Monday, April 30, 2018

New comment by mattferderer in "Drupal Remote Code Execution vulnerability exploited widely"

A giant warning label should be required for Drupal, Wordpress & any CMS that offers a large market of plugins.

"Plugins are dependencies that if not maintained actively, may cause you to fall behind on updating the core CMS. Not keeping your CMS up to date will crush your website if an emergency security patch comes out & you can't update to it."

I get that this could be said with any framework or code base, but as someone whose job is to update a couple Drupal sites, I've almost been burned on this way to many times. Content editors rely on a plugin. That plugin isn't getting updated as fast as it should & Drupal introduced breaking changes so the plugin won't work with the new Drupal version. We have to hold back an update until the plugin gets patched. Fortunately I had just finished updating our sites before this security announcement.

The best advice I can give to anyone managing multiple Drupal sites would be pick your plugins carefully, make sure you have a testing server, make sure you can set aside some time each month to run updates & fix the many issues created by those updates, and create integration tests.

from Hacker News: "WordPress" comments https://ift.tt/2r2XbT1
via IFTTT

No comments:

Post a Comment

Show HN: rtrvr.ai – AI Web Agent for Automating Workflows and Data Extraction

Hey HN, I'm excited to share rtrvr.ai, a Chrome extension that brings the power of AI agents to your everyday web browsing. It's de...