This is a release candidate for the next minor version (feature release) of Drupal 11. Release candidates are not supported for production sites, but they are intended for widespread testing in preparation for the upcoming stable release. More information on release candidates.
This release fixes security vulnerabilities. Sites are urged to update immediately after reading the notes below and the security announcements:
This is a release candidate for the next minor version (feature release) of Drupal 11. Release candidates are not supported for production sites, but they are intended for widespread testing in preparation for the upcoming stable release. More information on release candidates.
This is a beta release for the next minor (feature) release of Drupal 11. Betas are good testing targets for developers and site builders who are comfortable reporting (and where possible, fixing) their own bugs. Beta releases are not recommended for non-technical users, nor for production websites. More information on beta releases.
Development release package for the 11.4.x release.
The 11.4.x branch is open for development and will now include the latest commits. Those interested in testing the upcoming minor release of Drupal core should work with the 11.4.x branch until the 11.4.0 release in June 2026.
This release also updates several dependencies for upstream security releases:
Twig is updated to 3.26.0 for a Twig security fix that were released today. Drupal core is affected by these vulnerabilities, so Drupal core's composer.json constraint for Twig has also been increased.
It is recommended to review which user roles have the ability to update Twig templates, for example via Views or contributed modules.
Symfony is updated to 7.4.12 for Symfony security fixes that were released today. Drupal core is affected by some of these vulnerabilities, so Drupal core's composer.json constraints for some Symfony packages have also been increased.
Symfony was previously on 7.3 in Drupal 11.2, but is updated according to our dependency update policy. Site owners should review their applications for Symfony 7.3 compatibility and may see additional deprecation warnings in the log. (That said, support for 11.2 ends on June 17, so an update to at least Drupal 11.3 and Symfony 7.4 will soon be needed regardless).
This release updates the pinned versions of Composer to 2.9.8 for a Composer security fix that was released recently. Drupal core does not expose this vulnerability, but the update is included as a hardening for other applications that may extend the library directly.
underscore.js has been updated to 1.13.8 as hardening for a security issue in that project. This update was previously committed to 11.3, but not backported.
This release also updates several dependencies for upstream security releases:
Twig is updated to 3.26.0 for Twig security fixes that were released today. Drupal core is affected by these vulnerabilities, so Drupal core's composer.json constraint for Twig has also been increased.
It is recommended to review which user roles have the ability to update Twig templates, for example via Views or contributed modules.
Symfony is updated to 7.4.12 for Symfony security fixes that were released today. Drupal core is affected by some of these vulnerabilities, so Drupal core's composer.json constraints for some Symfony packages have also been increased.
This release updates the pinned versions of Composer to 2.9.8 for a Composer security fix that was released recently. Drupal core does not expose this vulnerability, but the update is included as a hardening for other applications that may extend the library directly.
This release also updates several dependencies for upstream security releases:
Twig is updated to 3.26.0 for Twig security fixes that were released today. Drupal core is affected by these vulnerabilities, so Drupal core's composer.json constraint for Twig has also been increased.
It is recommended to review which user roles have the ability to update Twig templates, for example via Views or contributed modules.
Symfony is updated to 6.4.40 for Symfony security fixes that were released today. Drupal core is affected by some of these vulnerabilities, so Drupal core's composer.json constraints for some Symfony packages have also been increased.
This release updates the pinned versions of Composer to 2.9.8 for a Composer security fix that was released recently. Drupal core does not expose this vulnerability, but the update is included as a hardening for other applications that may extend the library directly.
underscore.js has been updated to 1.13.8 as hardening for a security issue in that project. This update was previously committed to 11.3, but not backported.
This release updates the pinned versions of Composer to 2.9.7 for several Composer security fixes that were released today. Drupal does not expose these vulnerabilities, but the update is included as a hardening for other applications that may extend the library directly.
This release updates the pinned versions of Composer to 2.9.7 for several Composer security fixes that were released today. Drupal does not expose these vulnerabilities, but the update is included as a hardening for other applications that may extend the library directly.
This release updates the pinned versions of Composer to 2.9.7 for several Composer security fixes that were released today. Drupal does not expose these vulnerabilities, but the update is included as a hardening for other applications that may extend the library directly.
This is a security release of the Drupal 11 series.
Note: This release introduces a regression for configuration import that could result in data loss in certain scenarios. Sites should update directly to Drupal 11.3.8 instead of this release.
This release fixes security vulnerabilities. Sites are urged to update immediately after reading the notes below and the security announcements:
This release updates the pinned versions of Composer to 2.9.7 for several Composer security fixes that were released today. Drupal does not expose these vulnerabilities, but the update is included as a hardening for other applications that may extend the library directly.
Note: This release introduces a regression for configuration import that could result in data loss in certain scenarios. Sites should update directly to Drupal 11.3.8 instead of this release.
This is a maintenance minor release of Drupal 10 and is ready for use on production sites. Maintenance minors are recommended for sites that prefer the minimum changes between releases. Learn more about the Drupal core release cycle.
This is a maintenance minor release of Drupal 10 and is ready for use on production sites. Maintenance minors are recommended for sites that prefer the minimum changes between releases. Learn more about the Drupal core release cycle.
This is a release candidate for the next minor version (feature release) of Drupal 11. Release candidates are not supported for production sites, but they are intended for widespread testing in preparation for the upcoming stable release. More information on release candidates.
This is a release candidate for the next maintenance minor release of Drupal 10. Release candidates are not supported for production sites, but they are intended for widespread testing in preparation for the upcoming stable release. More information on release candidates.
This is a release candidate for the next minor version (feature release) of Drupal 11. Release candidates are not supported for production sites, but they are intended for widespread testing in preparation for the upcoming stable release. More information on release candidates.
This is a beta release for the next maintenance minor release of Drupal 10. Betas are good testing targets for developers and site builders who are comfortable reporting (and where possible, fixing) their own bugs. Beta releases are not recommended for non-technical users, nor for production websites. More information on beta releases..
