Drupal Release: 7.80

TL;DR

Drupal 7.80 Release: Critical Security Update

This release addresses a critical security vulnerability (SA-CORE-2021-002) that affects Drupal 7 installations. The security advisory indicates this is an important update that all Drupal 7 site administrators should apply immediately to protect their sites from potential security exploits. This release contains minimal changes focused specifically on security hardening.

Highlight of the Release

• Critical security update addressing vulnerability identified in SA-CORE-2021-002
• Coordinated security fix developed by multiple core contributors
• Minimal changes focused specifically on security hardening

Migration Guide

No specific migration steps are required for this security update. Standard Drupal 7 update procedures apply:

1. Back up your database and site files before updating
2. Put your site into maintenance mode
3. Replace your existing Drupal 7 core files with the new 7.80 release files (keeping your custom and contributed modules intact)
4. Run the update script by navigating to /update.php in your browser
5. Take your site out of maintenance mode

If you encounter any issues during the update process, refer to the Drupal 7 update documentation.

Upgrade Recommendations

Immediate Update Strongly Recommended

This security update should be applied immediately to all Drupal 7 sites. The security advisory SA-CORE-2021-002 indicates this is a critical fix that addresses a vulnerability that could potentially be exploited.

For sites that cannot update immediately, consider temporarily taking the site offline or implementing additional security measures at the server or network level until the update can be applied.

Long-term, site owners should also consider planning for migration to Drupal 9 or 10, as Drupal 7's extended support is scheduled to end. However, this security update is essential regardless of future migration plans.

Bug Fixes

This release primarily addresses a security vulnerability rather than regular bugs. The specific details of the vulnerability are contained in the security advisory SA-CORE-2021-002, with fixes implemented by a team of Drupal security experts including Jasu_M, effulgentsia, alexpott, mlhess, Wim Leers, Heine, pwolanin, xjm, samuel.mortenson, nwellnhof, larowlan, phenaproxima, and mcrdruid.

New Features

No new features were introduced in this release. Drupal 7.80 is strictly a security update focused on addressing the vulnerability described in security advisory SA-CORE-2021-002.

Security Updates

SA-CORE-2021-002 Security Fix

This release addresses a critical security vulnerability identified in the Drupal 7 core as detailed in security advisory SA-CORE-2021-002. The fix was developed through collaboration among multiple Drupal security team members and core contributors.

While specific details about the vulnerability may be limited to prevent exploitation on unpatched sites, the security team has identified and fixed the issue. The coordinated effort by thirteen contributors indicates the importance of this security patch.

All Drupal 7 site owners should update immediately to mitigate potential security risks.

Performance Improvements

No specific performance improvements were included in this release. Drupal 7.80 focuses exclusively on security fixes.

Impact Summary

This release has a high security impact but minimal functional impact. The changes are focused on patching a specific security vulnerability without altering site functionality or user experience.

The security fix addresses a vulnerability that could potentially be exploited if left unpatched. The involvement of thirteen core contributors and security team members in developing this fix underscores its importance.

Site administrators should prioritize this update to maintain the security integrity of their Drupal 7 installations. The update process itself should be straightforward with minimal risk of disruption to site functionality, as the changes are targeted specifically at the security vulnerability.