Drupal Release: 7.60

TL;DR

Drupal 7.60 is a critical security update that addresses a remote code execution vulnerability (SA-CORE-2018-006). This release is essential for all Drupal 7 site owners as it patches a serious security issue that could allow attackers to compromise your site. The update was developed by a large team of Drupal security experts and should be applied immediately to protect your website.

Highlight of the Release

• Critical security fix for remote code execution vulnerability (SA-CORE-2018-006)
• Collaborative security patch developed by multiple Drupal security team members and contributors
• Essential update for all Drupal 7 websites regardless of configuration

Migration Guide

No migration is required for this update. This is a direct update from Drupal 7.59 to 7.60 that can be applied using standard Drupal update procedures:

1. Back up your database and site files
2. Put your site into maintenance mode
3. Update Drupal core files
4. Run the update script (update.php)
5. Take your site out of maintenance mode

If you are unable to update immediately, consult the security advisory for possible mitigation strategies until you can complete the update.

Upgrade Recommendations

Immediate Update Strongly Recommended

This update addresses a critical security vulnerability and should be applied immediately. The security issue fixed in this release is likely to be actively exploited, putting unpatched sites at severe risk.

Update Priority: Critical - update as soon as possible

All site owners should:

1. Update to Drupal 7.60 immediately
2. Check for signs of compromise if the site wasn't updated promptly
3. Consider additional security measures like web application firewalls if updates are delayed

There are no known compatibility issues with this security update.

Bug Fixes

This release fixes a critical security bug identified as SA-CORE-2018-006. The specific details of the vulnerability are not fully disclosed in the commit messages to prevent exploitation, but it addresses a remote code execution vulnerability in Drupal 7 core.

New Features

No new features were introduced in this release. Drupal 7.60 is focused exclusively on addressing a critical security vulnerability.

Security Updates

Critical Remote Code Execution Vulnerability Fix

Drupal 7.60 addresses a critical security vulnerability (SA-CORE-2018-006) that could allow attackers to execute arbitrary code on vulnerable Drupal 7 websites. This is a follow-up to previous security issues and was developed collaboratively by numerous Drupal security team members and contributors.

The security advisory SA-CORE-2018-006 indicates this is a highly critical issue that affects all Drupal 7 sites. Site administrators should update immediately as exploitation attempts are likely already occurring in the wild.

Performance Improvements

No specific performance improvements were included in this release. The focus was entirely on addressing the critical security vulnerability.

Impact Summary

Drupal 7.60 is a critical security release that patches a remote code execution vulnerability. The impact of not updating is potentially severe, as attackers could exploit this vulnerability to take control of affected websites, access sensitive data, modify content, or use the compromised site to attack other systems.

The update itself should have minimal impact on site functionality as it focuses solely on security fixes without introducing new features or changing existing APIs. The large number of contributors involved in this release (26 named in the commit) indicates the seriousness of the issue and the community effort to address it quickly and thoroughly.

Site administrators should prioritize this update above all other maintenance tasks due to the critical nature of the vulnerability being patched.