Drupal Release: 8.4.7

TL;DR

Drupal 8.4.7 is a critical security release that addresses vulnerabilities identified in SA-CORE-2018-003. This release is essential for all Drupal 8.4.x sites to prevent potential security exploits. The update focuses primarily on security fixes with minimal code changes to ensure stability while patching critical vulnerabilities.

Highlight of the Release

• Critical security update addressing vulnerabilities in SA-CORE-2018-003
• Minimal code changes focused on security fixes
• Coordinated security release by multiple contributors

Migration Guide

No migration steps are required for this update. This is a direct update from Drupal 8.4.6 to 8.4.7 with no database schema changes or other migration concerns.

Upgrade Recommendations

Immediate Update Strongly Recommended

All sites running Drupal 8.4.x should update to 8.4.7 immediately. This is a critical security release that addresses vulnerabilities that could be exploited by malicious actors.

Update steps:

1. Back up your database and site files
2. Update Drupal core using your preferred method (Composer, Drush, or manual update)
3. Run database updates if prompted
4. Clear all caches
5. Review the security advisory for any additional recommended actions

Sites unable to update immediately should consider implementing the mitigation strategies outlined in the security advisory until the update can be applied.

Bug Fixes

This release primarily addresses security vulnerabilities rather than functional bugs. Any bug fixes included are directly related to the security issues identified in SA-CORE-2018-003.

New Features

No new features were introduced in this release as it is focused exclusively on security fixes.

Security Updates

Security Advisory SA-CORE-2018-003

This release addresses critical security vulnerabilities outlined in the SA-CORE-2018-003 security advisory. The security team and contributing developers have patched multiple vulnerabilities that could potentially allow remote attackers to compromise Drupal sites.

The security fixes were contributed by multiple team members including mlewand, wwalc, jcisio, Kyaw Min Thein, Wim Leers, larowlan, dawehner, drpal, and xjm.

Note: For security reasons, specific details about the vulnerabilities are not disclosed in the release notes. Site administrators should refer to the official security advisory for complete information.

Performance Improvements

No specific performance improvements were included in this security-focused release.

Impact Summary

Drupal 8.4.7 is a critical security release that addresses vulnerabilities identified in SA-CORE-2018-003. The update includes 2,303 code changes across 80 files, with 109 additions and 2,194 deletions, indicating a focused security patch rather than feature development.

The security fixes were contributed by multiple Drupal security team members and core contributors. While the specific nature of the vulnerabilities is not detailed in the release notes for security reasons, the coordinated release and contributor list suggest this is a significant security update.

This release maintains compatibility with existing Drupal 8.4.x installations and requires no migration steps. However, due to the critical nature of the security fixes, immediate updates are strongly recommended for all Drupal sites to protect against potential exploits.