Drupal Release: 8.3.1

TL;DR

Drupal 8.3.1 is a security release addressing critical vulnerabilities identified in SA-CORE-2017-002. This release patches security issues that could potentially allow remote attackers to compromise Drupal sites. It's a maintenance update to the 8.3.x branch with minimal code changes focused on security fixes rather than new features.

Highlight of the Release

• Critical security update addressing vulnerabilities detailed in SA-CORE-2017-002
• Minimal code changes (18 additions, 1 deletion across 3 files)
• Maintenance release focused on security rather than new features

Migration Guide

No migration steps are required for this security update. This is a direct update from Drupal 8.3.0 to 8.3.1 with no database schema changes or other breaking changes that would require special migration procedures. Standard update procedures should be followed:

1. Back up your site's files and database
2. Put the site into maintenance mode
3. Update Drupal core files
4. Run the database update script
5. Take the site out of maintenance mode

For detailed instructions, refer to Drupal's official update documentation.

Upgrade Recommendations

URGENT: Immediate upgrade recommended

All Drupal 8.3.0 sites should be updated to 8.3.1 immediately. This security release addresses critical vulnerabilities that could potentially be exploited by malicious actors.

The update process is straightforward with minimal risk as it contains only security fixes with no new features or API changes. Site administrators should follow standard Drupal update procedures, ensuring they have a complete backup before proceeding.

Sites running older versions of Drupal 8 should first update to 8.3.0 and then immediately to 8.3.1, or consider updating directly to the latest secure version in their branch.

Bug Fixes

This release primarily addresses security vulnerabilities rather than functional bugs. The specific security issues fixed are detailed in the security advisory SA-CORE-2017-002, with patches contributed by multiple core maintainers including alexpott, xjm, larowlan, Wim Leers, samuel.mortenson, Berdir, dawehner, tstoeckler, and catch.

New Features

No new features were introduced in this security release. Drupal 8.3.1 is focused exclusively on addressing security vulnerabilities identified in SA-CORE-2017-002.

Security Updates

Drupal 8.3.1 addresses critical security vulnerabilities detailed in SA-CORE-2017-002. While the specific nature of the vulnerabilities is not detailed in the commit messages (which is standard practice to prevent exploitation before users have a chance to update), the security advisory indicates these are important fixes that require immediate attention. The security patches were contributed by a team of Drupal core maintainers and security experts.

Performance Improvements

No specific performance improvements were included in this security-focused release. The changes were targeted specifically at addressing security vulnerabilities rather than enhancing performance.

Impact Summary

This security release has high impact for all Drupal 8.3.0 sites from a security perspective, as it patches critical vulnerabilities identified in SA-CORE-2017-002. Without this update, sites may be vulnerable to remote attacks.

From a functionality perspective, the impact is minimal as the release contains only security fixes with no new features, API changes, or database schema updates. The limited scope of changes (18 additions, 1 deletion across 3 files) indicates targeted security patches rather than broad changes.

Site administrators should prioritize this update above regular maintenance tasks due to its security implications. The update itself should be low-risk from a site functionality perspective but is high-priority due to the security implications of remaining on a vulnerable version.