Drupal Release: 7.73

TL;DR

Drupal 7.73 is a security release that addresses critical vulnerabilities identified in SA-CORE-2020-007. This update is essential for all Drupal 7 site owners to protect their websites from potential security exploits. The release contains security patches with minimal code changes focused specifically on addressing the identified vulnerabilities.

Highlight of the Release

• Critical security update addressing vulnerabilities detailed in SA-CORE-2020-007
• Minimal code changes (27 additions, 3 deletions across 5 files) focused on security fixes
• Collaborative security patch developed by multiple Drupal security team members

Migration Guide

No specific migration steps are required for this update beyond the standard Drupal update procedure:

1. Back up your database and site files
2. Put your site into maintenance mode
3. Update Drupal core files
4. Run the update script by visiting /update.php
5. Take your site out of maintenance mode

As this is a security release, it's recommended to update as soon as possible.

Upgrade Recommendations

Immediate Update Strongly Recommended

All Drupal 7 site owners should update to version 7.73 immediately. This security release addresses critical vulnerabilities that could potentially be exploited on unpatched sites.

If you are unable to update immediately, consider temporarily taking your site offline or implementing additional security measures at the server or network level until the update can be applied.

For sites running Drupal 8 or 9, check the Drupal security advisories to determine if a corresponding update is needed for your version.

Bug Fixes

This release specifically addresses security vulnerabilities detailed in the security advisory SA-CORE-2020-007. While these are technically bug fixes, they are primarily categorized as security fixes rather than general bug fixes.

New Features

No new features were introduced in this release. Drupal 7.73 is strictly a security update focused on addressing vulnerabilities identified in SA-CORE-2020-007.

Security Updates

Drupal 7.73 addresses critical security vulnerabilities detailed in SA-CORE-2020-007. The security team, including samuel.mortenson, nod_, larowlan, dsnopek, catch, effulgentsia, and mcdruid, collaborated on these fixes.

The specific details of the vulnerabilities are not fully disclosed in the commit messages to prevent exploitation on unpatched sites, which is standard practice for security releases. Site administrators should refer to the official Drupal Security Advisory SA-CORE-2020-007 for complete details about the vulnerabilities addressed.

Performance Improvements

No specific performance improvements were included in this release. The focus was entirely on addressing security vulnerabilities.

Impact Summary

Drupal 7.73 is a critical security release that addresses vulnerabilities identified in SA-CORE-2020-007. The impact of not updating could be severe, potentially allowing unauthorized access to affected sites or other security compromises.

The update itself is minimal and focused, with only 30 code changes across 5 files, suggesting a targeted fix for specific security issues. The collaborative effort by multiple security team members indicates the importance of this release.

Site administrators should prioritize this update to protect their sites from potential exploitation. The security fixes are backward compatible and should not affect site functionality, making this a low-risk, high-importance update.