- Automated OS security patching via unattended-upgrades with scheduled reboots
- Critical CVE patching within 72 hours for CVSS 9.0+ vulnerabilities
- Scheduled non-security updates in maintenance windows
- Application dependency updates via Dependabot or Renovate Bot
- Zero-downtime upgrade procedures for running services
- Database engine minor version updates with replication-based upgrade
- Container base image updates and rebuild triggers
- Kernel update management with live-patch where available (Ubuntu Livepatch)
- Pre/post-update health checks and automated rollback triggers
- Update activity logging and monthly patch compliance reports
Maintenance
Updates
OS, package and dependency updates with zero downtime.
Software vulnerabilities are discovered continuously — a system that is not being actively patched is an increasingly vulnerable system. Hellenic Technologies maintains a disciplined update regime for all managed infrastructure: OS security patches applied within 72 hours of release for critical CVEs, dependency updates reviewed and applied monthly, and major version upgrades planned and executed with zero-downtime procedures.
OS-level security patching uses unattended-upgrades on Ubuntu and Debian systems, configured to apply security updates automatically while deferring non-security updates for scheduled maintenance windows. Automatic reboots (required for kernel updates) are scheduled during low-traffic periods — typically 2-4am local time — with pre-reboot health checks and post-reboot validation. We monitor for reboot-required status across all managed servers and ensure reboots happen on schedule rather than being deferred indefinitely.
Application dependency updates are managed through automated tooling: Dependabot for GitHub repositories, Renovate Bot for more complex multi-repository configurations. Pull requests for dependency updates are generated automatically, and we review, test, and merge them on a regular schedule. Critical security updates in application dependencies are prioritised and patched outside the normal update cycle when necessary.
Update management services: