Drupal Release: 9.5.5

TL;DR

Drupal 9.5.5 is a security-focused release addressing three critical security advisories (SA-CORE-2023-002, SA-CORE-2023-003, and SA-CORE-2023-004). This maintenance release contains no new features but includes important security patches that protect sites from potential vulnerabilities. All Drupal 9.5.x site owners should upgrade immediately to maintain site security.

Highlight of the Release

• Addresses three security advisories: SA-CORE-2023-002, SA-CORE-2023-003, and SA-CORE-2023-004
• Security-focused maintenance release with no new features
• Collaborative security fixes from multiple contributors

Migration Guide

No specific migration steps are required for this security update. This is a standard security release that follows Drupal's established update procedures:

1. Back up your database and site files before updating
2. Update Drupal core using your preferred method (Composer, Drush, or manual update)
3. Run the database update script by visiting /update.php or using Drush
4. Clear caches

For detailed instructions, refer to Drupal's official documentation on updating core.

Upgrade Recommendations

Immediate upgrade strongly recommended

All sites running Drupal 9.5.x should upgrade to Drupal 9.5.5 immediately to address multiple security vulnerabilities. Sites running older versions should update to the latest secure release appropriate for their version.

This is a security release, and delaying the update could expose your site to potential security risks. The update process follows standard Drupal procedures and should not introduce any compatibility issues with existing functionality.

Bug Fixes

This release primarily focuses on security fixes rather than regular bug fixes. Any bugs that were fixed as part of addressing the security vulnerabilities (SA-CORE-2023-002, SA-CORE-2023-003, and SA-CORE-2023-004) are not detailed publicly to prevent exploitation of unpatched sites.

New Features

This release does not introduce any new features as it is primarily focused on security fixes. Drupal 9.5.5 is a maintenance release that addresses security vulnerabilities identified in previous versions.

Security Updates

This release addresses three security advisories:

1. SA-CORE-2023-002: Security vulnerability fixed by contributors larowlan, james.williams, xjm, longwave, danflanagan8, jenlampton, pandaski, and benjifisher.

2. SA-CORE-2023-003: Security vulnerability fixed by contributors jan kellermann, larowlan, greggles, benjifisher, xjm, Berdir, drumm, and longwave.

3. SA-CORE-2023-004: Security vulnerability fixed by contributors DamienMcKenna, elarlang, larowlan, effulgentsia, pandaski, mcdruid, jenlampton, quicksketch, and greggles.

Note: Specific details about these security vulnerabilities are intentionally not provided to protect sites that have not yet been updated.

Performance Improvements

No specific performance improvements are included in this release. Drupal 9.5.5 is focused on security fixes rather than performance enhancements.

Impact Summary

Drupal 9.5.5 is a critical security release addressing three security advisories. While the specific nature of these vulnerabilities is not publicly detailed to protect unpatched sites, the coordinated effort from multiple security team members and contributors indicates their significance.

The release contains 37 additions and 12 deletions across 11 files, suggesting targeted fixes rather than extensive changes. This maintenance update focuses exclusively on security improvements with no new features or functionality changes.

Site administrators should prioritize this update to maintain site security. The update follows standard procedures and should not disrupt site functionality, making it a low-risk, high-importance upgrade for all Drupal 9.5.x installations.