Thread tagged as: Discussion


Again, thank you for making this latest security threat as easy to patch as you possibly could. It took very little time to patch 20 of my sites.

I understand and agree with your policy on auto-updates. The cons outweigh the pros and I would rather update to latest Perch releases manually on local/staging so that I can test. I was wondering, however, if security patches might be a different matter? For something like this security patch, would it be possible to add to the Diagnostics page a 'Security Patch' button and a description of the security threat that is only visible if a security patch is needed? It seems to me that something as simple as this latest patch could be easily implemented by such automated functionality. Tying it in with scheduled tasks would be even more awesome!

What do you all think?

Shane Lenzen

Shane Lenzen 18 points

  • 5 years ago
Drew McLellan

Drew McLellan 2638 points
Perch Support

Hmm, the tricky bit would be making everything writable by PHP, which in itself could lead to security issues.

Ah, I've become so accustomed to SuPHP that I forgot all about that issue.