DrupalHighly flexible, open-source content management system known for complex, scalable web applications. Preferred by government, educational, and large enterprise websites requiring advanced customization and security features. Robust module ecosystem.
TL;DR
Drupal 10.4.8 is a minor release that focuses on security documentation improvements and core team updates. It adds a SECURITY.md file to properly guide users on reporting security vulnerabilities and updates the UX management team information. This release reverts a previously added hook attribute functionality and contains minimal code changes overall.
Highlight of the Release
- Added SECURITY.md file to standardize security vulnerability reporting
- Updated UX management team information in core credits
- Reverted previously added Hook and LegacyHook Attribute functionality
Migration Guide
Reversion of Hook and LegacyHook Attribute
The previously added Hook and LegacyHook Attribute functionality (from issue #3482464) has been reverted in this release. If you were using this functionality, you will need to revert to the previous implementation approach.
No other migration steps are required for this minor release.
Upgrade Recommendations
As this is a minor release with minimal code changes focused primarily on documentation and team updates, upgrading should be straightforward with minimal risk. The only potential impact would be for developers who may have started using the Hook and LegacyHook Attribute functionality that has now been reverted.
Standard upgrade procedures apply:
- Back up your database and files
- Put the site in maintenance mode
- Update Drupal core using your preferred method (Composer recommended)
- Run database updates
- Clear caches
- Take the site out of maintenance mode
This release is recommended for all Drupal 10.4.x sites to stay current with the latest documentation improvements.
Bug Fixes
No specific bug fixes were included in this release.
New Features
Added SECURITY.md File
A new SECURITY.md file has been added to the core repository that explains the proper procedures for reporting security vulnerabilities in Drupal. This follows open source best practices and provides clear guidance for security researchers and contributors on how to responsibly disclose security issues.
Updated UX Management Team
The core credits have been updated to add Cristina Chumillas as UX Manager and Emma Horrell as provisional UX Manager to Drupal core. This reflects the current leadership structure of the UX team.
Security Updates
No security fixes were included in this release. However, the addition of the SECURITY.md file improves the security reporting process by providing clear guidelines on how to properly report security vulnerabilities.
Performance Improvements
No specific performance improvements were included in this release.
Impact Summary
Drupal 10.4.8 is a minor release with minimal code impact. The most significant changes are the addition of a SECURITY.md file to standardize security vulnerability reporting procedures and updates to the UX management team credits.
The reversion of the Hook and LegacyHook Attribute functionality may affect developers who had begun implementing this feature, requiring them to revert to previous implementation methods.
Overall, this release focuses on documentation improvements and team updates rather than functional changes, making it a low-risk upgrade for most sites. The standardization of security reporting procedures through the SECURITY.md file aligns Drupal with open source best practices and provides clearer guidance for responsible disclosure of security vulnerabilities.
Statistics:
User Affected:
- Now have clear documentation on how to properly report security vulnerabilities
- Can follow standardized security reporting procedures through the new SECURITY.md file
Contributors:
