Security update

* Honour the server entity status.

This is a security release of the Drupal 10 series.

This release fixes security vulnerabilities. Sites are urged to update immediately after reading the notes below and the security announcements:

• Drupal core - Critical - Cross-Site Scripting - SA-CORE-2025-001
• Drupal core - Moderately critical - Access Bypass - SA-CORE-2025-002
• Drupal core - Moderately critical - Gadget chain - SA-CORE-2025-003

This release also fixes Update manager routes are not disabled anymore when allow_authorize_operations is FALSE, a public security improvement.

No other fixes are included.

This is a security release of the Drupal 10 series.

This release fixes security vulnerabilities. Sites are urged to update immediately after reading the notes below and the security announcements:

• Drupal core - Critical - Cross-Site Scripting - SA-CORE-2025-001
• Drupal core - Moderately critical - Access Bypass - SA-CORE-2025-002
• Drupal core - Moderately critical - Gadget chain - SA-CORE-2025-003

No other fixes are included.

This is a security release of the Drupal 11 series.

This release fixes security vulnerabilities. Sites are urged to update immediately after reading the notes below and the security announcements:

• Drupal core - Critical - Cross-Site Scripting - SA-CORE-2025-001
• Drupal core - Moderately critical - Access Bypass - SA-CORE-2025-002
• Drupal core - Moderately critical - Gadget chain - SA-CORE-2025-003

No other fixes are included.