Drupal security update: 9.3.6 -> 9.3.12

In response to Drupal security advisories, we are updating all Drupal 9 websites hosted by the Drupal service from version 9.3.6 to 9.3.12. This update is expected to be transparent for all standard websites. However, if you are using locally installed modules not provided by the CERN Drupal Distribution, you are encouraged to test your website. If you encounter any issue, please reach out to the Drupal administrators via service-now.

How to test your website

On the webservices portal, create a new environment cloning your production website and using version “v9.3-2”.

Changelog

Note: 9.3.7 and 9.3.10 are the only versions with significant changes.

Update

Since the announcement of this update, Drupal released versions 9.3.10 - 9.3.12 including important security updates. We therefore update the target of this operation: instead of updating to Drupal 9.3.9 as originally announced, we will update directly to Drupal 9.3.12.

This doesn’t change your testing workflow. New sites created with the “v9.3-2” version of the CERN Drupal Distribution will include all updates.

Announcement: OTG0070221

Schedule

12/4/2022 27/4/2022 9:30

After evaluating the security implications, we delay the intervention for the 27/4 to allow enough time for testing through the Webservices portal.

Note: the UI workflow to select the version v9.3-2 on the webservices portal works since 11/4.