Upcoming Security & Compliance Changes 2020
As announced at the Jadu Academy in Birmingham, there are a few changes that we’ll be introducing throughout the course of 2019, as part of our ongoing commitment to our supported customers in keeping your Jadu software current, compliant and secure.
The Critical Need To's
- Adhere with changes required by WCAG 2.1
- Drop support for legacy IE browser versions
- Use a newer Symfony PHP framework version
- Move to CentOS 7 (for managed & self-managed Linux customers)
Some of these will require you to ensure that any custom developments that you or your teams may have developed can remain operational following these changes coming into effect.
Adherence with WCAG 2.1 & Control Centre UX
It’s a busy time in the CMS and XFP teams. The introduction of EN 301 549 ‘Accessibility requirements for ICT products and services’ brings with it a requirement to comply with Web Content Accessibility Guidelines (WCAG) 2.1 AA.
We’re taking this as a timely opportunity to reassess all our user interfaces to ensure that they are modern, consistent and compliant.
The final list of changes has yet to be finalised but it will include some degree of change to our interface CSS and mark up.
If you have created any custom Control Centre interfaces you should plan to review these for alignment with the WCAG 2.1 principles and also compatibility with our updated interface library.
There are a number of useful tools that we have reviewed such as AXE Pro that can assist in this effort.
Dropping support for legacy IE browser versions
Any custom Control Centre interfaces that may have been added to your systems therefore will need to be checked for any incompatible usage with the updated library.
Moving to a later Symfony PHP framework version
The PHP framework Symfony is used by Jadu software, however, the community that manage this project have announced an end of life date for security fixes on the version we utilise (2.8) to be November 2019. We are currently in the process of moving over to support Symfony version 3.4 in the software, which will keep us using a supported version from the community until November 2021 or whenever we decide to move to a later version iteration, whichever comes first!
Any custom developments that have been built by your team to utilise Symfony directly will therefore need to be checked for any incompatible usage with the switch to version 3.4.
Moving to CentOS 7
We’ve held off implementing PHP 7.x specific features until now. However, with the advent of XFP version 6.x and above, we need to utilise features that only PHP 7.x provides.
Support for PHP 7.1 and PHP 7.2 was added during June 2018. The PHP community has announced an End of Life date for PHP 7.1 of December 2019. We recommend customers move to PHP 7.2 ahead of the end of life date to ensure that you are able to receive security updates beyond then.
For Linux hosted customers, PHP 7.2 does require you to be running on the CentOS 7 operating system, where previously we have supported implementations on CentOS 6.
We’ll provide further guidance on each of these important changes in coming months, so do please lookout for these.