drupal 9.4.7 | Drupal.org

This is a non-production site

- Drupal Core Drupal CMS puts the power of Drupal into the hands of marketers, designers and content creators
- Drupal CMS Drupal CMS puts the power of Drupal into the hands of marketers, designers and content creators
- Drupal AI Open limitless possibilities with Drupal AI
- Case Studies Powerful stories that show Drupal solutions in the real world
- Drupal for Government Drupal is the open-source CMS that enables digital transformation of government and increases citizen engagement
- Drupal for Higher Education See why 70% of the world's leading universities chose Drupal
- Drupal for Nonprofit See why Drupal is the open-source CMS choice for some of the world’s most influential nonprofits
- Drupal for eCommerce Natively integrate content and commerce
- Drupal for FinTech Secure and trustworthy FinTech infrastructure
- Drupal for Healthcare Drupal powers systems that are secure, patient-centric and engaging
- Drupal for Media & Publishing Create engaging multi-channel experiences to connect with your audiences - everywhere
- Download Drupal Download Drupal and the extensions you need
- Documentation Full knowledgebase including Drupal 7 resources
- Getting Started Guide to installing Drupal on a server
- Local Development Guide Guide to installing Drupal locally with Docker and DDEV
- Developer Resources Step-by-step guide for learning Drupal
- Drupal User Guide Learn to build with Drupal
- API Complete documentation of Drupal Core APIs
- Modules Extend your project's functionality
- Themes Change your project's look and feel
- Distributions Jumpstart your project with a pre-configured install
- Issues Queue Report issues and contribute improvements
- Security Advisories Stay on top of the latest security alerts and updates
- Find a Drupal Certified Partner Connect with the best Drupal agencies around the world
- Become an Drupal Certified Partner Join an elite network of agencies committed to Drupal excellence and innovation
- Find a Hosting Provider Find a hosting provider for your Drupal project
- Find a Migration Partner Get help with your migration to the latest version of Drupal
- Find Training Upskill your Drupal team
- Drupal Steward Ensure your website is protected with Drupal Steward
- About the Community Come for the code, stay for the community
- How to Contribute Get involved in growing and evolving Drupal
- DrupalCon DrupalCon unites experts from around the globe who create ambitious digital experiences. Network, learn, and be inspired
- Events Discover local events, meet-ups, and training
- Jobs / Careers Find opportunities to work in Drupal
- News & Blogs News and stories about Drupal
- Forum Got a question about Drupal? Find answers on the Drupal forums
- Slack Get support and communicate with the global Drupal community
- Newsletters Sign up for Drupal news and manage your subscriptions
- Drupal Swag Shop Get your Drupal branded merch!
- The Drupal Association Learn how we support Drupal's growth and innovation - and how you can help
- Become a Member Become a Ripplemaker and support the Drupal Association
- Become a Drupal Certified Partner Join an elite network of agencies committed to Drupal excellence and innovation
- Donate Make a donation to the nonprofit that supports Drupal
- Log in
- Create account
- Try Drupal CMS
- Try hosting

Posted by xjm on September 28, 2022 at 4:29pm

This is a security release of the Drupal 9 series.

This release fixes security vulnerabilities. Sites are urged to update immediately after reading the notes below and the security announcement:

Drupal core - Critical - Multiple vulnerabilities - SA-CORE-2022-016

No other fixes are included.

Which release do I choose? Security coverage information

Drupal 9.4.x will receive security coverage until June 2023 when Drupal 10.1.0 is released.
Sites on 9.3.x or earlier should update immediately to Drupal 9.3.22 instead of this release (but update to 9.4 or higher soon).
Versions of Drupal 9 prior to 9.3.x are end-of-life and do not receive security coverage.
Versions of Drupal 8 are end-of-life and do not receive security coverage.

Important update information

Drupal 9.4 core now requires twig/twig 2.15.3 or higher (up from 2.15.0).
This release includes a change to default.services.yml. It adds a twig.config.allowed_file_extensions configuration setting to restrict file types that may be loaded with Twig for security. Site owners should make a copy of their default.services.yml prior to updating to ensure any custom modifications are retained.

Following this release, by default, Twig may load the following file types:
- .css
- .html
- .js
- .svg
- .twig
If your site, module, or theme must load additional file types via Twig, consult the documentation for twig.config.allowed_file_extensions in default.services.yml.

VCS Label

9.4.7

Release type

Security update

Short description

Actively maintained with new features and backwards-compatible improvements every six months. Use this version for the best compatibility with future releases.

Packaged Git sha1

89d5167a40092f646c810b52ad7bde1f091ee73f

Release files

e4e9bdf27b93e3174bece0955a9e048a

Release file SHA-1 hash

02a59a6a4d8ae5a601b4f44bf142d55a8e74e69c

Release file SHA-256 hash

0d271c978c7ccdf8b9c9a69967c2a293c0e6d37001bec8000443aec5ca6014dc

102967abd4c5a0fbce26104351f317ce

Release file SHA-1 hash

cd83c5da0c218aa37b9aa19b0536df65a7b8a2cc

Release file SHA-256 hash

c58808ce3f55ce24f0618971907fdf35dff3378a96e3b8b2df2c881bbdf432a8