Drupal Release: 7.91

TL;DR

Drupal 7.91 is a security release addressing critical vulnerabilities identified in SA-CORE-2022-012. This update is essential for all Drupal 7 site owners to protect their websites from potential security exploits. The release contains security patches with minimal code changes focused specifically on addressing the identified security issues.

Highlight of the Release

• Critical security update addressing vulnerabilities detailed in SA-CORE-2022-012
• Collaborative security fix developed by multiple core contributors
• Minimal code changes focused specifically on security issues

Migration Guide

No specific migration steps are required for this security update. Site administrators should follow the standard Drupal 7 update process:

1. Back up your database and site files before updating
2. Put the site into maintenance mode
3. Replace the existing Drupal core files with the files from the 7.91 release, being careful not to overwrite any customizations or files in the sites directory
4. Run the update script by navigating to /update.php in your browser
5. Take the site out of maintenance mode

If you maintain custom modules or themes, no API changes were introduced in this security release that would require modifications to your custom code.

Upgrade Recommendations

Immediate Update Strongly Recommended

This security release addresses critical vulnerabilities that could potentially be exploited on unpatched sites. All Drupal 7 site owners should update to version 7.91 immediately.

The security risk is assessed as critical, and sites running older versions should be considered potentially compromised if they were accessible from the web.

If you are unable to update immediately, consider taking your site offline or implementing additional security measures as recommended by your security team until the update can be applied.

For sites on Drupal 7 Extended Support (after official end-of-life), this security update is essential and covered under the extended support program.

Bug Fixes

This release primarily addresses security vulnerabilities rather than functional bugs. The specific details of the security issues fixed are documented in the Drupal Security Advisory SA-CORE-2022-012. As is standard practice with security releases, detailed information about the specific vulnerabilities is limited in public release notes to prevent exploitation on unpatched sites.

New Features

No new features were added in this release. Drupal 7.91 is strictly a security update focused on addressing critical vulnerabilities identified in SA-CORE-2022-012.

Security Updates

Drupal 7.91 addresses critical security vulnerabilities detailed in SA-CORE-2022-012. The security team and core contributors collaborated to identify and fix these issues.

The security advisory SA-CORE-2022-012 contains the specific details about the vulnerabilities addressed. As is standard security practice, detailed information about the vulnerabilities is intentionally limited in public release notes to protect sites that have not yet been updated.

The security fixes were contributed by multiple core team members including cmlara, GuyPaddock, larowlan, mondrake, effulgentsia, xjm, longwave, Dave Reid, lauriii, David Strauss, benjifisher, alexpott, mcdruid, and Fabianx.

Performance Improvements

No specific performance improvements were included in this release. Drupal 7.91 focuses exclusively on security fixes rather than performance enhancements.

Impact Summary

Drupal 7.91 is a critical security release that addresses vulnerabilities identified in SA-CORE-2022-012. The impact is primarily in the security domain, with no functional changes to features, APIs, or performance.

The security fixes in this release protect Drupal 7 sites from potential exploitation. Sites that delay updating may be at risk of compromise, which could lead to unauthorized access, data breaches, or site defacement depending on the nature of the vulnerabilities addressed.

This release demonstrates the continued security support for Drupal 7, even as the platform approaches its extended support phase. The collaborative effort from multiple core contributors highlights the Drupal community's commitment to security for all supported versions.

Site administrators should prioritize this update and implement it as soon as possible to maintain the security integrity of their Drupal 7 installations.