Overview
- The release window, announced Tuesday, runs May 20 from 17:00 to 21:00 UTC.
- Drupal labels the core bug “highly critical” and says exploits may appear within hours or days.
- Updates will land for 11.3.x, 11.2.x, 10.6.x, and 10.5.x, while Drupal 7 is not affected.
- Sites on Drupal 8 or 9 will get manual patch files for 8.9 and 9.5, but the team urges an upgrade to at least 10.6.
- Administrators are told to pre‑update now, reserve time during the window to check impact, and follow mitigation steps in the advisory.