Drupal Release: 7.84

TL;DR

Drupal 7.84 is a minor security release that fixes an issue with session cookie domains when using www subdomains. This update ensures proper session handling across subdomains, improving site security and user experience. Site administrators should update immediately to maintain secure session management.

Highlight of the Release

• Fixed session cookie domain handling when www subdomain is in use
• Improved session persistence across different domain variations
• Security enhancement for session management

Migration Guide

No migration steps are required for this update. This is a straightforward bugfix release that can be applied using standard Drupal update procedures.

Upgrade Recommendations

It is strongly recommended that all Drupal 7 sites update to version 7.84 as soon as possible, especially if your site uses www subdomains or has multiple domain configurations. This update addresses an important session handling issue that could affect site security and user experience.

The update process follows standard Drupal 7 update procedures:

1. Back up your database and site files
2. Put the site into maintenance mode
3. Replace your existing Drupal core files with the 7.84 release
4. Run the update script (update.php)
5. Take the site out of maintenance mode

As always, test the update in a development environment before applying to production.

Bug Fixes

Session Cookie Domain Fix

Fixed an issue where session cookies weren't properly handled when using www subdomains. This bug (Issue #2522002) could cause session inconsistencies when users navigated between www and non-www versions of a site, potentially resulting in unexpected logouts or session-related problems.

The fix ensures that session cookies are properly set with the correct domain parameters, maintaining session persistence across domain variations.

New Features

No new features were added in this release. Drupal 7.84 is focused on fixing a specific session handling issue.

Security Updates

Session Cookie Domain Security Fix

This release addresses a security concern related to session handling when www subdomains are in use. While not classified as a critical security vulnerability, the fix improves the security posture of Drupal 7 sites by ensuring proper session cookie domain settings, which helps prevent potential session-related security issues.

Performance Improvements

No specific performance improvements were included in this release. The focus was on fixing the session cookie domain issue.

Impact Summary

Drupal 7.84 addresses a specific but important issue with session cookie domains when www subdomains are in use. This fix improves session handling reliability and security across domain variations of the same site.

The impact is particularly significant for sites that:

• Use both www and non-www versions of their domain
• Have configurations that redirect between domain variations
• Implement multi-domain setups

While this is a targeted fix rather than a feature release, it resolves a potentially frustrating user experience issue where sessions might not persist properly when moving between different domain variations. Site administrators should prioritize this update to ensure consistent session management and security.