Drupal 9.4.1 Released

front-end development

This is a patch (bugfix) release of Drupal 9 and is ready for use on production sites.

Drupal uses the third-party Guzzle library for handling HTTP requests and responses to external services. Guzzle has released two security advisories:

  • CVE-2022-31090: CURLOPT_HTTPAUTH option not cleared on change of origin
  • Change in port should be considered a change in origin

The Security Team believes it is unlikely Drupal core or contributed modules are affected, but this release updates the dependency as a security hardening.

Drupal 9.4.x will receive security coverage until June 2023.

If you are upgrading from Drupal 8, read upgrading a Drupal 8 site to Drupal 9, 9.0.0 release notes, and the 9.3.0 release notes before upgrading to this release.

Important update information

  • Drupal core now requires guzzlehttp/guzzle 6.5.8 or higher (up from 6.5.8), or 7.4.5 or higher (up from 7.4.4).

The latest guzzle versions also require guzzlehttp/psr7 1.9 or higher (up from 1.8.5), so that package is updated as well.

Since the above change to guzzlehttp/psr7 requires a minor-level package update, sites will not be able to update the dependency themselves as outlined in this week's PSA.

Site owners who do not use drupal/core-recommended should take care to ensure they do not accidentally update to Guzzle 7 when running composer updates. Review the instructions for managing Guzzle updates without drupal/core-recommended.

  • No changes have been made to the .htaccess, web.config, robots.txt, or default settings.php files in this release, so updating custom versions of those files is not necessary if your site is already on the previous release.


Note: The vision of this web portal is to help promote news and stories around the Drupal community and promote and celebrate the people and organizations in the community. We strive to create and distribute our content based on these content policy. If you see any omission/variation on this please let us know in the comments below and we will try to address the issue as best we can.

Advertisement Here

Call for Support