drupal 11.2.0

This is a a feature minor release of Drupal 11 and is ready for use on production sites. Learn more about Drupal 11 and the Drupal core release cycle.

Read the Drupal 11.2.0 release announcement for improvements and highlights in this release.

This minor release provides improvements and new functionality. It does not break backward compatibility (BC) for public APIs. There may be changes in internal APIs and experimental modules. If so, contributed and custom modules and themes may need updating. This is according to Drupal core's backward compatibility and experimental module policies.

This release may include string changes and additions. Translators can review the latest translation status on localize.drupal.org.

Drupal 11.2.x will receive security support until June 2026. Drupal 11.1.x will continue to receive security support until December 2025.

Drupal 11 will be supported until the release of Drupal 13.

Important update information

If you are using Drupal CMS, see the release notes for Drupal CMS 1.2.0, as there are a couple of additional steps that should be taken before upgrading Drupal core to 11.2.0.

Sites must update to the latest release of 10.3 before upgrading to Drupal 11

Drupal sites running 10.2 or earlier versions must first update to 10.3.0 or later before updating to Drupal 11. All core updates added before 10.3.0 have been removed. In general, sites should update core and contributed modules to the most recent releases available for their current major core version, before updating to the next major release.

Upgrading from Drupal 6 and 7

Drupal 6 and 7 users can continue to migrate to Drupal 11. The migration paths from Drupal 6 and Drupal 7 to Drupal 11 will remain supported throughout Drupal 11's release cycle.

Removed features

• Sites can no longer download or update extensions from the User Interface. Instead, sites should use Composer to manage extensions. The notification of available updates is still available from the "Available updates" report page.

API and behavior changes

• The Drupal installer now installs modules without rebuilding the container between each module to improve performance. This may be incompatible with some modules or install profiles. If an incompatibility is found, add the "container_rebuild_required" key to relevant info.yml files.

Hook system changes

 
The new attribute-based hook system has had several additions and changes over the course of this release:

• Extending the Hook attribute directly is no longer supported.
• Hook ordering, removal, and replacement can now be defined using attributes instead of hook_module_implements_alter().
• The handling of preprocess hooks changed in Drupal 11.1.8 and 11.2. For information on converting your hooks correctly, see Preprocess functions in modules now support object-oriented implementations.

Developers testing against core APIs in earlier versions of 11.2 should make sure to read the latest change records, as there were breaking changes during the development process as well as numerous improvements and deprecations since 11.1.

Automated testing changes

• Drupal test discovery now uses PHPUnit's native test discovery. This should be transparent for most use cases. However, custom test pipelines using run-tests.sh may see changes in how tests are discovered.

Experimental module changes

• Package Manager is a hidden experimental module in Drupal core. (It does not do anything on its own, but provides the foundational APIs used by Project Browser and Automatic Updates.) Package Manager is now considered API-stable. Future API changes will be backwards-compatible, so contributed module developers can now rely on the experimental module's APIs.

• Sites using the Automatic Updates contributed module must update to the 4.0.0 release or higher at the same time as updating to Drupal 11.2

  Sites using the contributed Project Browser module must update to the 2.1.0-beta2 release or higher at the same time as updating to Drupal 11.2.

PHP dependency changes

• Drupal core now requires Symfony v7.3.0.
• Twig has been updated to v3.21.1.
• Numerous other dependencies have received minor- and patch-level updates to the latest versions.

PHP development dependency changes

• PHPUnit 11 is now the default version. It's still possible to downgrade to PHPUnit 10 in case of need, but in that case it's recommended to use PHPUnit's CLI for running tests, and avoid using Drupal's run-tests.sh script that may have gaps in discovering tests. Drupal tests now can use PHPUnit's 10+ attributes instead of the legacy annotations. New tests must use attributes.

• PHPStan has received a major-version upgrade to 2.1.17. Projects using PHPStan 1.x can refer to the PHPStan 2 upgrade guide.

• symfony/polyfill-php84 has been added for PHP 8.4 feature adoption.

• Composer has increased its minimum requirement for the justinrainbow/json-schema package to version 6, and as a result, Drupal core's lockfile and metapackage now pin this development dependency to version 6 as well. Modules using this package should read the version 6 upgrade notes as there are breaking changes. If your contributed or custom project relies on an older version of justinrainbow/json-schema, you should declare a conflict with the 6.x branch in your composer.json.

• Coder has been updated to the latest version (8.3.30), and the following Drupal coding standards rules have changed:

  • Drupal.CSS.ClassDefinitionNameSpacing and Drupal.CSS.ColourDefinition have been removed as Coder is no longer responsible for CSS coding standards.
  • Drupal.Strings.UnnecessaryStringConcat has been replaced with Generic.Strings.UnnecessaryStringConcat
  • Squiz.WhiteSpace.LanguageConstructSpacing has been replaced with Generic.WhiteSpace.LanguageConstructSpacing
  • MySource.Debug.DebugCode has been removed.

Frontend (CSS and JavaScript) production dependency changes

• CKEditor5 is updated from v44.0.0 to v45.2.0, which includes a number of improvements and bug fixes. If you have any custom integrations with CKEditor, see the v45 release notes for breaking changes.

  If you were using the provided CKEditor5 icon set, the icons have been renamed. Drupal has added an icon name backward compatibility layer for this specific change. CKEditor also now adds the "table" class to all


  elements, so themes using CSS rules that style tables differently based on the presence of that class may need those rules changed.

  Some contributed modules may be affected by the upstream BC breaks:

  • Users of the contributed linkit module should update to version 7.0.5 or higher.

  • The Editor advanced link module has an open issue to add compatibility for Ckeditor5 v45.2.0, users of this module may want to delay updating to 11.2.0 until that issue is fixed.

Development dependencies

• PostCSS and its plugins have been updated to the latest edition, removing the need for the @nest keyword and removing the use of rgba(). Drupal maintains the 2021 nesting behavior to avoid adding :is() selectors throughout the CSS. For details, see the PostCSS Nesting plugin documentation.

  Stylelint and stylelint-config-standard have also been updated to the latest version. Most notably the CSS rgb() function is preferred over the equivalent rgba() function. Drupal core stylesheets have been updated to account for these changed standards.

• Many dependencies have received minor- and patch-level updates to the latest versions.

Known issues

• [#3531506]
• [#3531412]
• [#2987548]

• Numerous site owners and developers have reported difficulty updating to Drupal 11.2.0 due to conflicting versions of Drupal core's development dependencies. Several core development dependencies had their major version constraints increased in the 11.2.0 release:

  • PHPStan was increased from v1 to v2.
  • sebastian/diff was increased from v5 to v6<./li>
  • PHPUnit was increased from v10 to v11.

  In a future bugfix release, we may attempt to support compatibility with both major versions of these dependencies. For the time being, however, we recommend site owners attempt updating all their packages which may use core's development dependencies together, for example:

  
composer update "drupal/core*" drupal/automatic_updates "drupal/gin*" drupal/project_browser --with-all-dependencies


  For more information and debugging suggestions that may help for your site, see [#3531287].

Search the issue queue for known issues.

All changes since Drupal 11.2.0-rc2

• Issue #3514262 by berdir, smustgrave, xjm, quietone: entity_browser_entity_form_field_widget_third_party_settings_form hooks can no longer return NULL
• Issue #3530363 by catch, smustgrave: Add @group #slow to some additional tests
• Issue #3526397 by catch: Split PackageInstallTest into two
• Issue #3497431 by mondrake, catch, larowlan, godotislate, jonathan1055, fjgarlin, xjm: Deprecate TestDiscovery test file scanning, use PHPUnit API instead
• Issue #3497647 by prudloff, xjm, quietone: StringDatabaseStorage::deleteStrings() does not work
• Issue #3529714 by mstrelan, xjm, smustgrave, acbramley: Add return types to EntityDefinitionTestTrait
• Issue #3476224 by pwolanin, heddn, bbrala, tstoeckler: JSON:API assumes entity reference field's main property must be the entity ID
• Issue #2473093 by acbramley, xjm: Node access default grant behavior is not clear
• Issue #3497431 by mondrake, catch, larowlan, godotislate, fjgarlin: Deprecate TestDiscovery test file scanning, use PHPUnit API instead