Drupal Release: 7.78

TL;DR

Drupal 7.78 is a security release that addresses critical vulnerabilities identified in SA-CORE-2021-001. This update is essential for all Drupal 7 site owners to protect their websites from potential security exploits. The release focuses exclusively on security patches with no new features or performance improvements.

Highlight of the Release

• Critical security update addressing vulnerabilities outlined in SA-CORE-2021-001
• Collaborative security fix developed by multiple Drupal security team members
• Maintenance release for the Drupal 7 branch which is in long-term support

Migration Guide

No specific migration steps are required for this security update. Site administrators should:

1. Back up their database and site files before updating
2. Update to Drupal 7.78 following the standard update procedure:
   • Replace all core files and directories except for the sites directory
   • Run the update script by visiting /update.php in your browser
3. Clear all caches after the update is complete

If you're using Drush, you can update with:

drush pm-update drupal

Upgrade Recommendations

Immediate Update Strongly Recommended

All Drupal 7 site owners should update to version 7.78 immediately. This is a critical security release addressing vulnerabilities that could potentially be exploited by malicious actors.

For sites that cannot update immediately, consider temporarily taking the site offline until the update can be applied, especially for high-value or high-traffic sites.

Long-term, site owners should be aware that Drupal 7's end-of-life has been extended to November 2023, but planning for migration to Drupal 9 or 10 should be underway as security support will eventually end.

Bug Fixes

This release primarily addresses security vulnerabilities rather than functional bugs. The specific details of the security fixes are outlined in the security advisory SA-CORE-2021-001, with patches implemented by multiple Drupal security team members including larowlan, stephenacrossri, siliconmeadow, mcdruid, xjm, vijaycs85, mlhess, and greggles.

New Features

No new features were added in this release. Drupal 7.78 is strictly a security update focusing on patching vulnerabilities identified in SA-CORE-2021-001.

Security Updates

Drupal 7.78 addresses critical security vulnerabilities detailed in the security advisory SA-CORE-2021-001. While specific details about the vulnerabilities are typically limited in security releases to prevent exploitation, the advisory was significant enough to warrant an immediate update. The security patches were developed collaboratively by multiple Drupal security team members (larowlan, stephenacrossri, siliconmeadow, mcdruid, xjm, vijaycs85, mlhess, and greggles), indicating the importance and complexity of the security issues being addressed.

Performance Improvements

No specific performance improvements were included in this release. Drupal 7.78 focuses exclusively on security fixes.

Impact Summary

Drupal 7.78 is a critical security release that addresses vulnerabilities outlined in SA-CORE-2021-001. The impact of this release is primarily focused on improving the security posture of Drupal 7 websites.

The security fixes were developed by multiple members of the Drupal security team, suggesting that the vulnerabilities addressed were significant and required careful attention. By updating to this version, site owners protect their websites from potential exploitation of these security issues.

This release is part of Drupal 7's long-term support phase, which has been extended to November 2023. While no new features are included, this security maintenance is crucial for the many websites still running on Drupal 7.

Site administrators should prioritize this update to maintain the security integrity of their websites. The minimal changes (14 additions, 1 deletion across 3 files) indicate a targeted fix rather than extensive code changes, which should minimize the risk of update-related issues.