Maintenance and security release of the Drupal 7 series.
This release fixes security vulnerabilities. Sites are urged to upgrade immediately after reading the notes below and the security announcement:
Drupal core - Moderately critical - Cross-site scripting - SA-CORE-2020-007
No other fixes are included.
Important update information
Any site that relies on Drupal's AJAX API to perform trusted JSONP requests will need to either override the AJAX options to set "jsonp: true" or use the jQuery AJAX API directly.
If you are using jQuery's AJAX API for user-provided URLs in a contrib or custom module, you should review your code and set "jsonp: false" where this is appropriate.
No changes have been made to the .htaccess, web.config, robots.txt, or default settings.php files in this release, so upgrading custom versions of those files is not necessary if your site is already on the previous release.
Release type: Security update