Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
Drupal 10.0.0 has been released simultaneously with Drupal 9.5.0. Drupal 9.5 has most of the changes that Drupal 10 does, but retains backwards compatibility layers added through Drupal 9.5.0's release. Update to Drupal 9.5 before updating to Drupal 10 for the smoothest upgrade path.
If you are starting a new Drupal project, you have a choice between Drupal 9.5.0 and 10.0.0, and generally should choose Drupal 10 where possible for forward compatibility with future releases.
Regardless of which version you choose now, features will only be added to Drupal 10 minor releases. Plan to adopt Drupal 10 so that you can easily update to Drupal 10.1 and later.
Maintenance release of the Drupal 7 series. Includes bug fixes and small API/feature improvements only (no major, non-backwards-compatible new functionality).
No security fixes are included in this release.
No changes have been made to the .htaccess, web.config, robots.txt or default settings.php files in this release, so upgrading custom versions of those files is not necessary.
This is a "hotfix" release to address two bugs in Drupal 7.93.
This is a release candidate for the next minor version (feature release) of Drupal 9. Release candidates are not supported for production sites, but they are intended for widespread testing in preparation for the upcoming stable release. More information on release candidates.
This is a release candidate for the next major version of Drupal. Release candidates are not supported for production sites, but they are intended for widespread testing in preparation for the upcoming stable release. More information on release candidates.
Maintenance release of the Drupal 7 series. Includes bug fixes and small API/feature improvements only (no major, non-backwards-compatible new functionality).
No security fixes are included in this release.
Changes have been made to default.settings.php. More details in the Change Records for major changes below.
No changes have been made to .htaccess, web.config or robots.txt files in this release, so upgrading custom versions of those files is not necessary.
This is a release candidate for the next major version of Drupal. Release candidates are not supported for production sites, but they are intended for widespread testing in preparation for the upcoming stable release. More information on release candidates.
This is a release candidate for the next major version of Drupal. Release candidates are not supported for production sites, but they are intended for widespread testing in preparation for the upcoming stable release. More information on release candidates.
This is a release candidate for the next minor version (feature release) of Drupal 9. Release candidates are not supported for production sites, but they are intended for widespread testing in preparation for the upcoming stable release. More information on release candidates.
This is a beta release for the final scheduled minor version of Drupal 9. Betas are good testing targets for developers and site builders who are comfortable reporting (and where possible, fixing) their own bugs. Beta releases are not recommended for non-technical users, nor for production websites. More information on beta releases.
This is a beta release for the next major version of Drupal. Drupal 10 beta releases are intended for site owners and module or theme authors to test compatibility and upgrade paths for Drupal 10.0. Beta releases are not intended for production.
This is a beta release for the final scheduled minor version of Drupal 9. Betas are good testing targets for developers and site builders who are comfortable reporting (and where possible, fixing) their own bugs. Beta releases are not recommended for non-technical users, nor for production websites. More information on beta releases.
This is a beta release for the next major version of Drupal. Drupal 10 beta releases are intended for site owners and module or theme authors to test compatibility and upgrade paths for Drupal 10.0. Beta releases are not intended for production.
Maintenance release of the Drupal 7 series. Includes bug fixes and small API/feature improvements only (no major, non-backwards-compatible new functionality).
This is an alpha release for the next major version of Drupal. This alpha release is intended for module or theme authors to test whether their code is compatible with recent significant changes in Drupal 10.0.x. Drupal 10 alpha releases should not be used in production. No upgrade path will be provided between Drupal 10 alpha releases, nor to Drupal 10.0.0-beta1.
This is a patch (bugfix) release of Drupal 9 and is ready for use on production sites. Learn more about Drupal 9.
The CKEditor 5 experimental module is being developed for Drupal 10 WYSIWYG editing and depends on the third-party CKEditor 5 JavaScript library. CKEditor has issued a security advisory for CKEditor 5:
Drupal core is only known to be vulnerable when the full HTML format is used with CKEditor within QuickEdit, and the exploit only affects the user who inserts a JavaScript payload. Since full HTML already allows writing JavaScript that can contain cross-site scripting (XSS) payloads, we are treating this update as a public security hardening.
CKEditor 4 is not affected, so sites where only the stable CKEditor module is enabled (with the CKEditor 5 experimental module uninstalled) will not be impacted and do not urgently need to update to this release.
This is a patch (bugfix) release of Drupal 9 and is ready for use on production sites. Learn more about Drupal 9.
The CKEditor 5 experimental module is being developed for Drupal 10 WYSIWYG editing and depends on the third-party CKEditor 5 JavaScript library. CKEditor has issued a security advisory for CKEditor 5:
Drupal core is only known to be vulnerable when the full HTML format is used with CKEditor within QuickEdit, and the exploit only affects the user who inserts a JavaScript payload. Since full HTML already allows writing JavaScript that can contain cross-site scripting (XSS) payloads, we are treating this update as a public security hardening.
CKEditor 4 is not affected, so sites where only the stable CKEditor module is used (with the CKEditor 5 experimental module uninstalled) will not be impacted and do not urgently need to update to this release.
Drupal core is unlikely to be vulnerable. This bugfix release updates the version of Diactoros used in drupal/core-recommended to a secure version as a precaution.
This is an alpha release for the next major version of Drupal. This alpha release is intended for module or theme authors to test whether their code is compatible with recent significant changes in Drupal 10.0.x. Drupal 10 alpha releases should not be used in production. No upgrade path will be provided between Drupal 10 alpha releases, nor to Drupal 10.0.0-beta1.
The Security Team believes it is unlikely Drupal core or contributed modules are affected, but this release updates the dependency as a security hardening.
The Security Team believes it is unlikely Drupal core or contributed modules are affected, but this release updates the dependency as a security hardening.
This is a release candidate for the next minor version (feature release) of Drupal 9. Release candidates are not supported for production sites, but they are intended for widespread testing in preparation for the upcoming stable release. More information on release candidates.
This release fixes security vulnerabilities. Sites are urged to update immediately after reading the notes below and the security announcements:
This is a release candidate for the next minor version (feature release) of Drupal 9. Release candidates are not supported for production sites, but they are intended for widespread testing in preparation for the upcoming stable release. More information on release candidates.
This is an alpha release for the next major version of Drupal. This alpha release is intended for module or theme authors to test whether their code is compatible with recent significant changes in Drupal 10.0.x. Drupal 10 alpha releases should not be used in production. No upgrade path will be provided between Drupal 10 alpha releases, nor to Drupal 10.0.0-beta1.
Maintenance release of the Drupal 7 series. Includes bug fixes and small API/feature improvements only (no major, non-backwards-compatible new functionality).
No security fixes are included in this release.
No changes have been made to the .htaccess, web.config, robots.txt or default settings.php files in this release, so upgrading custom versions of those files is not necessary.
This is a beta release for the next minor (feature) release of Drupal 9. Betas are good testing targets for developers and site builders who are comfortable reporting (and where possible, fixing) their own bugs. Beta releases are not recommended for non-technical users, nor for production websites. More information on beta releases.
This release fixes security vulnerabilities. Sites are urged to update immediately after reading the notes below and the security announcements: