Automatic core updates
Build a system to automatically check for core updates and perform the updates according to settings and administrator input.
I feel the destinction between functional and security updates is very important.
Web Site owners may not necessarily want their core Joomla and Extensions *functionality* changed - potentially confusing site admins and vistors and giving them something they haven't asked for and may not want and leaving admins requiring re-training in new feature(s) etc etc.
I think functional and security updates to Joomla Core and Extensions should be handled seperately.
While I feel one click update of the functionality of the joomla core and extensions is a good idea. (With a one lick "remove update" incase the update breaks the site).
What I am proposing is that there should be a one click *security* update for the core Joomla version installed. And a one click *security* update for each extension version installed.
While an option to automatically apply these security updates would be a good idea for some sites. There should also be the option of a one-click update so it can be tested on a copy of the site before applying it to the live site. And also to allow any customisations made to the updated code to be replaced after the upgrade.
It would also be a good idea to have a one-click "undo security update" incase the update causes error(s) and breaks the site.
Also an email address should be specified to send a notification when a security update is available for the installed Joomla and Extension versions. A mechanism should be devised so if 2 or more sites are administered by the same person / organisation then a single summary email is sent.
For each Joomla / Extension version the email should list:
Website url(s) effected,
Extension name and version (or Joomla version),
Security issue(s) fixed,
An indication if the update was automatically applied or a one click update is required.
Instead of installing seperate plugin or module for upgrading between joomla's lower version to upper, let us have a built in upgrade plugins, as like we will update in normal desktop softwares. Just when we go for Help->upgrade the package will get upgraded..!
automatic core and extensions updates
one link for each page
auto update joomla core must be feature in new joomla
This request has been addressed with the new automatic update notification in Joomla 2.5. A true automatic update (without user action) won’t be done since it is considered to risky.
@Moises A built in update function does not mean you will not be able to do a manual update. And a function like this can not be mandatory for everyone - there will have to be a configuration where you set if you want it or not. Also, I would not like it to be completely automatic. The level of WordPress and Akeeba Admin is perfect for me and a site admin should at least be comfortable enough with Joomla to do this.
This, together with automatic extension updates will be the biggest lift for security on Joomla ever. Just don't let it stop there. There is always something else that can be done!
JOKR Solutions commented
I also think Akeeba Admin (and Backup) is totally awesome. I Think many users use these extension (dah) but when it comes to more non-geeks and others, it´s important that Joomla can provide with auto-updates. There for i see it as a risk that some users don´t updates their sites meaning that their website is vulnerable.
In the long run this could be negative for Joomla, when these non-aware users spreading the word that "Joomla is not secure, my website got hack (dah nr 2)".
Joomla needs to protect the non-geeks - therefor we need this feature in the core.
Moises Perez Cabrera commented
Agree, but it's nice to update manually isn't?
The only downside will be that some misconfigurations may ocurr on some sites and will be a lot of support questions everywhere.
To avoid that updates should be ultratested before being released.
Akeeba Backup and Akeeba Admin do the things we need. And I absolutely love what Nicholas is doing. But I agree that this really should be in core. But one thing is missing from this picture and I'll add it as a separate idea.
To have a function which automatically first backups the site and then updates the latest version of joomla would be ideal. We already have this with Nicholas's brilliant Akeebabackup and AdminTools. I thought it was so important I was prepared and happy to make a donation to have the all-singing version for both components !
This is indeed a no-brainer. If we make it easier for users to upgrade they will upgrade more often, and Joomla! websites will become more secure as a result.
Incomprehensible why that was not already build in!
Wordpress has it, Joomla should also. Would love to see this as core as it would really make managing updates a far easier task.
Nicholas K. Dionysopoulos commented
BTW, the code to perform automatic updates is GPL. You can use it freely and I'd be glad to help you integrate it, too. That's what the GPL is all about: co-operation and community interaction.
This should also be a core feature! Like AkeebaAdminTools does!