Drupal Release: 8.5.8

TL;DR

Drupal 8.5.8 is a critical security release that addresses multiple vulnerabilities identified in SA-CORE-2018-006. This release is focused entirely on security fixes and is essential for all Drupal 8.5.x sites. The security update resolves several remote code execution vulnerabilities that could allow attackers to compromise your site. All Drupal 8.5.x users should update immediately to version 8.5.8 to protect their sites from potential attacks.

Highlight of the Release

• Critical security release addressing multiple vulnerabilities in SA-CORE-2018-006
• Fixes for remote code execution vulnerabilities
• Collaborative security fix with contributions from 26 developers

Migration Guide

No specific migration steps are required for this security update. Standard Drupal update procedures apply:

1. Back up your database and site files
2. Put your site into maintenance mode
3. Update Drupal core to version 8.5.8
4. Run the database update script by visiting /update.php in your browser
5. Take your site out of maintenance mode

If you're using Composer to manage dependencies:

composer require drupal/core:8.5.8 --update-with-dependencies

If you're using Drush:

drush up drupal

Upgrade Recommendations

Immediate Update Strongly Recommended

This is a critical security release that addresses serious vulnerabilities. All sites running Drupal 8.5.x should be updated to 8.5.8 immediately.

• Priority: Critical
• Risk: High
• Update Timeline: Immediate

Sites that cannot update immediately should consider taking the site offline or implementing the provided security patches until a full update can be performed.

For long-term security, consider planning an upgrade path to the latest supported major version of Drupal if you're not already on a supported branch.

Bug Fixes

This release includes critical security bug fixes related to SA-CORE-2018-006. The specific details of the vulnerabilities are not fully disclosed in the commit messages to prevent exploitation, but they address multiple remote code execution vulnerabilities in Drupal core.

New Features

No new features were introduced in this release. Drupal 8.5.8 is strictly a security update focused on addressing the vulnerabilities outlined in SA-CORE-2018-006.

Security Updates

SA-CORE-2018-006 Security Advisory

This release addresses multiple critical vulnerabilities identified in the SA-CORE-2018-006 security advisory. The fixes were contributed by a large team of 26 developers including core maintainers and security team members.

The security issues fixed include:

• Multiple remote code execution vulnerabilities in Drupal core
• Patches for security weaknesses that could allow site compromise
• Critical security improvements to protect against potential attacks

The Drupal security team recommends updating immediately as these vulnerabilities may be actively exploited.

Performance Improvements

No specific performance improvements were mentioned in the release information. This update focuses exclusively on security fixes rather than performance enhancements.

Impact Summary

This security release addresses critical vulnerabilities that could allow attackers to execute arbitrary code on your Drupal site. The impact of not updating is potentially severe, including complete site compromise, data theft, defacement, or using your server for malicious purposes.

The security fixes in this release were developed collaboratively by 26 contributors, highlighting the Drupal community's commitment to security. The quick response and comprehensive fix demonstrate the strength of Drupal's security team and community process.

While this update doesn't add new features or improve performance, it's essential for maintaining the security integrity of all Drupal 8.5.x sites. The security vulnerabilities addressed are serious enough that updating should be considered the highest priority for all site administrators.