Drupal Release: 9.1.12

TL;DR

Drupal 9.1.12 Release: Critical Security Update

This release addresses a critical security vulnerability (SA-CORE-2021-005) that affects Drupal core. The security advisory indicates this is an important update that all Drupal 9.1.x users should apply immediately to protect their sites from potential security exploits. No new features were added in this maintenance release as it focuses exclusively on security hardening.

Highlight of the Release

• Critical security update addressing vulnerability identified in SA-CORE-2021-005
• Maintenance release focused on security hardening with no feature additions
• Collaborative security fix developed by multiple core contributors

Migration Guide

No specific migration steps are required for this security update. Standard Drupal update procedures apply:

1. Back up your database and site files before updating
2. Update Drupal core using Composer (recommended):

   composer update drupal/core --with-dependencies
   

3. Or download and replace the core files manually if not using Composer
4. Run the database update script by visiting /update.php in your browser or using Drush:

   drush updatedb
   

5. Clear caches:

   drush cache:rebuild
   

As this is a security update, it's recommended to apply it as soon as possible.

Upgrade Recommendations

Immediate Update Strongly Recommended

This security update should be applied immediately to all Drupal 9.1.x sites. As this addresses security vulnerabilities detailed in SA-CORE-2021-005, delaying the update could leave your site exposed to potential security exploits.

For sites on earlier versions of Drupal 9.1.x, a direct update to 9.1.12 is recommended. Sites on Drupal 9.0.x or earlier should consider updating to their respective security release or planning a migration path to a supported version.

If you cannot update immediately, consult with your security team about potential mitigations until the update can be applied.

Bug Fixes

This release primarily addresses security vulnerabilities rather than functional bugs. The specific details of the security fixes are contained in the security advisory SA-CORE-2021-005, with fixes contributed by multiple core team members including kkrzton, cilefen, xjm, Wim Leers, and neclimdul.

New Features

No new features were added in this release. Drupal 9.1.12 is a security-focused maintenance release that addresses vulnerabilities identified in the security advisory SA-CORE-2021-005.

Security Updates

SA-CORE-2021-005 Security Advisory

This release addresses critical security vulnerabilities identified in the SA-CORE-2021-005 security advisory. While detailed information about the specific vulnerabilities is typically limited in security releases to prevent exploitation, the advisory indicates this is an important security update that should be applied immediately.

The security fixes were contributed by multiple Drupal core team members:

• kkrzton
• cilefen
• xjm
• Wim Leers
• neclimdul

For more details, site administrators should refer to the official security advisory on drupal.org.

Performance Improvements

No specific performance improvements were highlighted in this security-focused release. The changes were primarily targeted at addressing security vulnerabilities rather than enhancing performance.

Impact Summary

Drupal 9.1.12 is a critical security release that addresses vulnerabilities identified in the SA-CORE-2021-005 security advisory. The impact is primarily focused on security hardening rather than introducing new features or functionality changes.

The security fixes represent significant code changes (2321 changes across 16 files with 1187 additions and 1134 deletions), indicating a substantial security patch. The collaborative nature of the fix, with contributions from multiple core team members, suggests a coordinated response to address important security concerns.

Site administrators should prioritize this update to maintain the security integrity of their Drupal installations. The update follows standard Drupal update procedures and should not introduce any backward compatibility issues or require special migration steps beyond the normal update process.