but optional: upgrade to CKEditor 5

If you already upgraded to CKEditor 5 while on Drupal 9.4, you can ignore this.

Sites that do this at a time of their choosing while on Drupal 9.5.x will have a smoother update to Drupal 10.

Most Drupal sites that are still using CKEditor 4 should upgrade to CKEditor 5 — see the recommendations for CKEditor for details.

Upgrading from CKEditor 4 to 5 is a manual process, because it requires human supervision.

Changes to site-owner-managed files

• Improved performance for Apache serving gzipped JavaScript and CSS aggregates to browsers. Sites should update their .htaccess files to take advantage of this performance improvement.

• yarn.lock and package.json are now blocked by Drupal's default web server configuration, sites should update any copies of .htaccess or web.config to incorporate the changes.

• It is no longer necessary or recommended to configure fast 404s in settings.php.

• The default robots.txt file has been updated to disallow indexing of oEmbed media links.

• A new developer feature to show debug markup for render caching has been added, this can be configured from services.yml and is disabled by default. Sites should ensure that their site-specific services.yml includes the new section.

• For forward-compatibility with a deprecation in 10.1.x, a change has been made to the assertion handling defaults in example.settings.local.php. Site owners can update their settings.local.php to maintain consistency and forward-compatibility.

Platform requirements changes Drupal recommends that sites on PHP 8.1 use at least PHP 8.1.6.

• PHP 8.1.6 is now recommended. PHP 8.0 remains fully supported, but PHP 7.4 is end of life and no longer receives security fixes.

• For more information on supported PHP versions, see the PHP requirements handbook page.

• Drupal 9.5 and its dependencies do not have full support for PHP 8.2. For PHP 8.2 support, update to Drupal 10.

Deprecated modules

The following core modules are deprecated in Drupal 9.5.0 and will be moved to contributed projects in Drupal 10:

• CKEditor 4
• Color
• Quick Edit
• RDF

This is in addition to the modules already deprecated in Drupal 9.4 (Aggregator and HAL).

Sites will receive warning messages when deprecated modules are in use. Review the deprecated module documentation on the steps to take if your site uses any of these modules.

Deprecated themes

The following core themes are deprecated in Drupal 9.5.0 and will be moved to contributed projects in Drupal 10:

• Bartik
• Classy
• Seven

Sites will receive warning messages when deprecated themes are in use. Review the deprecated theme documentation on the steps to take if your site uses any of these themes.

Backend dependency updates

The following dependencies have been changed or updated since 9.4.

Backend development dependencies

• Symfony has been updated to the latest patch release of Symfony 4.4.

• Drupal core's pinned Composer dependency versions have been updated for the latest minor and patch releases.

• Additionally, Drupal core’s composer constraints have been increased to require the latest minor version for forward compatibility. This ensures that if any composer package that Drupal core depends upon has a security release, the Drupal core security update will be non-disruptive, because if possible no minor version increase will occur for the affected dependency, only a patch version increase.

• egulias/email-validator has received a major-version update to 3.2.1 (from version 2, which is end-of-life).

Frontend (CSS and JavaScript) production dependency changes

• The core/jquery.farbtastic library has been deprecated.
  The Color module relies on the Farbtastic library, and that module is deprecated in Drupal 9.5 and removed in Drupal 10. This library is not otherwise used in core, so it is also deprecated in Drupal 9.5.0 for removal in Drupal 10.0.0.

• CKEditor 5 has been updated to the latest 35.4.0 release. This update has a minor breaking change that could affect the development of certain contributed or custom CKEditor 5 integrations. For more information read the CKEditor 5 35.4.0 release notes.

• Shepherd.js has been updated from 9.1.0 to 9.1.1.

• PopperJS and the associated core library have been deprecated. It has also been updated from version 2.11.5 to 2.11.6.

• tabbable has been updated from 5.2.2 to 5.2.3.

• jQuery has been updated from 3.6.0 to 3.6.1.

• The public Drupal library for Underscore has been deprecated. The internal version has been updated from 1.13.3 to 1.13.4

Frontend development dependencies

• The JavaScript chromedriver package has been removed. If you were running Nightwatch tests locally, you may need to start Chromedriver manually.

• The JavaScript raw-loader package has been removed as it is no longer required by Drupal’s build process.

• Drupal core's JavaScript development dependencies have been updated to the latest minor and patch versions. Core developers should completely remove their node_modules directory and re-run yarn install from within the core/ directory.

• cspell has been updated from version 5 to 6. This results in some slight changes to the dictionary for core development.

Changed coding standards

The following coding standards checks have been enabled in core:

• Drupal.Array.Array.ArrayClosingIndentation Drupal.Array.Array.ArrayIndentation Drupal.Commenting.FunctionComment.MissingReturnType
• All YAML files are linted for correct indentation.

Known issues

Search the issue queue for known issues.

All changes since Drupal 9.5.0-rc2

• Revert "Issue #2568889 by smustgrave, berenddeboer, Lendude, Anandhi Karnan, ckaotik, boromino, diaodiallo, Yago Elias, yashingole, Abhijith S, Amber Himes Matz, dawehner, Scott Weston: Views exposed text filter set to required shows an empty error and form error on page load"
• Issue #3327115 by Eric_A, alexpott, xjm, longwave, pandaski: .htaccess rules broken since yarn.lock got added
• Issue #3326896 by longwave, lauriii, Wim Leers, effulgentsia, catch, xjm: Update CKEditor 5 to 35.4.0
• Issue #3326874 by longwave, xjm: Update to jQuery 3.6.2
• Issue #2828724 by Spokje, alexpott, ravi.shankar, Lal_, malcomio, ElusiveMind, smaz, yogeshmpawar, ridhimaabrol24, semiaddict, piggito, f.mazeikis, tvhung, tatarbj, ranjith_kumar_k_u, vijaycs85, baikho, Jelle_S, kleinmp, bbrala, Mike_info, David_Rothstein, pwolanin, cburschka: Username enumeration via one time login route
• Issue #3325772 by andypost, mondrake: Fix wrong property typehinting in SchemaCheckTrait
• Issue #2810985 by _Archy_, smustgrave, GoZ, joelpittet, csheltonlcm, ayush.khare, Lendude: Remove duplicate condition
• Issue #3213752 by Spokje, bradjones1, quietone, _pratik_, ravi.shankar, rpayanm, bbrala, alexpott, catch: Remove dead code from JsonApiDocumentTopLevelNormalizerTest
• Issue #3259090 by Lendude, mr.york, Pandepoulus: Exposed filter equality check works differently in PHP 8.0

Release type: Bug fixesNew features

Many Broadway blockbusters make their way to Madrid, but Banderas wants to push the envelope with serious, complex musicals that are little-known in Spain.

The Times’s three European theater critics pick their favorite productions of the year — plus a turkey apiece for the festive season.

The British comedian and actor is now performing her solo take on Dickens’s coming-of-age drama Off Broadway. It’s “pure storytelling,” she said.

A play first performed in a tavern in 1665 survives with its title, and the court case it precipitated, intact — but nothing else.