Contrib.social

A minor release after a security release makes next major branches security release appear in Available Updates

Open on Drupal.org β†’
Created on 13 September 2019, over 5 years ago
Updated 10 September 2024, 3 months ago

Problem/Motivation

Found this while working on #2992631: Update report incorrectly recommends security releases for old minors when a security update is needed and a secure version of the old minor is also available β†’

In \Drupal\Tests\update\Functional\UpdateCoreTest::securityUpdateAvailabilityProvider() we have the test case:

 // No newer security release for site minor 1.
      // Previous minor has security release.
      '1.2, 0.2 1.2' => [
        'site_patch_version' => '1.2',
        'expected_security_releases' => [],
        'expected_update_message_type' => static::UPDATE_NONE,
        'fixture' => 'sec.0.2-rc2',
      ],

The site is on 8.1.2 which is the latest release for 8.1.x and is also a security release. 8.2.x has releases and 8.2.0-rc2 is security release.

the update status page in the test looks like

It shows 8.2.0-rc2 but it does not say it is security release because it the currently installed version 8.1.2 is a security release and not insecure.

If we change the test fixture to include the release 8.1.3 which is not a security release the updates page now looks like

Since now the up 8.1.3 version is show update as available update but it also shows the 8.2.0-rc2 release as security release. Not has changed as far as the currently installed versions security status. 8.1.2 is still secure. So there is no need to change to show 8.2.0-rc2 has a security release.

Proposed resolution

Don't show future minor releases as security releases if the current installed version doesn't need a security update.

Remaining tasks

  1. Determine desired functionality
  2. Tests
  3. Fix
  4. review

User interface changes

API changes

Data model changes

Release notes snippet

πŸ› Bug report
Status

Closed: outdated

Version

11.0 πŸ”₯

Component
UpdateΒ  β†’

Last updated 3 days ago

  • Maintained by
  • πŸ‡ΊπŸ‡ΈUnited States @tedbow
  • πŸ‡ΊπŸ‡ΈUnited States @dww
Created by

πŸ‡ΊπŸ‡ΈUnited States tedbow Ithaca, NY, USA

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

  • Comment almost 2 years ago β†’
    πŸ‡ΊπŸ‡ΈUnited States smustgrave

    This issue is being reviewed by the kind folks in Slack, #needs-review-queue-initiative. We are working to keep the size of Needs Review queue [2700+ issues] to around 400 (1 month or less), following Review a patch or merge request β†’ as a guide.

    Interesting issue. Personally I have not seen that before in Drupal 9 or in Drupal 10
    But if you are still seeing it have any recommendation to manually trigger?

  • Status changed to Closed: outdated 3 months ago
  • Comment 3 months ago β†’
    πŸ‡ΊπŸ‡ΈUnited States smustgrave

    Since hasn't been a follow up going to close out. If still an issue please reopen

contrib.social Blog FAQ Discussions
Production build 0.71.5 2024