Drupal 7.20, a maintenance release which contain fixes for security vulnerabilities is now available.
Upgrading your existing Drupal 7 sites is strongly recommended. There are no new features or non-security-related bug fixes in these releases.
Changelog
Drupal 7.20 is a security release only. For more details, see the 7.20 release notes. A complete list of all bug fixes in the stable 7.x branch can be found in the git commit log.
Security vulnerabilities
Drupal 7.20 was released in response to the discovery of security vulnerabilities. Details can be found in the official security advisory:
To fix the security problem, please upgrade to Drupal 7.20.
Known issues
- #1923336: Insert module doesn’t work with Drupal 7.20: Sites using the Insert module will experience problems inserting new images into textareas after upgrading to Drupal 7.20 if the inserted image is set to display using an image derivative. The image will be inserted but will fail to display. The above issue contains a patch which solves the problem and allows new images to be inserted going forward.
- #1923554: New anti-DoS measure breaks for some file URIs: If any images are erroneously stored in the database with an extra slash in the URI (for example, public:///path/to/image rather than public://path/to/image), new derivatives for those images will fail to be generated after upgrading to Drupal 7.20. So far, the only confirmed examples of this involve images created with the Devel generate module, which are unlikely to be an issue on production websites.
- #1923936: Responsive images and styles module doesn’t work with Drupal 7.20: There have been reports of the Responsive images and styles module not working correctly after upgrading to Drupal 7.20. No fix is available yet.