Drupal Release: 8.6.7

TL;DR

Drupal 8.6.7: Critical Security Fix for Phar Stream Wrapper

This release fixes a critical bug introduced in Drupal 8.6.6 that caused fatal errors when using Drush. The issue was related to the TYPO3 Phar Stream Wrapper implementation, which was causing unexpected exceptions. This is a highly recommended update for all Drupal 8.6.x users, especially those who rely on Drush for site management and maintenance.

Highlight of the Release

• Fixed critical bug causing Drush fatal errors after upgrading to 8.6.6
• Resolved TYPO3PharStreamWrapperException that was breaking site management functionality
• Restored compatibility between Drush and Drupal core
• Quick turnaround patch release to address regression in previous version

Migration Guide

No migration steps are required for this update. This is a straightforward bugfix release that can be applied using standard update procedures:

1. Back up your database and site files
2. Update Drupal core code to version 8.6.7
3. Run the database updates either through the web interface at /update.php or using Drush (once updated)
4. Clear caches

No configuration changes or additional steps are needed after updating.

Upgrade Recommendations

Highly Recommended Upgrade

This upgrade is highly recommended for all sites running Drupal 8.6.6, especially those that use Drush for site management and maintenance tasks.

• Priority: Critical
• Risk: Low (this is a targeted bugfix with minimal changes)
• Compatibility: Compatible with all Drupal 8.6.x sites

Users experiencing the Drush fatal error should update immediately to restore functionality. There are no known side effects or regressions introduced by this update.

For sites that have not yet upgraded to 8.6.6, it is recommended to skip directly to 8.6.7 to avoid encountering the Drush compatibility issue.

Bug Fixes

Critical Bug Fix

This release addresses a critical bug that was introduced in Drupal 8.6.6:

• Fixed Drush fatal error: Resolved the issue where users would encounter PHP Fatal error: Uncaught TYPO3PharStreamWrapperException when attempting to use Drush commands after upgrading to Drupal 8.6.6, 8.5.9, or 7.62.

The bug was related to the implementation of the TYPO3 Phar Stream Wrapper, which was introduced as part of security hardening in previous releases but caused unexpected exceptions when interacting with Drush.

This fix ensures that Drush commands work properly again without compromising the security improvements made in previous releases.

New Features

No new features were introduced in this release. This is strictly a bugfix release addressing a critical issue with the Phar Stream Wrapper implementation that was causing fatal errors when using Drush after upgrading to Drupal 8.6.6.

Security Updates

While this release doesn't introduce new security fixes, it maintains the security improvements from previous releases while fixing the compatibility issue with Drush. The fix ensures that the security hardening provided by the TYPO3 Phar Stream Wrapper remains intact while resolving the fatal error that was occurring during Drush operations.

Performance Improvements

No specific performance improvements were included in this release. The focus was solely on fixing the critical bug related to the Phar Stream Wrapper exception that was preventing Drush from functioning correctly.

Impact Summary

This release has a significant positive impact for Drupal site administrators and developers who rely on Drush for site management. The fix restores critical functionality that was broken in the 8.6.6 release, allowing for normal maintenance operations to resume.

The impact is particularly important for:

1. Sites with automated deployment processes that use Drush
2. Development teams that rely on Drush for daily workflows
3. Site administrators who need to perform routine maintenance tasks

Without this fix, affected users would need to either downgrade to earlier versions of Drupal or implement complex workarounds to maintain site functionality. This release eliminates those needs and restores the expected behavior while maintaining the security improvements introduced in previous versions.