I am taking the relay as administrator for our page (Drupal 10), and I have the following questions:
In webservices-portal the version shown is Drupal v10.1-1 but the installed version of the Drupal Core says 10.1.8, is this something to be concerned about? Why is the mismatch happenning?
As shown in “Available updates”, there is a Security update: [10.2.2] (2024-Jan-17) available.
Is it up to me to update this or you are taking care of it? Reading through the documentation, I understood that this is done automatically:
I see also that I am using the following module: CKEditor 4. Which is deprecated and there is some potential security flaw concerning its use:
This is not an issue. What you see in the Webservices Portal is a reflection of the newest version of the CERN Drupal Distribution. There is no direct relation between this and the version of Drupal installed on your website(s). If you are interested, you can check the tags via drupal / paas / cern-drupal-distribution · GitLab.
This is done automatically, yes, no action needed from you.
In order to minimise migration work across the community, we are continuing with CKEditor 4 LTS (see https://www.drupal.org/project/ckeditor_lts) while we remain on Drupal. This is different than the module you link which indeed is deprecated. Please note that as Comments are disabled, the only way to access the CKEditor is by being an authenticated user. This means that even if we were affected by the referenced CVE, we would still be protected by the CERN SSO.
As we begin to look beyond Drupal, this forum is not going to receive new updates.