When to update Moodle. Plug-in security audit report

When to update Moodle. Plug-in security audit report

by Andrew Szandała -
Number of replies: 4

Hi
Do you need to update Moodle frequently to keep it secure?
When we launch an Moodle, we find out about new updates. 
Then we wonder how often to update: every week, every two months, every six months?
Updating is usually not difficult, but it can get complicated if we have made changes to the source code, templates or add-ons.
It can also happen that add-ons you need are no longer supported in the new version of the Moodle. 
Sometimes we also need to update PHP, the database or the operating system. 
All these factors affect how often we should update Moodle. 
In presentation I would like to tell about different aspects that determine how often you need to update the platform.

In addition, I would like to talk about the functions of the Moodle plug-in https://moodle.org/plugins/report_securityaudit.
The report is an extension of the security report, displaying only the problematic elements and adding new areas such as Web Services Configuration, Secure Cookies, Debugging Messages, Error Message Display, Password Policies, Guest Login Button, Course Backups, and Cron Operation.

Kind regards
Andrew

In reply to Andrew Szandała

Re: When to update Moodle. Plug-in security audit report

by Katarzyna Potocka -
A discussion about the update frequency is definitely something that will interest a lot of people ... we have a pretty nice and decent plan at TU Wien, so happy to send someone who will join the discussion - Gregor wink
In reply to Katarzyna Potocka

Re: When to update Moodle. Plug-in security audit report

by Thorsten Siegmund Bartel -
We're pretty confident in when to update as well, but we're happy to share. Depending on what other topics compete with this time-wise, we'll gladly participate in a discussion (and take a look at the plugin).
In reply to Andrew Szandała

Re: When to update Moodle. Plug-in security audit report

by Niels Gandraß -
I'd like to see this topic discussed as well.
Not limited to "when to update" but also talking about "how to updated effectively / easily". I can give some insights on how to automate Moodle deployments, including all 3rd-party plugins, using Docker and how to establish a staging environment for making sure updates work before pushing them to production.
In reply to Niels Gandraß

Re: When to update Moodle. Plug-in security audit report

by Andrew Szandała -
I regret to inform you that due to unscheduled professional obligations related to work on the development of the plugin "Security audit report with NIS2", I am forced to cancel my participation in the MMDACH 2024 conference. Unfortunately, the intensity of work on the project makes it impossible for me to attend.
I am interested in the topic of ensuring the security of Moodle, I would be happy to exchange opinions with other administrators. Maybe an online conference related to Moodle security is worth realizing?

At this time, I would like to express my thanks for the opportunity to participate in the conference. I hope that we will have the opportunity to meet at another conference or industry event soon.