HomeContent Toolkit Logo

Content Toolkit

Home

>

Tools

>

Drupal

>

Releases

>

7.58

Drupal Release: 7.58

Tag Name: 7.58

Release Date: 3/27/2018

View Release
Drupal LogoDrupal

Highly flexible, open-source content management system known for complex, scalable web applications. Preferred by government, educational, and large enterprise websites requiring advanced customization and security features. Robust module ecosystem.

Open SourceDeveloper-FriendlyEnterprise

TL;DR

Drupal 7.58 is a critical security update that addresses a highly severe vulnerability (SA-CORE-2018-002). This release patches a remote code execution issue that affects all Drupal 7 sites. It's an urgent security fix that requires immediate attention from all Drupal 7 site owners to prevent potential site compromises.

Highlight of the Release

    • Critical security fix for a remote code execution vulnerability (SA-CORE-2018-002)
    • Affects all Drupal 7 sites regardless of the modules installed
    • Immediate update strongly recommended to prevent site compromises

Migration Guide

No migration is required for this update. This is a direct security patch that can be applied using standard Drupal update procedures:

  1. Back up your database and site files
  2. Put the site into maintenance mode
  3. Update Drupal core files to version 7.58
  4. Run the update script (update.php)
  5. Take the site out of maintenance mode

If your site was potentially exposed to this vulnerability before updating, you should also:

  1. Audit your site for unauthorized changes
  2. Check for unauthorized user accounts or modified permissions
  3. Review server logs for suspicious activity
  4. Consider changing all administrative passwords

Upgrade Recommendations

URGENT: Immediate Update Required

All Drupal 7 site owners should update to Drupal 7.58 immediately. This is a highly critical security update that addresses a remote code execution vulnerability.

Update Priority: Critical - update as soon as possible

Potential Consequences of Not Updating:

  • Complete site compromise
  • Data theft or manipulation
  • Server compromise
  • Installation of malware or backdoors

If you cannot update immediately, consider taking your site offline until you can apply the update, or implement the recommended mitigation strategies provided by the Drupal security team.

Sites that were exposed to the internet while running vulnerable versions should be considered potentially compromised and should undergo security auditing.

Bug Fixes

This release fixes a critical security vulnerability that could allow remote code execution on Drupal 7 sites. The security issue (SA-CORE-2018-002) was addressed by multiple contributors to ensure the core system is protected against potential attacks.

The fix prevents attackers from exploiting the vulnerability in Drupal's core systems, which could otherwise lead to complete site compromise.

New Features

No new features were introduced in this release. Drupal 7.58 is strictly a security update focused on addressing the critical vulnerability identified in SA-CORE-2018-002.

Security Updates

Critical Remote Code Execution Vulnerability (SA-CORE-2018-002)

This security release patches a highly critical vulnerability in Drupal 7 core. The vulnerability allows an attacker to execute arbitrary code on the web server, potentially leading to:

  • Complete site compromise
  • Data theft
  • Server takeover
  • Malware installation
  • Creation of backdoors

The vulnerability affects all Drupal 7 sites regardless of the modules enabled. This is a serious security issue that requires immediate attention from all site owners.

The Drupal security team has classified this as highly critical with a risk score of 24/25, indicating the severity and importance of this update.

Performance Improvements

No specific performance improvements were included in this release. Drupal 7.58 is focused exclusively on addressing the critical security vulnerability.

Impact Summary

Drupal 7.58 addresses a highly critical security vulnerability (SA-CORE-2018-002) that affects all Drupal 7 sites. This vulnerability allows attackers to execute arbitrary code on the web server, potentially leading to complete site compromise.

The security fix was contributed by multiple Drupal security team members and community contributors, demonstrating the community's rapid response to critical security threats.

This release contains no new features, performance improvements, or non-security bug fixes - it is solely focused on addressing this critical security issue. The update requires no special migration steps and can be applied using standard update procedures.

All Drupal 7 site owners should update immediately to protect their sites from potential attacks. Sites that were exposed to the internet while running vulnerable versions should be considered potentially compromised and should undergo security auditing.

Statistics:

File Changed3
Line Additions91
Line Deletions1
Line Changes92
Total Commits2

User Affected:

  • Must update their Drupal 7 installations immediately to prevent security breaches
  • Need to check their sites for potential compromises if not updated promptly
  • Should review server logs for suspicious activity

Contributors:

DavidRothstein