Drupal Release: 8.7.5

TL;DR

Drupal 8.7.5 is a security release that addresses critical vulnerabilities identified in SA-CORE-2019-008. This update is crucial for all Drupal 8.7.x sites to protect against potential security exploits. The release contains security patches with minimal code changes (18 additions, 8 deletions across 4 files) and no new features or functionality changes.

Highlight of the Release

• Critical security update addressing vulnerabilities detailed in SA-CORE-2019-008
• Minimal code changes focused specifically on security fixes
• Direct upgrade path from Drupal 8.7.4

Migration Guide

No specific migration steps are required for this security update. Standard Drupal update procedures apply:

1. Back up your database and site files
2. Put the site into maintenance mode
3. Update Drupal core to version 8.7.5
4. Run the database update script (update.php)
5. Clear caches
6. Take the site out of maintenance mode

As this is a security release, it's recommended to perform this update as soon as possible.

Upgrade Recommendations

Immediate upgrade strongly recommended

All sites running Drupal 8.7.x should be updated to Drupal 8.7.5 immediately. This is a security release addressing critical vulnerabilities, and delaying the update could expose your site to potential attacks.

The update process follows the standard Drupal minor version update procedure and should not introduce compatibility issues with existing functionality. As always, testing in a development environment before updating production is recommended, but should not delay implementing this security update.

Bug Fixes

This release primarily contains security fixes rather than regular bug fixes. The changes are specifically targeted at addressing security vulnerabilities outlined in the security advisory SA-CORE-2019-008. For details about the specific vulnerabilities fixed, refer to the official Drupal Security Advisory.

New Features

No new features were introduced in this release. Drupal 8.7.5 is strictly a security update that addresses vulnerabilities identified in SA-CORE-2019-008.

Security Updates

This release addresses critical security vulnerabilities detailed in SA-CORE-2019-008. While specific details about the vulnerabilities are typically limited in security releases to prevent exploitation, the security team (including contributors dwbotsch, xjm, mlhess, cilefen, greggles, drumm, alexpott, and amateescu) has patched the identified issues.

The security fixes involved changes to 4 files with 18 additions and 8 deletions, suggesting targeted patches to address specific vulnerabilities without extensive code restructuring.

Users are strongly encouraged to update immediately to mitigate potential security risks.

Performance Improvements

No specific performance improvements were included in this release. The focus was entirely on addressing security vulnerabilities.

Impact Summary

Drupal 8.7.5 is a critical security release that addresses vulnerabilities identified in SA-CORE-2019-008. The impact is primarily related to security hardening rather than functional changes.

The security patches involve minimal code changes (18 additions, 8 deletions across 4 files), suggesting targeted fixes for specific vulnerabilities. While the exact nature of the vulnerabilities is not detailed in the release notes to prevent exploitation, the involvement of multiple security team members (dwbotsch, xjm, mlhess, cilefen, greggles, drumm, alexpott, amateescu) indicates a coordinated response to address important security concerns.

Sites that delay updating remain vulnerable to potential exploits targeting these security issues. There are no known functional impacts or compatibility issues introduced by this security release.