CleanTalk Releases Anti-Spam Module 9.7.0 for Drupal

Version 9.7.0 of the Anti-Spam module for Drupal has been released by CleanTalk, introducing a security update alongside multiple stability and compatibility fixes. The stable release was published on 25 February 2026 and is compatible with Drupal versions 8.8, 9, 10 and 11.

The release addresses a moderately critical cross-site scripting vulnerability tracked in Drupal’s security advisory SA-CONTRIB-2026-014. Alongside the security fix, the update includes improvements to the module’s Spam FireWall (SFW) system, cookie handling, settings management and database checks.

Several fixes focus on improving stability and performance. These include preventing duplicated cookie settings that could overload Varnish caches, resolving issues in custom node creation protection, correcting SQL errors in the Spam FireWall user-agent update process, and improving AntiFlood constructor handling. The release also updates internal CleanTalk libraries and introduces compatibility fixes for PHP 8.4.

Additional adjustments refine configuration and logging behaviour, including improvements to settings saving, readable debug timestamps and clearer reporting when Spam FireWall errors occur. The update also adds an option for forcing direct Spam FireWall updates while extending diagnostic logging.

Anti-Spam by CleanTalk provides automated spam protection for Drupal sites without requiring CAPTCHA or reCAPTCHA challenges. The module filters comments, registrations and web-form submissions, while its Spam FireWall component blocks known spambots before they reach the site and an Anti-Crawler system manages bot access.

According to the project page, more than 10,000 Drupal sites report using the module. The project was created by Alexey Znaev and was first introduced on 21 October 2013.