Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.Install
To start a new Drupal project with version 8.8.10:To update your site and all dependencies to the latest version of Drupal:
To update your site to this specific release:
Pinning to a specific release may make it more challenging to update your site in future, see composer documentation for managing pinned versions
Using Composer to manage Drupal site dependencies
Downloads
Download drupal-8.8.10.tar.gztar.gz
18.61 MB
MD5: 0fa6b0f305d4398c2c036d853f8d2cd9
SHA-1: 99b4322b09d91b73cd7f29354fce0155175ff4d1
SHA-256: cc444d6dfb9e5f760e510d1b36b79f744e6ba141c98f39f0821b7bff3f69c223
Download drupal-8.8.10.zipzip
29.64 MB
MD5: b1a2a38e29375a420bfbd1892b3f5bda
SHA-1: aa23f28a1e1ea762b99f3aff1f4291190de8b50d
SHA-256: 7dbdc5a0b9e41571940f37f2bff87d3be3a7b4a923488d135da75064a9829cab
Release notes
Maintenance and security release of the Drupal 8 series.
This release fixes security vulnerabilities. Sites are urged to upgrade immediately after reading the notes below and the security announcement:
- Drupal core - Moderately critical - Cross-site scripting - SA-CORE-2020-007
- Drupal core - Moderately critical - Access bypass - SA-CORE-2020-008
- Drupal core - Critical - Cross-site scripting - SA-CORE-2020-009
- Drupal core - Moderately critical - Cross-site scripting - SA-CORE-2020-010
- Drupal core - Moderately critical - Information disclosure - SA-CORE-2020-011
No other fixes are included.
Which release do I choose? Security coverage information
- Drupal 8.8.x will receive security coverage until December 2, 2020 when Drupal 9.1.0 is released.
- Versions of Drupal 8 prior to 8.8.x are end-of-life and do not receive security coverage.
Important update information
-
Once a site running Workspaces is upgraded for SA-CORE-2020-008, authenticated users may continue to see unauthorized workspace content that they accessed previously until they are logged out.
If it is important for the unintended access to stop immediately, you may wish to end all active user sessions on your site (for example, by truncating the
sessionstable). Be aware that this will immediately log all users out and can cause side effects like lost user input. -
Sites that override
\Drupal\Core\Form\FormBuilder'srenderPlaceholderFormAction()and/orbuildFormAction()methods in contrib and/or custom code should ensure that appropriate sanitization is applied for URLs for SA-CORE-2020-009. -
Any site that relies on Drupal's AJAX API to perform trusted JSONP requests will need to either override the AJAX options to set
"jsonp: true"or use the jQuery AJAX API directly.If you are using jQuery's AJAX API for user-provided URLs in a contrib or custom module, you should review your code and set
"jsonp: false"where this is appropriate. -
No changes have been made to the
.htaccess,web.config,robots.txt, or defaultsettings.phpfiles in this release, so upgrading custom versions of those files is not necessary if your site is already on the previous release.
Known issues
What’s next?
- Learn how to install Drupal
- Learn how to update Drupal
- Extend Drupal to do more
- Get training
- Check out what others built
Security update
Insecure
