Software security update procedures
DRAFT
For HDX and other IT components operated by the Data Services Section, we will apply all security updates within 30 days of release, unless there are extenuating circumstances that prevent the update. In the case of extenuating circumstances, we will log each case in the table below, along with the reason, anticipated risks, and actions we're taking to mitigate those risks.
Component | Frozen version | Reason | Known risks | Risk mitigation |
---|---|---|---|---|
NodeJS | v0.10.25 | custom forked app depending on exotic packages | All NodeJS critical vulnerabilities from 0.10.x to current version... the latest other properties dealt with is here: https://nodejs.org/en/blog/vulnerability/july-2017-security-releases/ |
|