It's been a bit more than a year since Drupal 8 was released. There are more than 15 000 open issues open (and 70 000 closed (!), just to give you some context) in the Drupal core issue queue. Here's a few of those issues I'm keeping an extra eye on.
Changing password hashing library.
This issue has been active since 4 years back and is still actively going. The idea is to replace the current password library which is a forked version of phpass to use the built-in
password_hash functionality that was introduced in PHP 5.5.
cweagans who created the issue lifts up three main problems with the current solution:
- It has to be maintained by Drupal
- It has 0% interoperability
- It lacks forward-upgrading mechanism
and I agree with all of them. Drupal itself is a huge code base and has a lot of things to keep updated and further developed. Password hashing algorithms are hard and definitely takes an enormous amount of time to get it right. So, instead why not use something that's built in to PHP and is secure.
The interoperability concern also makes sense. Because it is built in, it's secure by design (by the way I'm not really saying the current solution is insecure) and are used in different systems and projects outside of Drupal. This also allows us to easier migrate something to Drupal without having to worry about rehashing passwords when doing so.
The final concern is about forward-upgrading. So currently
bcrypt hashing algorithm is the to-go strategy for password hashing. If there comes a better algorithm in the future or you change the cost of the algorithm. The verify will still pass, but you can in a few lines make sure the password gets rehashed for enhanced security.
Menu blocks shows all menu subtrees regardless of the active menu item.
This issue is about 1 year old and is something I've experienced and had to deal with in a few of my latest projects.
So the problem is that if you have a menu which looks like this:
- Home - Products - Product category 1 - Product 1 - Product 2 - Product category 2 - Product 3 - Product 4
If we set the Menu block to level 3 and visits Product category 1 we are expected to see:
- Product 1 - Product 2
However currently it renders like:
- Product 1 - Product 2 - Product 3 - Product 4
Bring Media entity module to core
I am most excited about this one. The idea is to bring the Media entity module into core. You should take a look at the module, but also the Drupal 8 Media guide.
But to give you an quick idea on what it is all about, it's basically an initiative to add proper Media handling in Drupal. There are a lot of submodules that can be put together to give you a really powerful system for handling media. Such as entity browsers, image cropping, etc.
Currently we just use the plain simple file handling provided by Drupal today along with the IMCE module to reuse already uploaded files. It works fine, but I believe this initiative will give us something much more flexible and robust. Something we should expect from a CMS such as Drupal. I by mentioned this at work earlier this week and was told by a colleague this hopes to get into Drupal 8.4 so we'll just have to idle by and see.
I'm also interested to learn how the upgrade path from using the module as contrib into core will look like. But also too see if there's a good way to migrate existing media contents into this Media system.
Language support in Paragraphs
This one isn't part of the Drupal core but as we use Paragraphs in most of our projects I'd also like to mention this issue:
So currently Paragraphs does not have translation support and this way a Oh shit moment for us when creating a multilingual site. Luckily for us, this issue been active for a while and there are patches which works, as in it runs just fine in production.
Paragraphs is an awesome module for flexible content layout so getting this issue done is a deal-breaker for us. And again, these guys are making great progress and I wouldn't be surprised if it was completed in a not so far future.