Drupal Release: 7.62

TL;DR

Drupal 7.62 is a critical security update that addresses two significant security vulnerabilities (SA-CORE-2019-001 and SA-CORE-2019-002). This release is focused exclusively on security fixes with no new features or non-security bug fixes. All Drupal 7 site owners should upgrade immediately to protect their sites from potential exploitation.

Highlight of the Release

• Addresses critical security vulnerability SA-CORE-2019-001
• Fixes security vulnerability SA-CORE-2019-002
• Significant security hardening with 1,423 additions and 47 deletions across 18 files

Migration Guide

No specific migration steps are required beyond the standard Drupal update procedure:

1. Back up your database and site files
2. Put your site into maintenance mode
3. Update Drupal core files to version 7.62
4. Run the update script (update.php)
5. Take your site out of maintenance mode
6. Clear caches

For detailed instructions, refer to the official Drupal documentation on updating Drupal core.

Upgrade Recommendations

Immediate Upgrade Strongly Recommended

Due to the critical nature of the security vulnerabilities addressed in this release, immediate upgrade is strongly recommended for all Drupal 7 sites. Delaying this update could leave your site vulnerable to potential attacks.

The security team considers these vulnerabilities to be of high risk, and sites should be updated as soon as possible. If you cannot update immediately, consider taking your site offline until you can apply the update.

Bug Fixes

This release does not include any non-security bug fixes. All changes are specifically targeted at addressing the security vulnerabilities identified in SA-CORE-2019-001 and SA-CORE-2019-002.

New Features

No new features were added in this release. Drupal 7.62 is a security-focused update that addresses specific vulnerabilities without introducing new functionality.

Security Updates

Security Advisory: SA-CORE-2019-001

This security advisory addresses a critical vulnerability in Drupal 7. While specific details are limited to prevent exploitation, this fix resolves an issue that could potentially allow unauthorized access to site data.

Security Advisory: SA-CORE-2019-002

This security advisory addresses another critical vulnerability in Drupal 7. The patch implements additional validation and sanitization to prevent potential security exploits.

Both security fixes were developed and reviewed by a team of Drupal security experts including Ayesh, alexpott, larowlan, xjm, michieltcs, farisv, greggles, cashwilliams, EclipseGc, samuel.mortenson, tedbow, effulgentsia, Fabianx, and mlhess.

Performance Improvements

No specific performance improvements were included in this release. The focus was entirely on addressing critical security vulnerabilities.

Impact Summary

Drupal 7.62 is a critical security release that addresses two significant vulnerabilities (SA-CORE-2019-001 and SA-CORE-2019-002). The substantial code changes (1,423 additions and 47 deletions across 18 files) reflect the comprehensive nature of these security fixes.

This release is essential for maintaining the security integrity of all Drupal 7 sites. The security fixes were developed and thoroughly reviewed by a team of Drupal security experts to ensure they effectively address the identified vulnerabilities while maintaining compatibility with existing Drupal 7 installations.

Site administrators should prioritize this update to protect their sites from potential security exploits. While the update process follows standard Drupal procedures, thorough testing after update is recommended to ensure all site functionality remains intact.