Allow to enable 'auto-updating Joomla' when there is a new 'Joomla security release' (like wordpress)

[liluxdev]

I'm a victim of: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8562

I'm wondering why Joomla cannot be configured to enable automatic updates?

There is already in joomla 'code' to upgrade a site, so you can just allow us to set a cronjob to run it (or to leverage on site requests and periodically invoke the process like a cronjob, but I'll opt for the manual, request initiated task can have cuncurrency issue that should be addressed with a lock, but is useful for shared hosting).

It should be a "global settings" flag anyway, so you can keep this off for the site you can control daily, but keep it on for minor sites.

I imagine this settings like this:

Auto-update Joomla: [dropdown]
- Never
- Just check for updates and send mail to admin
- Automatically upgrade when High Priority security issue is detected in changelog
- Automatically upgrade when Medium Priority security issue is detected in changelog
- Automatically upgrade immediatley when a new version is released

(Yes guys there will be a lot of traffic on update servers, but you can also make this as 'paid' service, I'll pay for it if reasonable)

I know, auto-updating is a risk, something can fail, but anyway you can send a mail, like wordpress is doing: 'your site was upgraded to...' maybe better also at start of the process 'your site started the auto-update process to Joomla version x.x.x see changelog here' so the mail will be sent also if the update process will fail.

For me when I'm not available to check the update availablity is better the risk to have the site down for a failed upgrade than expose the site to the 'expoiting in the wild'

[mbabker]

See discussion at https://groups.google.com/d/topic/joomla-dev-cms/LlSaoXsksQM/discussion and other discussions on same mailing list.