drupal 10.3.0-beta1

This is a beta release for the next minor (feature) release of Drupal 10. Betas are good testing targets for developers and site builders who are comfortable reporting (and where possible, fixing) their own bugs. Beta releases are not recommended for non-technical users, nor for production websites. More information on beta releases.

This minor release provides improvements and new functionality. It does not not break backward compatibility (BC) for public APIs. There may be changes in internal APIs and experimental modules. If so, contributed and custom modules and themes may need updating. This is according to Drupal core's backward compatibility and experimental module policies.

This release may include string changes and additions. Translators can review the latest translation status on localize.drupal.org.

Drupal 10.3.x contains new features, and should be the target for new site development. Drupal 10.2.x will continue to have security support until December 2024.

Drupal 10 will be supported until the release of Drupal 12. Sites must update to at least Drupal 10.3.0 prior to updating to Drupal 11. For information on the upcoming Drupal 11 release, read the Drupal 11.0.0-beta1 release notes.

Known issues

• Drupal core does not currently have an effective way of handling data model updates that are needed in two separate versions of Drupal (for example, Drupal 10.4 and 11.1, or 10.3 and 11.0). The issue to resolve this is: [#3108658]

  Until this issue is resolved, bug fixes requiring a data model change may be held to a later release.

• PHP 8.4 compatibility for Drupal 10 and 11 remains under development. 10.4 (or even a later patch release of 10.3) will provide full compatibility with PHP 8.4.

• [#3441010]

• [#3446026]

Search the issue queue for known issues.

Important update information

For security hardening, a backwards-compatibility break has been introduced in ImageStyleDownloadController. This change may affect modules that provide custom stream wrappers or extend ImageStyleDownloadController. Review the change record for information on how to update your routing entries for this change.

Changes to site-owner-managed files

• The special privileges of user 1 are now part of the SuperUserAccessPolicy and is enabled by default. The special behavior of user 1 can be disabled by setting the parameter security.enable_super_user in the site services.yml file to false.

• The use of the State cache can be controlled using a new setting in settings.php. The setting is $settings['state_cache'] and is set to TRUE to improve performance. Sites may set it to FALSE if any modules are storing large amounts of data or frequently changing data in the State store. In Drupal 11, the setting will be removed and the State cache will be permanently enabled.

Platform requirements changes

• Drupal 10.3 is fully compatible with PHP 8.3. PHP 8.3 is now recommended and may offer performance improvements.

API deprecations and behavior changes

• Drupal now returns render cache items (except for forms) on POST requests. This improves performance of form submissions by allowing other elements of the page to be render cached. This change should be transparent to contributed and custom code. Module developers who implement custom forms should read the change record.
• ImageStyleDownloadController now requires routes to declare the scheme of image derivatives as a security hardening measure. Maintainers of modules that are using the deliver() method on this controller need to add the scheme to any callers of this method.
• APIs are added for the Recipes Initiative.

Experimental modules

Experimental modules are provided with Drupal core for testing purposes, but are not yet fully supported.

• The Navigation module provides new administration navigation. It is at beta stability.

PHP dependency changes

• Twig has been upgraded from 3.5.0 to 3.9.3. If you have custom code that extends Twig, you should read the v3.9.0 changelog as there are new deprecations.

• Numerous other dependencies have received minor- and patch-level updates to the latest versions.

Frontend (CSS and JavaScript) production dependency changes

• CKEditor 5 has been updated from 41.2.0 to 41.3.1.
• jQuery Form is removed as an external dependency. It is now forked into core because it is abandoned upstream. It is tagged @internal and should not be used by contributed or custom modules directly.