Updates

The Meltdown vulnerability leaked out into public news a full week before patches were available for many distributions. When patches did become available, sometimes the patch caused further trouble.

Lots of stuff has been changing in Drupal 8 recently. In 8.3.0, a new experimental "layout discovery" module was added to core, which conflicted with the contrib "layout plugin" module.

When choosing any service provider, a crucial question is, "What happens if something goes wrong?" When you're choosing a hosting provider, we like to dig a bit deeper, and ask what risks are likely to be an issue for you?

Here are some of our questions:

Yesterday the Drupal security team gave a dire warning about extremely dangerous security vulnerabilities in multiple contributed modules. The fixes, and the details, would be released at 9am Pacific Time today.

Just a quick note of how we resolved an issue related to an upgrade to Date.

A question came across the Drupal Developer's list today asking whether Drupal could auto-update itself, like WordPress. As someone who thinks about security a lot, the very thought of this horrifies me.

It's a bad idea for several reasons, but the biggest reason:

Backups are the safety net and an absolute requirement. But the next most important part is doing what you can to stay out of trouble. We've all become accustomed to security updates on our computers. Today every operating system has an update system, and a huge number of attacks are on vulnerabilities that have fixes released but people have neglected to apply.