Drupal 8.8.1
19 December 2019
Drupal version 8.8.1 is now available (security release).
Upgrading to Drupal 8.8.1
Drupal 8.8.1 can be upgraded to (or installed) using any of Installatron's products. Use Installatron's optional Automatic Update feature to automatically apply Drupal updates as new versions are released, or use Installatron's Clone feature to duplicate an existing Drupal install to test the 8.8.1 upgrade prior to applying it live. Get started managing your Drupal installations with Installatron
What's New in Drupal 8.8.1
This release fixes security vulnerabilities. Sites are urged to upgrade immediately.
Security
- Moderately critical - Denial of Service - SA-CORE-2019-009 - A visit to install.php can cause cached data to become corrupted. This could cause a site to be impaired until caches are rebuilt.
- Moderately critical - Multiple vulnerabilities - SA-CORE-2019-010 - Drupal 8 core's file_save_upload() function does not strip the leading and trailing dot ('.') from filenames, like Drupal 7 did.
- Moderately critical - Access bypass - SA-CORE-2019-011 - The Media Library module has a security vulnerability whereby it doesn't sufficiently restrict access to media items in certain configurations.
- Critical - Multiple vulnerabilities - SA-CORE-2019-012 - The Drupal project uses the third-party library Archive_Tar, which has released a security update that impacts some Drupal configurations.