Notifying our clients about security updates for Drupal Core
Drupal receives security updates several times a year, and we always apply them as soon as possible. Since Drupal security issues can make the headlines, it's important that site owners know that their site is secure and up to date - it provides for peace of mind and for pride in an excellent site.
We decided this year to ensure that clients know about security updates to Drupal Core on their site. Via a quick email, we plan to let site owners know not only that an update has happened, but what was affected and how it worked. Keeping site owners in the loop helps them feel more involved and more positive about their site, and that's a good thing for everyone.
Notifying about every contrib module update would be far too much, but we hope that keeping in touch about Drupal Core security updates will foster just the right amount of awareness and involvement. Including a plain English (where possible!) explanation of the vulnerability and a link to the PSA on Drupal.org should provide for some good understanding and interest.
This comes as part of our initiative to generally communicate with all our clients a little better, about big things and small things. This week was the first time we've communicated with site owners in this format, but we hope that it'll be well received.
As always, feel free to ask any questions via Redmine, Slack, Skype, email or telephone.
Mike & the ComputerMinds