Skip to main content

Preparing for PSA-2018-001

An article from ComputerMinds - Building with Drupal in the UK since 2005
28th Mar 2018

Mike Dixon

Senior Mind

Drupal security patch b-movie poster

If you are reading this, then you are probably already aware of the impending security update that is due to drop this evening (UK time). At this stage, it is not clear quite how serious the security update is, we are hoping it's not at the level of Drupalgeddon (PSA-2014-003 - Oct '14) - but we are working on the assumption that it is.


So this means, we are aiming to get all sites we manage - including any test sites - secure and patched within 30 minutes of the release being made available.


Our developers are either starting late or finishing early today (Wednesday) in exchange for some of their time this evening. We have a clear plan of sites assigned to developers, everyone has a little tick list (mine is printed - I am oldskool) with the sites they need to do.


The plan is to assess the severity of the issue and make a quick decision on the approach. If we are dealing with a DEFCON 1 issue then the plan will be to 'hack' the patch direct onto the webroot of the live sites, and then sort out the proper build process once the sites are secure. We normally have a clear pull request based build workflow (requiring approval) to prevent code going live that shouldn't - but sometimes speed trumps process.


Hi, thanks for reading

ComputerMinds are the UK’s Drupal specialists with offices in Bristol and Coventry. We offer a range of Drupal services including Consultancy, Development, Training and Support. Whatever your Drupal problem, we can help.