Still on Drupal 7? Security support for Drupal 7 ended on 5 January 2025. Please visit our Drupal 7 End of Life resources page to review all of your options.Install
To start a new Drupal project with version 11.2.1:To update your site and all dependencies to the latest version of Drupal:
To update your site to this specific release:
Pinning to a specific release may make it more challenging to update your site in future, see composer documentation for managing pinned versions
Using Composer to manage Drupal site dependencies
Downloads
Download drupal-11.2.1.tar.gztar.gz
19.27 MB
MD5: 6bbff12657b5b4399cb987196c8de204
SHA-1: 2dbd823adacfe49e57c1beb990b87b709e6559a5
SHA-256: b16a59170929895be49e30670fd6e8d2e1df68c1f764e0e678a68a7db734f54f
Download drupal-11.2.1.zipzip
32.97 MB
MD5: 12b4f37caca3b754c6bf7f17b2943965
SHA-1: 29c874b0162397e0b87d82aeceb118b1641565a6
SHA-256: 7596dd7b325ce8e7d3efe355bba16d48f25d179dba5fb3f71efc8df0fe8ec445
Release notes
This is a patch (bugfix) release of Drupal 11 and is ready for use on production sites. Learn more about Drupal 11.
Drupal 11.2.x will receive security coverage until June 2026.
Important update information
This is a hotfix release to fix two critical regressions that were present in 11.2.0.
For full information on important changes in 11.2, read the 11.2.0 release notes.
-
#3531412: New constants in \Drupal\Core\Theme\Registry are private but they are accessed with static:: caused sites with some themes and theme-related modules, including the Bootstrap theme, to receive a fatal error about an undefined constant in 11.2.0. This issue is now fixed. Themes or modules that were working around this issue can be updated for the core fix.
-
Due to #2987548: LogicException: The database connection is not serializable., following changes in 11.2, site owners using interface translation would encounter an error when attempting to save a view through the Views UI (and possibly other similar major bugs). The underlying cause for this issue has been resolved.
Known issues
-
Numerous site owners and developers have reported difficulty updating to Drupal 11.2.0 due to conflicting versions of Drupal core's development dependencies. Several core development dependencies had their major version constraints increased in the 11.2.0 release:
- PHPStan was increased from v1 to v2.
sebastian/diffwas increased from v5 to v6.- PHPUnit was increased from v10 to v11.
In a future bugfix release, we may attempt to support compatibility with both major versions of these dependencies. For the time being, however, we recommend site owners attempt updating all their packages which may use core's development dependencies together, for example:
composer update "drupal/core*" drupal/automatic_updates "drupal/gin*" drupal/project_browser --with-all-dependenciesFor more information and debugging suggestions that may help for your site, see #3531287: Remove core/recommended constraint for sebastian/diff.
-
Users of the contributed linkit module should update to version 7.0.5 or higher.
-
The Editor advanced link module has an open issue to add compatibility for Ckeditor5 v45.2.0, users of this module may want to delay updating to 11.2.0 until that issue is fixed.
Search the issue queue for known issues.
All changes since Drupal 11.2.0
- Issue #3340142 by mstrelan, quietone, xjm: Convert testJail() to use expectException
- Issue #3525174 by benjifisher, smustgrave, greggles, catch, larowlan, mcdruid: Clean up unserialize() in the config system
- Issue #3494354 by catch, mstrelan, acbramley, smustgrave: AssetResolver::getJsAssets cache id doesn't consider attached settings, leads to ajax issues
- Issue #2987548 by alexpott, johnv, euphoric_mv, HbtTundar, cilefen, xjm, samlerner, pratip.ghosh, jrochate, alezu: LogicException: The database connection is not serializable
- Issue #3530730 by catch: Remove catch as maintainer of the 'path' and 'taxonomy' modules
- Issue #3531412 by alexpott, xjm, nicxvan, catch, longwave: New constants in \Drupal\Core\Theme\Registry are private but they are accessed with static::
- Issue #3521884 by nigelcunningham, nod_, smustgrave, catch: tableresponsive.js causes huge page load time for extensions page
- Issue #3531044 by godotislate, nicxvan, zigazou: Unknown fieldViewsDataHelper method called from deprecated datetime_type_field_views_data_helper function
- Issue #2866619 by acbramley, kksandr, shabana.navas, hkirsman: Don't use link in message after node save if user doesn't have permissions
- Issue #3414173 by joelpittet, anybody, nicxvan: Add support for minified external CSS libraries
- Issue #1822440 by mohit_aghera, acbramley, smustgrave, dawehner, ezra-g, catch: "Content access" filter should check for node_grants implementations before adding node access grant queries
- Issue #3109284 by prudloff: locale_translation queue loop
- Issue #2776661 by brandonlira, ameymudras, er.pushpinderrana, quietone, joachim: incorrect uses of isRebuilding() in inline docs in processForm()
- Issue #3525031 by mondrake, andypost: [CI] Run PHPStan job on PHP 8.4
- Issue #3530843 by catch, mondrake: Adjust performance test job for new phpunit discovery
What’s next?
- Learn how to install Drupal
- Learn how to update Drupal
- Extend Drupal to do more
- Get training
- Check out what others built
Bug fixes
Insecure
