This is a patch (bugfix) release of Drupal 10 and is ready for use on production sites. Learn more about Drupal 10.
Drupal 10.4.x will receive security support until December 2025.
All changes in this release
- Issue #3495881 by godotislate, bkosborne, catch, kushagra.goyal: Firefox retains form_build_id on form reloads, causing old form cache entry to be used and creating weird behavior for the Media Library widget
- Issue #3503556 by tom konda: Wrong Regular Expression for string comparison in Nightwatch.js assertion
- Issue #3503195 by alexpott, longwave, loopy1492: Twig needs updating for CVE-2025-24374
- Issue #3485174 by fago, arthur_lorenz, alexpott, smustgrave: Menu APIs provide invalid CSRF tokens
- Issue #3501059 by claudiu.cristea: Remove claudiu.cristea from MAINTAINERS.txt
- Issue #3501361 by chr.fritsch: Remove chr.fritsch from MAINTAINERS.txt
- Issue #3501210 by dawehner: Remove dawehner from MAINTAINERS.txt
- Issue #3499596 by alexpott: run-tests.sh cannot handle unicode in PHPUnit output
- Issue #3220784 by berdir, johnchque, mathilde_dumond, dww, quietone: ContentEntityBase::createDuplicate() should reset default revision flag
- Issue #3466462 by mfb, chandansha, kim.pepper, charlliequadros, smustgrave, mxr576, quietone, morvaim, larowlan: Fix handling of unknown file extensions in FileMediaFormatterBase
- Issue #3491467 by andypost: Add daily testing with PHP 8.4
- Issue #3496438 by spokje, larowlan: [random test failure] LanguageNegotiationInfoTest::testInfoAlterations
- Issue #3436395 by kristiaanvandeneynde, xjm, smustgrave, gabesullice, longwave, catch, effulgentsia, heddn, mcdruid, dww, bbrala, deviantintegral, greggles, benjifisher, drumm, larowlan, poker10: UserRolesCacheContext can lead to poisoned cache returns for user 1
- Issue #3358586 by godotislate, kala4ek, jaswinsingh, benjifisher, creact, catch, simohell, alexpott, alfthecat, aaronbauman, rupertj, poker10: RuntimeException: Adding non-existent permissions to a role is not allowed
- Issue #3495165 by catch, joeyroth, berdir, texas-bronius: Better warning message when variation cache detects an incompatible CacheRedirect
VCS Label
10.4.2
Short description
Actively maintained with bugfixes and forwards compatibility backports every six months. Use this version if you already have a Drupal 10 site, until you're ready to update to 11.x.
Packaged Git sha1
b33c9280991c437a3fa05dec941c54bca0ddb7d8
Release files
7314438405cc1ef1a650826c8cbf6808
Release file SHA-1 hash
eb68da5c6cb96625bfb1101734bac26ae164d050
Release file SHA-256 hash
48de072ee4d976456d95bd8e43b286c8a1cac1ee44b433dce98d4a8f5775e040
f3040d720b5cfca47d7148c887911443
Release file SHA-1 hash
c63589175ca9460d90d0429827864657b015dc2d
Release file SHA-256 hash
6689fc513e719bee49e369317e4998f44f900d162200aa8df77ce133815a0ff4