Download Drupal 7.21
Another update for Drupal version 7.0 has been released. Drupal is a user-friendly and powerful content management platform written in PHP, with which, for example, websites can be created. Since version 7.0, there is a redesigned interface, which is said to be simpler and more intuitive. Additional fields, users, terms, URLs, images, lists of options and more can be added to content. An automatic test has also been added to the framework to detect bugs in the code. Finally, the database layer has been completely rewritten, which solves many of the database layer limitations in Drupal 6. Version 7.21 was released to fix issues introduced with the 7.20 release.
release notes
Maintenance release of the Drupal 7 series. Includes fixes for incompatibilities introduced in the Drupal 7.20 security release only.
No security fixes are included in this release; however, sites which were unable to upgrade to Drupal 7.20 (or upgraded but made modifications to disable the security fixes included within it) should upgrade to Drupal 7.21 to obtain additional security protection.
No changes have been made to the .htaccess, robots.txt or settings.php files in this release, so upgrading custom versions of those files is not necessary.
If you have already upgraded to Drupal 7.20 with no problems this release does not provide any new functionality. You can upgrade to Drupal 7.21 at your leisure, without reading the notes below.
Important update notes:
Drupal 7.20 fixed a fundamental security flaw in the Drupal core Image module and therefore introduced incompatibilities with a number of contributed modules and sites (see the Drupal 7.20 release notes). To help mitigate the effect of these changes, an optional ‘image_allow_insecure_derivatives’ variable was provided, which sites could use to turn off the security fix.
Drupal 7.21 adds additional security protection for sites that use this variable. Although they will still not receive the full benefit of the security fix, they will now have protection against the most damaging and easiest-to-inflict vulnerabilities that were addressed in Drupal 7.20.
If you encountered problems when upgrading or attempting to upgrade to Drupal 7.20, then you should upgrade to Drupal 7.21 following the instructions below:
If you choose to set this variable, understand that your site is not fully secure; it will still be vulnerable to some forms of denial-of-service attacks which use image derivatives as described in SA-CORE-2013-002 (although not the most serious and easiest-to-inflict ones). You should therefore monitor the issue queues of any modules which were giving you trouble and remove the variable from your site as soon as fixes become available which you are able to apply.
There is one behavior change introduced in this release for sites using the ‘image_allow_insecure_derivatives’ variable. Previously, setting the variable would allow you to generate any image derivative without including a token in the URL. Now, although tokens will still be optional for most image derivatives, they will be required in the unlikely case of an image derivative which was itself generated from an image derivative (for example, if you first generate a thumbnail image by visiting and then want to take that thumbnail image and generate a “medium” image based off of it by visiting the second case will require a token in the URL in order to work). This change was necessary in order to provide the security improvements and is not believed to have a practical effect in realistic scenarios.
Changes since 7.20:
- #1934568 by David_Rothstein, pwolanin: Allow sites using the ‘image_allow_insecure_derivatives’ variable to have partial protection from the security issues fixed in Drupal 7.20.
| Version number | 7.21 |
| Release status | Final |
| Operating systems | script language |
| Website | Drupal |
| Download | |
| File size |
3.02MB |
| License type | Conditions (GNU/BSD/etc.) |