Drupal 8.3.7
26 August 2017
Drupal version 8.3.7 is now available.
Upgrading to Drupal 8.3.7
Drupal 8.3.7 can be upgraded to (or installed) using any of Installatron's products. Use Installatron's optional Automatic Update feature to automatically apply Drupal updates as new versions are released, or use Installatron's Clone feature to duplicate an existing Drupal install to test the 8.3.7 upgrade prior to applying it live. Get started managing your Drupal installations with Installatron
What's New in Drupal 8.3.7
8.3.7
This release fixes security vulnerabilities. Sites are urged to upgrade as soon as possible.
Security
- Views - Access Bypass - Moderately Critical - CVE-2017-6923
- REST API can bypass comment approval - Access Bypass - Moderately Critical - CVE-2017-6924
- Entity access bypass for entities that do not have UUIDs or have protected revisions - Access Bypass - Critical - CVE-2017-6925
8.3.6
- #2897576: Resaving a view display results in deletion of view display
- #2896960 by tedbow, Wim Leers: Updated inline docs for data-off-canvas-main-canvas in twig template
- #2897306 by Wim Leers, tedbow: Remove dead CSS
- #2891911 by vaplas: Random fail in Drupal\Tests\locale\Functional\LocaleTranslationUiTest::testStringTranslation
- #2897576 by Lendude, Ismaels: Resaving a view display results in deletion of view display
- #2879512 by bkosborne: Path aliases can be forgotten after a cache rebuild due to race condition in CacheCollector
- Revert "Issue #2891911 by vaplas: Random fail in Drupal\Tests\locale\Functional\LocaleTranslationUiTest::testStringTranslation"
- #2894427 by yoroy, tedbow, Wim Leers: White toolbar background when in edit mode is distracting and not pretty
- #2896143 by tedbow, Wim Leers, DyanneNova: Unintentional animation of the body while Settings Tray is installed
- #2896063 by timmillwood, Sam152: Add a workflows.module component to drupal issue queue and MAINTAINERS.txt
- Revert "Issue #2801777 by Berdir, Wim Leers, Pol, alexpott, dawehner, Jo Fitzgerald, Munavijayalakshmi, poornima.n, ifrik, Bojhan, catch: Prevent drupal from deleting temporary files"
- #2801777 by Berdir, Wim Leers, Pol, alexpott, dawehner, Jo Fitzgerald, Munavijayalakshmi, poornima.n, ifrik, Bojhan, catch: Prevent drupal from deleting temporary files
- #2892469 by shashikant_chauhan: deprecation notice for entity_get_form_display() is badly formatted and doens't display properly on api site
- #2883483 by tedbow, Wim Leers: Assert that calls to waitForElementVisible() actually return element in OutsideIn javascript tests
- #2541228 by amateescu, g089h515r806, Berdir, pawel_r: FieldConfigBase::setPropertyConstraints() and addPropertyConstraints() are broken
- #2882729 by tedbow, tim.plunkett, Bojhan: In off-canvas block form hide Title input unless it will be displayed and change label to Block Title
- Removing Larry Garfield from technical leadership positions.
- Revert "Issue #2892942 by Chi: Contextual links support options but not use them to generate links"
- #2892942 by Chi: Contextual links support options but not use them to generate links
- #2893371 by Mile23: Several methods theoretically added to TestInfoParsingTest were actually not
- #2891784 by FeyP: Use correct class name for EventDispatcherInterface in Events API documentation
- #2873782 by Jo Fitzgerald, Dinesh18, vrwired: Add Change record to @deprecated for MigrateCckFieldPluginManagerInterface