Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.Downloads
Download drupal-7.63.tar.gztar.gz
3.15 MB
MD5: 926f05ef0acadfa4ea75fd1d94c8489c
SHA-1: b3cd53eeebbbbae2868671414ec91d2c83a16c49
SHA-256: 0b72c0235e9abdd65be9731af5692c440cb6f4dd4c2fcc9b8589f5e419935e45
Download drupal-7.63.zipzip
3.65 MB
MD5: 466faca7b39a760bebdb7be99d6a658c
SHA-1: c85cfa730e69f4566db64328cf5a573b9c46f9f9
SHA-256: bad530e27ae842a604bb695212df60b9adbe3f6b5e9f18600c977ac73da42ef9
Release notes
This is a hotfix release for a regression affecting some Drush installations that was introduced by the fix for SA-CORE-2019-002. No other fixes are included.
If you continue to experience issues with Drush following this update, try the following:
- Run
update.phpto ensure database updates are completed and to clear the site cache safely without Drush. - Check the site status report to confirm that 7.63 was successfully installed.
- Test Drush again. If issues persist, try updating to Drush 8.1.18 or installing Drush with Composer. Additional troubleshooting steps can be found in #3026560: After upgrade to 7.63, 8.5.10, 8.6.7, 9.4.0 get TYPO3 phar error for drush.
Important update information
-
The
.pharfile extension has been added to Drupal's dangerous extensions list, which means that any such file uploaded to a Drupal file field will automatically be converted to a text file (with the.txtextension) to prevent it from being executed. This is similar to how Drupal handles file uploads with a.phpextension. -
No changes have been made to the .htaccess, web.config, robots.txt or default settings.php files in this release, so upgrading custom versions of those files is not necessary.
-
The replacement stream wrapper needed to resolve Drupal Core - Remote code execution - SA-CORE-2018-002 is not compatible with PHP versions lower than 5.3.3. For sites using lower PHP versions, the built-in phar stream wrapper has been disabled rather than replaced. Drupal 7 sites using PHP 5.2 (or PHP 5.3.0-5.3.2) that require phar support will need to re-enable the stream wrapper for it; however, note that re-enabling the stream wrapper will re-enable the insecure PHP behavior on those PHP versions.
It is very uncommon to both be running a PHP version lower than 5.3.3 and to need phar support. If you're in that situation, consider upgrading your PHP version instead of restoring insecure phar support.
Known issues
- #3026560: After upgrade to 7.63, 8.5.10, 8.6.7, 9.4.0 get TYPO3 phar error for drush
- #3026470: ArchiveTar is throwing fatal error
- #3026443: \Drupal\Core\Security\PharExtensionInterceptor is incompatible with GeoIP and other libraries that use phar aliases or Phar::mapPhar()
- #3026445: [D7] PHP 5.3.0-5.3.5 gives notice for debug_backtrace() call in PharWrapper
What’s next?
- Learn how to install Drupal
- Learn how to update Drupal
- Extend Drupal to do more
- Get training
- Check out what others built
Bug fixes
Insecure
