Security and Updates
Usually, the Laravel versions and packages do go hand in hand with new features, to leverage the latest tech and code the framework has to offer, it is always a good idea to keep up to date with the framework or at best at least 1 version behind.
Security Vulnerabilities
If you discover a security vulnerability within any codebase or server, please send an email to info@propay.co.za. All security vulnerabilities will be promptly addressed. It is your duty as an employee of Propay in the development & server space to report any security vulnerabilities to the company.
Laravel
Keeping Laravel updated to the latest versions does not only give you the latest and greatest feature set, but it also ensures you have the latest bug fixes and patches applied to the framework. Updating the framework usually comes with performance improvements, such as better load times and more efficient code.
Packages
Keep your packages updated to the latest versions, this is not just doing a ‘composer update’ and commit the ‘composer.lock’ file, you will have to test the entire system where all the packages have been used to make sure nothing has broken. Unit testing will help with this, but it is a key player in the security of the system.
“Outdated & insecure packages is the main reasons why most Wordpress sites gets hacked”
Secrets & Env Values
NEVER commit usernames, passwords, secrets, API keys & hashes to a repository, although they have extra security and private repositories features, it is still a 3rd party provider that can get hacked and employees working on the code and system. Remember, even if you commit it and you remove it from the repository it is still in the history and version control of the source code.
If you accidentally commit any of these values, please let your team know immediatly, so that the keys kan be rotated, username, password etc can be changed. Best security practices say that keys password etc should be rotated on a regular basis.
‘Most of the time, data leaks are inside jobs.’