Drupal Release: 8.1.3

TL;DR

Drupal 8.1.3: Critical Security Update

Drupal 8.1.3 is a security release that addresses critical vulnerabilities identified in SA-CORE-2016-002. This update is essential for all Drupal 8.1.x sites to protect against potential security exploits. The release focuses exclusively on security fixes with no new features or other changes.

Highlight of the Release

• Critical security fixes addressing vulnerabilities outlined in SA-CORE-2016-002
• Collaborative security patch developed by multiple core contributors
• Minimal changes focused exclusively on security issues

Migration Guide

No specific migration steps are required for this security update. Standard Drupal update procedures apply:

1. Back up your database and site files before updating
2. Put your site into maintenance mode
3. Update Drupal core files to version 8.1.3
4. Run the database update script by visiting /update.php in your browser
5. Take your site out of maintenance mode

As this is a security-only release with minimal changes, the update process should be straightforward with minimal risk of compatibility issues.

Upgrade Recommendations

Immediate Update Strongly Recommended

This security update addresses critical vulnerabilities and should be applied immediately to all Drupal 8.1.x sites. Delaying this update could leave your site exposed to potential security exploits.

The update is compatible with Drupal 8.1.x and follows standard update procedures. Given the security-focused nature of this release, the risk of update complications is minimal compared to the security risk of not updating.

Sites still running Drupal 8.0.x should first update to 8.1.x and then apply this security update.

Bug Fixes

This release focuses on security-related bug fixes rather than general bugs. All fixes in this release are related to security vulnerabilities detailed in the security advisory SA-CORE-2016-002. For specific details about the security issues fixed, please refer to the official security advisory.

New Features

No new features were introduced in this release. Drupal 8.1.3 is strictly a security update that addresses critical vulnerabilities identified in SA-CORE-2016-002.

Security Updates

Critical Security Fixes in SA-CORE-2016-002

This release addresses critical security vulnerabilities outlined in the Drupal security advisory SA-CORE-2016-002. The security team, along with contributors catch, dawehner, dsnopek, greggles, Plazik, stefan.r, xjm, klausi, and mlhess, collaborated to identify and fix these issues.

While specific details about the vulnerabilities are typically limited in security releases to prevent exploitation, the fixes address potential security weaknesses in the core system. Users are strongly encouraged to update immediately to mitigate risk to their sites.

Performance Improvements

No specific performance improvements were included in this release. Drupal 8.1.3 focuses exclusively on addressing security vulnerabilities.

Impact Summary

Drupal 8.1.3 is a critical security release that addresses vulnerabilities identified in security advisory SA-CORE-2016-002. The impact is primarily focused on security hardening rather than functional changes.

The release contains 90 changes across 7 files, with 83 additions and 7 deletions, indicating targeted fixes to specific security issues. These changes were contributed by multiple core team members and security experts.

While the release doesn't introduce new features or change existing functionality, it significantly improves the security posture of Drupal 8.1.x installations. All site owners should prioritize this update to protect their sites from potential security exploits.