All Systems Operational

About This Site

GovCMS: Content management and website hosting for the Australian government. Managed by the Department of Finance with service delivery partners Salsa Digital and amazee.io

GovCMS Hosting and Infrastructure Operational
90 days ago
99.99 % uptime
Today
Hosting Infrastructure (Amazon EKS) Operational
90 days ago
99.97 % uptime
Today
Akamai CDN cache Operational
90 days ago
100.0 % uptime
Today
AWS Compute (Sydney) Operational
90 days ago
99.97 % uptime
Today
AWS S3 Storage (Sydney) Operational
90 days ago
100.0 % uptime
Today
AWS LoadBalancer (Sydney) Operational
90 days ago
100.0 % uptime
Today
GovCMS E-mail relay (AWS Simple Email Service) Operational
90 days ago
100.0 % uptime
Today
HTTPS Redirect Service Operational
90 days ago
100.0 % uptime
Today
GovCMS Projects Operational
90 days ago
99.99 % uptime
Today
Individual websites ? Operational
GovCMS Sites Dashboard Operational
90 days ago
99.99 % uptime
Today
GovCMS Sites Logging System (OpenSearch) ? Operational
90 days ago
100.0 % uptime
Today
GovCMS GitLab ? Operational
90 days ago
100.0 % uptime
Today
Deployment Infrastructure ? Operational
90 days ago
99.97 % uptime
Today
Lagoon API Operational
90 days ago
100.0 % uptime
Today
GovCMS Service Desk (Freshdesk) ? Operational
90 days ago
100.0 % uptime
Today
Freshdesk email notifications Operational
90 days ago
100.0 % uptime
Today
Freshdesk search Operational
90 days ago
100.0 % uptime
Today
Freshdesk incoming emails Operational
90 days ago
100.0 % uptime
Today
Freshdesk outgoing emails Operational
90 days ago
100.0 % uptime
Today
Operational
Degraded Performance
Partial Outage
Major Outage
Maintenance
Major outage
Partial outage
No downtime recorded on this day.
No data exists for this day.
had a major outage.
had a partial outage.
Scheduled Maintenance
Regular Weekly Maintenance - GovCMS Feb 1, 22:00 - Feb 2, 06:00 AEDT
We are conducting regular maintenance on our systems.
Posted on Jan 25, 07:00 AEDT
Past Incidents
Jan 29, 2022

No incidents reported today.

Jan 28, 2022

No incidents reported.

Jan 27, 2022
Completed - The scheduled maintenance has been completed.
Jan 27, 10:49 AEDT
Scheduled -
Who is affected: GovCMS Drupal D9 community


Advice
GovCMS released the Drupal 9 (D9) distribution on Friday 21 January 2022. Deployment is scheduled to commence from Monday 24 January 2022 and will be conducted throughout the daytime and into the evening.
It addresses a recent security advisory issued by Drupal.org. GovCMS assessed the moderately critical risks as they applied to D9 distribution, subsequently the security risks remained moderately critical.
No outages are expected to websites during the deployment process.

What is included in the update?

* Drupal Core from 9.2.9 to 9.2.10 - https://www.drupal.org/project/drupal/releases/9.2.10
* Simple OAuth module from 5.0.5 to 5.2.0 - https://www.drupal.org/project/simple_oauth/releases/5.2.0, https://www.drupal.org/sa-contrib-2022-002
* Devel module from 4.1.1 to 4.1.3 - https://www.drupal.org/project/devel/releases/4.1.3
* Honeypot module from 2.0.1 to 2.0.2 - https://www.drupal.org/project/honeypot/releases/2.0.2
* Key module from 1.14 to 1.15.0 - https://www.drupal.org/project/key/releases/8.x-1.15
* Layout Builder Restrictions module from 2.9 to 2.11.0 - https://www.drupal.org/project/layout_builder_restrictions/releases/8.x-2.11
* Search API module from 1.20.0 to 1.21. - https://www.drupal.org/project/search_api/releases/8.x-1.21
* Swiftmailer module from 2.0.0 to 2.2.0 - https://www.drupal.org/project/swiftmailer/releases/8.x-2.2
* Swiftmailer library from 6.2.7 to 6.3.0 - https://github.com/swiftmailer/swiftmailer/releases/tag/v6.3.0
* Token module from 1.9.0. to 1.10.0 - https://www.drupal.org/project/token/releases/8.x-1.10

What modules are added/removed in the distribution?
Nothing was added/removed from the distribution


What support will be provided after these update?
The D9 distribution will continue to be supported after this update.



What actions must my organisation do now?

SaaS customers
All customers will need to check their site after the deployment to ensure there aren’t any issues.
!!! Important notice for customers with configuration management enabled
Once the deployment is completed you will need to export the new configurations files and commit them back to master. Deployments to all websites should be completed by 9am Tuesday 25 January 2022, you can confirm this at https://status.govcms.support



PaaS customers
If you use the GovCMS D9 distribution. You should aim to apply this update to your distribution as soon as possible.
Updated files released on Friday 21 January 2022 and are available from https://github.com/govCMS/GovCMS/releases/tag/2.8.0

More information

If you have any concerns, raise a ticket at https://www.govcms.support. Alternatively subscribe above to keep up to date with GovCMS notifications.
Jan 24, 09:57 AEDT
Jan 26, 2022
Completed - The scheduled maintenance has been completed.
Jan 26, 06:00 AEDT
In progress - Scheduled maintenance is currently in progress. We will provide updates as necessary.
Jan 25, 22:00 AEDT
Scheduled - We are conducting regular maintenance on our systems.
Jan 18, 07:00 AEDT
Jan 25, 2022
Jan 24, 2022

No incidents reported.

Jan 23, 2022

No incidents reported.

Jan 22, 2022

No incidents reported.

Jan 21, 2022

No incidents reported.

Jan 20, 2022

No incidents reported.

Jan 19, 2022
Completed - The scheduled maintenance has been completed.
Jan 19, 06:00 AEDT
In progress - Scheduled maintenance is currently in progress. We will provide updates as necessary.
Jan 18, 22:00 AEDT
Scheduled - We are conducting regular maintenance on our systems.
Jan 11, 07:00 AEDT
Jan 18, 2022
Completed - The scheduled maintenance has been completed.
Jan 18, 11:20 AEDT
In progress - Scheduled maintenance is currently in progress. We will provide updates as necessary.
Jan 17, 11:20 AEDT
Scheduled -

Who is affected: GovCMS Drupal 7 (D7) community



Advice
The latest GovCMS Drupal 7 (D7) distribution was released on 14 January 2022. Deployment is scheduled on 17 January 2022 and will be conducted throughout the daytime and into the evening. 


It addresses a recent moderately critical security advisory issued by Drupal.org. GovCMS assessed this risk as it applied to D7 distribution. Subsequently the security risk remained moderately critical. 
No outages are expected to websites during the deployment process. 


What is included in the update?
This release contains: WYSIWYG Module from 7.x-2.7 to 7.x-2.9


Description: SA-CONTRIB-2022-003 
 
The module doesn't sufficiently sanitize user input before attaching a WYSIWYG editor to an input field such as a text area. If the editor used has an XSS vulnerability this would allow for example a commenter to put specially crafted markup which could trigger the vulnerability when viewed in the editor by an administrator. 
 
This vulnerability is mitigated by the fact that an attacker must have a role with the permission to create content using a text format with an attached and XSS vulnerable rich text editor. 
See: Wysiwyg - Moderately critical - Cross site scripting - SA-CONTRIB-2022-003 | Drupal.org


What does the update remove from the GovCMS D7 distribution?
Nothing will be removed from the distribution in this update. 


What support will be provided for the GovCMS D7 distribution?
The GovCMS D7 distribution will continue to be supported after this update. 


 
Actions


SaaS customers
 All customers will need to check their site after the deployment to ensure there aren’t any issues.  
 
PaaS customers
Review the detailed information about this update.  





More information
If you have any concerns, raise a ticket at https://www.govcms.support. Alternatively subscribe above to keep up to date with GovCMS notifications.
Jan 17, 11:17 AEDT
Jan 17, 2022
Jan 16, 2022

No incidents reported.

Jan 15, 2022

No incidents reported.