This morning one of our customers called us because the Sangoma softphones were down.
The Sangoma Connect module was disabled because of a vulnerability. I just had to update it to fix the problem.
This is a major issue because this customer primarly use Sangoma Talk and all the phones were down for him. Is there a way to prevent this or to force an update as soon as the module is disabled when a vulnerability is found ?
I have changed the update sheduler for daily checks instead of weekly check to help a little.
This is not good advice unless there are QA issues and we have been assured there aren’t. Auto updates are important in case of vulnerabilities. Apparently there is an undisclosed vulnerability as that’s why the module was deactivated. Without notice or these updates he would still be exposed.
Perhaps your experience is different than mine… but… I have been burned more often by auto-deployed bugs than by vulns…
Preferred would be some kind of email/announcment blast notifying of a problem so that administrators can take action when convenient (ASAP). Not automatically disable what might be critical services.
