HomeContent Toolkit Logo

Content Toolkit

Home

>

Tools

>

Drupal

>

Releases

>

8.7.11

Drupal Release: 8.7.11

Tag Name: 8.7.11

Release Date: 12/18/2019

View Release
Drupal LogoDrupal

Highly flexible, open-source content management system known for complex, scalable web applications. Preferred by government, educational, and large enterprise websites requiring advanced customization and security features. Robust module ecosystem.

Open SourceDeveloper-FriendlyEnterprise

TL;DR

Drupal 8.7.11: Critical Security Update

This release addresses four critical security vulnerabilities (SA-CORE-2019-009, SA-CORE-2019-010, SA-CORE-2019-011, and SA-CORE-2019-012) that could potentially compromise your Drupal site. This is a security-focused release with no new features, making it essential for all Drupal 8.7.x site owners to update immediately to protect their websites from potential exploits.

Highlight of the Release

    • Addresses four critical security vulnerabilities (SA-CORE-2019-009, SA-CORE-2019-010, SA-CORE-2019-011, and SA-CORE-2019-012)
    • Collaborative security fixes from multiple Drupal security team members and contributors
    • Immediate update recommended for all Drupal 8.7.x sites

Migration Guide

No specific migration steps are required for this security update. Standard Drupal update procedures apply:

  1. Back up your database and site files before updating
  2. Update Drupal core using your preferred method (Composer, Drush, or manual update)
  3. Run the database update script by visiting /update.php or using Drush
  4. Clear caches

For detailed instructions on updating Drupal core, refer to the Drupal documentation.

Upgrade Recommendations

Immediate Update Strongly Recommended

This update addresses critical security vulnerabilities and should be applied immediately to all Drupal 8.7.x sites. The security issues fixed in this release are considered critical, meaning they could potentially allow attackers to compromise your site.

  • Priority: Critical - update as soon as possible
  • Risk: High risk of site compromise if not updated
  • Compatibility: This is a security-only release and should be compatible with existing sites without introducing functional changes

If you are unable to update immediately, consider temporarily taking your site offline until the update can be applied to prevent potential exploitation.

Bug Fixes

This release includes fixes for four critical security vulnerabilities:

  • SA-CORE-2019-009: Security fix addressing a vulnerability in Drupal core
  • SA-CORE-2019-010: Security fix addressing a vulnerability in Drupal core
  • SA-CORE-2019-011: Security fix addressing a vulnerability in Drupal core
  • SA-CORE-2019-012: Security fix addressing a vulnerability in Drupal core

The specific details of these vulnerabilities are intentionally limited to prevent exploitation on unpatched sites. Full details are available to site administrators after updating.

New Features

This release does not include any new features as it is focused exclusively on security fixes. The update is purely for addressing critical security vulnerabilities identified in previous versions.

Security Updates

Critical Security Fixes

This release addresses four critical security vulnerabilities:

  • SA-CORE-2019-009: Fixed a critical security vulnerability that could potentially allow attackers to compromise Drupal sites. This fix was contributed by multiple security team members including mcdruid, larowlan, Heine, alexpott, xjm, DamienMcKenna, dsnopek, catch, and greggles.

  • SA-CORE-2019-010: Patched a critical security vulnerability in Drupal core. This fix was contributed by larowlan, greggles, mlhess, kim.pepper, alexpott, dww, xjm, and David_Rothstein.

  • SA-CORE-2019-011: Addressed a critical security vulnerability that could potentially expose Drupal sites to attacks. This fix was contributed by phenaproxima, xjm, amateescu, effulgentsia, greggles, seanB, and larowlan.

  • SA-CORE-2019-012: Fixed a critical security vulnerability in Drupal core. This fix was contributed by samuel.mortenson, larowlan, pwolanin, Sam152, Jasu_M, David_Rothstein, michieltcs, Ayesh, alexpott, xjm, vijaycs85, and mcdruid.

The Drupal security team follows responsible disclosure practices and therefore detailed information about these vulnerabilities is only made available after sites have had an opportunity to update.

Performance Improvements

This release does not include any specific performance improvements as it is focused exclusively on security fixes.

Impact Summary

Drupal 8.7.11 is a critical security release that addresses four security vulnerabilities (SA-CORE-2019-009, SA-CORE-2019-010, SA-CORE-2019-011, and SA-CORE-2019-012). The impact of not updating could be severe, potentially allowing attackers to compromise affected sites.

This release demonstrates the Drupal security team's commitment to quickly addressing security issues and protecting the Drupal community. The collaborative effort from multiple contributors highlights the strength of Drupal's security response process.

Site administrators should prioritize this update above regular maintenance tasks due to the critical nature of the security fixes. While the update itself should not affect site functionality, the risk of not updating far outweighs any potential update concerns.

Statistics:

File Changed14
Line Additions141
Line Deletions22
Line Changes163
Total Commits5

User Affected:

  • Need to update their Drupal installations immediately to patch critical security vulnerabilities
  • Should review their sites for any signs of compromise if they delayed updating
  • May need to coordinate with development teams to ensure proper update implementation

Contributors:

larowlan