This is a patch (bugfix) release of Drupal 9 and is ready for use on production sites. Learn more about Drupal 9.
Drupal 9.3.x will receive security coverage until December 2022.
If you are upgrading from Drupal 8, read upgrading a Drupal 8 site to Drupal 9, 9.0.0 release notes, and the 9.3.0 release notes before upgrading to this release.
Important update information
Composer is a development dependency and tool used by Drupal. Today the Composer project released a security advisory.
This Drupal release updates Composer to the latest version as a security hardening. The locked version of the composer/composer package has been updated from 2.1.12 to 2.2.12.
No other changes are included. (Note that Drupal 9.3.10 was also released today, so refer to the 9.3.10 release notes for all changes since the last bugfix release.)
It is also recommended that site owners update the version of Composer they use on the command line. To see which version of Composer is in use, run:
composer --version
To update Composer 1:
composer self-update 1.10.26
To update Composer 2.0 through 2.2:
composer self-update 2.2.12
To update Composer 2.3:
composer self-update 2.3.5