security updates for apps

hendrikvl

@girish The release notes of wordpress 5.4.1 mention security issues at least.

My question was of more general nature though and I took this wordpress release as an example only. But if I understand you correctly, you guys have a way to push updates faster, in case they contain security fixes with a high criticality?

Having more control as an admin would be nice of course. If I read about a security issue in an app of which I think it might affect my site, I should be able to update. As your post shows, you are quite quick in packaging a new version.

mehdi

Slowly rolling-out automatic updates, but allowing manual updates immediately, seems a great idea to me.

micmc

@d19dotca

Actually you can!
Click on the gear and go to Updates, check for updates, update.
That's it.

Andy

A Former User

@micmc That would just apply any updates already made available by the Cloudron team.

The point is making all upstream updates available for manual installation.

girish

@hendrikvl said in security updates for apps:

But if I understand you correctly, you guys have a way to push updates faster, in case they contain security fixes with a high criticality?

The Cloudron update model is "pull based". Cloudron installations pull updates from cloudron.io periodically. There is no mechanism to push update from our side (intentionally). A pull model keeps the cloudron installations in total control, which is how we want it.

What we do now is that when a Cloudron installation asks for an update, we check for some simple flags to decide if it should be given an update or not. That's really it. Over the course of a week, some are given an update and some are not. The main reason for this rollout style is that if we break something, it only breaks small number of instances and not everything simultaneously.

I will look into how we can provide the app update for all installations immediately but do automatic roll out over a week at the same time.

hendrikvl

@girish said in security updates for apps:

Over the course of a week, some are given an update and some are not. The main reason for this rollout style is that if we break something, it only breaks small number of instances and not everything simultaneously.

That's what I meant with "push". Of course my Cloudron polls, but your server decides whether I receive an update or not.

So let me rephrase my question: If there is an app update which contains security fixes of high criticiality, does the same "over the course of a week" mechanism apply? Or would all Cloudrons which poll for an update receive it immediately?

girish

@hendrikvl said in security updates for apps:

So let me rephrase my question: If there is an app update which contains security fixes of high criticiality, does the same "over the course of a week" mechanism apply?

Yes, there is no priority queue for updates. All updates are treated the same.

will

@girish What about a menu in the settings for "update channels"?
You guys get data from all your customers, maybe pushing the updates to all us eager beavers causes more headaches than its worth. But I'd be clicking a button that fed me the updates asap for sure. I've email you guys a few times about pushing me a newly released Cloudron release manually. Having a "beta test" sign up sheet might be helpful. I'm in a position where all my nextcloud and bitwarden stuff is backed up externally, and everything else is backed up to those occationally. So if my Cloudron instance blew up I wouldnt be out much besides time.

girish

@will That's a good idea to implement release channels as it's known concept for users.

For the moment, I have pushed a change for the next release where you will always get the latest update when you check for updates manually. For automatic updates, it will follow our rollout plan.

will

@girish The manual check method is good enough for me. If you do the release channel thing thats cool. But for those of us that a hungry, an extra few clicks isn't a bother.