Drupal Release: 9.2.2

TL;DR

Drupal 9.2.2 is a security release that addresses critical vulnerabilities identified in SA-CORE-2021-004. This release is essential for all Drupal 9.2.x users to protect their sites from potential security exploits. The update contains minimal code changes focused specifically on security patches with no new features or other improvements.

Highlight of the Release

• Critical security update addressing vulnerabilities detailed in SA-CORE-2021-004
• Minimal codebase changes (32 changes across 5 files) focused solely on security fixes
• Direct upgrade path from Drupal 9.2.1

Migration Guide

No special migration steps are required for this update. Standard Drupal update procedures apply:

1. Back up your database and site files
2. Put your site into maintenance mode
3. Update Drupal core to version 9.2.2
4. Run the database update script by visiting /update.php in your browser
5. Take your site out of maintenance mode

As this is a security release, it's recommended to perform this update as soon as possible.

Upgrade Recommendations

Immediate upgrade recommended

All sites running Drupal 9.2.x should upgrade to Drupal 9.2.2 immediately to address critical security vulnerabilities. This is a security-only release with minimal code changes, making it a low-risk update that should be prioritized.

For sites running earlier versions of Drupal 9 or Drupal 8, please consult the Drupal security advisories to determine if your version is affected by these vulnerabilities and what update path is recommended for your specific installation.

Bug Fixes

This release contains security-related bug fixes as detailed in the security advisory SA-CORE-2021-004. For security reasons, specific details about the vulnerabilities and their fixes are not publicly disclosed until users have had sufficient time to update their installations.

New Features

No new features were introduced in this release. Drupal 9.2.2 is strictly a security update that addresses vulnerabilities identified in SA-CORE-2021-004.

Security Updates

This release addresses critical security vulnerabilities as detailed in SA-CORE-2021-004. The security team, including contributors mcdruid, michieltcs, xjm, Heine, and larowlan, worked to identify and patch these issues.

For detailed information about the security vulnerabilities addressed, please refer to the official security advisory at https://www.drupal.org/sa-core-2021-004.

It is strongly recommended that all sites running Drupal 9.2.x update to this version immediately to mitigate potential security risks.

Performance Improvements

No specific performance improvements were included in this release. The focus was entirely on addressing security vulnerabilities.

Impact Summary

Drupal 9.2.2 is a critical security release that addresses vulnerabilities that could potentially be exploited on sites running Drupal 9.2.1 or earlier in the 9.2.x branch. The impact of not updating could be significant, potentially allowing unauthorized access or other security breaches on affected sites.

The update itself is minimal in scope, with only 32 changes across 5 files, suggesting targeted fixes for specific security issues. The limited nature of these changes indicates a low risk of the update causing compatibility issues with existing functionality.

Site administrators should prioritize this update to protect their sites from potential security exploits. The security team's involvement (mcdruid, michieltcs, xjm, Heine, and larowlan) in preparing this release underscores the importance of the security fixes included.