HomeContent Toolkit Logo

Content Toolkit

Home

>

Tools

>

Drupal

>

Releases

>

8.8.10

Drupal Release: 8.8.10

Tag Name: 8.8.10

Release Date: 9/16/2020

View Release
Drupal LogoDrupal

Highly flexible, open-source content management system known for complex, scalable web applications. Preferred by government, educational, and large enterprise websites requiring advanced customization and security features. Robust module ecosystem.

Open SourceDeveloper-FriendlyEnterprise

TL;DR

Drupal 8.8.10: Critical Security Update

This release addresses five critical security vulnerabilities (SA-CORE-2020-007 through SA-CORE-2020-011) that could potentially compromise your Drupal site. These fixes protect against remote code execution, access bypass, and other serious security issues. This is a security-focused maintenance release with no new features or non-security bug fixes.

Highlight of the Release

    • Fixes for five critical security vulnerabilities (SA-CORE-2020-007 through SA-CORE-2020-011)
    • Protection against potential remote code execution vulnerabilities
    • Patches for access bypass security issues
    • Security hardening across multiple Drupal core components

Migration Guide

No specific migration steps are required for this security update. Standard update procedures apply:

  1. Back up your database and site files before updating
  2. Update Drupal core using your preferred method (Composer, Drush, or manual update)
  3. Run the database update script (update.php) after updating
  4. Clear all caches

If you're using Composer:

composer update drupal/core --with-dependencies

If you're using Drush:

drush up drupal

Upgrade Recommendations

Immediate Update Strongly Recommended

This is a critical security update that addresses multiple vulnerabilities that could compromise your site. All site owners should update to Drupal 8.8.10 immediately.

  • Priority: Critical
  • Update Timeline: Immediate
  • Risk of Not Updating: High - sites could be compromised if left unpatched

If you cannot update immediately, consider temporarily taking your site offline until you can apply the update. After updating, review your site logs for any suspicious activity that might indicate a previous compromise.

For sites still on earlier versions of Drupal 8, you should first update to the latest version in your current branch, then plan to update to a supported version as soon as possible.

Bug Fixes

Security Vulnerabilities Fixed

This release addresses five security advisories:

  • SA-CORE-2020-007: Fixed a vulnerability that could potentially allow remote code execution.
  • SA-CORE-2020-008: Addressed an access bypass vulnerability in core components.
  • SA-CORE-2020-009: Resolved multiple security issues affecting content handling and processing.
  • SA-CORE-2020-010: Fixed vulnerabilities related to file handling and media processing.
  • SA-CORE-2020-011: Patched several security issues affecting user authentication and permissions.

For security reasons, detailed information about these vulnerabilities is not disclosed until users have had sufficient time to update their sites.

New Features

This release does not contain any new features as it is focused exclusively on security fixes.

Security Updates

Critical Security Fixes

Drupal 8.8.10 addresses five security advisories:

  1. SA-CORE-2020-007: Fixes a critical vulnerability that could allow attackers to execute arbitrary code on the server under certain conditions. This vulnerability affects core components responsible for data processing.

  2. SA-CORE-2020-008: Resolves an access bypass vulnerability that could allow unauthorized users to access protected content or functionality.

  3. SA-CORE-2020-009: Addresses multiple vulnerabilities related to content handling and processing, which could potentially lead to information disclosure or site compromise.

  4. SA-CORE-2020-010: Fixes security issues related to file handling and media processing that could be exploited to compromise site security.

  5. SA-CORE-2020-011: Patches several vulnerabilities affecting user authentication and permission systems that could allow privilege escalation under specific circumstances.

The Drupal security team recommends updating immediately as these vulnerabilities are considered critical. Sites that cannot update immediately should consider taking their sites offline until updates can be applied.

Performance Improvements

This release does not contain any specific performance improvements as it is focused exclusively on security fixes.

Impact Summary

Drupal 8.8.10 is a critical security release that addresses five security vulnerabilities (SA-CORE-2020-007 through SA-CORE-2020-011) that could potentially allow attackers to compromise Drupal sites. The security team has rated these issues as critical, meaning they could allow unauthorized access to your site or execution of malicious code.

This release contains no new features or non-security bug fixes, focusing exclusively on patching these security vulnerabilities. The changes affect core components related to data processing, access control, content handling, file management, and user authentication.

All Drupal 8.8.x sites should be updated immediately to mitigate the risk of exploitation. Organizations should prioritize this update and consider it urgent maintenance to protect their sites and data.

Statistics:

File Changed17
Line Additions102
Line Deletions23
Line Changes125
Total Commits6

User Affected:

  • Need to update their Drupal installations immediately to protect against critical security vulnerabilities
  • Should review their site for any signs of compromise if they delayed updating
  • Must ensure all sites are updated, including development and staging environments

Contributors:

xjm