As of March 2026, Drupal 11.3.5 is the latest patch release within the Drupal 11.3 minor version. While Drupal 11.0 brought the structural changes, 11.3 represents the "polished" version of the platform, specifically optimized for high-performance enterprise needs.
Single Directory Components (SDC): Now fully stable, allowing developers to bundle Twig, CSS, and JS into one folder. This is a huge win for theme modularity.
AI Integration: The "Drupal AI" initiative is dominating conversations (especially at the recent Drupal Dev Days 2026). Mention how the new AI-assisted migration tooling and semantic search are becoming core-adjacent features.
Performance: Drupal 11 now officially requires PHP 8.3, which offers up to a 50% performance boost in some backend operations compared to older versions.
Keep your users safe by highlighting these recent security advisories (SAs) from earlier this month:
SA-CONTRIB-2026-030 (Automated Logout): A moderately critical CSRF vulnerability was patched on March 18.
SA-CONTRIB-2026-029 (Unpublished Node Permissions): A critical access bypass fix for translated nodes.
SA-CONTRIB-2026-028 (AI Module): A fix for a potential information disclosure involving LLM requests.