Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.Install
To start a new Drupal project with version 8.7.8:To update your site and all dependencies to the latest version of Drupal:
To update your site to this specific release:
Pinning to a specific release may make it more challenging to update your site in future, see composer documentation for managing pinned versions
Using Composer to manage Drupal site dependencies
Downloads
Download drupal-8.7.8.tar.gztar.gz
17.05 MB
MD5: f281eb14d8aabf0c3e78dd519ca4b640
SHA-1: 96f4f852e8c9f6a4c424a33e6ac145ba8ee067ba
SHA-256: c8d04d3972ad56e7e703697adc65af1d3e9fb7c0aa77a6d837394b2d6c61377d
Download drupal-8.7.8.zipzip
27.23 MB
MD5: ccc8bf01c2380fdbc494b49352b7df3f
SHA-1: 6b512df639bf00d2f556a79a423b7b69cc26d6d3
SHA-256: b1f9d3ef519eb7c69044dd1b258e89dbba83914e99ba72d63f3cdc491147ac5b
Release notes
This is a patch release of Drupal 8 and is ready for use on production sites. Learn more about Drupal 8.
If you are upgrading to this release from 8.6.x, read the Drupal 8.7.0 release notes before upgrading to this release.
Drupal 8.7.x will receive security coverage until June 3rd, 2020, when Drupal 8.9.x is released.
Important update information
Core versioning support in *.info.yml files since 8.7.7
Drupal 8.7.7 introduces a new core_version_requirement key to *.info.yml files, allowing contributed modules to specify specific versions for Drupal core compatiblity, as well as to indicate that they are compatible with both Drupal 8 and the forthcoming Drupal 9 release. See the change record for more details.
Dependency updates
- Several JavaScript dependencies have been updated to resolve publicly disclosed security issues:
nightwatchhas been updated to version 1.2.1chromedriverhas been updated to version 75.1.0stylelint-no-browser-hackshas been updated to 1.2.1
- Due to a compatibility issue between
zend-diactoros1.8.5 andpsr-http-message-bridgeversions prior to 1.1.2, Drupal core'scomposer.jsonhas increased the minimum requirement forpsr-http-message-bridgefrom 1.0 to 1.1.2. This should not affect sites using the tarball packaged by Drupal.org (which already supplied version 1.1.2 of the component in Drupal 8.7.7), but may lead to a dependency update for certain sites maintained with Composer.
All changes since 8.7.7
- #3083183 by larowlan, Wim Leers, acbramley: FunctionalJavaScript tests fail because newer versions of curl/selenium webdriver require additional headers
- #3048348 by Wim Leers, Spokje, yogeshmpawar, logickal, alexpott, adamspe: Denormalizing NULL for an optional @FieldType=address or @FieldType=geolocation field fails due to either no main property name or computed read-only main property
- #3082145 by voleger, Mile23: Vendor cleanup fail for twig/twig
- #2846770 by diqidoq, dorian.dirusso, marie.pinet, Thib, larowlan, Mile23, andypost: AdminRouteSubscriber incorrectly identifies paths such as /administration-position as admin paths
- #2413191 by claudiu.cristea, alexpott, andyceo, andypost, laszlo.kovacs, Dane Powell, Gábor Hojtsy, pfrenssen: Shipping a profile with multiple languages without locale module not possible
- #3028675 by bskibinski, joelpittet, gnuschichten, alexpott, lauriii: Vertical Tabs are unnecessarily hiding content with overflow: hidden
- #3080689 by ShaunDychko: Spelling errors in Nightwatch drupalCreateUser command
- #3082287 by alexpott: \Drupal\user\Plugin\views\access\Role::access() does not conform to the base class documentation
- #3081679 by eiriksm: AjaxResponse::getCommands has wrong return type
- #3081080 by stefan.korn: Fix small issue in DocBlock comment for umami_theme_suggestions_block_alter
- #3078633 by tim-diels, cindytwilliams: Documentation fix date render element
- #2890514 by quietone, vomitHatSteve, heddn: upgrade_d6_imagecache_presets fails if blank "action" is enountered
- #2913819 by Mile23, Wim Leers, catch: run-tests.sh ignores final classes
- #3078676 by chr.fritsch, justafish: drupalUserIsLoggedIn doesn't work on https sites
- #3012001 by quietone, rkostov, ellenoise: Duplications within migration process plugin
- #3068733 by blazey, amateescu, pmelab, hchonov: EntityStorageBase::loadMultiple returns unwanted entities when the static cache is warm
- #3045483 by Wim Leers, alexpott, RandomNeighbour, mikelutz, jibran: Incompatibility between zend-diactoros and psr-http-message-bridge versions: require symfony/psr-http-message-bridge >=1.1.2
- #2885441 by phenaproxima, acbramley, dwkitchen, jibran, hchonov, larowlan: EntityReferenceAutocompleteWidget should define its size setting as an integer
- #3074949 by amateescu, doidd, catch: Memory leak in the entity schema converter
- #3059356 by finnsky, mogtofu33, klausi, jibran, justafish, joaogarin: [Security] Update yarn packages to fix 19 vulnerabilities by updating nightwatch
- #3079444 by jdmoreno: ExtensionList::reset() doesn't document its return value
- #3075933 by jibran, kim.pepper, larowlan: Add kim.pepper as maintainer for file.module
- #3076644 by Luke_Nuke, gueguerreiro: Mistake in the comment documenting the "image" method of the "Random" utility class
- #3079805 by mikelutz, xjm, Mixologic, tedbow: expectedException() usage in two pre-8.7.7 commits has broken PHP 5 testing for 8.7.x
- #3021452 by Luke.Leber, jibran, ericmulder1980, phenaproxima, Martijn de Wit, alexpott, andrewmacpherson, marcoscano, pawandubey, seanB, lauriii: Add title attribute to oEmbed iframe for accessibility
- #3055516 by oknate, dasginganinja, Skymen, rgpublic, Wim Leers, seanB, phenaproxima, tstoeckler: Notice: Undefined index: target_bundles when new reference media field created
- #3076259 by oknate, ThomasDik, phenaproxima: Media library does not enforce order which can lead to different hashes
What’s next?
- Learn how to install Drupal
- Learn how to update Drupal
- Extend Drupal to do more
- Get training
- Check out what others built
Bug fixes
Insecure
