HomeContent Toolkit Logo

Content Toolkit

Home

>

Tools

>

Drupal

>

Releases

>

8.8.8

Drupal Release: 8.8.8

Tag Name: 8.8.8

Release Date: 6/17/2020

View Release
Drupal LogoDrupal

Highly flexible, open-source content management system known for complex, scalable web applications. Preferred by government, educational, and large enterprise websites requiring advanced customization and security features. Robust module ecosystem.

Open SourceDeveloper-FriendlyEnterprise

TL;DR

Drupal 8.8.8 is a security release that addresses multiple critical vulnerabilities. This update includes three security advisories (SA-CORE-2020-004, SA-CORE-2020-005, and SA-CORE-2020-006) with fixes for remote code execution, access bypass, and cross-site scripting vulnerabilities. All Drupal 8.8.x sites should update immediately to this version to protect against potential security exploits.

Highlight of the Release

    • Fixes for three critical security vulnerabilities (SA-CORE-2020-004, SA-CORE-2020-005, SA-CORE-2020-006)
    • Patches for remote code execution vulnerabilities
    • Fixes for access bypass issues
    • Protection against cross-site scripting attacks

Migration Guide

No specific migration steps are required for this security update. Standard Drupal update procedures apply:

  1. Back up your database and site files before updating
  2. Put your site into maintenance mode
  3. Update Drupal core using your preferred method (Composer, Drush, or manual update)
  4. Run the database updates by visiting /update.php or using Drush
  5. Clear caches
  6. Take your site out of maintenance mode

For detailed instructions, refer to the Drupal update documentation.

Upgrade Recommendations

Immediate Update Strongly Recommended

This is a critical security release that addresses multiple vulnerabilities. All site owners running Drupal 8.8.7 or earlier in the 8.8.x branch should update to 8.8.8 immediately.

If you cannot update immediately, consider applying the security patches directly or temporarily taking your site offline until you can complete the update.

Sites running older versions of Drupal (8.7.x or earlier) should update to the latest secure version for their branch or consider upgrading to a supported version of Drupal.

Bug Fixes

This release focuses on security fixes rather than regular bug fixes. The three security advisories addressed in this release are:

  1. SA-CORE-2020-004: Fixes vulnerabilities that could lead to remote code execution.

  2. SA-CORE-2020-005: Addresses access bypass issues that could expose sensitive information.

  3. SA-CORE-2020-006: Resolves cross-site scripting (XSS) vulnerabilities that could allow attackers to inject malicious scripts.

New Features

No new features were added in this release. Drupal 8.8.8 is a security-focused release that addresses critical vulnerabilities without introducing new functionality.

Security Updates

This release contains fixes for three critical security advisories:

SA-CORE-2020-004

  • Addresses remote code execution vulnerabilities
  • Fixes issues that could allow attackers to execute arbitrary code on the server
  • Multiple contributors collaborated on this fix: samuel.mortenson, DorTumarkin, greggles, xjm, larowlan, webchick, pwolanin, dawehner, mcdruid, alexpott, dsnopek

SA-CORE-2020-005

  • Resolves access bypass vulnerabilities
  • Prevents unauthorized access to protected resources and information
  • Contributors include: lorenzo_gre, jazzy2fives, xjm, samuel.mortenson, pwolanin, larowlan, greggles, cashwilliams, Heine, mcdruid, alexpott, Gábor Hojtsy

SA-CORE-2020-006

  • Fixes cross-site scripting (XSS) vulnerabilities
  • Prevents attackers from injecting malicious scripts into web pages viewed by other users
  • Developed by BR0kEN, Wim Leers, xjm, larowlan

These security fixes are critical, and all Drupal 8.8.x sites should be updated immediately to protect against potential exploits.

Performance Improvements

No specific performance improvements were included in this release. Drupal 8.8.8 is focused on security fixes rather than performance enhancements.

Impact Summary

This security release addresses three critical vulnerabilities that could potentially allow attackers to execute malicious code, bypass access restrictions, or inject harmful scripts into your Drupal site. The security fixes involve 113 changes across 15 files, with 77 additions and 36 deletions.

The impact of these vulnerabilities is severe, as they could lead to:

  • Complete site compromise through remote code execution
  • Unauthorized access to protected content or functionality
  • Cross-site scripting attacks affecting site users

By updating to Drupal 8.8.8, site owners protect their websites and users from these security threats. The update process is straightforward and follows standard Drupal update procedures, with no known backward compatibility issues introduced by these security fixes.

Statistics:

File Changed15
Line Additions77
Line Deletions36
Line Changes113
Total Commits4

User Affected:

  • Need to update their Drupal installations immediately to patch critical security vulnerabilities
  • Should review their site for any signs of compromise if they were running vulnerable versions
  • May need to coordinate with development teams to ensure proper update deployment

Contributors:

xjm