Open ZJvandeWeg opened 2 years ago
There are several stories that could be created out of this, Updating Node-RED requires changing the Stack, this would mean restarting Node-RED therefore I am hesitant to have the platform just arbitrarily restart a users project.
However providing better information and alerting them to instances that can or should be upgraded is certainly of value. The version of node-red is dependent on the stack being created in the FlowForge platform, so the availability of the new stack is what should then alert the user to update their project.
@sammachin We should fix security issues right away, and not wait because it requires a restart. If there's an RCE issue, or something that can be daisy chained to increase severity, it needs to be resolved ASAP.
Description
When users have a certain line of Node-RED versions which are fine, for example 2.2.X, it would allow FlowForge to automatically trigger upgrades of Node-RED in case of security issues with Node-RED.
FlowForge should allow users to request automatic upgrades for security purposes.