Download Drupal 7.78 / 8.9.13 / 9.0.11 / 9.1.3
Updates have been released for Drupal versions 7, 8.9, 9.0 and 9.1. Drupal is a PHP written, user-friendly and powerful content management platform, with which, for example, websites can be created. It’s simple enough for a novice user, but powerful enough to build a more complex website as well. The program includes a content management platform and a development framework. The updates contain a fix for an archive file security vulnerability:
Drupal core – Critical – Third-party libraries – SA-CORE-2021-001
Project: Drupal core
Date: 2021-January-20
security risk: Critical 18∕25 AC:Complex/A:User/CI:All/II:All/E:Exploit/TD:Uncommon
Vulnerability: Third-party libraries
Description: The Drupal project uses the pear Archive_Tar library, which has released a security update that impacts Drupal. For more information please see:
Exploits may be possible if Drupal is configured to allow .tar, .tar.gz, .bz2, or .tlz file uploads and processes them.
Solution: Install the latest version:
- If you are using Drupal 9.1, update to Drupal 9.1.3.
- If you are using Drupal 9.0, update to Drupal 9.0.11.
- If you are using Drupal 8.9, update to Drupal 8.9.13.
- If you are using Drupal 7, update to Drupal 7.78.
Versions of Drupal 8 prior to 8.9.x are end-of-life and do not receive security coverage.
Disable uploads of .tar, .tar.gz, .bz2, or .tlz files to mitigate the vulnerability.
| Version number | 7.78 / 8.9.13 / 9.0.11 / 9.1.3 |
| Release status | Final |
| Operating systems | script language |
| Website | Drupal |
| Download | https://ftp.drupal.org/files/projects/drupal-9.0.9.tar.gz |
| License type | GPL |