PHP versions 8.2.32, 8.3.32, 8.4.23, and 8.5.8 are now available on the platform. These updates include important security fixes, along with bug fixes and enhancements that improve performance and stability. Updates will be applied automatically over the next few days, so no manual action is required.
Pantheon release notes
PHP versions 8.4.22 and 8.5.7 are now available on the platform. PHP 8.5.7 includes security fixes (CVE-2026-44927, CVE-2026-44928) along with bug fixes. PHP 8.4.22 is a maintenance release with bug fixes and stability improvements. Updates will be applied automatically over the next few days, so no manual action is required.
Drupal has released a highly critical security update (CVSS 20/25) for Drupal core addressing SA-CORE-2026-004 (CVE-2026-9082). The vulnerability is a SQL injection flaw in Drupal's database abstraction API that only affects sites running on PostgreSQL. Drupal 7 is not affected.
No action is required to protect your Pantheon-hosted sites. Pantheon does not use PostgreSQL, so this vulnerability does not apply to sites hosted on Pantheon. Additionally, as a founding Platform Partner of the Drupal Steward program, Pantheon worked with the Drupal Security Team to implement platform-level mitigations prior to public disclosure.
Recommended update
We still recommend updating to the latest Drupal core patch release to keep your codebase aligned with upstream supported branches.
Patched releases for supported branches:
- Drupal 11.3.10 and 11.2.12
- Drupal 10.6.9 and 10.5.10
Emergency patches are also available for end-of-life branches 11.1.x, 10.4.x, 9.5.x, and 8.9.x — see the security advisory for details.
To apply the update, use one-click core updates in the Pantheon dashboard.
Solr 3 and Solr 8 removal schedule announced
Categories:
Today Pantheon announces a removal schedule for Solr 3 on February 9, 2027 and Solr 8 on July 11, 2027. Solr 9 will reach General Availability on June 30, 2026 ahead of these removals.
After a Solr version is removed from the platform, sites using that version will no longer be able to index content or return search results. Views, blocks, or other components that rely on Solr-powered search indexes may return no results or throw errors.
Solr 9 - General Availability: June 30, 2026
Solr 9 has been available as a Beta for Drupal 10 and 11 sites through search_api_pantheon version 8.5.0-beta1. Solr 9 Beta for Drupal 7 is now available as of May 12, 2026.
General Availability for Solr 9 is targeted for June 30, 2026.
Solr 3 - Removal: February 9, 2027
Solr 3 will be removed from the Pantheon platform on February 9, 2027. Solr 3 is a legacy search version that no longer receives security updates.
Previous milestones:
Drupal 7 sites still using Solr 3 must migrate to Solr 9 before this date. See the Solr for Drupal 7 guide for upgrade steps. WordPress sites should migrate to Elasticsearch or another supported search solution before January 11, 2027.
Solr 8 - Removal: July 11, 2027
Solr 8 (8.11.4) will be removed from the platform on July 11, 2027. Solr 9 supersedes Solr 8 with improved security defaults and other enhancements. Drupal 10 and 11 sites currently running Solr 8 should migrate to Solr 9 before this date. Upgrade instructions are available in the Solr 9 Beta announcement.
Action required
-
Drupal:
- Solr 3 sites: Migrate to Solr 9 before February 9, 2027.
- Solr 8 sites: Migrate to Solr 9 before July 11, 2027.
For guidance on upgrading, see Drupal Solr.
-
WordPress:
- Migrate to Elasticsearch before January 11, 2027.
PHP versions 8.2.31, 8.3.31, 8.4.21, and 8.5.6 are now available on the platform. These updates include important security fixes, along with bug fixes and enhancements that improve performance and stability. Updates will be applied automatically over the next few days, so no manual action is required.
As noted in our June 2025 release note, Drush 5 and 7 are no longer available on Pantheon, and pantheon.yml files retaining these retired values would eventually cause a git push to be rejected. That enforcement is now in effect.
Pantheon now rejects git push when drush_version is set to 5 or 7 in pantheon.yml. The supported values are 8, 9, and 10.
Validation runs whenever pantheon.yml changes are detected on push, including reverts. Sites with drush_version: 5 or 7 already committed are unaffected until the file is modified. A git revert or git reset that touches pantheon.yml will also trigger validation and be rejected if the retired values are present.
Action required
Customers with sites configured for Drush 5 or 7 should upgrade the Drush version in pantheon.yml to at least Drush 8:
Sites created with custom upstreams using these versions may also encounter errors on site creation or upstream updates if drush_version is still set to 5 or 7.
WordPress 6.9.4 available
Categories:
The latest version of WordPress, 6.9.4, is available on Pantheon as of today, March 11th, 2026.
This is a security release that addresses incomplete security fixes from the previous 6.9.2 and 6.9.3 releases. Three security vulnerabilities are fixed in this version:
- A PclZip path traversal issue
- An authorization bypass on the Notes feature
- An XXE (XML External Entity) vulnerability in the external getID3 library
Action required
Upgrade to WordPress 6.9.4 right from your Pantheon dashboard or Terminus to access the latest features, fixes, and security enhancements. See related documentation for how to apply core updates.
WordPress 6.9.2 and 6.9.3 available
Categories:
The latest version of WordPress, 6.9.3, is available on Pantheon as of yesterday, March 10th, 2026.
This version is an immediate follow up with fixes for bugs introduced in 6.9.2, which is a security release.
Action required
Upgrade to WordPress 6.9.3 right from your Pantheon dashboard or Terminus to access the latest features, fixes, and security enhancements. See related documentation for how to apply core updates.