drupal 10.2.8 | Drupal.org

This is a non-production site

- Drupal Core Drupal CMS puts the power of Drupal into the hands of marketers, designers and content creators
- Drupal CMS Drupal CMS puts the power of Drupal into the hands of marketers, designers and content creators
- Drupal AI Open limitless possibilities with Drupal AI
- Case Studies Powerful stories that show Drupal solutions in the real world
- Drupal for Government Drupal is the open-source CMS that enables digital transformation of government and increases citizen engagement
- Drupal for Higher Education See why 70% of the world's leading universities chose Drupal
- Drupal for Nonprofit See why Drupal is the open-source CMS choice for some of the world’s most influential nonprofits
- Drupal for eCommerce Natively integrate content and commerce
- Drupal for FinTech Secure and trustworthy FinTech infrastructure
- Drupal for Healthcare Drupal powers systems that are secure, patient-centric and engaging
- Drupal for Media & Publishing Create engaging multi-channel experiences to connect with your audiences - everywhere
- Download Drupal Download Drupal and the extensions you need
- Documentation Full knowledgebase including Drupal 7 resources
- Getting Started Guide to installing Drupal on a server
- Local Development Guide Guide to installing Drupal locally with Docker and DDEV
- Developer Resources Step-by-step guide for learning Drupal
- Drupal User Guide Learn to build with Drupal
- API Complete documentation of Drupal Core APIs
- Modules Extend your project's functionality
- Themes Change your project's look and feel
- Distributions Jumpstart your project with a pre-configured install
- Issues Queue Report issues and contribute improvements
- Security Advisories Stay on top of the latest security alerts and updates
- Find a Drupal Certified Partner Connect with the best Drupal agencies around the world
- Become an Drupal Certified Partner Join an elite network of agencies committed to Drupal excellence and innovation
- Find a Hosting Provider Find a hosting provider for your Drupal project
- Find a Migration Partner Get help with your migration to the latest version of Drupal
- Find Training Upskill your Drupal team
- Drupal Steward Ensure your website is protected with Drupal Steward
- About the Community Come for the code, stay for the community
- How to Contribute Get involved in growing and evolving Drupal
- DrupalCon DrupalCon unites experts from around the globe who create ambitious digital experiences. Network, learn, and be inspired
- Events Discover local events, meet-ups, and training
- Jobs / Careers Find opportunities to work in Drupal
- News & Blogs News and stories about Drupal
- Forum Got a question about Drupal? Find answers on the Drupal forums
- Slack Get support and communicate with the global Drupal community
- Newsletters Sign up for Drupal news and manage your subscriptions
- Drupal Swag Shop Get your Drupal branded merch!
- The Drupal Association Learn how we support Drupal's growth and innovation - and how you can help
- Become a Member Become a Ripplemaker and support the Drupal Association
- Become a Drupal Certified Partner Join an elite network of agencies committed to Drupal excellence and innovation
- Donate Make a donation to the nonprofit that supports Drupal
- Log in
- Create account
- Try Drupal CMS
- Try hosting

Posted by longwave on September 11, 2024 at 4:30pm

This is a patch (bugfix) release of Drupal 10 and is ready for use on production sites. Learn more about Drupal 10.

Drupal 10.2.x will receive security coverage until December 2024.

The Twig templating library has issued a security advisory. Drupal core is not vulnerable, but previous versions of the drupal/core-recommended package only allowed insecure versions of Twig to be installed. This patch release upgrades Twig to 3.14.0 as a public security hardening.

Important update information

If you are updating from Drupal 9, refer to Preparing your site to upgrade to a newer major version for tools you can use to check the Drupal 10 compatibility of modules, themes and sites. Then, upgrade from Drupal 9 to 10. You should also check the Drupal 10.0.0 release notes.

All changes in this release

Issue #3473195 by longwave, catch, jurgenhaas, naveenvalecha, quietone: twig/twig has a possible sandbox bypass

VCS Label

10.2.8

Release type

Short description

Actively maintained with new features and backwards-compatible improvements every six months. Use this version for the best compatibility with future releases.

Packaged Git sha1

564942298c6b51d2417aea17db4c6c7744229146

Release files

1f7a37ba42ee22948ffc11bfe4541dbd

Release file SHA-1 hash

ffdac4bbcab5d7f95a90242c82377b75a77a5bb9

Release file SHA-256 hash

96a3b99a6a6ff275d6848e66726fc637c1376ed908f77f42542fb706b35e8b79

b75c2b8cfcb36b3812019609ae2a9445

Release file SHA-1 hash

18805bc32fdcf6efb35a2dc1c8c6a51e29a97134

Release file SHA-256 hash

fb303cde701fd5af099586324d2033b4f15bed78d3dfd8535b3b145c0f7e5836