Drupal 10.5.6
13 November 2025
Drupal version 10.5.6 is now available (security release).
Upgrading to Drupal 10.5.6
Drupal 10.5.6 can be upgraded to (or installed) using any of Installatron's products. Use Installatron's optional Automatic Update feature to automatically apply Drupal updates as new versions are released, or use Installatron's Clone feature to duplicate an existing Drupal install to test the 10.5.6 upgrade prior to applying it live. Get started managing your Drupal installations with Installatron
What's New in Drupal 10.5.6
Security
- Drupal core - Moderately critical - Denial of Service - SA-CORE-2025-005 - Drupal Core has a rarely used feature, provided by an underlying library, which allows certain attributes of incoming HTTP requests to be overridden.
- Drupal core - Moderately critical - Gadget chain - SA-CORE-2025-006 - Drupal core contains a chain of methods that is exploitable when an insecure deserialization vulnerability exists on the site.
- Drupal core - Moderately critical - Defacement - SA-CORE-2025-007 - By generating and tricking a user into visiting a malicious URL, an attacker can perform site defacement.
- Drupal core - Moderately critical - Information disclosure - SA-CORE-2025-008 - The core system module handles downloads of private and temporary files. Contrib modules can define additional kinds of files (schemes) that may also be handled by the system module.