Drupal Release: 7.95

TL;DR

Drupal 7.95 Release

What's New: Drupal 7.95 is primarily a security release addressing critical vulnerabilities identified in SA-CORE-2023-004.

Why It Matters: This update patches important security issues that could potentially compromise Drupal 7 sites if left unaddressed.

Who Should Care: All Drupal 7 site owners and administrators should immediately update to this version to protect their websites from potential security exploits.

Highlight of the Release

• Critical security update addressing vulnerabilities detailed in SA-CORE-2023-004
• Collaborative security fix developed by multiple core contributors
• Continued security support for Drupal 7 despite approaching end-of-life

Migration Guide

No specific migration steps are required for this security update. Standard Drupal 7 update procedures apply:

1. Back up your database and site files
2. Put the site in maintenance mode
3. Replace the existing Drupal core files with the new 7.95 release files (keeping custom and contributed modules intact)
4. Run the update script by visiting example.com/update.php
5. Take the site out of maintenance mode

As always, test the update on a staging environment before applying to production.

Upgrade Recommendations

Immediate Update Strongly Recommended

All Drupal 7 site owners should update to version 7.95 immediately to protect against the security vulnerabilities addressed in this release.

While Drupal 7 is approaching its end-of-life, security updates are still being provided. However, site owners should also be planning their migration path to Drupal 9 or 10, as Drupal 7's extended support will eventually end.

For sites unable to update immediately, consider implementing additional security measures such as web application firewalls or temporarily taking the site offline until updates can be applied.

Bug Fixes

This release includes security-related bug fixes as detailed in the security advisory SA-CORE-2023-004. Specific details about the fixed vulnerabilities are typically limited in public release notes to prevent exploitation on unpatched sites.

New Features

No new features were introduced in this release. Drupal 7.95 is focused exclusively on security fixes.

Security Updates

Security Advisory SA-CORE-2023-004

This release addresses critical security vulnerabilities identified in the Drupal 7 core. The security team and multiple contributors (DamienMcKenna, elarlang, larowlan, effulgentsia, pandaski, mcdruid, jenlampton, quicksketch, and greggles) collaborated on these fixes.

For security reasons, detailed information about the specific vulnerabilities is typically not disclosed in public release notes to protect sites that have not yet been updated. Site administrators are strongly encouraged to update immediately.

For more information, refer to the official security advisory at the Drupal Security Advisories page.

Performance Improvements

No specific performance improvements were mentioned in the release information.

Impact Summary

Drupal 7.95 is a critical security release that addresses vulnerabilities that could potentially be exploited on unpatched sites. The impact of not updating could be severe, potentially allowing unauthorized access to site data or functionality.

The update itself should have minimal impact on site functionality as it focuses on security fixes rather than feature changes or API modifications. However, as with any update, there is always a small risk of unforeseen interactions with custom code or contributed modules.

This release demonstrates the continued commitment to supporting Drupal 7 with security updates despite its approaching end-of-life status. Site owners should view this as both a necessary immediate update and a reminder to plan their migration strategy to newer Drupal versions.