Hello everybody! You might've experienced some changes of the project settings interface already - here’s the broad summary of what makes Drop Guard more efficient and more powerful now: composer package manager mode, speeding up the setup of update type behaviors (with a short mode option) and live site monitoring.
Drop Guard is in a continuous process of optimization and development. As it is still a unique platform concept on the market place, we started years ago with a sketchy blueprint of what Drop Guard is today - and rather will be in future. With this post I will give you a quick overview of what is planned and something which is a little secret between you and me.
Two days ago another highly critical security update affected Drupal and many other CMS systems. It was the PHPMailer Library which leaves millions of websites vulnerable to the remote exploit (see https://www.drupal.org/psa-2016-004 for details). In comparison to Drupalgeddon which had a risk of 25/25 this update has 23/25. BUT there are some things which make this update even riskier than Drupalgeddon:
Being casual about open source security is not funny. Headlines like the Panama Papers this year showed that an improvident dealing with security and updates can cause a huge damage. Fees are still a crucial reason for people to hesitate to secure their business by using charged services. This is not a pitty - this is grave.
There are many people out there who give a lot without receiving a reward. They see more benefits in helping and strengthen people, any kind of living being or purpose than in a regular salary.
As always, Drupal Security Team did an excellent job and the news on the security vulnerabilities reported on Wednesday wasn't a bombshell for most of us. Everyone had a chance to prepare and pre-allocate resources to take all measures necessary to patch the supported websites.
A quick recap for those who missed the buzz or just slowly waking up right now.