Drupal Release: 11.1.5

TL;DR

Drupal 11.1.5 is a security release that addresses critical vulnerabilities identified as SA-CORE-2025-004. This release is essential for all Drupal 11 site owners as it patches security issues that could potentially compromise your site. The update contains no new features or functionality changes but focuses exclusively on security fixes.

Highlight of the Release

• Critical security update addressing vulnerabilities identified as SA-CORE-2025-004
• Collaborative security fix developed by multiple core contributors
• Minimal code changes focused specifically on security issues

Migration Guide

No migration steps are required for this security update. This is a direct update from Drupal 11.1.4 to 11.1.5 with no database schema changes or other migration concerns.

Upgrade Recommendations

Immediate Update Recommended

All Drupal 11 site owners should update to version 11.1.5 immediately. This is a security release addressing critical vulnerabilities.

1. Back up your site's files and database before updating
2. Update through your preferred method:
   • Using Composer: composer update drupal/core --with-all-dependencies
   • Using the update interface in the Drupal admin area
   • Manual update by replacing core files

After updating, clear caches and run any pending database updates through the update.php script or Drush.

If you're running an older version of Drupal 11, you should update directly to 11.1.5 to ensure all security patches are applied.

Bug Fixes

This release primarily addresses security vulnerabilities rather than functional bugs. Any bug fixes included are directly related to the security issues being patched.

New Features

This security release does not introduce any new features. It is focused exclusively on addressing security vulnerabilities.

Security Updates

SA-CORE-2025-004

This security release patches critical vulnerabilities in Drupal 11 core. The security team has not provided detailed information about the specific vulnerabilities to prevent exploitation on unpatched sites.

The fix was developed collaboratively by multiple core contributors including samuel.mortenson, xjm, larowlan, pandaski, effulgentsia, jenlampton, mcdruid, longwave, benjifisher, bramdriesen, and phenaproxima.

As with all security releases, it's recommended to update immediately to mitigate potential risks to your site.

Performance Improvements

No specific performance improvements are included in this security-focused release.

Impact Summary

This security release addresses critical vulnerabilities that could potentially be exploited to compromise Drupal sites. The security team has not disclosed specific details about the vulnerabilities to protect sites that have not yet been updated.

The impact is primarily on security posture rather than functionality. Sites running Drupal 11.1.4 or earlier versions of Drupal 11 should be updated immediately to maintain security integrity. No functionality changes or feature additions are included in this release, meaning that the update should not affect site behavior beyond closing security gaps.

The collaborative nature of this security fix, with contributions from eleven core team members, indicates the importance and thoroughness of the security patch.