Try a hosted Drupal demo

Install

To start a new Drupal project with version 9.0.13:

To update your site and all dependencies to the latest version of Drupal:

To update your site to this specific release:
Pinning to a specific release may make it more challenging to update your site in future, see composer documentation for managing pinned versions

Using Composer to manage Drupal site dependencies

Downloads

Download tar.gz 16.12 MB
MD5: f00b8ae47506fa2ce1724488ff70916b
SHA-1: cf2472e847b53842e23b50d63e22c10ce2e0928d
SHA-256: 448ba03b69a5b99efdf44e69bca3ad25425baa766fa2def6df106812d9b76b8a
Download zip 27.11 MB
MD5: bb7f32618e0b66cc39fae3a3b49da5e7
SHA-1: 90dedc8fe7fd6552d60a362a576aefe6930708d2
SHA-256: 076a7243d795e8e388041cf9e39523ea4bedca20ec4ef4a196083d6af8bda4ea

Release notes

This is a patch (bugfix) release of Drupal 9 and is ready for use on production sites. Learn more about Drupal 9.

Drupal 9.0.x will receive security coverage until June 16, 2021 when Drupal 9.2.0 is released. It will no longer receive bugfix releases now that Drupal 9.1.0 has been released except for this small maintenance release increasing some dependency versions.

If you are upgrading from Drupal 8, read upgrading a Drupal 8 site to Drupal 9 and the 9.0.0 release notes before upgrading to this release.

If your site is on 8.8.x or earlier, you may wish to upgrade to Drupal 8.9.15 instead. Regardless of which version you choose now, features will only be added to Drupal 9 minor releases, so plan to adopt Drupal 9 as soon as possible so that you can easily update to Drupal 9.2 and later.

Known issues

Search the issue queue for known issues.

Dependency updates

The composer/composer development dependency has been updated from 1.10.6 to 1.10.22.

Most Symfony components have been updated to 4.4.19 for multiple bugfixes including a security hardening. Symfony 5.x components have been updated to 5.1.11. As part of this change, an additional indirect dependency is added for the symfony/http-client-contracts component.

Archive_Tar has been updated to 1.4.13 for a security hardening.

Drupal core's development dependency on the Nightwatch npm package has been increased from 1.2.1 to 1.6.3 and all locked versions of dependencies have been updated to address security issues in these dependencies.

Changes since 9.0.12:

  • #3211810 by alexpott, xjm, Spokje, Amber Himes Matz, Kristen Pol, lauriii: [security] Update Nightwatch and locked dev dependencies to address security issues
  • #3212177 by alexpott, lauriii: Update caniuse-lite as it is outdated
  • #3211805 by xjm, Kristen Pol, longwave: Update composer/composer dev dependency in metapackages to 2.0.13
  • #3199209 by xjm, andypost: Update Drupal 9 branches to the latest patch releases of Symfony components
  • Back to dev.
  • Merged 9.0.12.
  • Revert "Issue #3174349 by quietone, itaran, dww, Kristen Pol: file_url_transform_relative() cannot handle URLs where the port is different from the site's request port"
  • #3174349 by quietone, itaran, dww, Kristen Pol: file_url_transform_relative() cannot handle URLs where the port is different from the site's request port
  • #3199205 by xjm, mcdruid: Update Archive_Tar to 1.4.13
  • Merge 9.0.11, resolve merge conflicts, and update lockfile and dev versions.

What’s next?

  1. Learn how to install Drupal
  2. Learn how to update Drupal
  3. Extend Drupal to do more
  4. Get training
  5. Check out what others built
Created by: catch
Created on: 5 May 2021 at 12:06 UTC
Last updated: 26 May 2021 at 19:44 UTC
Git tag 9.0.13
Bug fixes
Insecure
Unsupported

Other releases