Drupal Release: 9.2.13

TL;DR

Drupal 9.2.13 Security Release

This release addresses critical security vulnerabilities with two security advisories (SA-CORE-2022-003 and SA-CORE-2022-004). It's a maintenance release focused entirely on security fixes without new features or other changes. All Drupal 9.2.x sites should upgrade immediately to this version to protect against potential security exploits.

Highlight of the Release

• Critical security update addressing multiple vulnerabilities
• Includes fixes from security advisories SA-CORE-2022-003 and SA-CORE-2022-004
• Collaborative security fixes from multiple core contributors

Migration Guide

No specific migration steps are required for this update beyond the standard Drupal update process:

1. Back up your database and site files
2. Put your site into maintenance mode
3. Update Drupal core to version 9.2.13
4. Run the database update script by visiting /update.php in your browser
5. Take your site out of maintenance mode

As this is a security release, it's recommended to perform this update as soon as possible.

Upgrade Recommendations

Urgency: Critical

All sites running Drupal 9.2.x should upgrade to Drupal 9.2.13 immediately. This release contains fixes for security vulnerabilities, and sites not updated may be at risk.

For sites on older versions of Drupal, consider upgrading to the latest secure version appropriate for your installation:

• Drupal 7 users should update to the latest secure version of Drupal 7
• Drupal 8 users should have already migrated to Drupal 9 as Drupal 8 reached end-of-life
• Drupal 9.0.x and 9.1.x users should upgrade to the latest secure version of Drupal 9.3.x or 9.4.x

Always follow the standard Drupal update procedure: back up your database and files, put the site in maintenance mode, apply updates, run update.php, and test thoroughly before taking the site out of maintenance mode.

Bug Fixes

This release focuses on security-related bug fixes:

• Fixed security vulnerabilities detailed in SA-CORE-2022-003
• Fixed security vulnerabilities detailed in SA-CORE-2022-004

For specific details about these fixes, please refer to the security advisories on Drupal.org's security advisories page.

New Features

No new features were added in this release. Drupal 9.2.13 is a security-focused maintenance release that addresses critical security vulnerabilities identified in previous versions.

Security Updates

This release addresses critical security vulnerabilities detailed in:

1. SA-CORE-2022-003 - A collaborative fix by multiple core contributors including ciss, xjm, larowlan, benjy, mcdruid, jenlampton, quicksketch, Fabianx, and effulgentsia.

2. SA-CORE-2022-004 - A collaborative fix by multiple core contributors including samuel.mortenson, xjm, nod_, effulgentsia, phenaproxima, mcdruid, Wim Leers, tedbow, longwave, dww, larowlan, and pandaski.

For detailed information about these security vulnerabilities, including their nature, impact, and mitigation strategies, please refer to the official security advisories on Drupal.org.

Performance Improvements

No specific performance improvements were included in this release. Drupal 9.2.13 is focused exclusively on security fixes.

Impact Summary

This security release addresses critical vulnerabilities that could potentially be exploited by malicious actors. The impact is significant for all Drupal 9.2.x sites that have not been updated, as they remain vulnerable to potential attacks.

The security fixes were developed collaboratively by multiple core contributors, demonstrating the Drupal community's commitment to security. The quick response to these vulnerabilities helps maintain Drupal's reputation as a secure CMS platform.

While this release doesn't introduce new features or performance improvements, it's essential for maintaining the security integrity of Drupal installations. Site administrators should prioritize this update to protect their sites and user data from potential security breaches.

Organizations using Drupal should also review their security protocols and ensure they have processes in place for quickly implementing security updates when they're released.