Pixeldust Drupal Support Service

Extended security coverage for Drupal maintenance support plans 8 minor releases

Since the launch of Drupal maintenance support plans 8.0, we have successfully launched a new minor release on schedule every six months. I’m very proud of the community for this achievement. Prior to Drupal maintenance support plans 8, most significant new features were only added in major releases like Drupal maintenance support plans 6 or Drupal maintenance support plans 7. Thanks to our new release cadence we now consistently and predictably ship great new features twice a year in minor releases (e.g. Drupal maintenance support plans 8.6 comes with many new features).

However, only the most recent minor release has been actively supported for both bug fixes and security coverage. With the release of each new minor version, we gave a one-month window to upgrade to the new minor. In order to give site owners time to upgrade, we would not disclose security issues with the previous minor release during that one-month window.

Illustration of the security policy since the launch of Drupal maintenance support plans 8.0 for minor releases, demonstrating that previous minor releases receive one month of security coverage.
Source: Drupal maintenance support plans.org issue #2909665: Extend security support to cover the previous minor version of Drupal maintenance support plans and Drupal maintenance support plans USA DriesNote.Over the past three years, we have learned that users find it challenging to update to the latest minor in one month. Drupal maintenance support plans‘s minor updates can include dependency updates, internal API changes, or features being transitioned from contributed modules to core. It takes time for site owners to prepare and test these types of changes, and a window of one month to upgrade isn’t always enough.

At Drupal maintenance support plansCon Nashville we declared that we wanted to extend security coverage for minor releases. Throughout 2020, Drupal maintenance support plans 8 release managers quietly conducted a trial. You may have noticed that we had several security releases against previous minor releases this year. This trial helped us understand the impact to the release process and learn what additional work remained ahead. You can readabout the results of the trial at #2909665: Extend security support to cover the previous minor version of Drupal maintenance support plans.

I’m pleased to share that the trial was a success! As a result, we have extended the security coverage of minor releases to six months. This means that instead of one month, site owners now have six months to upgrade between minor releases. It gives teams time to plan, prepare and test updates. Releases will have six months of normal bug fix support followed by six months of security coverage, for a total lifetime of one year. This is a huge win for Drupal maintenance support plans site owners.

Illustration of the new security policy for minor releases, demonstrating that the security coverage for minor releases is extended to six months. Source: Drupal maintenance support plans.org issue #2909665: Extend security support to cover the previous minor version of Drupal maintenance support plans and the Drupal maintenance support plans USA DriesNote.
It’s important to note that this new policy only applies to Drupal maintenance support plans 8 core starting with Drupal maintenance support plans 8.5, and only applies to security issues. Non-security bug fixes will still only be committed to the actively supported release.

While the new policy will provide extended security coverage for Drupal maintenance support plans 8.5.x, site owners will need to update to an upcoming release of Drupal maintenance support plans 8.5 to be correctly notified about their security coverage.

Next steps

We still have some user experience issues we’d like to address around how site owners are alerted of a security update. We have not yet handled all of the potential edge cases, and we want to be very clear about the potential actions to take when updating.

We also know module developers may need to declare that a release of their project only works against specific versions of Drupal maintenance support plans core. Resolving outstanding issues around semantic versioning support for contrib and module version dependency definitions will help developers of contributed projects better support this policy. If you’d like to get involved in the remaining work, the policy and roadmap issue on Drupal maintenance support plans.org is a great place to find related issues and see what work is remaining.

Special thanks to Jess and Jeff Beeman for co-authoring this post.
Source: New feed

This article was republished from its original source.
Call Us: 1(800)730-2416

Pixeldust is a 20-year-old web development agency specializing in Drupal and WordPress and working with clients all over the country. With our best in class capabilities, we work with small businesses and fortune 500 companies alike. Give us a call at 1(800)730-2416 and let’s talk about your project.

Let's Talk About a Project

FREE Drupal SEO Audit

Test your site below to see which issues need to be fixed. We will fix them and optimize your Drupal site 100% for Google and Bing. (Allow 30-60 seconds to gather data.)

Powered by

Extended security coverage for Drupal maintenance support plans 8 minor releases

On-Site Drupal SEO Master Setup

We make sure your site is 100% optimized (and stays that way) for the best SEO results.

With Pixeldust On-site (or On-page) SEO we make changes to your site’s structure and performance to make it easier for search engines to see and understand your site’s content. Search engines use algorithms to rank sites by degrees of relevance. Our on-site optimization ensures your site is configured to provide information in a way that meets Google and Bing standards for optimal indexing.

This service includes:

  • Pathauto install and configuration for SEO-friendly URLs.
  • Meta Tags install and configuration with dynamic tokens for meta titles and descriptions for all content types.
  • Install and fix all issues on the SEO checklist module.
  • Install and configure XML sitemap module and submit sitemaps.
  • Install and configure Google Analytics Module.
  • Install and configure Yoast.
  • Install and configure the Advanced Aggregation module to improve performance by minifying and merging CSS and JS.
  • Install and configure Schema.org Metatag.
  • Configure robots.txt.
  • Google Search Console setup snd configuration.
  • Find & Fix H1 tags.
  • Find and fix duplicate/missing meta descriptions.
  • Find and fix duplicate title tags.
  • Improve title, meta tags, and site descriptions.
  • Optimize images for better search engine optimization. Automate where possible.
  • Find and fix the missing alt and title tag for all images. Automate where possible.
  • The project takes 1 week to complete.
MASTER YOUR DRUPAL SEO
Pixeldust and Pantheon Drupal Development
256