drupal 8.5.9

Release notes

Maintenance and security release of the Drupal 8 series.

This release fixes security vulnerabilities. Sites are urged to upgrade immediately after reading the notes below and the security announcement:

No other fixes are included.

Versions of Drupal 8 prior to 8.5.x are end-of-life and do not receive security coverage. Sites on 8.5.x will receive security coverage until May 2019.

Important update information

  • The .phar file extension has been added to Drupal’s dangerous extensions list, which means that any such file uploaded to a Drupal file field will automatically be converted to a text file (with the .txt extension) to prevent it from being executed. This is similar to how Drupal handles file uploads with a .php extension.

  • No changes have been made to the .htaccess, web.config, robots.txt or default settings.php files in this release, so upgrading custom versions of those files is not necessary.

Known issues

Users are reporting seeing a fatal error when updating their sites with Drush. Site owners may be able to run drush updb and either drush cc all or drush cr depending on the version to complete the update. Check the status report afterward to confirm that Drupal has been updated. See #3026386: Upgrading to 8.6.6, 8.5.8, or 7.62 using drush 8 causes PHP Fatal error: Uncaught TYPO3PharStreamWrapperException for details.

Download Size md5 hash
drupal-8.5.9.tar.gz 15.08 MB ab7feda97f750c8997154c04ee7b1c5b
drupal-8.5.9.zip 24.27 MB 1df42622c98481fd23d15db3cac97b3f
Last updated: 16 Jan 2019 at 18:32 UTC
Official release from tag: 
Core compatibility: 
Release type: 
Short description: 
The next patch release of Drupal 8 is ready for new development and use on production sites.
Packaged Git sha1: 

Source: https://www.drupal.org/taxonomy/term/100/feed