[kwlug-disc] Drupal core - Highly critical - Remote Code Execution - SA-CORE-2018-002
Khalid Baheyeldin
kb at 2bits.com
Sun Apr 1 12:38:02 EDT 2018
I forgot to mention the most basic thing of Drupal security updates:
- Enable the 'Update manager' module (part of Core)
- Configure it for 'Daily checks'
- Enter an email address to notify when new versions are found
- Set it to notify 'Only security updates', so you don't get bothered by
non-security stuff
(Above assumes Drupal7, Drupal 8 will be similar with minor differences).
If you do this, you are covered for 99% of the cases.
You still need to subscribe to the security mailing list for that 1%,
because they give you a week's notice when a serious flaw is discovered
with the potential for mass automated exploits.
Like this PSA
https://www.drupal.org/psa-2018-001
That way, you know the day and time of the security release and set aside
some time for it, ahead of time.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://kwlug.org/pipermail/kwlug-disc_kwlug.org/attachments/20180401/8f3c5d91/attachment.htm>
More information about the kwlug-disc
mailing list