Posted by jwilson3 on November 29, 2025 at 6:28pm

Release 2.3.5 includes general housekeeping tasks, bug fixes, and dependency updates to keep the module stable and secure.

Important things to note in this release:

  1. We renamed the media-source plugin class from Svg.php to ScalableVectorGraphic.php to resolve a serious issue affecting sites on case-insensitive file systems. The old class name (SVG / Svg) is preserved via a class_alias for backward compatibility — but you should still clear all caches after updating (composer + Drupal cache rebuild) to ensure the plugin system picks up the change correctly.
  2. The enshrined/svg-sanitize library has been bumped to ^0.22 in composer.json. This addresses an upstream security vulnerability in prior versions of the sanitization library — worth upgrading even if you’re not aware of SVG sanitization issues on your site.
    • If you had manually required the library (for example composer require enshrined/svg-sanitize:^0.22) to work around earlier constraints, you may now delete that explicit entry from your composer.json. The svg_image_field module now declares the proper version and Composer will install it automatically as a transitive dependency.
  3. Compatibility tweaks have been applied to ensure smooth operation under Drupal 11 — useful if you are running or plan to upgrade to that version soon.

As always, after upgrading your composer dependencies make sure you rebuild Drupal’s caches.

Contributors (4)

alexpott, bvoynick, cmlara, jwilson3, penyaskito, taran2l

Changelog

Issues resolved in this release: 7

Changes since 2.3.4 (compare):

Bug fixes

  • #3525952 by jwilson3: Update ddev-drupal-contrib to 1.0.0
  • #3525952 by jwilson3: Fix and update the ddev cspell command
  • #3464156 by bvoynick, alexpott: Provide a proper schema for the media source media.source.svg
  • #3516563 by jwilson3, cmlara, penyaskito: Rename the media-source plugin class to ScalableVectorGraphic for reliability across different filesystems (with aliasing of the old class for backward compatibility).

Maintenance & compatibility tasks

  • #3504920 by jwilson3: Exclude the .ddev folder from packaging/build artifacts — helpful if you use ddev in your local or CI workflows.
  • #3501879 by taran2l: Ensure compatibility with Drupal 11.x (core / project-browser readiness).
  • #3551011 by jwilson3: Update enshrined/svg-sanitize to version 0.22 to apply upstream sanitization/security fixes.

Known issues introduced by this release

  • [#3560629] - fixed in 2.3.6
  • [#3561016] - fixed in 2.3.7

VCS Label
2.3.5
Release type
Bug fixes
Short description
general housekeeping, bug fixes, and dependency updates
Packaged Git sha1
c43b1fec44a059e102430e22e70a557aa9dda33b
Release files