id	summary	reporter	owner	description	type	status	priority	milestone	component	version	severity	resolution	keywords	cc
15738	Automate Security Releases	ericmann		"When security releases are published, several less tech-savvy users might neglect to update in fear of breaking their site.  In reality, security/maintenance releases don't change the core API and shouldn't break anything*.

We should have an option (disabled by default) that allows these X.X.1-style security updates to happen in the background.  This will keep sites updated and secure and (hopefully) prevent the inevitable ""I wanted to wait to install 3.0.2 and someone hacked my site while I was waiting"" support requests.

The option should be disabled by default, but when users are on the update screen they should see an option to ""install security releases automatically.""

Major releases should always require an explicit action from the user to update the site as they can break themes and plug-ins and could potentially update database schema.

* Except in the rare occasion where a developer hacks core."	feature request	new	normal	Future Release	Upgrade/Install		trivial		needs-patch dev-feedback ux-feedback	michael@…