![]() ![]() Insecure: Metadata about what versions of the affected project are known insecureīelow are possible points that should be checked to decide whether a site is ready for an upgrade or not. Is_psa: The flag which indicates that the post is a PSA (and not another kind of Security Advisory) Project: the short name of the project the PSA is for That feed includes values for the following: When a PSA is released, site owners should review their sites to verify they are up to date with the latest releases and the site is in a good state to quickly update once the fixes are provided to the community.ĭ provides a JSON feed of Drupal Public Security Announcements to be consumed by the automatic updates module. Public service announcements (PSAs)Īnnouncements for highly critical security releases for core and contrib modules are done infrequently. The goal is to implement a secure system for automatically installing updates in Drupal, lowering the total cost of ownership of maintaining a Drupal site, and improving the security of Drupal sites. Supporting contributed module automatic updates Providing an A/B front-end controller for more robust testing/roll-back features Updates that contain database updates will cause a rollback of the update. ![]() In this first phase, the Automatic Updates module includes the Public Service Announcement and Readiness Check features and can apply In-Place Updates manually or on cron. Securing the update packages with a signing systemĪpplying the updates, manually or automatically, with roll-back Providing an extensible update readiness check system Providing a JSON feed of Drupal Public service announcements from ĭisplaying PSAs in the Drupal admin interface Currently, Automatic Updates is divided into the following two phases out of which, phase I is now stable. Since the work for Automatic Updates is so vast, tasks are being worked in phases. If successful, it would secure a lot of vulnerable Drupal sites.Ĭurrently, the Automatic Update feature is being developed as a contributed module and eventually, it will be shipped into Drupal core as an experiment and finally if all goes well it could land as a new Drupal core feature. There have been talks since the past few years about automating the Drupal core updates, thus a Drupal core strategic initiative was formed “Automatic Updates”. What if we had a process where Drupal could automatically update itself removing the vulnerability altogether.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |