Backdrop CMS

Dashboards & Home Pages

A full‑featured, non‑technical content management system for building websites such as blogs, galleries, and social networks.

Track releases GitHub Website

PHP Latest 1.34.0 · 18d ago Security brief →

Features

Out‑of‑the‑box ready CMS usable by non‑technical users
Quickly learnable codebase forked from Drupal
Extensible APIs for custom functionality

Recent releases

View all 11 releases →

Upgrade now

1.34.0 Breaking risk 18d

Breaking upgrade

Run update script

Open

No immediate action

1.33.3 Breaking risk 18d

Breaking changes — review before upgrading.

Open

1.33.2 Security relevant 1mo

Security fixes

BACKDROP-SA-CORE-2026-001
BACKDROP-SA-CORE-2026-002
BACKDROP-SA-CORE-2026-003

Full changelog

Security release for Backdrop CMS. This release fixes 3 security vulnerabilities:

And includes one security hardening:

BACKDROP-SA-CORE-2026-004

Notes for updating

No changes have been made to the .htaccess, robots.txt or default settings.php files in this release. Updating customized versions of those files is not necessary.
The database update script does not need to be run.

Changes since 1.33.1

Bug Fixes

Add user role update dependencies to fix upgrade test cases. #7086
Stop run-tests.sh script from truncating simpletest result files. #7000
CKEditor should warn if database does not support utf8mb4. #6891
Exclude comments in listings from disabled content types. #7052
Fix strtotime() on NULL when rendering empty value in views. #6727
Properly follow Views Show All/Show None setting. #5729
Fix responsive tables in Basis, Bartik, Stark themes. #7100

Documentation Updates

Fix reference to Drupal in file admin. #7074
Fix typo on file types form. #7073
Link to a more helpful page on backdropcms.org for updates #6951

Tasks

Update GitHub actions to their latest versions. #7088
Switch to separate dedicated cspell repository. #6280

View release on GitHub

1.32.3 Security relevant 1mo

Security fixes

BACKDROP-SA-CORE-2026-001
BACKDROP-SA-CORE-2026-002
BACKDROP-SA-CORE-2026-003

Full changelog

Security release for Backdrop CMS. This release fixes 3 security vulnerabilities:

And includes one security hardening:

BACKDROP-SA-CORE-2026-004

Notes for updating

No changes have been made to the .htaccess, robots.txt or default settings.php files in this release. Updating customized versions of those files is not necessary.
The database update script does not need to be run.

This release contains the security fixes only and no other changes.

View release on GitHub

1.33.1 Bug fix 4mo

Fixed call to undefined function `cache()` in `system_list()` on PHP 7.1.

Full changelog

Maintenance release for Backdrop CMS. This update contains bug fixes and usability improvements only. This release focuses on fixing regressions found in the 1.33.0 release.

Notes for updating

It is not necessary to run the update script (located at /core/update.php) for this release.
No changes have been made to the .htaccess, robots.txt or default settings.php files in this release. Updating customized versions of those files is not necessary.

Changes since version 1.33.0

Bug fixes

Call to undefined function cache() in system_list() error on PHP 7.1 #7061
Regression when contrib modules call _field_filter_items() #7058
Regression when contrib modules call text_field_is_empty() with only 2 parameters #7057
Layout additional paths are displayed as overrides even if they're not, in some cases #7053
Taxonomy term pages with image put image at bottom of page for only 1 or 2 items with that term #7060