Drupal Release: 9.2.9

TL;DR

Drupal 9.2.9 is a security release that addresses critical vulnerabilities identified in SA-CORE-2021-011. This update is essential for all Drupal 9.2.x sites to protect against potential security exploits. The release focuses primarily on security patches rather than new features or performance improvements.

Highlight of the Release

• Critical security update addressing vulnerabilities detailed in SA-CORE-2021-011
• Collaborative security fix developed by multiple core contributors
• Maintains compatibility with existing Drupal 9.2.x installations

Migration Guide

No specific migration steps are required when updating from Drupal 9.2.8 to 9.2.9. This is a security update that maintains backward compatibility with existing installations.

To update:

1. Back up your database and site files
2. Update Drupal core using your preferred method:
   • Using Composer: composer update drupal/core --with-dependencies
   • Using Drush: drush up drupal
   • Manual update: Download the release and replace core files
3. Run database updates via the UI at /update.php or using Drush: drush updatedb
4. Clear caches via the UI or using Drush: drush cache:rebuild

Upgrade Recommendations

Immediate Update Strongly Recommended

This security release addresses critical vulnerabilities and should be applied immediately to all Drupal 9.2.x sites. The security team considers these fixes essential for maintaining site security.

Sites still running Drupal 9.1.x or earlier should consider upgrading to the latest secure version of Drupal (either 9.2.9 or the latest secure version of Drupal 9.3.x if available) to ensure continued security coverage.

For sites unable to update immediately, it's recommended to consult the security advisory for potential mitigations, though a full update is the only complete solution.

Bug Fixes

This release primarily addresses security vulnerabilities rather than functional bugs. The specific details of the security issues fixed are documented in the security advisory SA-CORE-2021-011, with fixes contributed by jbogdanski, Wim Leers, xjm, greggles, lauriii, and tedbow.

New Features

No new features were introduced in this release as it focuses exclusively on security fixes. This is typical for point releases that address security vulnerabilities.

Security Updates

This release addresses critical security vulnerabilities detailed in SA-CORE-2021-011. While specific details about the vulnerabilities are typically limited in security advisories to prevent exploitation, the fixes were contributed by multiple Drupal security team members and core contributors including jbogdanski, Wim Leers, xjm, greggles, lauriii, and tedbow.

For complete details on the security vulnerabilities addressed, site administrators should review the official security advisory at https://www.drupal.org/sa-core-2021-011.

Performance Improvements

No specific performance improvements were included in this security-focused release. The changes were targeted at addressing security vulnerabilities rather than enhancing performance.

Impact Summary

This security release addresses critical vulnerabilities that could potentially be exploited to compromise Drupal sites. The update includes 2,016 changes across 101 files, with 1,056 additions and 960 deletions, indicating a substantial security patch.

The security fixes were developed collaboratively by multiple Drupal security team members and core contributors, highlighting the community's response to addressing these vulnerabilities.

While the release doesn't introduce new features or performance improvements, it's essential for maintaining the security posture of all Drupal 9.2.x installations. Sites should be updated immediately to mitigate potential security risks.