Drupal Release: 9.1.9

TL;DR

Drupal 9.1.9 Security Release

This is a critical security update addressing vulnerabilities identified in SA-CORE-2021-003. All Drupal 9.1.x sites should update immediately to version 9.1.9 to protect against potential security exploits. This release focuses exclusively on security fixes with no new features or other changes.

Highlight of the Release

• Critical security update addressing vulnerabilities detailed in SA-CORE-2021-003
• Collaborative security fix developed by multiple security team members
• Immediate update recommended for all Drupal 9.1.x sites

Migration Guide

No specific migration steps are required when updating from Drupal 9.1.8 to 9.1.9. This is a security update that does not introduce API changes or require database updates.

Standard update procedures apply:

1. Back up your database and site files
2. Put the site into maintenance mode
3. Update Drupal core using your preferred method (Composer, Drush, or manual update)
4. Run database updates if prompted
5. Take the site out of maintenance mode
6. Clear caches

Upgrade Recommendations

Immediate Update Strongly Recommended

Due to the security nature of this release, it is strongly recommended that all Drupal 9.1.x sites update to version 9.1.9 immediately.

• Priority: Critical
• Risk: High for unpatched sites
• Difficulty: Standard update (no special procedures required)

Sites currently running Drupal 9.1.8 or earlier versions should update as soon as possible to mitigate security risks. The update process follows standard procedures and should not introduce compatibility issues.

Bug Fixes

This release focuses on security-related bug fixes as detailed in the security advisory SA-CORE-2021-003. The specific details of the vulnerabilities fixed are typically not disclosed in detail immediately to give users time to update before potential exploits become widely known.

The security fixes were contributed by multiple security team members including securitylight, xjm, greggles, larowlan, and kkrzton.

New Features

No new features were added in this release. Drupal 9.1.9 is a security-focused release that addresses specific vulnerabilities outlined in the security advisory SA-CORE-2021-003.

Security Updates

Security Advisory: SA-CORE-2021-003

This release addresses critical security vulnerabilities identified in the security advisory SA-CORE-2021-003. While specific details are typically limited in the immediate aftermath of a security release to protect sites that have not yet updated, the fixes address potential vulnerabilities that could affect site security.

The security team recommends updating immediately to mitigate potential risks. The security fixes were contributed by multiple security team members including:

• securitylight
• xjm
• greggles
• larowlan
• kkrzton

For more details, refer to the official security advisory once published on Drupal.org.

Performance Improvements

No specific performance improvements were included in this release. Drupal 9.1.9 is focused exclusively on addressing security vulnerabilities.

Impact Summary

Drupal 9.1.9 is a security-focused release addressing vulnerabilities identified in SA-CORE-2021-003. The impact is primarily related to improved security posture for Drupal sites.

The security fixes in this release protect sites from potential exploits that could compromise site security. While the specific nature of the vulnerabilities is not detailed immediately after release (to protect sites that haven't updated), the involvement of multiple security team members suggests this is a significant security update.

This release contains no functional changes to features, APIs, or performance characteristics. Sites updating from 9.1.8 should experience no changes in functionality or performance after applying this update.