Drupal Release: 8.7.1

TL;DR

Drupal 8.7.1 is a security release addressing critical vulnerabilities identified in SA-CORE-2019-007. This release is essential for all Drupal 8.7.x users to protect their sites from potential security exploits. The update focuses exclusively on security patches with no new features or other changes.

Highlight of the Release

• Critical security update addressing vulnerabilities detailed in SA-CORE-2019-007
• Minimal code changes focused exclusively on security fixes
• Direct upgrade path from 8.7.0 to 8.7.1

Migration Guide

No migration steps are required for this update. This is a direct update from Drupal 8.7.0 to 8.7.1 with no database schema changes or other modifications requiring special migration procedures.

To update:

1. Back up your site's files and database
2. Update Drupal core using your preferred method (Composer, Drush, or manual update)
3. Run the database update script (update.php) if prompted
4. Clear caches

Upgrade Recommendations

URGENT: Immediate upgrade recommended

All sites running Drupal 8.7.0 should be updated to 8.7.1 immediately. This security release addresses critical vulnerabilities that could potentially be exploited if left unpatched.

The update process is straightforward with no known compatibility issues. The focused nature of this security release means minimal risk of regressions or other update-related issues.

Bug Fixes

This release contains security fixes for vulnerabilities identified in SA-CORE-2019-007. The specific details of the fixed vulnerabilities are not fully disclosed in the commit messages to prevent exploitation of unpatched sites.

New Features

No new features were introduced in this release as it is strictly a security update addressing vulnerabilities identified in SA-CORE-2019-007.

Security Updates

This release addresses critical security vulnerabilities detailed in the security advisory SA-CORE-2019-007. The fixes were contributed by multiple core team members including Blaklis, oliver.hader, alexpott, mlhess, tim.plunkett, dsnopek, and xjm.

While specific details are intentionally limited to prevent exploitation of unpatched sites, the security advisory should be consulted for complete information about the vulnerabilities addressed.

Performance Improvements

No specific performance improvements were included in this release as it focuses exclusively on security fixes.

Impact Summary

Drupal 8.7.1 is a critical security release that addresses vulnerabilities identified in SA-CORE-2019-007. The impact is primarily in the security domain, with no functional changes to features, APIs, or user interfaces.

Sites running Drupal 8.7.0 that do not update may be vulnerable to security exploits. The limited scope of changes (18 total code changes across 4 files) indicates a targeted fix for specific security issues rather than widespread code modifications.

This release demonstrates the Drupal security team's commitment to rapidly addressing discovered vulnerabilities and providing timely security updates to the community.