An overview of Automatic Updates in Drupal 10

  • Articles
  • November 30 2022
  • 3 min read
An image displaying a girl working on a laptop

Maitreayee Bora

Between November 2020 and October 2021, 5212 organizations worldwide experienced data breaches. (source: statista).

And the number is steadily increasing. 

While every business that operates online faces some cyber threats, there are many ways to prevent data breaches or at least minimize their impact.

Delays before security updates are applied on site can result in compromised sites as seen in Drupalgeddon.

Manually updating a Drupal site can be an expensive, difficult, & time-consuming. 

The goal of the Automatic Updates Initiative is to provide safe and secure automatic updates for Drupal sites. It aims to solve the problem of any security concerns while over ridding the troublesome manual update process of a Drupal site.

Explained: Drupal Automatic Updates

Drupal’s Automatic Updates focus on resolving some of the most difficult usability concerns in maintaining Drupal websites. It is listed as one of the Drupal Core Strategic Initiatives for Drupal 9. 

It comprises of updates on production, development, and staging environments, with some integrations required in existing CI/CD processes. 

Automatic Updates in Drupal offers some major benefits to its users such as a reduction in the total cost of ownership (TCO) for Drupal websites and also a decrease in the maintenance cost.

Presently, we get to see a stable release that comprises features such as public safety alerts and readiness checks which will be discussed below. 

Importance of updating website

Here is the importance of updating a website. Take a look below:

  • Helps in increasing brand exposure

If we update a website by changing the outdated information with newly updated content then it will lead to an increase in brand exposure. But if we do not take this responsibility of updating content then it can be an obstacle in increasing the brand exposure which is essentially important.

  • Increases security

One of the major reasons for updating a website can be security concerns. For example, if a website is hacked then it can bring trouble for both the business and clients. But if we frequently update our website with the latest security features then such troubles of website hacking can be avoided. 

  • Mobile-friendly

By updating our website to a mobile-friendly website we enable our users to go through our website across various devices and platforms with ease and comfort. This leads to an increase in website traffic also resulting in a better company reputation. 


In March 2018, the Drupal Security Team released a bug fix for a critical security vulnerability, named SA-CORE-2018-002. When the Drupal Security Team made the security patch available, there were no publicly known exploits or attacks against SA-CORE-2018-002. Sometime later, when a security researcher shared a proof-of-concept exploit on GitHub, it unleashed large scale cyber attack on unpatched Drupal sites. Acquia reportedly shared to have observed more than 100,000 attacks a day.

This was later known as Drupalgeddon.

The scale and the severity of this Drupalgeddon brings to fore the importance of keeping websites updated on time. When enterprises fail to upgrade their sites on time, chances of it being compromised are very high.

Key Features of the Automatic Updates Module 

Here’s a list of features in the Automatic Updates module.  

  • Update readiness checks

We might not be always capable of updating all websites. Therefore, in instances like such, the readiness checks, one of the key features of Automatic Updates helps in identifying if a website is ready for updating automatically after a new release is offered to the Drupal community. 

For instance, websites that have un-run database updates, not having sufficient disk space for updating, or working on read-only file systems, won’t be able to get automatic updates. And if our website fails readiness checks and a Public service announcement (PSA) happens to be released, then it is essentially important to solve the readiness issue so that the website can be updated instantly.

  • In-place updates
  1. After the PSA service provides a notification to a Drupal site owner of an available update, and also the readiness checks happen to confirm that the website is ready to be updated, the website administrator is then able to update through the Update form.
  2. Tarball-based installations are well supported by this particular module and it doesn’t happen to choose some of the requirements in order to secure updating, rollback, etc which will come under the core solution.
  3. This module doesn’t support contrib updates or composer-based site installations. And also, the work on composer integration has begun already and is in progress.
  • Public service announcements (PSAs)

We get to see that infrequent announcements are done especially for critical security releases in regard to core and contrib modules. After a PSA is released, site owners need to review their websites so that they are updated well with the latest releases. Also, the website needs to be in a good position in order to quickly update if any fixes are given to the community.

Here is a quick video on the above-discussed features of automatic updates.


The Drupal community never fails to make an honest effort in building a community where its users can be benefited by making their software and websites safer and more user-friendly. The Automatic Updates initiative is a great example of it and by far it has made tremendous progress that cannot be unseen. 

Become our reader!

Get hand picked blogs directly in your inbox.
The subscriber's email address.