HomeContent Toolkit Logo

Content Toolkit

Home

>

Tools

>

Drupal

>

Releases

>

7.59

Drupal Release: 7.59

Tag Name: 7.59

Release Date: 4/25/2018

View Release
Drupal LogoDrupal

Highly flexible, open-source content management system known for complex, scalable web applications. Preferred by government, educational, and large enterprise websites requiring advanced customization and security features. Robust module ecosystem.

Open SourceDeveloper-FriendlyEnterprise

TL;DR

Drupal 7.59 Release: Critical Security Update

This release addresses a critical security vulnerability (SA-CORE-2018-004) that affects Drupal 7 installations. The security fix patches a significant vulnerability that could potentially allow attackers to compromise Drupal sites. This is a security-focused release with minimal code changes but maximum importance for all Drupal 7 site owners.

Highlight of the Release

    • Critical security fix addressing vulnerability SA-CORE-2018-004
    • Minimal code changes (48 additions, 3 deletions) focused specifically on security patching
    • Collaborative security fix developed by multiple Drupal security team members and contributors

Migration Guide

No specific migration steps are required for this security update. Site administrators should:

  1. Back up their site database and files before updating
  2. Update to Drupal 7.59 immediately using their preferred method (Drush, manual update, etc.)
  3. Clear all caches after the update
  4. Review the site for any signs of compromise if the update was not applied promptly

No database updates or special procedures beyond a standard Drupal core update are required.

Upgrade Recommendations

Immediate Update Strongly Recommended

This security update addresses a critical vulnerability and should be applied immediately to all Drupal 7 sites. The security risk cannot be overstated - sites that remain unpatched are at significant risk of compromise.

Update priority: Critical - update as soon as possible

Update complexity: Standard - follows the normal Drupal core update process with no special requirements

Backward compatibility: Full - this security patch does not break backward compatibility

Site administrators who cannot update immediately should consider temporarily taking their sites offline until the update can be applied.

Bug Fixes

This release primarily fixes a critical security vulnerability (SA-CORE-2018-004). The security issue has been patched through targeted code changes across 5 files, with 48 lines added and 3 lines removed.

The exact nature of the vulnerability is not detailed in the commit messages, which is standard practice for security releases to prevent exploitation before users have had a chance to update.

New Features

No new features were introduced in this release. Drupal 7.59 is exclusively a security update addressing the critical vulnerability identified as SA-CORE-2018-004.

Security Updates

Critical Security Fix: SA-CORE-2018-004

This release addresses a critical security vulnerability identified as SA-CORE-2018-004. The security patch was developed collaboratively by multiple Drupal security team members and contributors including alexpott, Heine, larowlan, David_Rothstein, xjm, Pere Orga, mlhess, tim.plunkett, Jasu_M, quicksketch, cashwilliams, samuel.mortenson, pwolanin, drumm, and dawehner.

The security advisory does not provide specific details about the vulnerability to prevent exploitation on unpatched sites, which is standard security practice. However, the focused nature of the changes (48 additions, 3 deletions across 5 files) suggests a targeted fix for a specific vulnerability vector.

All Drupal 7 site owners should update immediately to mitigate risk.

Performance Improvements

No specific performance improvements were included in this release. Drupal 7.59 focuses exclusively on addressing the critical security vulnerability SA-CORE-2018-004.

Impact Summary

Drupal 7.59 is a critical security release that all Drupal 7 site owners must apply immediately. The release addresses a significant security vulnerability (SA-CORE-2018-004) that could potentially be exploited to compromise Drupal sites.

The security fix was developed collaboratively by the Drupal security team and community contributors, demonstrating the strength of Drupal's security response process. The changes are minimal and targeted, focusing exclusively on patching the vulnerability without introducing new features or other changes.

Sites that remain unpatched face a serious security risk. The Drupal security team follows responsible disclosure practices by not revealing specific details about the vulnerability in the release notes, which is why site administrators should trust the urgency of this update and apply it promptly.

This release underscores the importance of maintaining regular update schedules and security monitoring for all Drupal installations.

Statistics:

File Changed5
Line Additions48
Line Deletions3
Line Changes51
Total Commits2

User Affected:

  • Must update their Drupal 7 installations immediately to address the critical security vulnerability
  • Need to review their sites for potential compromise if not updated promptly
  • Should follow post-update security recommendations

Contributors:

DavidRothstein