drupal 11.3.8

This is a patch (bugfix) release of Drupal 11 and is ready for use on production sites. Learn more about the latest version of Drupal.

Drupal 11.3.x will receive security coverage until December 2026.

Important update information

• This release is now marked as a security release, but does not contain any additional security fixes over Drupal 11.3.7. Instead, it fixes the data integrity issue present in Drupal 11.3.7 and 11.3.6 (as described below).

• Drupal 11.3.6 introduced a critical regression for importing configuration that could result in data loss under certain circumstances: #3584812: ConfigInstaller isSyncing does not persist to hook_modules_installed() when multiple modules are installed. This release hotfixes that regression.

  Sites that attempted to import configuration on Drupal 11.3.6 or 11.3.7 should re-import their configuration using the site's recommended method (for example, drush deploy). Make note of any differences in configuration, and ensure that data associated with that configuration has not been deleted.

  Sites that updated to 11.3.6 or 11.3.7 without importing configuration do not need to take any action.

All changes since 11.3.7

• fix: #3584812 ConfigInstaller isSyncing does not persist to hook_modules_installed() when multiple modules are installed
• fix: #3582171 [PHP 8.5] Strengthen views data with entity types w/o data tables
• Revert "fix: #3582171 [PHP 8.5] Strengthen views data with entity types w/o data tables"
• fix: #3582514 Add SensitiveParameter attribute to Crypt::hmacBase64()
• fix: #3526541 Cannot set default values on multi-valued formatted Text fields
• fix: #3582229 Package Manager blows up when it encounters already-unpacked recipes