When it comes to security, Drupal is one of the most secure Content Management Systems. The solidity of this CMS platform is why most Governments prefer to build their websites on Drupal. Some of the top Drupal websites include The White House (USA), Official website of the French Government, Australian and other popular websites like Twitter, Nokia, Harvard University, Stanford University, NASA and many more.
Usually, Drupal core security updates are released once in a month but in case of a security vulnerability, there will be an immediate release.
What Are Security Updates?
According to Drupal.org docs, any software comes with bugs and sometimes they are security-related bugs. When these security bugs are fixed in the Drupal core modules, Contributed modules and themes, they are released as a Security Update. Drupal security team, a team of Drupal developers, volunteer to track and release these security updates. Why keeping tabs on security updates is important? Regular updates may include adding a new feature to the existing module and/or fix an existing bug which is not related to security. These updates are not mandatory but will help you to get rid of the existing issues or adds additional abilities to your existing module. This will allow you to explore and extend Drupal capabilities with feature-enhancements.
But when it comes to a security update, it is a must and never an option for any given site if you don’t want to compromise the security of your website.
How To Get Notified?
As a site admin, you can get notified in the Drupal admin panel by navigating to navigate to “/admin/reports/status”
Also, you can get to know about the latest security update in this page - https://drupal.org/security/
Login to https://drupal.org/ under “My Account” Click “edit” and then navigate to “My Newsletters” and enable the checkbox next to “Security announcements” and hit save. You will now receive an email whenever a security update is released.
But, the easiest way to get notified on the security update is by subscribing to one of our Maintenance plans. We will send you a periodic notification based on the plan you chose.
P.S. Premium plan users may see their website getting updated to the latest security version even before they read the notification email.
Site Maintenance is very crucial than creating a website. We should be more keen on keeping our website up to date.
Drupal 8 Site Owners
Update to 8.7.0 to continue receiving bug fixes. The next bugfix release (8.7.1) is scheduled for June 5, 2019. (See the release schedule overview for more information.) As of this release, sites on Drupal 8.5 will no longer receive security coverage. (Drupal 8.6 will continue receiving security fixes until December 4, 2019.)
Note that new Drupal 8.7.0 installs now require at least PHP 7.0.8. Existing sites still work on at least PHP 5.5.9 for now, but will display a warning. Drupal security updates will begin requiring PHP 7 as early as Drupal 8.8.0 (December 2019). Hence, all users are advised to update to at least PHP 7.0.8 now.
Updating your site from 8.6.15 to 8.7.0 with update.php is exactly the same as updating from 8.6.14 to 8.6.15. Drupal 8.7.0 also has updates to several dependencies. Modules, themes, and translations may need updates for these and other changes in this minor release. Hence, it’s best to test the update carefully before updating your production site. Read the 8.7.0 release notes for a full list of changes that may affect your site.
Drupal 6 & 7 Site Owners
Drupal 7 is fully supported by the community until November 2021 and will continue to receive bug and security fixes throughout this period. From November 2021 until at least November 2024, the Drupal 7 Vendor Extended Support program will be offered by vendors.
Drupal 6 Is No Longer Supported.
You can now use the stable migration path for monolingual Drupal 6 and 7 sites with the built-in upgrade user interface. For multilingual sites, there is experimental support. Please keep testing and reporting any issues you may find.