Deployment of D9 2.22.0 is complete for production sites and is now commencing on non-production sites. The deployment block has now been lifted.
Posted Oct 05, 2022 - 12:28 AEDT
In progress
Scheduled maintenance is currently in progress. We will provide updates as necessary.
Posted Oct 05, 2022 - 05:00 AEDT
Scheduled
Advice - Who is affected: GovCMS Drupal 9 (D9) community - Distribution was updated on Tuesday 4 October 2022 - It addresses a recent security advisory issued by Drupal.org - It impacts Drupal core’s code that extends the Twig third-party library for content templating and sanitization. For more information Twig has also released a security update and has rated the vulnerability as high severity. - Nothing was added/removed from the distribution - No outages are expected to websites during the deployment process. - The D9 distribution will continue to be supported after this update. - If you have any concerns, raise a ticket at https://www.govcms.support
Deployment schedule plan: - Commence from 5am Wednesday 5 October 2022 - Conducted throughout the daytime and into the evening. - Production branches completed by 10am Thursday 6 October 2022 - Non-Production branches completed by 10am Friday 7 October 2022
❗ IMPORTANT NOTICE 1: deployments during maintenance window - During the scheduled maintenance window, ALL D9 SaaS deployments will be blocked while we deploy to the D9 Production branches. - PaaS and D7 deployments schedules are not impacted.
❗ IMPORTANT NOTICE 2: update local environments - Ensure you update your local environments to the latest release. Not rebasing your codebase results in mismatched database configuration causing errors in forklifts and deployments.
❗ IMPORTANT NOTICE 3: for customers with configuration management enabled - The latest configuration from your production database has been created for you in GitLab in a branch called action-required/latest-config-export. - You need to review and test the changes in the merge request. Once you are satisfied, please check the “Delete source branch” box and click “Merge”. - This MUST be done before any new commits. - All subsequent deployments will be blocked in the CI pipeline until this merge request branch is deleted - Not merging the latest configuration provided could result in your new database configuration reverting to an older version when you next deploy, potentially causing issues for your website. - If no merge request is lodged after a release then no configuration has changed and no further action is required.
Information for PaaS customers - If you use the GovCMS D9 distribution. You should aim to apply this update to your distribution as soon as possible. - Updated files will be available from https://github.com/govCMS/GovCMS/releases/tag/2.22.0
❗ IMPORTANT NOTICE 4: copy default.services.yml prior to updating - This release includes a change to default.services.yml. - It adds a twig.config.allowed_file_extensions configuration setting to restrict file types that may be loaded with Twig for security. - Site owners should make a copy of their default.services.yml prior to updating to ensure any custom modifications are retained. - Following this release, by default, Twig may load the following file types: .css ; .html ; .js ; .svg ; .twig - If your site, module, or theme must load additional file types via Twig, consult the documentation for twig.config.allowed_file_extensions in default.services.yml.
Posted Oct 04, 2022 - 13:19 AEDT
This scheduled maintenance affected: GovCMS Projects (Individual websites).