Drupal Release: 7.96

TL;DR

Drupal 7.96 is a critical security update that addresses vulnerabilities identified in SA-CORE-2023-005. This release focuses exclusively on security fixes with no new features or functionality changes. It's essential for all Drupal 7 site owners to update immediately to protect their sites from potential security exploits.

Highlight of the Release

• Critical security update addressing vulnerabilities detailed in SA-CORE-2023-005
• Collaborative security fix developed by multiple Drupal security team members and contributors
• Important maintenance release as Drupal 7 approaches its end-of-life

Migration Guide

No specific migration steps are required for this security update beyond the standard Drupal update process:

1. Back up your database and site files before updating
2. Put your site into maintenance mode
3. Update Drupal core files
4. Run the update script (update.php)
5. Take your site out of maintenance mode

For detailed instructions, refer to the Drupal 7 update documentation.

Upgrade Recommendations

Immediate Update Strongly Recommended

This security update should be applied immediately to all Drupal 7 sites. The update addresses critical security vulnerabilities that could potentially be exploited if left unpatched.

Long-term Recommendation

Drupal 7 is approaching its end-of-life in November 2023. Organizations still using Drupal 7 should be actively planning their migration to Drupal 9/10 or considering commercial long-term support options. This security release underscores the importance of maintaining up-to-date systems and the ongoing security risks of using aging software.

Bug Fixes

This release primarily addresses security vulnerabilities rather than functional bugs. The specific security issues fixed are detailed in the security advisory SA-CORE-2023-005, with patches contributed by multiple Drupal security team members including benjifisher, Heine, cmlara, mlhess, larowlan, David_Rothstein, xjm, Wim Leers, DamienMcKenna, and others.

New Features

No new features were added in this release. Drupal 7.96 is strictly a security update focused on addressing critical vulnerabilities identified in SA-CORE-2023-005.

Security Updates

Drupal 7.96 addresses critical security vulnerabilities detailed in the security advisory SA-CORE-2023-005. While the specific nature of the vulnerabilities is not fully disclosed in the commit messages (a standard practice to prevent exploitation), the update was developed collaboratively by numerous Drupal security team members and contributors, indicating its importance.

The security fixes were contributed by a large team including benjifisher, Heine, cmlara, mlhess, larowlan, David_Rothstein, xjm, Wim Leers, DamienMcKenna, effulgentsia, pwolanin, mcdruid, poker10, jenlampton, longwave, kim.pepper, alexpott, and drumm.

Site administrators should apply this update immediately to protect their sites from potential security exploits.

Performance Improvements

No specific performance improvements were included in this release. Drupal 7.96 focuses exclusively on security fixes.

Impact Summary

Drupal 7.96 is a critical security-focused release that addresses vulnerabilities detailed in SA-CORE-2023-005. The update contains 119 changes across 6 files, with 116 additions and 3 deletions, indicating significant security patches.

The security fixes were developed collaboratively by many Drupal security team members and contributors, highlighting the importance of this update. While the release doesn't add new features or functionality, it's essential for maintaining the security integrity of Drupal 7 sites.

This release is particularly important as Drupal 7 approaches its end-of-life in November 2023. Site owners should not only apply this update immediately but also accelerate their plans to migrate to supported Drupal versions or arrange for commercial long-term support if needed.