Hello,

I received an email asking me to apply some Drupal core updates, one including security (see below),
I may have misunderstood the message but I thought it is not the responsibility of the users to maintain the Drupal infrastructure that is centrally provided by IT.
Could you please clarify ?
Thanks !

Subject: New release(s) available for Drupal

There is a security update available for your version of Drupal. To ensure the security of your server, you should update immediately!

See the available updates page for more information:

http://track-it-documentation-02.web.cern.ch/admin/reports/updates

Your site is currently configured to send these emails only when security updates are available. To get notified for any available updates, http://track-it-documentation-02.web.cern.ch/admin/reports/updates/settings.

Yes you are right, core updates are controled by the Drupal infrastructure provided by IT.
Usually applied on the test/personal websites around 1 week after the announcement. and on official websites 2 weeks after the announcement.

More information about core updates can be found on Mattermost Drupal channel and cern.ch/itssb

Mattermost post

unfortunately we don’t have an easy way to filter Core security updates mails, without blocking also relevant update emails for local modules

so on each security core release there is always some noise arriving to owners mailboxes

if you don’t have local modules, and just rely on Central supported modules, you can disable all the notifications by going to /admin/reports/updates/settings under your website and delete any address under the section Email addresses to notify when updates are available