- Issue created by @quietone
- π¬π§United Kingdom catch
With https://www.drupal.org/blog/drupal-10-will-be-supported-until-the-releas... β I am not sure the best release to add these warnings to any more. 10.3 or 10.4 seems too soon given the longer support cycle, maybe 10.5 or 10.6?
- Status changed to Active
about 1 month ago 10:00pm 25 May 2024 - πΊπΈUnited States xjm
Moving to beta2.
There's another issue somewhere to make this less ooglay, but for D10 we really should just get the EOL dates in there, so de-uglification can happen in D11+.
Based on an August release of 11.0.0 which is now locked in barring some horrible catastrophe, there are two possible paths forward. Both include:
- Dec. 2024: 10.4.0 and 11.1.0
- June 2025: 10.5.0 and 11.2.0
- Dec. 2025: 10.6.0 and 11.3.0
If 12.0.0 comes out in June or August, we don't create a 10.7.0 because we don't want to issue releases for three branches at once; we can simply make a best-effort extension of 10.5.0's security coverage through to November 2026 when Symfony 6 goes EOL.
If we miss the April-May-ish deadline for an August release of 12.0.0, there might be some case for creating a 10.7.0 with backported APIs. However, I think this would be a bad idea since it'd only be supported for six months and would mean managing all of the following branches at once in the spring:
- 12.0.x
- 11.5.x
- 11.4.x
- 10.7.x
- 10.6.x
- 10.5.x
So, even in a December 12.0.0 release scenario, I think we should avoid issuing a 10.7.0. Besides, it's always better to warn site owners too early over too late.
So I agree that 10.5 and 10.6 are the branches to deal with here.
- Status changed to Needs review
about 1 month ago 10:14pm 25 May 2024 - Status changed to Needs work
about 1 month ago 10:48pm 25 May 2024 - πΊπΈUnited States xjm
Right, this is actually tested:
---- Drupal\Tests\update\Functional\UpdateSemverCoreSecurityCoverageTest ---- Status Group Filename Line Function -------------------------------------------------------------------------------- Fail Other phpunit-5.xml 0 Drupal\Tests\update\Functional\Upda PHPUnit Test failed to complete; Error: PHPUnit 9.6.19 by Sebastian Bergmann and contributors. Testing Drupal\Tests\update\Functional\UpdateSemverCoreSecurityCoverageTest .........FFFFFFFFF. 19 / 19 (100%) Time: 02:08.966, Memory: 6.00 MB There were 9 failures: 1) Drupal\Tests\update\Functional\UpdateSemverCoreSecurityCoverageTest::testSecurityCoverageMessage with data set "9.4.0, supported" ('9.4.0', 'sec.9.5.0', 'Checked', 'Covered until 2023-Jun-21 Vis...eases.', '2022-12-13') Failed asserting that actual size 0 matches expected size 1. /builds/project/drupal/vendor/phpunit/phpunit/src/Framework/Constraint/Constraint.php:122 /builds/project/drupal/vendor/phpunit/phpunit/src/Framework/Constraint/Constraint.php:56 /builds/project/drupal/core/modules/update/tests/src/Functional/UpdateSemverCoreSecurityCoverageTest.php:53 /builds/project/drupal/vendor/phpunit/phpunit/src/Framework/TestResult.php:729 2) Drupal\Tests\update\Functional\UpdateSemverCoreSecurityCoverageTest::testSecurityCoverageMessage with data set "9.4.0, supported, 6 months warn" ('9.4.0', 'sec.9.5.0', 'Warnings found', 'Covered until 2023-Jun-21 Upd...eases.', '2022-12-14') Failed asserting that two strings are equal. --- Expected +++ Actual @@ @@ -'Covered until 2023-Jun-21 Update to a supported minor version soon to continue receiving security updates. Visit the release cycle overview for more information on supported releases.' +'Covered until 9.6.0 Update to 9.5 or higher soon to continue receiving security updates. Visit the release cycle overview for more information on supported releases.' /builds/project/drupal/vendor/phpunit/phpunit/src/Framework/Constraint/Equality/IsEqual.php:95 /builds/project/drupal/core/modules/update/tests/src/Functional/UpdateSemverCoreSecurityCoverageTest.php:56 /builds/project/drupal/vendor/phpunit/phpunit/src/Framework/TestResult.php:729 3) Drupal\Tests\update\Functional\UpdateSemverCoreSecurityCoverageTest::testSecurityCoverageMessage with data set "9.4.0, supported, last day warn" ('9.4.0', 'sec.9.5.0', 'Warnings found', 'Covered until 2023-Jun-21 Upd...eases.', '2023-06-20') Failed asserting that two strings are equal. --- Expected +++ Actual @@ @@ -'Covered until 2023-Jun-21 Update to a supported minor version soon to continue receiving security updates. Visit the release cycle overview for more information on supported releases.' +'Covered until 9.6.0 Update to 9.5 or higher soon to continue receiving security updates. Visit the release cycle overview for more information on supported releases.' /builds/project/drupal/vendor/phpunit/phpunit/src/Framework/Constraint/Equality/IsEqual.php:95 /builds/project/drupal/core/modules/update/tests/src/Functional/UpdateSemverCoreSecurityCoverageTest.php:56 /builds/project/drupal/vendor/phpunit/phpunit/src/Framework/TestResult.php:729 4) Drupal\Tests\update\Functional\UpdateSemverCoreSecurityCoverageTest::testSecurityCoverageMessage with data set "9.4.0, support over" ('9.4.0', 'sec.9.5.0', 'Errors found', 'Coverage has ended Update to ...eases.', '2023-06-22') Failed asserting that actual size 0 matches expected size 1. /builds/project/drupal/vendor/phpunit/phpunit/src/Framework/Constraint/Constraint.php:122 /builds/project/drupal/vendor/phpunit/phpunit/src/Framework/Constraint/Constraint.php:56 /builds/project/drupal/core/modules/update/tests/src/Functional/UpdateSemverCoreSecurityCoverageTest.php:53 /builds/project/drupal/vendor/phpunit/phpunit/src/Framework/TestResult.php:729 5) Drupal\Tests\update\Functional\UpdateSemverCoreSecurityCoverageTest::testSecurityCoverageMessage with data set "9.5.0, supported" ('9.5.0', 'sec.9.5.0', 'Checked', 'Covered until 2023-Nov Visit ...eases.', '2023-01-01') Failed asserting that two strings are equal. --- Expected +++ Actual @@ @@ -'Covered until 2023-Nov Visit the release cycle overview for more information on supported releases.' +'Covered until 9.7.0 Visit the release cycle overview for more information on supported releases.' /builds/project/drupal/vendor/phpunit/phpunit/src/Framework/Constraint/Equality/IsEqual.php:95 /builds/project/drupal/core/modules/update/tests/src/Functional/UpdateSemverCoreSecurityCoverageTest.php:56 /builds/project/drupal/vendor/phpunit/phpunit/src/Framework/TestResult.php:729 6) Drupal\Tests\update\Functional\UpdateSemverCoreSecurityCoverageTest::testSecurityCoverageMessage with data set "9.5.0, supported, 6 months warn" ('9.5.0', 'sec.9.5.0', 'Warnings found', 'Covered until 2023-Nov Update...eases.', '2023-05-15') Failed asserting that actual size 0 matches expected size 1. /builds/project/drupal/vendor/phpunit/phpunit/src/Framework/Constraint/Constraint.php:122 /builds/project/drupal/vendor/phpunit/phpunit/src/Framework/Constraint/Constraint.php:56 /builds/project/drupal/core/modules/update/tests/src/Functional/UpdateSemverCoreSecurityCoverageTest.php:53 /builds/project/drupal/vendor/phpunit/phpunit/src/Framework/TestResult.php:729 7) Drupal\Tests\update\Functional\UpdateSemverCoreSecurityCoverageTest::testSecurityCoverageMessage with data set "9.5.0, supported, last day warn" ('9.5.0', 'sec.9.5.0', 'Warnings found', 'Covered until 2023-Nov Update...eases.', '2023-10-31') Failed asserting that actual size 0 matches expected size 1. /builds/project/drupal/vendor/phpunit/phpunit/src/Framework/Constraint/Constraint.php:122 /builds/project/drupal/vendor/phpunit/phpunit/src/Framework/Constraint/Constraint.php:56 /builds/project/drupal/core/modules/update/tests/src/Functional/UpdateSemverCoreSecurityCoverageTest.php:53 /builds/project/drupal/vendor/phpunit/phpunit/src/Framework/TestResult.php:729 8) Drupal\Tests\update\Functional\UpdateSemverCoreSecurityCoverageTest::testSecurityCoverageMessage with data set "9.5.0, support over" ('9.5.0', 'sec.9.5.0', 'Errors found', 'Coverage has ended Update to ...eases.', '2023-11-01') Failed asserting that actual size 0 matches expected size 1. /builds/project/drupal/vendor/phpunit/phpunit/src/Framework/Constraint/Constraint.php:122 /builds/project/drupal/vendor/phpunit/phpunit/src/Framework/Constraint/Constraint.php:56 /builds/project/drupal/core/modules/update/tests/src/Functional/UpdateSemverCoreSecurityCoverageTest.php:53 /builds/project/drupal/vendor/phpunit/phpunit/src/Framework/TestResult.php:729 9) Drupal\Tests\update\Functional\UpdateSemverCoreSecurityCoverageTest::testSecurityCoverageMessage with data set "10.5.0" ('10.5.0', 'sec.10.5.0', 'Checked', 'Covered until 10.7.0 Visit th...eases.', '') Failed asserting that two strings are equal. --- Expected +++ Actual @@ @@ -'Covered until 10.7.0 Visit the release cycle overview for more information on supported releases.' +'Covered until 2026-Jun-17 Visit the release cycle overview for more information on supported releases.' /builds/project/drupal/vendor/phpunit/phpunit/src/Framework/Constraint/Equality/IsEqual.php:95 /builds/project/drupal/core/modules/update/tests/src/Functional/UpdateSemverCoreSecurityCoverageTest.php:56 /builds/project/drupal/vendor/phpunit/phpunit/src/Framework/TestResult.php:729 FAILURES! Tests: 19, Assertions: 212, Failures: 9.
- πΊπΈUnited States xjm
Also I realized my dates for 10.6 are actually wrong; we're not constrained by the Symfony 7 EOL at all.
- Status changed to Needs review
about 1 month ago 11:26pm 25 May 2024 - Status changed to Needs work
about 1 month ago 3:01am 26 May 2024 - πΊπΈUnited States xjm
Still failing for some reason:
1) Drupal\Tests\update\Functional\UpdateSemverCoreSecurityCoverageTest::testSecurityCoverageMessage with data set "10.5.0, supported" ('10.5.0', 'sec.10.6.0', 'Checked', 'Covered until 2026-Jun-17 Vis...eases.', '2024-06-25') Failed asserting that actual size 0 matches expected size 1. /builds/project/drupal/vendor/phpunit/phpunit/src/Framework/Constraint/Constraint.php:122 /builds/project/drupal/vendor/phpunit/phpunit/src/Framework/Constraint/Constraint.php:56 /builds/project/drupal/core/modules/update/tests/src/Functional/UpdateSemverCoreSecurityCoverageTest.php:48 /builds/project/drupal/vendor/phpunit/phpunit/src/Framework/TestResult.php:729 2) Drupal\Tests\update\Functional\UpdateSemverCoreSecurityCoverageTest::testSecurityCoverageMessage with data set "10.5.0, supported, 6 months warn" ('10.5.0', 'sec.10.6.0', 'Warnings found', 'Covered until 2026-Jun-17 Upd...eases.', '2025-12-10') Failed asserting that actual size 0 matches expected size 1. /builds/project/drupal/vendor/phpunit/phpunit/src/Framework/Constraint/Constraint.php:122 /builds/project/drupal/vendor/phpunit/phpunit/src/Framework/Constraint/Constraint.php:56 /builds/project/drupal/core/modules/update/tests/src/Functional/UpdateSemverCoreSecurityCoverageTest.php:48 /builds/project/drupal/vendor/phpunit/phpunit/src/Framework/TestResult.php:729 3) Drupal\Tests\update\Functional\UpdateSemverCoreSecurityCoverageTest::testSecurityCoverageMessage with data set "10.5.0, supported, last day warn" ('10.5.0', 'sec.10.6.0', 'Warnings found', 'Covered until 2026-Jun-17 Upd...eases.', '2026-06-17') Failed asserting that actual size 0 matches expected size 1. /builds/project/drupal/vendor/phpunit/phpunit/src/Framework/Constraint/Constraint.php:122 /builds/project/drupal/vendor/phpunit/phpunit/src/Framework/Constraint/Constraint.php:56 /builds/project/drupal/core/modules/update/tests/src/Functional/UpdateSemverCoreSecurityCoverageTest.php:48 /builds/project/drupal/vendor/phpunit/phpunit/src/Framework/TestResult.php:729 4) Drupal\Tests\update\Functional\UpdateSemverCoreSecurityCoverageTest::testSecurityCoverageMessage with data set "10.5.0, support over" ('10.5.0', 'sec.10.6.0', 'Errors found', 'Coverage has ended Update to ...eases.', '2026-06-18') Failed asserting that actual size 0 matches expected size 1. /builds/project/drupal/vendor/phpunit/phpunit/src/Framework/Constraint/Constraint.php:122 /builds/project/drupal/vendor/phpunit/phpunit/src/Framework/Constraint/Constraint.php:56 /builds/project/drupal/core/modules/update/tests/src/Functional/UpdateSemverCoreSecurityCoverageTest.php:48 /builds/project/drupal/vendor/phpunit/phpunit/src/Framework/TestResult.php:729 5) Drupal\Tests\update\Functional\UpdateSemverCoreSecurityCoverageTest::testSecurityCoverageMessage with data set "10.6.0, supported" ('10.6.0', 'sec.10.6.0', 'Checked', 'Covered until 2026-12-09 Visi...eases.', '2026-01-01') Failed asserting that actual size 0 matches expected size 1. /builds/project/drupal/vendor/phpunit/phpunit/src/Framework/Constraint/Constraint.php:122 /builds/project/drupal/vendor/phpunit/phpunit/src/Framework/Constraint/Constraint.php:56 /builds/project/drupal/core/modules/update/tests/src/Functional/UpdateSemverCoreSecurityCoverageTest.php:48 /builds/project/drupal/vendor/phpunit/phpunit/src/Framework/TestResult.php:729 6) Drupal\Tests\update\Functional\UpdateSemverCoreSecurityCoverageTest::testSecurityCoverageMessage with data set "10.6.0, supported, 6 months warn" ('10.6.0', 'sec.10.6.0', 'Warnings found', 'Covered until 2026-12-09 Upda...eases.', '2026-06-10') Failed asserting that actual size 0 matches expected size 1. /builds/project/drupal/vendor/phpunit/phpunit/src/Framework/Constraint/Constraint.php:122 /builds/project/drupal/vendor/phpunit/phpunit/src/Framework/Constraint/Constraint.php:56 /builds/project/drupal/core/modules/update/tests/src/Functional/UpdateSemverCoreSecurityCoverageTest.php:48 /builds/project/drupal/vendor/phpunit/phpunit/src/Framework/TestResult.php:729 7) Drupal\Tests\update\Functional\UpdateSemverCoreSecurityCoverageTest::testSecurityCoverageMessage with data set "10.6.0, supported, last day warn" ('10.6.0', 'sec.10.6.0', 'Warnings found', 'Covered until 2026-12-09 Upda...eases.', '2026-12-09') Failed asserting that actual size 0 matches expected size 1. /builds/project/drupal/vendor/phpunit/phpunit/src/Framework/Constraint/Constraint.php:122 /builds/project/drupal/vendor/phpunit/phpunit/src/Framework/Constraint/Constraint.php:56 /builds/project/drupal/core/modules/update/tests/src/Functional/UpdateSemverCoreSecurityCoverageTest.php:48 /builds/project/drupal/vendor/phpunit/phpunit/src/Framework/TestResult.php:729 8) Drupal\Tests\update\Functional\UpdateSemverCoreSecurityCoverageTest::testSecurityCoverageMessage with data set "10.6.0, support over" ('10.6.0', 'sec.10.6.0', 'Errors found', 'Coverage has ended Update to ...eases.', '2026-12-10') Failed asserting that actual size 0 matches expected size 1. /builds/project/drupal/vendor/phpunit/phpunit/src/Framework/Constraint/Constraint.php:122 /builds/project/drupal/vendor/phpunit/phpunit/src/Framework/Constraint/Constraint.php:56 /builds/project/drupal/core/modules/update/tests/src/Functional/UpdateSemverCoreSecurityCoverageTest.php:48 /builds/project/drupal/vendor/phpunit/phpunit/src/Framework/TestResult.php:729 FAILURES! Tests: 19, Assertions: 198, Failures: 8.
- π³πΏNew Zealand quietone New Zealand
I've spent too much time on this today, partially due to having problems with debugging not working.
All failing tests are all using the fixture 'sec.10.6.0'. Locally I get a 'No data available' warning. It seems that when getting the data from KeyValueExpirable, the data is already expired so nothing is returned. If I workaround that and run the test, the display shows "Out of date (version 10.6.0 available)" still not the correct message though.
- π³πΏNew Zealand quietone New Zealand
It looks like the calculation of the expired time changed in #2991207: Drupal core should inform the user of the security coverage for the site's installed minor version including final 8.x LTS releases β . If I revert the changes that commit made to UpdateProcessor.php then the one test case I am testing with passes. That is '10.5.0, supported'
- Status changed to Needs review
26 days ago 3:09pm 30 May 2024 - π³πΏNew Zealand quietone New Zealand
This was calculating the date difference using the mock date and the current time. With the mock date in the future the time difference was always great enough for the update data in keyvalueexpirable was always expired. When the test got that data it would return an empty array and thus tests were failing when mock dates were used. The solution here is to add a test version of getCurrentTime that will return the mock date.
Tests were failing for the test of the messages on the last day of security coverage. According to the test on the last day of security coverage there should be a warning message. I took that as the intention and changed the relevant if statement in \Drupal\update\ProjectSecurityRequirement::getDateEndRequirement to allow that.
- πΊπΈUnited States smustgrave
So still not 100% how to test this one
I applied a script that @xjm was kind enough to share
php -r "include 'vendor/autoload.php'; \Drupal\Composer\Composer::setDrupalVersion('.', '10.whichever.whatever');"And set to 10.5.0
I altered the variables SECURITY_COVERAGE_END_DATE_10_5 and SECURITY_COVERAGE_ENDING_WARN_DATE_10_5 to go back 1 year.
But with or without the patch the page on /admin/reports/updates remains the same
- πΊπΈUnited States xjm
Sorry, I didn't do a very good job of explaining that there are two different ways of testing this. One involves faking the release data (both in core itself and also what it would get from Drupal.org), the way that the Update module does in its tests. The other method is to install production versions of core, and hack the constants and dates so that those production versions (say, 10.1 and 10.2) are the ones with specific end-of-life dates (rather than 10.5 and 10.6). The messages won't show up if Drupal thinks you're on an unsupported/invalid release; with the current logic, being on an unsupported release supercedes providing any info about security coverage. (I don't agree with this, FWIW, but it is out of scope just as it was the first time around).
So here's testing it the second way which is probably easier to understand if you haven't worked with the Update module before, the way I suggested in the IS:
Before patch
git checkout 10.2.7; composer install
php core/scripts/drupal quick-start standard
- Navigate to
/admin/reports/status
. - Observe the following default message:
With modified patch (pretending 10.2 is what 10.6 will be, and adjusting constants accordingly
git checkout 10.4.x
(so that the patch will apply)-
php -r "include 'vendor/autoload.php'; \Drupal\Composer\Composer::setDrupalVersion('.', '10.2.7');"
curl https://git.drupalcode.org/project/drupal/-/merge_requests/8184.diff | git apply --index -
rm -rf vendor; composer install
- Modify the patch with the following diff, to pretend our faux-10.2.7 is behaving as we expect 10.6.7 to (as per the IS suggestion):
diff --git a/core/modules/update/src/ProjectSecurityData.php b/core/modules/update/src/ProjectSecurityData.php index 472e408f2b..e5776ad2c1 100644 --- a/core/modules/update/src/ProjectSecurityData.php +++ b/core/modules/update/src/ProjectSecurityData.php @@ -44,9 +44,9 @@ final class ProjectSecurityData { const SECURITY_COVERAGE_ENDING_WARN_DATE_10_5 = '2025-12-10'; - const SECURITY_COVERAGE_END_DATE_10_6 = '2026-12-09'; + const SECURITY_COVERAGE_END_DATE_10_2 = '2024-12-09'; - const SECURITY_COVERAGE_ENDING_WARN_DATE_10_6 = '2026-06-17'; + const SECURITY_COVERAGE_ENDING_WARN_DATE_10_2 = '2024-06-17'; /** * The existing (currently installed) version of the project
With the current date, we now expect a warning about 10.2's encroaching EOL.
php core/scripts/drupal quick-start standard
- Navigate to
/admin/reports/status
. - Observe the following warning:
Covered until 2024-Dec-09. Update to a supported minor version soon to continue receiving security updates. Visit the release cycle overview for more information on supported releases." />
You can continue to adjust dates and versions from there to see what the messages would look like before the warning date, or after the EOL date. It "just works" with the appropriately named constants and appropriate dates.
- πΊπΈUnited States xjm
Oh also note that this has nothing to do with
admin/reports/updates
. It affects a status report message shown for stable, known core versions.