![]() If they are left untouched, upgrading is a painless experience. It maybe quicker to make changes to contributed modules or Drupal core, but this leads to a long term nightmare for keeping your core base up to date. Don’t hack contributed modules or core code. Instead, run them on your local version (or another dev version) and ensure nothing breaks before applying to the production site. You should not run these commands directly on the production site. drush updatedb (alias: updb) Run the pending database updates.drush pm-updatecode (alias: upc) - Update the code.If you’d rather not run pending database updates at the same time as updating the code, you can run these two commands instead. Run the updates in one stepĭrush pm-update (alias: up) - update Drupal core, modules and themes and run any pending database updates Run the updates in two steps You can then go and check the release notes to see what has changed. Pm-update –pipe (alias: up –pipe) - lists projects that need to updated. To make this a painless experience, you can use a couple of Drush commands instead. You can download Drupal core and modules from and manually apply them to your Drupal codebase. I’ve put a recurring task in my todo manager for every Wednesday. This meant that you only had 7 hours to update and be safe from potential attack. The first known attack following the Oct 15th security advisory happened within 7 hours. That didn’t used to be much of a problem. With larger companies, deploying an update needs to fit into a regular deployment timeline, so it could take many days or even weeks. In the past, we had a day or two to apply updates and still be safe. When a security update is announced, apply it as soon as it is humanly possible. Pro tip: for performance reasons, it is better to have the Update Manager module enabled and running on a dev or staging site than the production site. ![]() You can get notified when updates are available by adding your email address here: /admin/reports/updates/settings The update report (available here: admin/reports/status) will alert you to problems with your Drupal site, including security issues such as out of date modules, Drupal core or database updates that need to be run. RSS feeds: core, contribute, public service announcements.Email list - log in to, go to your user profile page and subscribe to the security newsletter on the Edit » My newsletters tab.You can get security advisories from these places: This is how you get alerted to security updates as soon as they are announced. If you are not already following Drupal security news, it is time to start now. Here are eleven tips to ensure your modules and core code are up to date with the latest security releases. Last month’s announcement of a SQL Injection vulnerability and subsequent announcement of automated attacks within 7 hours caused wide spread panic across much of the Drupal community. Keeping your Drupal site up to date has always been of critical importance to ensure it remains secure.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |