2.10.10

Note: Updates Drupal core to 10.2.10. Includes updates that address SA-CORE-2024-002 and CVE-2024-45440.

• Closes #3718 Improve styling of AZ Finder exposed form, especially for multiple vocabulary filters (#3719)
• Closes #3777: Update drupal/core-recommended to 10.2.10 for SA-CORE-2024-002 and CVE-2024-45440 (#3778)
• #3737: Backport coding standards fixes from #3738 to 2.10.x. (#3779)
• Closes #3780: Add missing SMTP module config to address test failures in 2.10.x (#3782)
• Back to dev.

2.11.5

Note: The contrib module ImageMagick has been added to Quickstart as an optional module. This module provides an alternate image toolkit for sites that operate in low memory environments and have experienced issues with generation of image derivatives after Quickstart's usage of WebP for image derivatives in Quickstart 2.11.x.

For sites that wish to enable the alternate image toolkit, after enabling the module the toolkit settings can be found on /admin/config/media/image-toolkit. A quality setting of 92% is recommended for consistency with the default image toolkit settings.

Memory constraints can be specified under Execution Options after selecting ImageMagick as the toolkit, with prepended options, e.g. -limit memory 64MiB. These options will be configured automatically for sites using the AZQS upstream on Pantheon.

• Close #3765 Change top-level Quickstart toolbar link to an internal page instead of an external page. (#3767)
• #3717, az-digital/az-quickstart-pantheon#282: Add ImageMagick module. (#3724)
• Closes #3758: Ensure all external and minified library assets are properly configured. (#3759)
• Closes #3747 Restore the display of 12:00 am and 12:00 pm as "midnight" and "noon" for events (#3748)
• Closes #3744 Prevent views using Quickstart Exposed Filters from scrolling when checkboxes are checked (#3745)
• Closes #1212: Add views_bulk_operations as optional module. (#3749)
• Update drupal/blazy requirement from 3.0.10 to 3.0.11 (#3736)
• Update drupal/role_delegation requirement from 1.2.0 to 1.3.0 (#3722)
• Fixes #3737 SlevomatCodingStandards (#3738)
• Fixes #3074, Fixes #3568 Course Importer Missing Content, Course Instructor Person Links (#3570)
• Closes #3714 Extra main landmark role in page template (#3715)
• Back to dev.

2.11.4

Note: Updates Drupal core to 10.3.6. Includes an update that addresses CVE-2024-45440.

• Closes #3751: Update drupal/core-recommended to 10.3.6 (addresses CVE-2024-45440). (#3752)
• Back to dev.

2.11.3

Note: This release adds a patch for Drupal core that improves the quality of images generated using image styles that convert images to WebP. Sites upgrading from an earlier AZQS 2.11.x release should flush all image styles with drush (drush image:flush --all) to ensure higher quality WebP images are generated.

Bugfixes

• Closes #3725: Hard code higher WebP conversion quality setting until configurable for GD in core. (#3728)
• For #3705 Menu blocks intermittently not visible to anonymous users after updating to Quickstart 2.11 (#3727)
• Close #3730 mark minified JS as minified. (#3732)
• Closes #3723 Card title on image is red when the card is not clickable (#3729)

Experimental module updates

• Closes #3718 Improve styling of AZ Finder exposed form, especially for multiple vocabulary filters (#3719)

Contrib Module updates

• Update drupal/viewsreference requirement from 2.0.0-beta9 to 2.0.0-beta10 (#3703)
• Update drupal/date_ap_style requirement from 2.0.1 to 2.0.2 (#3721)
• Update drupal/optional_end_date requirement from 1.3.0 to 1.4.0 (#3720)
• Update drupal/smart_date requirement from 4.1.5 to 4.1.6 (#3692)

Other dependency updates

• Update citation-style-language/locales requirement from 0.0.20 to 0.0.22 (#3695)
• Update citation-style-language/styles requirement from 0.0.447 to 0.0.474 (#3708)

Misc.

• Back to dev.

2.11.2

Note: Updates Drupal core to 10.3.4. Includes update for twig/twig package that addresses CVE-2024-45411.

Note: Includes update for drupal/seckit module that addresses SA-CONTRIB-2024-039.

Note: Includes update to AZQS Photo Gallery component to prevent potential Bootstrap XSS vulnerability.

• Close #3693 Force az_paragraphs_full_width library to load in the head alone. (#3709)
• Closes #3700: Update drupal/core-recommended to 10.3.4. (#3701)
• Close #3683 use migmag_lookup instead of migrate_lookup (#3684)
• Closes #3702: Update drupal/seckit requirement from 2.0.1 to 2.0.3 (#3674)
• Update drupal/menu_link_attributes requirement from 1.4.0 to 1.5.0 (#3679)
• Re-add ghost block fix. (#3687)
• Update drupal/chosen requirement from 4.0.1 to 4.0.3 (#3682)
• Closes #3671 Add minified option on az_bootstrap_js_info (#3672)
• Closes #3666 Update Photo Gallery to prevent potential XSS vulnerability (#3668)
• Update drupal/media_library_edit requirement from 3.0.3 to 3.0.4 (#3661)
• Update drupal/antibot requirement from 2.0.3 to 2.0.4 (#3650)
• Update drupal/media_entity_file_replace requirement from 1.2.0 to 1.3.0 (#3663)
• Update drupal/flag requirement from 4.0-beta4 to 4.0.0-beta5 (#3669)
• Update drupal/media_library_form_element requirement from 2.1.0 to 2.1.1 (#3670)
• Update drupal/menu_link_attributes requirement from 1.3.0 to 1.4.0 (#3656)
• Close #3658 Add all paragraph migrations as optional dependencies of the news node migration. (#3659)
• Update drupal/bootstrap_utilities requirement from 3.0.0 to 3.0.1 (#3655)
• Closes #3637: Update drupal/intelligencebank requirement from 4.1.0 to 4.1.1 (#3654)
• Back to dev.

2.10.9

Note: Updates Drupal core to 10.2.8. Includes update for twig/twig package that addresses CVE-2024-45411.

Note: Includes update for drupal/seckit module that addresses SA-CONTRIB-2024-039.

Note: Includes update to AZQS Photo Gallery component to prevent potential Bootstrap XSS vulnerability.

• Close #3683 use migmag_lookup instead of migrate_lookup (#3684)
• Closes #3702: Update drupal/seckit requirement from 2.0.1 to 2.0.3 (#3674)
• Closes #3671 Add minified option on az_bootstrap_js_info (#3672)
• Closes #3666 Update Photo Gallery to prevent potential XSS vulnerability (#3668)
• #3700: Update drupal/core-recommended to 10.2.8
• Back to dev.

2.10.8

Note: This update reverts (disables) database updates included in earlier versions of AZQS that were problematic for certain sites (az_seo_update_1021001 and az_paragraphs_views_side_by_side_update_1021001).

• #3647: Disable az_seo_update_1021001 and az_paragraphs_views_side_by_side_update_1021001. (#3648)
• Closes #3597: Add lifecycle_link to experimental modules documentation in experimental modules. (#3598)
• Closes #3473: Adding policy recommendations for Experimental Modules (#3477)
• Closes #3567 Styling adjustments for the AZ Finder exposed form (AZDIGITAL-158) (#3577)
• Close #3588 Allow newly enabled module config to be overridden. (#3589)
• Close #3586 Set lifecycle key in info files of experimental modules. (#3587)
• Back to dev.

2.9.14

This will be the final 2.9.x release. Sites still using 2.9.x should upgrade to 2.10.x or 2.11.x ASAP.

• Close #3588 Allow newly enabled module config to be overridden. (#3589)
• Fixes #3544 AZBackgroundMediaFormatter Breaks with Missing Files (#3545)
• #3581: Apply updated coding standards to 2.9.x branch. (#3584)
• Prepare 2.9.x branch for new minor release branch 2.11.x (#3527)
• Back to dev.

2.11.1

Note: This update reverts (disables) database updates included in earlier versions of AZQS that were problematic for certain sites (az_seo_update_1021001 and az_paragraphs_views_side_by_side_update_1021001).

• #3647: Disable az_seo_update_1021001 and az_paragraphs_views_side_by_side_update_1021001. (#3648)
• Update drupal/easy_breadcrumb requirement from 2.0.7 to 2.0.8 (#3635)
• Closes #3642 Upgrade Drupal core to 10.3.2 (#3643)
• Update drupal/smart_date requirement from 4.1.4 to 4.1.5 (#3641)
• Update drupal/paragraphs requirement from 1.17.0 to 1.18.0 (#3614)
• Fixes #3639 Order Authors by Name (#3640)
• Update drupal/auto_entitylabel requirement from 3.2.0 to 3.3.0 (#3632)
• Update drupal/honeypot requirement from 2.1.3 to 2.1.4 (#3628)
• Update drupal/redirect requirement from 1.9.0 to 1.10.0 (#3630)
• Update drupal/slick requirement from 3.0.2 to 3.0.3 (#3629)
• Update drupal/block_field requirement from 1.0.0-rc4 to 1.0.0-rc5 (#3636)
• Update drupal/intelligencebank requirement from 4.0.0 to 4.1.0 (#3621)
• Update drupal/extlink requirement from 2.0.1 to 2.0.2 (#3633)
• Update drupal/blazy requirement from 3.0.9 to 3.0.10 (#3626)
• Update drupal/pathauto requirement from 1.12.0 to 1.13.0 (#3593)
• Update citation-style-language/styles requirement from 0.0.442 to 0.0.447 (#3625)
• Update drupal/extlink requirement from 1.7 to 2.0.1 (#3617)
• Update drupal/embed requirement from 1.7.0 to 1.9.0 (#3624)
• Update drupal/masquerade requirement from 2.0.0-rc5 to 2.0.0 (#3620)
• Update drupal/menu_block requirement from 1.11.0 to 1.13.0 (#3611)
• Update drupal/views_bootstrap requirement from 5.4.0 to 5.4.1 (#3613)
• Update drupal/asset_injector requirement from 2.20.0 to 2.21.0 (#3615)
• Update citation-style-language/styles requirement from 0.0.434 to 0.0.442 (#3601)
• Update drupal/google_tag requirement from 2.0.5 to 2.0.6 (#3574)
• Update drupal/inline_entity_form requirement from 3.0.0-rc19 to 3.0.0-rc20 (#3573)
• Update drupal/masquerade requirement from 2.0.0-rc4 to 2.0.0-rc5 (#3608)
• Update drupal/metatag requirement from 2.0.0 to 2.0.2 (#3607)
• Update drupal/viewsreference requirement from 2.0.0-beta8 to 2.0.0-beta9 (#3609)
• Update drupal/config_ignore_readonly requirement from 2.2.0-beta1 to 2.2.0 (#3604)
• Update drupal/date_ap_style requirement from 2.0.0 to 2.0.1 (#3606)
• Update drupal/field_group requirement from 3.4.0 to 3.6.0 (#3605)
• Update drupal/smtp requirement from 1.3.0 to 1.4.0 (#3578)
• Update drupal/token requirement from 1.14.0 to 1.15.0 (#3579)
• Update drupal/smart_date requirement from 4.1.3 to 4.1.4 (#3594)
• Back to dev.

2.11.0

Important Notes

1. End of Security Support for Quickstart 2.9.x

Quickstart 2.9.x will no longer receive security support. Sites on Quickstart 2.9.x or earlier should upgrade to a supported release as soon as possible. See our release policy for more information.

2. Update to Drupal 10.3

Quickstart 2.11.0 includes an update from Drupal Core 10.2 to Drupal Core 10.3.1. Be sure to read both the 10.3.0 release notes and the 10.3.1 release notes.

3. Removal of Deprecated Modules

Modules deprecated as of 2.9.x have been removed from Quickstart 2.11.x and should be uninstalled on sites before upgrading to 2.11.x (unless they have been added to a site-specific composer.json file).

• block_content_permissions

4. Chaos Tools (ctools) Dependency Removed from Quickstart 2

Quickstart no longer has a runtime dependency on the ctools module, and the module has been slated for removal. This might cause problems if other modules implicitly use ctools functionality without depending on it.

Note that for backwards compatibility, the composer definition still depends on the ctools project, but it's no longer installed on new projects and existing projects may uninstall it if they are not using it.

The composer definition is there so that existing sites do not automatically have the code removed underneath them and continue to work. This will be removed in the future in a new major version. It is recommended to either add an explicit dependency on ctools if you plan to keep using it or uninstall it.

To fully remove ctools from the project, add a replace section to the root composer.json:

"replace": {
  "drupal/ctools": "*"
}

Note that this will also skip it in case another module depends on it and the definition will need to be removed then.

Before uninstalling ctools, verify that no configuration dependencies remain on views or other config entities. Views should have that dependency removed automatically when resaving them.

5. WebP Image Conversion

This release adds a WebP conversion step to all image styles provided by AZ Quickstart and Drupal core. A patch for Drupal core has also been included that adds a directive to the .htaccess file included with Drupal core to ensure the WebP image MIME type is supported. Sites hosted on Apache web servers may need to update their .htaccess files to take advantage of this improvement.

6. New NetID field on AZ Person

A new NetID field has been added to the AZ Person content type. Sites that have added additional fields to the AZ Person content type may need to adjust the field display and form display settings for the AZ Person content type after applying configuration changes from the distribution. This new field will be needed for planned future AZQS integrations and enhancements.

7. Sanitization of Filenames

Quickstart now sanitizes the names of uploaded files by default to replace whitespace and non-alphanumeric characters with a dash. This change only affects newly uploaded files. For more details on this change, see the relevant Quickstart issue and Drupal change record.

How to Update

• Important: Database updates and Distribution configuration updates should always be applied when updating Quickstart sites.
• Important: Updating from a Quickstart codebase version less than 2.6.x is no longer supported. To update to a Quickstart 2.11.x release (e.g. 2.11.0) from a version less than 2.6.8 you must first update to 2.6.8 or greater and run database updates. Database updates added to Quickstart prior to version 2.6.0 have been removed in 2.7.x, 2.8.x, and 2.9.x. Also, some core modules included in Drupal 9 have been removed in Drupal 10. For more relevant info about upgrading from 2.6.x, see Quickstart 2.7.0 Upgrade Notes.
• For Site Updaters Managing Their Own Environments: With the inclusion of a minor Drupal update in this release, it's imperative for site updaters who manage their own environments to thoroughly review the Drupal release notes and their own setups. Please review https://github.com/az-digital/az-quickstart-scaffolding for the latest recommendations.
• Refer to Quickstart 2.11.0 Upgrade Notes on the wiki for more information about updating to 2.11.

Changes since 2.11.0-beta1

• Closes #3597: Add lifecycle_link to experimental modules documentation in experimental modules. (#3598)
• Close #3602 transpile JS with build tools lando yarn run build (#3603)
• Fix #3599 Can no longer save text format and editor configuration form, and upgrade bootstrap_utilities from 2.0.0 to 3.0.0 (#3600)
• Closes #3473: Adding policy recommendations for Experimental Modules (#3477)
• Closes #3567 Styling adjustments for the AZ Finder exposed form (AZDIGITAL-158) (#3577)
• Fixes #3591 Add NetID Unique Constraint (#3592)
• Close #3588 Allow newly enabled module config to be overridden. (#3589)
• Close #3586 Set lifecycle key in info files of experimental modules. (#3587)
• Closes #3445 Make config dependencies, module dependencies in az_paragraphs:az_paragraphs_view (#3446)
• Closes #3498 Make config dependencies, module dependencies in az_seo. (#3499)

New Changes in 2.11.0 (not included in 2.9.x or 2.10.x)

Drupal Core Updates

• #3290: Upgrade Drupal core to 10.3.0 (#3416)
• Update drupal/core-recommended requirement from 10.3.0 to 10.3.1 (#3539)

Bug Fixes

• #2778: Fix 10.3.x specific PHPCS issue in AZEnterpriseAttributesMigrationSync (#3515)
• Closes #3546 PHPUnit tests cannot be run locally using lando (#3547)
• Fixes #3556, Fixes #3557 Regressions in AZEventTrellisViewsField, AZTrellisEventSource (#3558)
• Fix #3599 Can no longer save text format and editor configuration form, and upgrade bootstrap_utilities from 2.0.0 to 3.0.0 (#3600)
• Close #3602 transpile JS with build tools lando yarn run build (#3603)

General Enhancements

• Closes #3096 Simple file system configuration change to sanitize uploaded filenames (#3180)
• Closes #3262 Add ability for content admins to set finder overrides (#3420)
• #2635, #3290: Add WebP conversion step to all included image styles (#3418)
• Closes #3396: Makes clickable cards more accessible (#3463)
• Closes #3335: Remove modules deprecated in 2.9.x (#3510)
• Close #3481 Remove az_google_tag's dependency on ctools and remove ctools from az_quickstart (#3481)
• Close #3329 Update prepare repository for minor release action so that it updates the main branch version alias as a pull request (#3337)
• Closes #3174 Made text area not required on az_text_background (#3392)
• Closes #3365 Set Easy Breadcrumb preferred menu setting to main menu by default (#3366)
• Close #3385 Remove redundant permissions in "Content Administrator" role (#3388)
• Update Arizona Icons to 1.0.2 (#3414)
• #3290: Convert plugin annotations to attributes for plugins updated in 10.3.0 (#3419)
• Closes #3561: Add NetID field to AZ Person. (#3562)
• Fixes #3591 Add NetID Unique Constraint (#3592)

Integrations

• Fixes #2778 Cron Migration settings for Enterprise Attributes (#2781)
• Fixes #3305 Provide Attribute Filtering for News Export (#3468)
• Fixes #3470 Additional Course Fields (#3495)

Contrib Module Updates

• Close #3467 Upgrade Blazy/Slick to 3.x (#3467)
• Closes #2835: Switch back to d.o. version of smart_title. (#3514)
• Update citation-style-language/styles requirement from 0.0.411 to 0.0.413 (#3402)
• Update citation-style-language/styles requirement from 0.0.413 to 0.0.434 (#3459)
• Update drupal/access_unpublished requirement from 1.5.0 to 1.6.0 (#3533)
• Update drupal/auto_entitylabel requirement from 3.0.0 to 3.1.0 (#3469)
• Update drupal/auto_entitylabel requirement from 3.0.0 to 3.2.0 (#3478)
• Update drupal/better_exposed_filters requirement from 6.0.5 to 6.0.6 (#3456)
• Update drupal/blazy requirement from 3.0.8 to 3.0.9 (#3513)
• Update drupal/cas requirement from 2.2.0 to 2.3.2 (#3417)
• Update drupal/chosen requirement from 4.0.0 to 4.0.1 (#3431)
• Update drupal/ckeditor_bs_grid requirement from 2.0.11 to 2.0.12 (#3538)
• Update drupal/config_readonly requirement from 1.0.0-beta5 to 1.0.0 (#3536)
• Update drupal/crop requirement from 2.3.0 to 2.4.0 (#3540)
• Update drupal/easy_breadcrumb requirement from 2.0.6 to 2.0.7 (#3509)
• Update drupal/externalauth requirement from 2.0.5 to 2.0.6 (#3543)
• Update drupal/google_tag requirement from 2.0.4 to 2.0.5 (#3437)
• Update drupal/jquery_ui requirement from 1.6.0 to 1.7.0 (#3458)
• Update drupal/jquery_ui_datepicker requirement from 2.0.0 to 2.1.0 (#3474)
• Update drupal/media_library_form_element requirement from 2.0.6 to 2.1.0 (#3534)
• Update drupal/menu_block requirement from 1.10.0 to 1.11.0 (#3407)
• Update drupal/migrate_plus requirement from 6.0.2 to 6.0.4 (#3555)
• Update drupal/paragraphs_admin requirement from 1.5.0 to 1.6.0 (#3401)
• Update drupal/smart_date requirement from 4.0.3 to 4.1.3 (#3386)
• Update drupal/smtp requirement from 1.2.0 to 1.3.0 (#3508)
• Update drupal/views_remote_data requirement from 1.0.2 to 1.0.3 (#3506)
• Upd...