We need to keep Montagu up to date, even when there is no active development.
In particular, we need to make sure that we keep up to date with security issues. All members of the development team should monitor all relevant security channels. If all members of the dev team are going to be away simultaneously, another member of staff should monitor them and contact a designated member of the dev team if there are any critical security announcements.
| Track updates to | Via | Description |
|---|---|---|
| pac4j | pac4j-announce and pac4j-security mailing lists | The main security library used by the API for authentication, authorization, and JSON web tokens |
| OpenJDK | ?? | Java - should upgrade minor versions. Should attempt to update major versions if not disruptive |
| Docker CE | ?? | Docker |
| Track updates to | Via | Description |
|---|---|---|
| Ubuntu | ?? | Or whatever base operating system we use |
| nginx | ?? | Web server/reverse proxy |