Change record status: 
Project: 
Introduced in branch: 
9.1.x
Introduced in version: 
9.1
Description: 

Drupal generated .htaccess files now consistently escapes the dot (.) character in all rewrite conditions (RewriteCond) and rules (RewriteRule). This change makes the rules slightly more strict and therefore safer.

The RewriteCond for the URLs, install.php, rebuild.php, core/modules/system/tests/https.php, and core/modules/statistics/statistics.php and the RewriteRule for install.php now escape the dot character.

If you have customized .htaccess file then make a backup of those .htaccess files before updating. You may also wish to escape dots in your customized rules where appropriate.

For example. the following before and after show how rewrite condition for the statistics URI is changed.

Before

RewriteCond %{REQUEST_URI} !/core/modules/statistics/statistics.php$

After
RewriteCond %{REQUEST_URI} !/core/modules/statistics/statistics\.php$

Impacts: 
Site builders, administrators, editors
Module developers