Backdrop 1.29.2 Release checklist

[quicksketch]

Release scheduled for November 20, 2024 10am - 4pm PT

Pre-release tasks

• [x] Merge commits (@quicksketch)
• [x] Create the next bugfix milestone (@quicksketch)
• [x] Move all unfinished issues to the next bugfix release milestone (@quicksketch)
• [x] Review all closed issues in milestone: (@jenlampton)
  • Issue titles should include a complete, but very brief summary of the problem.
  • Issue titles should be in complete sentences, ending with a period.
  • Bug issue titles should start with Fix or Fixed,
  • New feature issue titles should start with Add or Added.
  • Each issue should have accurate labels, especially the "type - " labels.
• [x] Close the milestone (@quicksketch)
• [x] Draft Release notes (@quicksketch)
  • [x] Include a short, descriptive summary of the release, for example:
  • "Security release for Backdrop CMS. This release fixes 1 security vulnerability:"
  • Include a list of SA's for commits to this release
  • [x] Include a section heading **Notes for updating**
  • [x] Note if any changes were made to files outside the core directory, for example:
    • - No changes have been made to the `.htaccess`, `robots.txt` or default `settings.php` files in this release. Updating customized versions of those files is not necessary.
    • See this example for updates to .htaccess
    • See this example or this example for updates to settings.php
  • [x] Note if updates (update.php) needs to be run, for example:
    • Use the text The database update script does **not** need to be run.
    • or **It will be necessary to run the update script** (located at /core/update.php) for this release.
    • Note: you can use this command to see if any install files were changed: ls -1 core/modules/*/*.install | while read filename; do echo "$(git log -1 --pretty="format:%ad %f" --date=format:"%F %R" -- $filename)" $filename; done|sort
  • [x] Include a section heading **Changes since version 1.xx.x** are listed below.
  • Navigate to Actions
  • Select the most recent time "Release Notes Generator" has been run.
  • Download the release-notes artifact attached to the generator.
  • Unzip the file, and copy/pate contents into release notes draft.
  • Remove any square brackets in the titles, and move those issues to their own section.
• [x] Draft Security Advisories (@jenlampton)

Release tasks

• [x] Update bootstrap.inc with version number (@quicksketch)
• [x] Tag for release, and push tag to GitHub (@quicksketch)
• [x] Revert version number back (@quicksketch)
• [x] Create release notes on GitHub, and publish release (@quicksketch)
• [x] Publish Security Advisories on b.org (@jenlampton)
• [x] Mark the release node on b.org as a security release (@quicksketch)
• [x] Request a CVE - (@jenlampton)
• [x] Update the front page download link on b.org (@jenlampton)
• [x] Tweet that a new release is out (@stpaultim)
  • Use text like "There is a security release out for #BackdropCMS today, please update when you can. Backdrop core - Critical - Third-party libraries - BACKDROP-SA-CORE-2021-001"

Immediate Post-release tasks

• [x] Update Tugboat @klonos
• [ ] Update Composer @herbdool
• [ ] Update Docker @wylbur
• [x] Update Pantheon @herbdool
• [ ] Update Platform.sh @herbdool
• [x] Update Amezmo @jenlampton
• [ ] Update DrupalForge @izmeez
• [ ] Update the Wikipedia articles @klonos
  • [ ] https://en.wikipedia.org/w/index.php?title=Template:BackdropCMS_version&action=edit -
  • Auto applied to:
    • https://en.wikipedia.org/wiki/Backdrop_CMS
    • https://en.wikipedia.org/wiki/List_of_content_management_systems

Backdrop's Website updates

• [x] backdropcms.org @jenlampton (or bugfolder)
• [ ] beta.backdropcms.org @bugfolder (or jenlampton)
• [x] docs.backdropcms.org @jenlampton (or bugfolder)
• [ ] events.backdropcms.org @jenlampton (or bugfolder)
• [ ] forum.backdropcms.org @jenlampton (or bugfolder)
• [ ] localize.backdropcms.org @jenlampton (or bugfolder)

See Also

• Checklist for 1.28.4 release

[quicksketch]

Release notes draft:

---

Security release for Backdrop CMS. This release fixes 2 security vulnerabilities:

• BACKDROP-SA-CORE-2024-002
• BACKDROP-SA-CORE-2024-003

Notes for updating

• No changes have been made to the .htaccess, robots.txt or default settings.php files in this release. Updating customized versions of those files is not necessary.
• It is not necessary to run the update script (located at /core/update.php) for this release.

Changes since 1.29.1

This release contains the additional bug fixes and changes:

Bug fixes

• Content on 404, 403 are not within a semantic element. #6755
• Translated content doesn't get aliased path in views path #6746
• Translated content doesn't get aliased path in views title #6745
• Admin bar not hamburgerized on some pages on mobile #6738
• function Layout::addBlock position not working properly #6732
• The page to import translation does not import the translation of strings like <none> #6625
• Catch thrown exceptions in image_add_svg_attributes() #6613
• PHP Notice in layout_context_required_by_path() when adding a layout that triggers the dashboard context #4077
• Importing fields onto a taxonomy vocabulary config does not validate correctly (throws PHP warnings) #2237
• Documentation for EntityInterface::uri() incorrectly states that NULL should be returned if entity has no URI. #6749

Miscellaneous changes

• Track Update module usage in Telemetry #6725

[quicksketch]

The tag is cut for https://github.com/backdrop/backdrop/releases/tag/1.29.2

[jenlampton]

Release notes look great now!

[argiepiano]

This link is giving an Access Denied: BACKDROP-SA-CORE-2024-002

[quicksketch]

@argiepiano Yep, we're still putting the announcement together, it will be ready in 5-10 minutes.

[jenlampton]

The SA is not published until the release goes out :)

[jenlampton]

All releases are out 🎉

[quicksketch]

I went ahead and updated the Demo Sandboxes since I believe @klonos is traveling.

[laryn]

I've updated the Pantheon upstream.

[jenlampton]

CVE has been requested. CVE Request 1777744 for CVE ID Request