July 7th, 2016
Drupal 7.50, the next release in the Drupal 7 series, is now available for download. It contains a variety of new features, improvements, and bug fixes (no security fixes).
Wait... Drupal 7.50?
Yes, there is a version jump compared to the previous 7.44 release; this is to indicate that this Drupal 7 point release is a bit larger than past ones and makes a few more changes and new features available than normal.
Updating your existing Drupal 7 sites is recommended. Backwards compatibility is still being maintained, although read on to find out about a couple of changes that might need your attention during the update.
There are a variety of new features, performance improvements, security-related enhancements (although no fixes for direct security vulnerabilities) and other notable changes in this release. The release notes provide a comprehensive list, but here are some highlights.
New "administer fields" permission added for trusted users
The administrative interface for adding and configuring fields has always been something that only trusted users should have access to. To make that easier, there is now a dedicated permission which is required (in addition to other existing administrative permissions) to be able to access the field UI.
For example, you can now assign the "administer taxonomy" permission (but withhold the new "administer fields" permission) to allow low-level administrators to manage taxonomy terms but not change the field structure. Read the change record for more information.
Protection against clickjacking enabled by default
Clickjacking is a technique a malicious site owner can use to attempt attacks on other sites, by embedding the victim's site into an iframe on their own site.
To stop this, Drupal will now prevent your site from being embedded in an iframe on another domain. This is the default behavior, but it can be adjusted if necessary; see the change record to find out more.
Support for full UTF-8 (emojis, Asian symbols, mathematical symbols) is now possible on MySQL
If content creators on your site have been clamoring to use emojis, it's now possible on Drupal sites running MySQL (it was previously possible on PostgreSQL and SQLite). Turning this capability on requires the database to meet certain requirements, plus editing the site's settings.php file and potentially other steps, as described in the change record.
Improved support for recent PHP versions, including PHP 7
Drupal core's automated test suite is now fully passing on a variety of environments where there were previously some failures (PHP 5.4, 5.5, 5.6, and 7). We have also fixed several bugs affecting those versions. These PHP versions are officially supported by Drupal 7 and recommended for use where possible.
Because PHP 7 is the newest release (and not yet used on many production sites) extra care should still be taken with it, and there are some known bugs, especially in contributed modules (see the discussion for more details). However anecdotal evidence from a variety of users suggests that Drupal 7 can be successfully used on PHP 7, both before and after the 7.50 release.
Improved performance (and new PHP warnings) when Drupal is trying to find a file that does not exist
When Drupal cannot find a file that it expects to be in the filesystem, it will no longer continually search for it on a large number of page requests (previously, this could significantly hurt your site's performance). Instead, it will record a PHP warning about the problem.
Read the change record for more information, and make sure your production site is not configured to show warning messages like this on the screen, since it is not desirable for site visitors to see them. (In order to configure this, go to "Administration" → "Configuration" → "Development" → "Logging and errors" and set the "Error messages to display" option to "None".)
robots.txt file now includes rules to allow search engines to access more of these files than it previously allowed them to, which may help certain search engines better index your site. See the change record for additional details.
- You can find the full list of changes between the previous 7.44 release and the current 7.50 release by reading the 7.50 release notes.
- Also see the release notes for additional update information and known issues discovered after the release.
- You can find a complete list of all changes in the stable 7.x branch in the git commit log.
- Translators should be aware of a few administrative-facing translatable string changes and additions in this release.
- We have a security announcement mailing list and a history of all security advisories, as well as an RSS feed with the most recent security advisories. We strongly advise Drupal administrators to sign up for the list.
- Drupal 7 includes the built-in Update Manager module, which informs you about important updates to your modules and themes.
- There are no security fixes in this release of Drupal core.
- Drupal 7 is being actively maintained, so more maintenance releases will be made available, according to our monthly release cycle.
- We will consider continuing to do larger Drupal 7 releases like this one every six months or so (where the next larger release will be 7.60, in keeping with Drupal's new release cycle) if there is interest and continued contributions from the community. See the ongoing discussion for further details.
New Drupal 7 co-mainainers
In case you missed the news earlier, we recently added two new Drupal 7 co-maintainers: Fabianx (@fabianfranz) and stefan.r (@stefan_arrr)! Despite only having been official maintainers for the past two weeks, they put in an enormous amount of effort and skill into Drupal 7.50, which was essential in getting it out the door with all the improvements mentioned above.