Monthly maintenance

Each month Eficode does a monthly maintenance break at a predetermined time window. While we aim for continuous delivery, during the maintenance break the services might be down. During these breaks we install all security patches (if they haven't been installed earlier) and upgrade service components to new versions. We sends a list of changes a week before scheduled maintenance to listed persons. 

Example of the e-mail

Hi,
  
Following operations and changes have been planned for the upcoming <Service> monthly maintenance break:
  
- Product XXX update to version X.XX
- Service YYY migration to a clustered server set up
- Server ZZZ major update to version X.XXX.X LTS
- Product XXX plugin updates:
  * Update plugin X1
  * Security updates (Product security advisory)
  * Other recommended updates (Eficode baseline)
- Operating system distribution security updates and patches for all server systems
  
Estimated downtime for <Service> due to the relocation and cluster set up is about 1 hour. We will add a notification banner to the system to inform end users of the reduced service availability during the break window.
  
* * *
Check out our "What's new" blog post at <url>

Additionally we release our change highlights in our websites e.g. https://www.eficoderoot.com/release-notes/ 

Critical security updates

Eficode follows the public and private streams for security related to all environments. When we gain information on a vulnerability we inform our customers the exact time the patch time or mitigation has been applied. If the problem is not catastrophic we aim to install these after business hours. We also send a list of changes ASAP to relevant persons.

Examples of the emails

Mitigation

Hello,
 
Regarding the recently released advisories of critical severity security vulnerabilities discovered in <Product XXX (XXX-2020-11111)> and <Product YYY (YYY-2020-22222)>.
 
As an immediate measure, to prevent exploitation of these vulnerabilities, we have implemented the appropriate mitigation workaround, as instructed by <Vendor ZZZ>, to your <Product XXX> and <Product YYY> environments already prior to this public disclosure.


During <Next Service Break>, we will be rolling out major version updates to <Product XXX> and <Product YYY>, which will contain permanent patches to these vulnerabilities.
 
 
Sincerely,

Eficode Support

Requires immediate patching by upgrading

Hello,
 
A security vulnerability of critical severity has been discovered in <Product XXX>, with all current versions being affected. The exact nature and methods for exploitation of the vulnerability have been embargoed and can not be disclosed until public release.
 

We have scheduled the patched version of <Product XXX> to be deployed to your service *today*, XX of <Month>, between hh:mm and hh:mm CET. Estimated downtime for <Product XXX> service is 15 minutes.
 

If this time frame is not suitable for downtime for your <Product XXX> service, please contact Eficode support to reschedule the patch deployment.
 

Sincerely,
Eficode Support

Fits to the maintenance window

Hello,
 
Regarding the recently released advisory of a critical severity security vulnerability discovered in <Product XXX> (XXX-2020-11111).
 
Just to let you know, we have already updated your <Product XXX> instance to a patched version X.X.X in the scheduled monthly maintenance break on XX of <Month>.
 
Sincerely,
Eficode Support