This is a release candidate for the next maintenance minor version of Drupal 10. Release candidates are not supported for production sites, but they are intended for widespread testing in preparation for the upcoming stable release. More information on release candidates.
This minor release provides improvements and new functionality. It does not not break backward compatibility (BC) for public APIs. There may be changes in internal APIs and experimental modules. If so, contributed and custom modules and themes may need updating. This is according to Drupal core's backward compatibility and experimental module policies.
This release may include string changes and additions. Translators can review the latest translation status on localize.drupal.org.
This maintenance minor provides important dependency updates and API additions for Drupal 10 sites to provide the best forward-compatibility with Drupal 11. It does not not break backward compatibility (BC) for public APIs. This is according to Drupal core's backward compatibility and experimental module policies.
Drupal 10.4.x will receive security support until December 2025. Drupal 10.3.x will continue to receive security support until June 2025.
Drupal 10.2.x security support will end in December 2024. Sites on any Drupal version prior to 10.3.x should upgrade to a supported release as soon as possible.
All changes since Drupal 10.4.0-beta1
- Issue #3490710 by mfb: Catch potential exception when calling Request::create() in PathBasedBreadcrumbBuilder
- Issue #3278759 by mxr576, kristiaanvandeneynde, acbramley, danflanagan8, larowlan, bbrala: Access cacheability is not correct when "view own unpublished content" is in use
- Issue #3490507 by alexpott, smustgrave: Fix bogus mocking in \Drupal\Tests\Core\Update\UpdateRegistryTest
- Issue #3484365 by nexusnovaz, joachim: docs for EntityTypeInterface::getBundleOf() should say entity type *id*
- Issue #3484799 by vladimiraus: EntityAccessCheck documentation contains errors
- Issue #3486972 by catch, longwave, larowlan: DefaultExceptionHtmlSubscriber should not clone the request for 400/BadRequestException
- Issue #3465827 by andypost, kim.pepper, arunkumark, catch, berdir, quietone: Stop passing E_USER_ERROR to trigger_error() on PHP 8.4
- Issue #3473374 by mxr576, bbrala, kristiaanvandeneynde: Improve Dynamic Page Cache header assertions in JSON:API tests
- Issue #3445276 by daffie: Fix lifecycle_links for deprecated or obsolete modules
- Issue #3229647 by rpayanm, kentr, xjm, gauravvvv, mherchel, mgifford, lauriii: Use focus-within in hidden.module.css
- Revert "Issue #3488365 by andypost: Upgrade twig/twig to 3.15.0"
- Issue #3488365 by andypost: Upgrade twig/twig to 3.15.0
- Issue #3489329 by mfb, casey: symfony/http-foundation commit 32310ff breaks PathValidator
- Issue #3471490 by nayana_mvr, smustgrave, larowlan: field:not(:last-child) does not work with layout builder in olivero
- Issue #3487816 by catch, berdir, smustgrave, quietone: Ensure tests don't run twice
- Issue #3487908 by spokje, quietone, smustgrave: Update cspell to latest
- Issue #3483353 by a.dmitriiev, phenaproxima, atul_ghate, alexpott, roderik: Remove the createCopy action from EntityDisplayBase, and make cloneAs compatible with wildcards
- Issue #3487579 by spokje, smustgrave, catch, nod_: Bump ckeditor 43.1.1 => 43.3.1
- Issue #3487921 by chandansha, joachim: incorrect docs for MenuLinkFieldDefinitions
- Issue #2982582 by arunkumark, nexusnovaz, anish.a, avpaderno, smustgrave, joachim, godotislate, larowlan, cburschka: hook_requirements() doesn't say that severity is optional, or what the default is
- Issue #2969406 by bhanu951, robincs, quietone, ranjit1032002, sahil.goyal, urvashi_vora, opdavies, elber, aaronmchale, avpaderno, smustgrave, alberto56, cilefen, benjifisher, lauriii, larowlan, Mahima_Mathur23, nkoporec, borisson_, poker10: Fix incorrect message after resetting password
- Issue #3488664 by phenaproxima: The PlaceBlock config action breaks when placing a block in an empty region
- Issue #3378393 by quietone, xjm, dww: Hardcode security coverage EOL dates for Drupal 10.last-1 and 10.last
- Revert "Issue #3483435 by phenaproxima, alexpott, thejimbirch: Add a trait for forms that want to collect input on behalf of a recipe"
- Issue #3483435 by phenaproxima, alexpott, thejimbirch: Add a trait for forms that want to collect input on behalf of a recipe
- Issue #3488401 by andypost: upgrade prophecy to 1.20
- Issue #3486545 by spokje, andypost: Update Composer dependencies for 10.4.0-beta1
- Issue #3487031 by larowlan, alexpott, themodularlab, ericgsmith, longwave, spokje: Performance Degraded after update to twig 3.14.2
- Issue #3488781 by poker10, quietone: TypeError: Cannot assign string to property $_serviceIds of type array in ContentEntityCloneTest::testEntityPropertiesModifications
- SA-CORE-2024-008 by mcdruid, fabianx, poker10, larowlan, longwave, alexpott
- SA-CORE-2024-007 by mcdruid, larowlan
- SA-CORE-2024-006 by mcdruid, larowlan
- SA-CORE-2024-004 by zengenuity, cilefen, kristiaanvandeneynde, mcdruid, larowlan
- SA-CORE-2024-003 by jrb, larowlan, catch, mingsong, poker10, longwave, benjifisher
- Issue #3488179 follow-up by alexpott: RecipeConfigurator::getIncludedRecipe() should statically cache recipe objects to avoid performance problems
- Issue #3486741 by spokje, smustgrave, markconroy: CSS linting (stylelint): npx update-browserslist-db@latest
- Issue #3477324 by andypost, alexpott: Fix usage of str_getcsv() and fgetcsv() for PHP 8.4
- Issue #2855328 by danflanagan8, sourabh.singhal, Pancho, aarti zikre, asad_ahmed, priscarabelli, anushrikumari, ashwinparmar, vikashsoni, cilefen, ideaseed, Archana.Phatangare, quietone, finex, alexpott, catch, smustgrave, sugaroverflow: Password and confirm password should be mandatory fields while setting up password using one time link following by email
- Issue #3488179 by phenaproxima, thejimbirch: RecipeConfigurator::getIncludedRecipe() should statically cache recipe objects to avoid performance problems
- Revert "Issue #3486972 by catch, longwave: DefaultExceptionHtmlSubscriber should not clone the request for 400/BadRequestException"
- Issue #3486972 by catch, longwave: DefaultExceptionHtmlSubscriber should not clone the request for 400/BadRequestException
- Issue #3485296 by bradjones1, alexpott, emptyvoid, longwave, sidgrafix, dmitry.korhov: Regression: Deprecation of `yaml_parser_class` setting in 10.3 breaks sites < 11.0
VCS Label
10.4.0-rc1
Release type
Short description
Release candidates are not supported for production sites, but they are intended for widespread testing in preparation for the upcoming stable release.
Packaged Git sha1
b05c963076713fdf4bba11ce1c6a7049d726f572
Release files
ac4ca7f79387279e4d1732595ea0c8e3
Release file SHA-1 hash
95168e6072dccea9447e165f6face0a7ce4c5338
Release file SHA-256 hash
0ccc7d687c991d10ecae29424b21452923e05db17a6f3fb5c5641c29d95afb58
3b768b19676528e5520b43e32c95edd7
Release file SHA-1 hash
56ece68167ea124f76991c01be2dab38806827f9
Release file SHA-256 hash
d803e31242e72f39f5a7c779e22dfa39c3477eb9d064bf21761b57b1ec3aba17