Drupal Release: 8.8.12

TL;DR

Drupal 8.8.12 is a security release that addresses critical vulnerabilities identified in SA-CORE-2020-013. This release primarily focuses on security fixes with some minor code cleanup and coding standards improvements in test files. All Drupal 8.8.x sites should upgrade immediately to this version to protect against potential security exploits.

Highlight of the Release

• Critical security fixes addressing vulnerabilities detailed in SA-CORE-2020-013
• Follow-up fixes for previous security release SA-CORE-2020-011
• Improved coding standards in test files

Migration Guide

No specific migration steps are required for this security update. Standard Drupal update procedures apply:

1. Back up your database and site files
2. Put your site into maintenance mode
3. Update Drupal core to version 8.8.12
4. Run the database update script by visiting /update.php
5. Take your site out of maintenance mode

For detailed instructions, refer to the Drupal core update documentation.

Upgrade Recommendations

Immediate Update Strongly Recommended

This is a critical security release that addresses vulnerabilities detailed in SA-CORE-2020-013. All Drupal 8.8.x sites should be updated immediately to version 8.8.12.

If you are unable to update immediately, you should consider temporarily taking your site offline until you can apply the update to mitigate potential security risks.

For sites on older versions of Drupal 8, consider updating to the latest secure version in your branch, or plan a migration path to a supported version.

Bug Fixes

This release primarily addresses security vulnerabilities rather than functional bugs. The specific details of the security fixes are contained in the security advisory SA-CORE-2020-013, which was contributed by multiple security team members including luke.stewart, xjm, larowlan, mcdruid, drumm, and mlhess.

New Features

No new features were introduced in this security-focused release. Drupal 8.8.12 concentrates entirely on security fixes and minor code cleanup.

Security Updates

Security Advisory SA-CORE-2020-013

This release includes critical security fixes addressing vulnerabilities identified in the SA-CORE-2020-013 security advisory. The advisory was contributed by multiple security team members including luke.stewart, xjm, larowlan, mcdruid, drumm, and mlhess.

Additionally, this release includes follow-up work related to the previous security advisory SA-CORE-2020-011, focusing on cleaning up coding standards in test files.

Performance Improvements

No specific performance improvements were included in this security-focused release.

Impact Summary

Drupal 8.8.12 is primarily a security release addressing critical vulnerabilities. The impact is focused on improving the security posture of Drupal installations rather than adding features or functionality.

The security fixes address vulnerabilities detailed in SA-CORE-2020-013, which could potentially be exploited if left unpatched. By updating to this version, site administrators protect their sites from these security threats.

The release also includes some code cleanup and improvements to coding standards in test files, which helps maintain code quality but has minimal direct impact on end users.

This release demonstrates the Drupal security team's ongoing commitment to addressing security issues promptly and maintaining the platform's security integrity.