this post was submitted on 03 Mar 2025
37 points (97.4% liked)

Selfhosted

43146 readers
663 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago
MODERATORS
ruud@lemmy.world
Loki@lemmy.world
CannaVet@lemmy.world
devve@lemmy.world
HybridSarcasm@lemmy.world
HybridSarcasm@lemmy.hybridsarcasm.xyz
37
How do you keep track of vulnerabilities? (lemmy.world)
submitted 18 hours ago by ueiqkkwhuwjw@lemmy.world to c/selfhosted@lemmy.world
37 comments fedilink hide all child comments
 

I'm having trouble staying on top of updates for my self hosted applications and infrastructure. Not everything has auto updates baked in and some things you may not want to auto update. How do y'all handle this? How do you keep track of vulnerabilities? Are there e.g. feeds for specific applications I can subscribe to via RSS or email?

you are viewing a single comment's thread
view the rest of the comments
[–] eager_eagle@lemmy.world 2 points 17 hours ago* (last edited 17 hours ago) (1 children)

that's a lot of FUD, topgrade just upgrades using all package managers you have, it doesn't do the upgrades itself bypassing the manager that installed it, or package authors.

[–] NaibofTabr@infosec.pub 1 points 7 hours ago* (last edited 7 hours ago) (1 children)

The issue is more that trying to upgrade everything at the same time is a recipe for disaster and a troubleshooting nightmare. Once you have a few interdependent services/VMs/containers/environments/hosts running, what you want to do is upgrade them separately, one at a time, then restart that service and anything that connects to it and make sure everything still works, then move on to updating the next thing.

If you do this shotgun approach for the sake of expediency, what happens is something halfway through the stack of upgrades breaks connectivity with something else, and then you have to go digging through the logs trying to figure out which piece needs a rollback.

Even more fun if two things in the same environment have conflicting dependencies, and one of them upgrades and installs its new dependency version and breaks whatever manual fix you did to get them to play nice together before, and good luck remembering what you did to fix it in that one environment six months ago.

It's not FUD, it's experience.

[–] eager_eagle@lemmy.world 1 points 7 hours ago* (last edited 7 hours ago)

I've been doing that for years. Rollbacks are very rare, to the point that it doesn't make much of a difference whether I do them all at once or not, other than spending more time to do it.

If I wasn't using containers for everything, sure. Otherwise it's a bit of an excessive concern.