3.3.4

Security Update

• Upgrades Drupal core to 11.3.8 which fixes a data integrity issue present in Drupal 11.3.6 and 11.3.7.

Changes Since 3.3.3

• Closes #5529 Update drupal/core-recommended requirement from 11.3.7 to 11.3.8 (#5525)
• Back to dev.

3.3.3

Important Notes

• az_search_api will now skip indexing of content that is not canonical to the site, as defined by the opengraph url metatag.
• az_seo has been updated to allow for canonical links to be self referential per RFC 6596

Changes Since 3.3.2

• Update citation-style-language/locales requirement from 0.0.88 to 0.0.90 (#5466)
• Fixes #5486 Error when fetching nonexistent course subject code (#5487)
• Close #5475 PHP 8.4 compatibility: Implicitly marking parameter as nullable is deprecated (#5476)
• Closes #5468 Add URL, date and time webform field Bootstrap exclusions. (#5469)
• Closes #5465 Exclude edit-config-type and edit-config-name from Chosen. (#5467)
• Fixes #5456 Reduce az_search_api noncanonical duplicates (#5462)
• Fixes #5470 Allow for self-referential canonical link (#5471)
• Closes #5451: Replace var annotations with assert() to appease latest PHPStan (#5464)
• Closes #5366: Replace skip_on_empty with intval in az_demo_paragraph_accordion.yml (#5459)
• Back to dev.

3.3.2

Security Update

• Updates Drupal core to 11.3.7 which includes updates that address SA-CORE-2026-001, SA-CORE-2026-002, and SA-CORE-2026-003.

Changes Since 3.3.1

• Closes #5491: Update drupal/core-recommended to 11.3.7 for SA-CORE-2026-001, SA-CORE-2026-002, SA-CORE-2026-003. (#5492)
• Update drupal/core-recommended requirement from 11.3.5 to 11.3.6 (#5483)
• Back to dev.

3.2.4

Security Update

• Updates Drupal core to 11.2.11 which includes updates that address [SA-CORE-2026-001](https://www.drupal.org/sa-core-2026-001] and SA-CORE-2026-002.

Changes Since 3.2.3

• Closes #5491: Update drupal/core-recommended to 11.2.11 for SA-CORE-2026-001, SA-CORE-2026-002. (#5494)
• Back to dev.

2.14.8

Important Notes

• az_seo has been updated to allow for canonical links to be self referential per RFC 6596.
• az_search_api will now skip indexing of content that is not canonical to the site, as defined by the opengraph url metatag.

Changes Since 2.14.7

• Fixes #5486 Error when fetching nonexistent course subject code (2.x backport of #5487) (#5489)
• Fixes #5456 Reduce az_search_api noncanonical duplicates (2.x backport of #5462) (#5480)
• Closes #5468 Add URL, date and time webform field Bootstrap exclusions. (2.x backport of #5469) (#5481)
• Fixes #5470 Allow for self-referential canonical link (2.x backport of #5471) (#5472)
• Closes #5449: Regression in scroll behavior of AJAX views with exposed filters (2.x backport of #5453) (#5455)
• Closes #4958: Revert change to composer audit reporting mode for abandoned packages (2.x backport of #5429) (#5452)
• Closes #5412: Update Slack links to Teams (2.x backport of #5413) (#5421)
• Closes #5415: Make 2.x implementation of az_core_requirements() less fragile. (#5416)
• Fixes #5377: Footer link accessibility (2.x backport of #5387) (#5403)
• Back to dev.

2.14.7

Security Update

• Updates Drupal core to 10.6.7 which includes updates that address SA-CORE-2026-001 and SA-CORE-2026-002.

Important Notes

• Quickstart 2 has been upgraded to Drupal 10.6.x. Security support for Quickstart 2 and Drupal 10 will end after December 2026. Owners of Quickstart 2 sites that have not begun preparing for the upgrade to Quickstart 3 and Drupal 11+, should start making preparations as soon as possible.

Changes Since 2.14.6

• Closes #5491: Update drupal/core-recommended to 10.6.7 for SA-CORE-2026-001, SA-CORE-2026-002. (#5493)
• Update drupal/core-recommended requirement from 10.6.5 to 10.6.6 (#5482)
• Closes #4563: Upgrade Drupal core to 10.6.x. (2.x only) (#5192)
• Back to dev.

3.3.1

Changes since 3.3.0

• Closes #5229: The demo content for the Trellis RFI embed functionality should use a persistent form (#5236)
• Closes #5449: Regression in scroll behavior of AJAX views with exposed filters (#5453)
• Update Arizona Bootstrap to 5.1.2 (#5440)
• Update citation-style-language/locales requirement from 0.0.87 to 0.0.88 (#5436)
• Update drupal/menu_link_attributes requirement from 1.6.0 to 1.7.0 (#5439)
• Closes #4958: Revert change to composer audit reporting mode for abandoned packages (#5429)
• Bump softprops/action-gh-release from 2.5.0 to 2.6.1 (#5433)
• Bump actions/cache from 5.0.3 to 5.0.4 (#5434)
• Bump shivammathur/setup-php from 2.36.0 to 2.37.0 (#5430)
• Closes #5437: AZ Navbar may not work with custom navigation menu blocks (#5438)
• Update drupal/searchstax requirement from 1.9.3 to 1.10.0 (#5410)
• Closes #4934: Video player button could use more horizontal spacing in the Text on Media paragraph (#5431)
• Closes #5385: Nested anchor tags in az_course.az_card view mode (#5411)
• Bump actions/setup-node from 6.2.0 to 6.3.0 (#5397)
• Closes #5412: Update Slack links to Teams (#5413)
• Update drupal/crop requirement from 2.5.0 to 2.6.0 (#5398)
• Update drupal/schema_metatag requirement from 3.0.3 to 3.0.4 (#5340)
• Closes #5401: Text with .placeholder class is hidden on Add Taxonomy Term forms (#5402)
• Closes #5392: Back to Top button changes the current URL in the browser (#5394)
• Update drupal/core-recommended requirement from 11.3.3 to 11.3.5 (#5389)
• Update drupal/webform requirement from 6.3.0-beta7 to 6.3.0-beta8 (#5393)
• Update drupal/diff requirement from 2.0.0-beta4 to 2.0.0-beta5 (#5384)
• Bump actions/upload-artifact from 6.0.0 to 7.0.0 (#5375)
• Update drupal/cas requirement from 3.0.0 to 3.0.1 (#5376)
• Back to dev.

3.3.0

Important Notes

Quickstart has been upgraded to Drupal 11.3

Quickstart 3 has been upgraded to Drupal 11.3.3. Owners of sites using additional contrib or custom modules not included in Quickstart should ensure that those modules are compatible with the new Drupal version.

AZ Navbar enabled for new sites

AZ Navbar is now enabled by default on new site installs. It can still be disabled in the Arizona Barrio theme settings. AZ Navbar will be enabled on all existing sites in Quickstart 3.4.0. The option to disable AZ Navbar will be removed in Quickstart 3.5.0.

Removed bottom margin for entity reference fields

This release removes the bottom margin added to entity reference fields by Bootstrap Barrio. This change primarily affects images used as part of content type displays. Custom content type displays may need to be updated to account for this styling change.

Migration from easepick/bootstrap-datepicker to Vanilla Calendar Pro

The easepick_bundle, easepick_styles, and bootstrap-datepicker libraries are deprecated in Quickstart 3.3.0 and will be removed in 3.4.0. These integrations have been replaced with a new implementation of Vanilla Calendar Pro in az_core.

Breadcrumbs now show the menu link title for a page as intended

A regression was causing breadcrumbs to display the actual title for a page rather than the menu link title for the page. This release fixes this issue, so some breadcrumb text may change with this update. Site administrators can restore the previous title text by going to the Easy Breadcrumb settings and selecting "Use the real page title when available" instead of "Use menu title when available".

New Quickstart Alert Block module

A new Quickstart Alert Block module has been added which provides an "Alert Block" block type for site-wide or emergency messages. This module is not installed by default. Upon installation, a disabled Emergency Alert Block is added to the Alert region in Block Layout. Enable the block during an incident per Campus Emergency / Incident Response procedures.

az_search_api no longer indexes content-type-specific fields.

The experimental az_search_api module will now index all nodes regardless of content type, except for unpublished nodes or nodes not accessible to the anonymous user.

Development and CI configuration files now excluded from package archives

The az-digital/az_quickstart repo has been updated so that package archives generated by git and composer no longer include configuration files for various local development and continuous integration tools. This should reduce package download times and file sizes and prevent unnecessary files from being included in --prefer-install=dist composer installations of the package (e.g. on production web servers).

Optional spam prevention modules

The Captcha and Recaptcha contrib modules have been added as optional spam prevention modules.

Changes since 3.3.0-alpha2

• None: this stable release is identical to 3.3.0-alpha2.

New changes (not included in 3.2.x)

• Update drupal/date_ap_style requirement from 2.1.2 to 3.0.0 (#5170)
• Issue #5284 Replace btn-secondary with btn-blue (#5285)
• Closes #5274: Adds margin 0 override to entity reference fields (#5294)
• Closes #5305: Breadcrumbs display the page title instead of the menu link title (#5306)
• Feature #5242 Make reset button styling configurable in AZ Finder exposed forms (#5244)
• Closes #5310: Enable AZ Navbar by default on new site installs (#5312)
• Closes #5330: Removal of bottom margin from entity reference fields changed some content type displays (#5343)
• Closes #4562: Upgrade Drupal core to 11.3.x (#5043)
• Update drupal/views_bulk_operations requirement from 4.3.4 to 4.4.4 (#4979)
• Update Arizona Bootstrap to 5.1.0 (#5359)
• Fixes #5342: Update the template file for AZ Navbar to use new vertical rule HTML (#5348)
• Closes #5362: Configure dependabot to ignore Arizona Bootstrap updates for the main branch (#5363)
• Update drupal/migrate_plus requirement from 6.0.8 to 6.0.10 (#5269)
• Closes #5210 Exclude dev/CI tool configs from git and composer archives. (#5213)
• Update drupal/migrate_tools requirement from 6.1.2 to 6.1.3 (#5160)
• Closes #5167, Closes #5169: Replace easepick and bootstrap-datepicker with vanilla-calendar-pro. (#5399)
• #5372: Add PHP 8.4 deprecations patch for seboettg/citeproc-php. (#5420)
• Closes #5206: Create new Alert module (#5289)
• Update Arizona Bootstrap to 5.1.1 (#5404)

How to update

Refer to Updating your Quickstart website on the wiki for more information.

PHP upgrade for the Pantheon upstream

With the update to 3.3.0, we've changed the default PHP version used in the Quickstart 3 Pantheon upstream to be 8.4. Sites that need to use an older PHP version can override this setting in their site's pantheon.yml file as needed.

Supported releases

With this new minor release of Quickstart, the following versions are supported by Arizona Digital:

• Quickstart 3.3.x: Full support
• Quickstart 3.2.x: Security support (will receive only security patch releases)
• Quickstart 2.14.x: Long-Term Support (will receive only LTS patch releases)

See our Release Policy for more details.

3.2.3

Note: This is the final bug-fix patch release for Quickstart 3.2.x. 3.2.x will receive only security patch releases from now until the release of Quickstart 3.4.0. See our Release Policy for more details.

Important Notes

Footer links adjustment

The height of footer links has been increased to 24px to meet WCAG 2.2 Level AA (2.5.8) accessibility standards. This may result in a visual change to the footer area to accommodate the new space.

Exclude non-public content for Quickstart Search API

The experimental az_search_api module will now exclude indexing entities which are not accessible to the anonymous user.

Quickstart Search API no longer indexes content-type-specific fields.

The experimental az_search_api module will now index all nodes regardless of content type, except for unpublished nodes or nodes not accessible to the anonymous user.

Optional spam prevention modules

The Captcha and Recaptcha contrib modules have been added as optional spam prevention modules.

Changes since 3.2.2

• Update drupal/searchstax requirement from 1.9.3 to 1.10.0 (#5410)
• Closes #5385: Nested anchor tags in az_course.az_card view mode (#5411)
• Bump actions/setup-node from 6.2.0 to 6.3.0 (#5397)
• Closes #5412: Update Slack links to Teams (#5413)
• Fixes #5417 Add captcha modules (#5418)
• Update drupal/crop requirement from 2.5.0 to 2.6.0 (#5398)
• Update drupal/schema_metatag requirement from 3.0.3 to 3.0.4 (#5340)
• Closes #5401: Text with .placeholder class is hidden on Add Taxonomy Term forms (#5402)
• Closes #5392: Back to Top button changes the current URL in the browser (#5394)
• Fixes #5395 Minimal az_search_api index configuration (#5396)
• Fixes #5377: Footer link accessibility (#5387)
• Update drupal/webform requirement from 6.3.0-beta7 to 6.3.0-beta8 (#5393)
• Update drupal/diff requirement from 2.0.0-beta4 to 2.0.0-beta5 (#5384)
• Bump actions/upload-artifact from 6.0.0 to 7.0.0 (#5375)
• Update drupal/cas requirement from 3.0.0 to 3.0.1 (#5376)
• Update drupal/linkit requirement from 7.0.12 to 7.0.13 (#5358)
• Update drupal/externalauth requirement from 2.0.9 to 2.0.11 (#5361)
• Close #5295 Re-export date_ap_style related config to account for module updates. (#5355)
• Update drupal/cas requirement from 3.0.0-beta4 to 3.0.0 (#5346)
• Update citation-style-language/locales requirement from 0.0.86 to 0.0.87 (#5347)
• Fixes #5344 Add entity access check to az_search_api. (#5351)
• Closes #5267 Add CLI options to reduce sensitivity of composer/yarn audit checks in CI workflow (#5268)
• Back to dev.

3.3.0-alpha2

This is a pre-release for the next minor version of Arizona Quickstart 3. Pre-releases are not supported for production sites but are intended for widespread testing in preparation for the upcoming stable release.

For more information about the changes in this release, please see the project page.

Important Notes

Migration from easepick/bootstrap-datepicker to Vanilla Calendar Pro

The easepick_bundle, easepick_styles, and bootstrap-datepicker libraries are deprecated in Quickstart 3.3.0 and will be removed in 3.4.0. These integrations have been replaced with a new implementation of Vanilla Calendar Pro in az_core.

New Quickstart Alert Block module

A new Quickstart Alert Block module has been added which provides an "Alert Block" block type for site-wide or emergency messages. This module is not installed by default. Upon installation, a disabled Emergency Alert Block is added to the Alert region in Block Layout. Enable the block during an incident per Campus Emergency / Incident Response procedures.

az_search_api no longer indexes content-type-specific fields.

The experimental az_search_api module will now index all nodes regardless of content type, except for unpublished nodes or nodes not accessible to the anonymous user.

Optional spam prevention modules

The Captcha and Recaptcha contrib modules have been added as optional spam prevention modules.

Changes Since 3.3.0-alpha1

• Closes #5167, Closes #5169: Replace easepick and bootstrap-datepicker with vanilla-calendar-pro. (#5399)
• Fixes #5417 Add captcha modules (#5418)
• #5372: Add PHP 8.4 deprecations patch for seboettg/citeproc-php. (#5420)
• Closes #5206: Create new Alert module (#5289)
• Update Arizona Bootstrap to 5.1.1 (#5404)
• Fixes #5395 Minimal az_search_api index configuration (#5396)
• Fixes #5377: Footer link accessibility (#5387)
• Back to dev.