Upgrade - GovCMSD7, GovCMSD8 & GovCMSD9 - April 2021
Scheduled Maintenance Report for GovCMS
Completed
The scheduled maintenance has been completed.
Posted Apr 30, 2021 - 08:00 AEST
In progress
Scheduled maintenance is currently in progress. We will provide updates as necessary.
Posted Apr 28, 2021 - 08:00 AEST
Scheduled
In response to a recent critical security advisory issued by Drupal.org. GovCMS updated the Drupal 7 (D7), Drupal 8 (D8) and Drupal 9 (D9) distributions on 22 April 2021.

GovCMS assessed this risk as it applied to ALL distributions. Subsequently the security risk remained critical.

No outages are expected to websites during the deployment process.

What is included in the update?

D7: 7.x-1.20 Drupal core from 7.78 to 7.80
D8: 8.x-1.16 Drupal core from 8.9.13 to 8.9.14
D9: 2.0.0-beta3 Drupal core from 9.1.6 to 9.1.7

Description

Drupal core's sanitisation API fails to properly filter cross-site scripting under certain circumstances.

Not all sites and users are affected, but configuration changes to prevent the exploit might be impractical and will vary between sites. Therefore, we recommend all sites update to this release as soon as possible.

See: https://www.drupal.org/sa-core-2021-002

When is deployments to projects

Deployments will be conducted throughout the daytime and into the evening from the date below:

D7: 7.x-1.20 28 April 2021
D8: 8.x-1.16 29 April 2021
D9: 2.0.0-beta3 n/a

What does the update remove from these distribution?

Nothing will be removed from ANY of the distributions in this update.

What support will be provided after these update?

The GovCMS D7, D8 and D9 distributions will continue to be supported after this update.

What actions must my organisation do now?

PaaS customers
Review the detailed information about this update.

If you manage your own distribution: this critical issue should have been assessed and addressed within 7 days of the original notification.

If you use the GovCMS D7, D8 or D9 distribution. You should aim to apply this update to your distribution as soon as possible.

Updated files were release on 22 April and are available from:
Drupal 7
Drupal.org:
https://www.drupal.org/project/govcms/releases/7.x-3.20

Github.com
https://github.com/govCMS/GovCMS7/releases/tag/7.x-3.20

Drupal 8
Drupal.org:
https://www.drupal.org/project/govcms8/releases/8.x-1.16
Github.com
https://github.com/govCMS/GovCMS8/releases/tag/1.16.0

Drupal 9
Github.com
https://github.com/govCMS/GovCMS/releases/tag/2.0.0-beta3

SaaS customers
All customers will need to check their site after the deployment to ensure there aren’t any issues.

More information

If you have any concerns, raise a ticket at https://www.govcms.support

For information on updates to the GovCMS platform, subscribe to https://status.govcms.support/.
Posted Apr 27, 2021 - 08:17 AEST
This scheduled maintenance affected: GovCMS Projects (Individual websites).
Current Status Powered by Atlassian Statuspage