HomeContent Toolkit Logo

Content Toolkit

Home

>

Tools

>

Drupal

>

Releases

>

7.70

Drupal Release: 7.70

Tag Name: 7.70

Release Date: 5/20/2020

View Release
Drupal LogoDrupal

Highly flexible, open-source content management system known for complex, scalable web applications. Preferred by government, educational, and large enterprise websites requiring advanced customization and security features. Robust module ecosystem.

Open SourceDeveloper-FriendlyEnterprise

TL;DR

Drupal 7.70 is a security-focused release addressing critical vulnerabilities through SA-CORE-2020-002 and SA-CORE-2020-003 security advisories. This update is essential for all Drupal 7 site owners to protect against potential security exploits. The release contains minimal code changes (271 additions, 3 deletions) across 6 files, focusing exclusively on security patches rather than new features.

Highlight of the Release

    • Critical security fixes addressing vulnerabilities identified in SA-CORE-2020-002
    • Additional security patches included in SA-CORE-2020-003
    • Minimal code changes focused specifically on security improvements

Migration Guide

No specific migration steps are required for this security update beyond the standard Drupal update procedure:

  1. Back up your database and site files
  2. Put your site into maintenance mode
  3. Remove all old core files and directories except for the sites directory
  4. Extract the new Drupal 7.70 core files and place them in your document root
  5. Run the update script by navigating to update.php in your browser
  6. Take your site out of maintenance mode

As this is a security-focused release, it's particularly important to apply this update promptly to protect your site from potential security exploits.

Upgrade Recommendations

Immediate Update Strongly Recommended

All Drupal 7 site owners should update to Drupal 7.70 immediately. This release contains fixes for critical security vulnerabilities that could potentially be exploited on unpatched sites.

The update process follows the standard Drupal core update procedure and should be straightforward for most sites. However, as with any update, it's essential to:

  1. Create a complete backup before beginning
  2. Test the update on a staging environment if possible
  3. Apply the update during a maintenance window
  4. Test site functionality after updating

For sites that cannot update immediately, consider temporarily taking the site offline until the update can be applied, especially if the site contains sensitive information or is high-profile.

Bug Fixes

This release primarily addresses security vulnerabilities rather than functional bugs. The specific details of the security issues fixed are documented in:

  • SA-CORE-2020-002: Multiple security vulnerabilities addressed by a team of contributors including mcdruid, dungahk, justafish, cilefen, xjm, larowlan, effulgentsia, bnjmnm, lauriii, zrpnr, and samuel.mortenson
  • SA-CORE-2020-003: Security vulnerabilities fixed by vortfu, mcdruid, Fabianx, and dsnopek

For security reasons, detailed information about the specific bugs fixed is typically not disclosed immediately to prevent exploitation of unpatched sites.

New Features

This release does not introduce any new features as it is focused exclusively on security fixes. Drupal 7.70 is a security-only release that addresses critical vulnerabilities identified in security advisories SA-CORE-2020-002 and SA-CORE-2020-003.

Security Updates

Drupal 7.70 addresses critical security vulnerabilities detailed in two security advisories:

SA-CORE-2020-002

This security advisory addresses multiple vulnerabilities in Drupal core. While specific details are limited to prevent exploitation of unpatched sites, this advisory was significant enough to warrant immediate attention from site administrators. The fix was contributed by a large team including mcdruid, dungahk, justafish, cilefen, xjm, larowlan, effulgentsia, bnjmnm, lauriii, zrpnr, and samuel.mortenson.

SA-CORE-2020-003

This advisory addresses additional security vulnerabilities discovered after SA-CORE-2020-002. The fixes were contributed by vortfu, mcdruid, Fabianx, and dsnopek.

Both security advisories are considered critical, and all Drupal 7 site owners should update immediately to mitigate potential security risks.

Performance Improvements

No specific performance improvements are included in this release. Drupal 7.70 is focused exclusively on addressing security vulnerabilities through the SA-CORE-2020-002 and SA-CORE-2020-003 security advisories.

Impact Summary

Drupal 7.70 is a critical security release that addresses multiple vulnerabilities through two security advisories: SA-CORE-2020-002 and SA-CORE-2020-003. The impact of this release is primarily focused on improving the security posture of Drupal 7 sites.

The release contains minimal code changes (271 additions, 3 deletions across 6 files), indicating targeted fixes for specific security issues rather than broad changes to functionality. No new features are introduced, and there are no known backward compatibility issues.

The security fixes in this release are considered critical, meaning they address vulnerabilities that could potentially be exploited to compromise affected sites. All Drupal 7 site owners should prioritize this update to protect their sites from potential security threats.

For organizations managing multiple Drupal 7 sites, this release requires coordinated update efforts to ensure all sites are protected. The standard Drupal update procedure applies, making the technical implementation straightforward for experienced Drupal administrators.

Statistics:

File Changed6
Line Additions271
Line Deletions3
Line Changes274
Total Commits3

User Affected:

  • Must update their Drupal 7 installations immediately to address critical security vulnerabilities
  • Need to follow standard Drupal update procedures to apply this security release
  • Should review their sites for any signs of compromise if they delayed updating

Contributors:

xjm