Update - Advice Advice:
GovCMS released updates to the Drupal 10 (D10) and Drupal 11 (D11) distributions on Thursday 21 May 2026. Deployments are scheduled to commence from 7:00am Thursday 21 May 2026 and will be conducted throughout the day.
It addresses a recent security advisory issued by Drupal.org. GovCMS assessed the HIGHLY CRITICAL risk as they applied to both distributions, subsequently the security residual risk remained HIGHLY CRITICAL. This vulnerability only affects sites using PostgreSQL. However, the third-party dependencies updates, such as Symfony and Twig, in this release apply to all sites. The D10 and D11 distributions will continue to be supported after this update.
PaaS customers should also treat this as HIGHLY CRITICAL and continue their deployments today.
As preventative preparation for this release, where shield was be not already enabled on SaaS non-production environments – it was enabled on 20 May 2026. This change will be rolled back during the release window.
Core Updates:
- Drupal Core from 10.5.9 to 10.5.10
- Drupal Core from 11.3.8 to 11.3.10
- https://www.drupal.org/sa-core-2026-004
Deployment schedule:
- Production environments completed by 10:00am (AEST) Friday 22 May 2026.
- Non-Production environments completed by 10:00am (AEST) Saturday 23 May 2026.
PaaS Advice:
Update your codebase to ensure you are running the latest platform base images and packages, and stay aligned to GovCMS best practice.
GovCMS distributions:
- latest files released on 21 May 2026
- D10 Available from https://github.com/govCMS/GovCMS/releases/tag/3.29.2
- D11 Available from https://github.com/govCMS/GovCMS/releases/tag/4.3.2
GovCMS lagoon:
- latest files released on 21 May 2026
- D10 available from https://github.com/govCMS/lagoon/releases/tag/10.5.6.1
- D11 available from https://github.com/govCMS/lagoon/releases/tag/11.3.4.1
GovCMS scaffold:
- latest files released on 8 December 2025
- available from https://github.com/govCMS/scaffold/releases/tag/4.0.0
GovCMS scaffold-tooling:
- latest files released on 9 April 2026
- available from https://github.com/govCMS/scaffold-tooling/releases/tag/6.0.7
May 21, 2026 - 07:05 AEST
GovCMS released updates to the Drupal 10 (D10) and Drupal 11 (D11) distributions on Thursday 21 May 2026. Deployments are scheduled to commence from 7:00am Thursday 21 May 2026 and will be conducted throughout the day.
It addresses a recent security advisory issued by Drupal.org. GovCMS assessed the HIGHLY CRITICAL risk as they applied to both distributions, subsequently the security residual risk remained HIGHLY CRITICAL. This vulnerability only affects sites using PostgreSQL. However, the third-party dependencies updates, such as Symfony and Twig, in this release apply to all sites. The D10 and D11 distributions will continue to be supported after this update.
PaaS customers should also treat this as HIGHLY CRITICAL and continue their deployments today.
As preventative preparation for this release, where shield was be not already enabled on SaaS non-production environments – it was enabled on 20 May 2026. This change will be rolled back during the release window.
Core Updates:
- Drupal Core from 10.5.9 to 10.5.10
- Drupal Core from 11.3.8 to 11.3.10
- https://www.drupal.org/sa-core-2026-004
Deployment schedule:
- Production environments completed by 10:00am (AEST) Friday 22 May 2026.
- Non-Production environments completed by 10:00am (AEST) Saturday 23 May 2026.
PaaS Advice:
Update your codebase to ensure you are running the latest platform base images and packages, and stay aligned to GovCMS best practice.
GovCMS distributions:
- latest files released on 21 May 2026
- D10 Available from https://github.com/govCMS/GovCMS/releases/tag/3.29.2
- D11 Available from https://github.com/govCMS/GovCMS/releases/tag/4.3.2
GovCMS lagoon:
- latest files released on 21 May 2026
- D10 available from https://github.com/govCMS/lagoon/releases/tag/10.5.6.1
- D11 available from https://github.com/govCMS/lagoon/releases/tag/11.3.4.1
GovCMS scaffold:
- latest files released on 8 December 2025
- available from https://github.com/govCMS/scaffold/releases/tag/4.0.0
GovCMS scaffold-tooling:
- latest files released on 9 April 2026
- available from https://github.com/govCMS/scaffold-tooling/releases/tag/6.0.7
May 21, 2026 - 07:05 AEST
Update - GovCMS has assessed the HIGHLY CRITICAL risk as they applied to both distributions. The vulnerability only affects sites using PostgreSQL, given the upstream Symfony and Twig dependencies associated with this release, we continue to consider this update to be HIGHLY CRITICAL.
GovCMS is working on hotfixes to the distributions, and will be proceeding with this morning’s deployments. PaaS customers should also treat this as HIGHLY CRITICAL and continue their deployments today.
May 21, 2026 - 05:03 AEST
GovCMS is working on hotfixes to the distributions, and will be proceeding with this morning’s deployments. PaaS customers should also treat this as HIGHLY CRITICAL and continue their deployments today.
May 21, 2026 - 05:03 AEST
In progress - Scheduled maintenance is currently in progress. We will provide updates as necessary.
May 21, 2026 - 03:00 AEST
May 21, 2026 - 03:00 AEST
Scheduled - Advice
We would like to inform you of an upcoming GovCMS Drupal 10 (D10) and Drupal 11 (D11) release and deployment. It will address DSA advisory PSA-2026-05-18 (https://www.drupal.org/psa-2026-05-18). Release notes will be sent out on 22 May 2026.
In preparation for this release, shield will be enabled on all non-production environments from 20 May 2026. If you are unsure of the shield credentials, please raise a service desk ticket.
As a reminder, a SaaS deployment block is in place ONLY while we update the production branches. During this time, you will still be able to develop and deploy to non-production feature branches. We are wanting to give you as much lead time as possible, should you need to adjust your timeframes.
PaaS deployments schedules are not impacted.
Deployment schedule:
- Deployment to commence from 3am Thursday 21 May 2026 and will be conducted throughout the daytime.
- Production branches completed by 10am Friday 22 May 2026
- Non-Production branches completed by 10am Saturday 23 May 2026
PaaS Actions
It is very important that you make plans to address this advisory (https://www.drupal.org/psa-2026-05-18) on Thursday morning 21 May 2026. We also strongly advise that you turn on shield for all non-productions environments.
If you have any concerns, raise a ticket at https://www.govcms.support
May 21, 2026 03:00 - May 25, 2026 07:00 AEST
We would like to inform you of an upcoming GovCMS Drupal 10 (D10) and Drupal 11 (D11) release and deployment. It will address DSA advisory PSA-2026-05-18 (https://www.drupal.org/psa-2026-05-18). Release notes will be sent out on 22 May 2026.
In preparation for this release, shield will be enabled on all non-production environments from 20 May 2026. If you are unsure of the shield credentials, please raise a service desk ticket.
As a reminder, a SaaS deployment block is in place ONLY while we update the production branches. During this time, you will still be able to develop and deploy to non-production feature branches. We are wanting to give you as much lead time as possible, should you need to adjust your timeframes.
PaaS deployments schedules are not impacted.
Deployment schedule:
- Deployment to commence from 3am Thursday 21 May 2026 and will be conducted throughout the daytime.
- Production branches completed by 10am Friday 22 May 2026
- Non-Production branches completed by 10am Saturday 23 May 2026
PaaS Actions
It is very important that you make plans to address this advisory (https://www.drupal.org/psa-2026-05-18) on Thursday morning 21 May 2026. We also strongly advise that you turn on shield for all non-productions environments.
If you have any concerns, raise a ticket at https://www.govcms.support
May 21, 2026 03:00 - May 25, 2026 07:00 AEST
About This Site
GovCMS: Content management and website hosting for the Australian government. Managed by the Department of Finance with service delivery partners Salsa Digital and amazee.io
GovCMS Hosting and Infrastructure
Operational
Hosting Infrastructure (Amazon EKS)
Operational
Akamai CDN cache
Operational
AWS Compute (Sydney)
Operational
AWS S3 Storage (Sydney)
Operational
AWS LoadBalancer (Sydney)
Operational
GovCMS E-mail relay (AWS Simple Email Service)
Operational
HTTPS Redirect Service
Operational
GovCMS Projects
Under Maintenance
Individual websites
Under Maintenance
GovCMS Sites Dashboard
Operational
GovCMS Sites Logging System (OpenSearch)
Operational
GovCMS GitLab
Operational
Deployment Infrastructure
Operational
Lagoon API
Operational
Akamai API
Operational
Lagoon tasks
Operational
GovCMS Service Desk (Freshdesk)
Operational
Freshdesk email notifications
Operational
Freshdesk search
Operational
Freshdesk incoming emails
Operational
Freshdesk outgoing emails
Operational
Other
Operational
Pygmy
Operational
Docker Desktop
Operational
Operational
Degraded Performance
Partial Outage
Major Outage
Maintenance
Major outage
Partial outage
No downtime recorded on this day.
No data exists for this day.
had a major outage.
had a partial outage.
Scheduled Maintenance
Regular Weekly Maintenance - GovCMS May 26, 2026 22:00 - May 27, 2026 05:00 AEST
We are conducting regular maintenance on our systems. The maintenance will last for 7 hours.
Posted on May 19, 2026 - 06:00 AEST
Posted on May 19, 2026 - 06:00 AEST