Contrib.social

Hardcode security coverage EOL dates for Drupal 10.last-1 and 10.last

Open on Drupal.org β†’
Created on 1 August 2023, 11 months ago
Updated 19 June 2024, 7 days ago

Problem/Motivation

In #2991207: Drupal core should inform the user of the security coverage for the site's installed minor version including final 8.x LTS releases β†’ , we implemented messages for the site owner about the security coverage dates for their installed release. The implementation assumes each minor receives security coverage until two minors later. However, the last 1-2 minor versions of the major series need to have specific dates hardcoded, because there is no "two minors later".

This was done for D8 and D9.

Proposed resolution

  1. Add the dates for Drupal 10, based on:
    • 10.4: Released December 2024. Warns after 10.5.0 is tagged; unsupported after 10.6.0 is tagged.
    • 10.5: Released June 2025. Warns user to upgrade on December 10, 2025; unsupported after June 17, 2026.
    • 10.6: Released December 2025. Warns user to upgrade on June 17, 2026; unsupported after December 9, 2026.

    (More details in comment #4.)

  2. Adding appropriately named constants will automatically generate the correct messages (as shown in the test cases).

  3. Add a test version of getCurrentTime().

  4. Change date test so that the warning message is shown on the last day of coverage.

    5. Remaining tasks

    Needs code review.

    Manual testing requires faking update module data, because the message is not displayed unless the branch has a stable release.

    Alternately, manual testing with changes similar to the below changes (from D9) will display the message as if 10.1 and 10.2 were the final releases instead. (This works because Drupal.org already has stable releases for those branches.)

    diff --git a/core/modules/update/src/ProjectSecurityData.php b/core/modules/update/src/ProjectSecurityData.php
index 6c927c5e0f..03e6cd3ab6 100644
--- a/core/modules/update/src/ProjectSecurityData.php
+++ b/core/modules/update/src/ProjectSecurityData.php
@@ -39,13 +39,13 @@ final class ProjectSecurityData {
    *
    * @see \Drupal\update\ProjectSecurityRequirement::getDateEndRequirement()
    */
-  const SECURITY_COVERAGE_END_DATE_9_4 = '2023-06-21';
+  const SECURITY_COVERAGE_END_DATE_9_2 = '2023-06-21';
 
-  const SECURITY_COVERAGE_ENDING_WARN_DATE_9_4 = '2022-12-14';
+  const SECURITY_COVERAGE_ENDING_WARN_DATE_9_2 = '2022-12-14';
 
-  const SECURITY_COVERAGE_END_DATE_9_5 = '2023-11';
+  const SECURITY_COVERAGE_END_DATE_9_3 = '2023-11';
 
-  const SECURITY_COVERAGE_ENDING_WARN_DATE_9_5 = '2023-05-14';
+  const SECURITY_COVERAGE_ENDING_WARN_DATE_9_3 = '2023-05-14';
 
   /**
    * The existing (currently installed) version of the project.

    User interface changes

    Drupal 10.last-1 and Drupal 10.last will properly inform the user of accurate EOL dates.

    API changes

Data model changes

None.

Release notes snippet

TBD

Covered until 2024-Dec-09. Update to a supported minor version soon to continue receiving security updates. Visit the release cycle overview for more information on supported releases." />

πŸ“Œ Task
Status

Needs review

Version

10.4 ✨

Component
OtherΒ  β†’

Last updated about 2 hours ago

Created by

πŸ‡³πŸ‡ΏNew Zealand quietone New Zealand

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Merge Requests

Comments & Activities

  • Issue created by @quietone
  • Comment 11 months ago β†’
    πŸ‡³πŸ‡ΏNew Zealand quietone New Zealand
  • Comment 3 months ago β†’
    πŸ‡¬πŸ‡§United Kingdom catch

    With https://www.drupal.org/blog/drupal-10-will-be-supported-until-the-releas... β†’ I am not sure the best release to add these warnings to any more. 10.3 or 10.4 seems too soon given the longer support cycle, maybe 10.5 or 10.6?

  • Status changed to Active about 1 month ago
  • Comment about 1 month ago β†’
    πŸ‡ΊπŸ‡ΈUnited States xjm

    Moving to beta2.

    There's another issue somewhere to make this less ooglay, but for D10 we really should just get the EOL dates in there, so de-uglification can happen in D11+.

    Based on an August release of 11.0.0 which is now locked in barring some horrible catastrophe, there are two possible paths forward. Both include:

    • Dec. 2024: 10.4.0 and 11.1.0
    • June 2025: 10.5.0 and 11.2.0
    • Dec. 2025: 10.6.0 and 11.3.0

    If 12.0.0 comes out in June or August, we don't create a 10.7.0 because we don't want to issue releases for three branches at once; we can simply make a best-effort extension of 10.5.0's security coverage through to November 2026 when Symfony 6 goes EOL.

    If we miss the April-May-ish deadline for an August release of 12.0.0, there might be some case for creating a 10.7.0 with backported APIs. However, I think this would be a bad idea since it'd only be supported for six months and would mean managing all of the following branches at once in the spring:

    • 12.0.x
    • 11.5.x
    • 11.4.x
    • 10.7.x
    • 10.6.x
    • 10.5.x

    So, even in a December 12.0.0 release scenario, I think we should avoid issuing a 10.7.0. Besides, it's always better to warn site owners too early over too late.

    So I agree that 10.5 and 10.6 are the branches to deal with here.

  • Comment about 1 month ago β†’
    πŸ‡ΊπŸ‡ΈUnited States xjm

    These changes don't go into 11.x.

  • Comment about 1 month ago β†’
    πŸ‡ΊπŸ‡ΈUnited States xjm

    xjm β†’ changed the visibility of the branch 3378393-d10-minor-eol-dates to hidden.

  • Status changed to Needs review about 1 month ago
  • Comment about 1 month ago β†’
    πŸ‡ΊπŸ‡ΈUnited States xjm
  • Comment about 1 month ago β†’
    πŸ‡ΊπŸ‡ΈUnited States xjm
  • Merge request !8184Add EOL and warning dates for 10.5 and 10.6. β†’ (Open) created by xjm
  • Comment about 1 month ago β†’
    πŸ‡ΊπŸ‡ΈUnited States xjm
  • Status changed to Needs work about 1 month ago
  • Comment about 1 month ago β†’
    πŸ‡ΊπŸ‡ΈUnited States xjm

    Right, this is actually tested:

    ---- Drupal\Tests\update\Functional\UpdateSemverCoreSecurityCoverageTest ----
Status    Group      Filename          Line Function                            
--------------------------------------------------------------------------------
Fail      Other      phpunit-5.xml        0 Drupal\Tests\update\Functional\Upda
    PHPUnit Test failed to complete; Error: PHPUnit 9.6.19 by Sebastian
    Bergmann and contributors.
    
    Testing Drupal\Tests\update\Functional\UpdateSemverCoreSecurityCoverageTest
    .........FFFFFFFFF.                                               19 / 19
    (100%)
    
    Time: 02:08.966, Memory: 6.00 MB
    
    There were 9 failures:
    
    1)
    Drupal\Tests\update\Functional\UpdateSemverCoreSecurityCoverageTest::testSecurityCoverageMessage
    with data set "9.4.0, supported" ('9.4.0', 'sec.9.5.0', 'Checked', 'Covered
    until 2023-Jun-21 Vis...eases.', '2022-12-13')
    Failed asserting that actual size 0 matches expected size 1.
    
    /builds/project/drupal/vendor/phpunit/phpunit/src/Framework/Constraint/Constraint.php:122
    /builds/project/drupal/vendor/phpunit/phpunit/src/Framework/Constraint/Constraint.php:56
    /builds/project/drupal/core/modules/update/tests/src/Functional/UpdateSemverCoreSecurityCoverageTest.php:53
    /builds/project/drupal/vendor/phpunit/phpunit/src/Framework/TestResult.php:729
    
    2)
    Drupal\Tests\update\Functional\UpdateSemverCoreSecurityCoverageTest::testSecurityCoverageMessage
    with data set "9.4.0, supported, 6 months warn" ('9.4.0', 'sec.9.5.0',
    'Warnings found', 'Covered until 2023-Jun-21 Upd...eases.', '2022-12-14')
    Failed asserting that two strings are equal.
    --- Expected
    +++ Actual
    @@ @@
    -'Covered until 2023-Jun-21 Update to a supported minor version soon to
    continue receiving security updates. Visit the release cycle overview for
    more information on supported releases.'
    +'Covered until 9.6.0 Update to 9.5 or higher soon to continue receiving
    security updates. Visit the release cycle overview for more information on
    supported releases.'
    
    /builds/project/drupal/vendor/phpunit/phpunit/src/Framework/Constraint/Equality/IsEqual.php:95
    /builds/project/drupal/core/modules/update/tests/src/Functional/UpdateSemverCoreSecurityCoverageTest.php:56
    /builds/project/drupal/vendor/phpunit/phpunit/src/Framework/TestResult.php:729
    
    3)
    Drupal\Tests\update\Functional\UpdateSemverCoreSecurityCoverageTest::testSecurityCoverageMessage
    with data set "9.4.0, supported, last day warn" ('9.4.0', 'sec.9.5.0',
    'Warnings found', 'Covered until 2023-Jun-21 Upd...eases.', '2023-06-20')
    Failed asserting that two strings are equal.
    --- Expected
    +++ Actual
    @@ @@
    -'Covered until 2023-Jun-21 Update to a supported minor version soon to
    continue receiving security updates. Visit the release cycle overview for
    more information on supported releases.'
    +'Covered until 9.6.0 Update to 9.5 or higher soon to continue receiving
    security updates. Visit the release cycle overview for more information on
    supported releases.'
    
    /builds/project/drupal/vendor/phpunit/phpunit/src/Framework/Constraint/Equality/IsEqual.php:95
    /builds/project/drupal/core/modules/update/tests/src/Functional/UpdateSemverCoreSecurityCoverageTest.php:56
    /builds/project/drupal/vendor/phpunit/phpunit/src/Framework/TestResult.php:729
    
    4)
    Drupal\Tests\update\Functional\UpdateSemverCoreSecurityCoverageTest::testSecurityCoverageMessage
    with data set "9.4.0, support over" ('9.4.0', 'sec.9.5.0', 'Errors found',
    'Coverage has ended Update to ...eases.', '2023-06-22')
    Failed asserting that actual size 0 matches expected size 1.
    
    /builds/project/drupal/vendor/phpunit/phpunit/src/Framework/Constraint/Constraint.php:122
    /builds/project/drupal/vendor/phpunit/phpunit/src/Framework/Constraint/Constraint.php:56
    /builds/project/drupal/core/modules/update/tests/src/Functional/UpdateSemverCoreSecurityCoverageTest.php:53
    /builds/project/drupal/vendor/phpunit/phpunit/src/Framework/TestResult.php:729
    
    5)
    Drupal\Tests\update\Functional\UpdateSemverCoreSecurityCoverageTest::testSecurityCoverageMessage
    with data set "9.5.0, supported" ('9.5.0', 'sec.9.5.0', 'Checked', 'Covered
    until 2023-Nov Visit ...eases.', '2023-01-01')
    Failed asserting that two strings are equal.
--- Expected
+++ Actual
@@ @@
-'Covered until 2023-Nov Visit the release cycle overview for more
information on supported releases.'
+'Covered until 9.7.0 Visit the release cycle overview for more information
on supported releases.'
/builds/project/drupal/vendor/phpunit/phpunit/src/Framework/Constraint/Equality/IsEqual.php:95
/builds/project/drupal/core/modules/update/tests/src/Functional/UpdateSemverCoreSecurityCoverageTest.php:56
/builds/project/drupal/vendor/phpunit/phpunit/src/Framework/TestResult.php:729
6)
Drupal\Tests\update\Functional\UpdateSemverCoreSecurityCoverageTest::testSecurityCoverageMessage
with data set "9.5.0, supported, 6 months warn" ('9.5.0', 'sec.9.5.0',
'Warnings found', 'Covered until 2023-Nov Update...eases.', '2023-05-15')
Failed asserting that actual size 0 matches expected size 1.
/builds/project/drupal/vendor/phpunit/phpunit/src/Framework/Constraint/Constraint.php:122
/builds/project/drupal/vendor/phpunit/phpunit/src/Framework/Constraint/Constraint.php:56
/builds/project/drupal/core/modules/update/tests/src/Functional/UpdateSemverCoreSecurityCoverageTest.php:53
/builds/project/drupal/vendor/phpunit/phpunit/src/Framework/TestResult.php:729
7)
Drupal\Tests\update\Functional\UpdateSemverCoreSecurityCoverageTest::testSecurityCoverageMessage
with data set "9.5.0, supported, last day warn" ('9.5.0', 'sec.9.5.0',
'Warnings found', 'Covered until 2023-Nov Update...eases.', '2023-10-31')
Failed asserting that actual size 0 matches expected size 1.
/builds/project/drupal/vendor/phpunit/phpunit/src/Framework/Constraint/Constraint.php:122
/builds/project/drupal/vendor/phpunit/phpunit/src/Framework/Constraint/Constraint.php:56
/builds/project/drupal/core/modules/update/tests/src/Functional/UpdateSemverCoreSecurityCoverageTest.php:53
/builds/project/drupal/vendor/phpunit/phpunit/src/Framework/TestResult.php:729
8)
Drupal\Tests\update\Functional\UpdateSemverCoreSecurityCoverageTest::testSecurityCoverageMessage
with data set "9.5.0, support over" ('9.5.0', 'sec.9.5.0', 'Errors found',
'Coverage has ended Update to ...eases.', '2023-11-01')
Failed asserting that actual size 0 matches expected size 1.
/builds/project/drupal/vendor/phpunit/phpunit/src/Framework/Constraint/Constraint.php:122
/builds/project/drupal/vendor/phpunit/phpunit/src/Framework/Constraint/Constraint.php:56
/builds/project/drupal/core/modules/update/tests/src/Functional/UpdateSemverCoreSecurityCoverageTest.php:53
/builds/project/drupal/vendor/phpunit/phpunit/src/Framework/TestResult.php:729
9)
Drupal\Tests\update\Functional\UpdateSemverCoreSecurityCoverageTest::testSecurityCoverageMessage
with data set "10.5.0" ('10.5.0', 'sec.10.5.0', 'Checked', 'Covered until
10.7.0 Visit th...eases.', '')
Failed asserting that two strings are equal.
--- Expected
+++ Actual
@@ @@
-'Covered until 10.7.0 Visit the release cycle overview for more
information on supported releases.'
+'Covered until 2026-Jun-17 Visit the release cycle overview for more
information on supported releases.'
/builds/project/drupal/vendor/phpunit/phpunit/src/Framework/Constraint/Equality/IsEqual.php:95
/builds/project/drupal/core/modules/update/tests/src/Functional/UpdateSemverCoreSecurityCoverageTest.php:56
/builds/project/drupal/vendor/phpunit/phpunit/src/Framework/TestResult.php:729
FAILURES!
Tests: 19, Assertions: 212, Failures: 9.
  • Comment about 1 month ago β†’
    πŸ‡ΊπŸ‡ΈUnited States xjm

    Also I realized my dates for 10.6 are actually wrong; we're not constrained by the Symfony 7 EOL at all.

  • Status changed to Needs review about 1 month ago
  • Comment about 1 month ago β†’
    πŸ‡ΊπŸ‡ΈUnited States xjm

    Should be fixed now.

  • Status changed to Needs work about 1 month ago
  • Comment about 1 month ago β†’
    πŸ‡ΊπŸ‡ΈUnited States xjm

    Still failing for some reason:

    1)
    Drupal\Tests\update\Functional\UpdateSemverCoreSecurityCoverageTest::testSecurityCoverageMessage
    with data set "10.5.0, supported" ('10.5.0', 'sec.10.6.0', 'Checked',
    'Covered until 2026-Jun-17 Vis...eases.', '2024-06-25')
    Failed asserting that actual size 0 matches expected size 1.
    
    /builds/project/drupal/vendor/phpunit/phpunit/src/Framework/Constraint/Constraint.php:122
    /builds/project/drupal/vendor/phpunit/phpunit/src/Framework/Constraint/Constraint.php:56
    /builds/project/drupal/core/modules/update/tests/src/Functional/UpdateSemverCoreSecurityCoverageTest.php:48
    /builds/project/drupal/vendor/phpunit/phpunit/src/Framework/TestResult.php:729
    
    2)
    Drupal\Tests\update\Functional\UpdateSemverCoreSecurityCoverageTest::testSecurityCoverageMessage
    with data set "10.5.0, supported, 6 months warn" ('10.5.0', 'sec.10.6.0',
    'Warnings found', 'Covered until 2026-Jun-17 Upd...eases.', '2025-12-10')
    Failed asserting that actual size 0 matches expected size 1.
    
    /builds/project/drupal/vendor/phpunit/phpunit/src/Framework/Constraint/Constraint.php:122
    /builds/project/drupal/vendor/phpunit/phpunit/src/Framework/Constraint/Constraint.php:56
    /builds/project/drupal/core/modules/update/tests/src/Functional/UpdateSemverCoreSecurityCoverageTest.php:48
    /builds/project/drupal/vendor/phpunit/phpunit/src/Framework/TestResult.php:729
    
    3)
    Drupal\Tests\update\Functional\UpdateSemverCoreSecurityCoverageTest::testSecurityCoverageMessage
    with data set "10.5.0, supported, last day warn" ('10.5.0', 'sec.10.6.0',
    'Warnings found', 'Covered until 2026-Jun-17 Upd...eases.', '2026-06-17')
    Failed asserting that actual size 0 matches expected size 1.
    
    /builds/project/drupal/vendor/phpunit/phpunit/src/Framework/Constraint/Constraint.php:122
    /builds/project/drupal/vendor/phpunit/phpunit/src/Framework/Constraint/Constraint.php:56
    /builds/project/drupal/core/modules/update/tests/src/Functional/UpdateSemverCoreSecurityCoverageTest.php:48
    /builds/project/drupal/vendor/phpunit/phpunit/src/Framework/TestResult.php:729
    
    4)
    Drupal\Tests\update\Functional\UpdateSemverCoreSecurityCoverageTest::testSecurityCoverageMessage
    with data set "10.5.0, support over" ('10.5.0', 'sec.10.6.0', 'Errors
    found', 'Coverage has ended Update to ...eases.', '2026-06-18')
    Failed asserting that actual size 0 matches expected size 1.
    
    /builds/project/drupal/vendor/phpunit/phpunit/src/Framework/Constraint/Constraint.php:122
    /builds/project/drupal/vendor/phpunit/phpunit/src/Framework/Constraint/Constraint.php:56
    /builds/project/drupal/core/modules/update/tests/src/Functional/UpdateSemverCoreSecurityCoverageTest.php:48
    /builds/project/drupal/vendor/phpunit/phpunit/src/Framework/TestResult.php:729
    
    5)
    Drupal\Tests\update\Functional\UpdateSemverCoreSecurityCoverageTest::testSecurityCoverageMessage
    with data set "10.6.0, supported" ('10.6.0', 'sec.10.6.0', 'Checked',
    'Covered until 2026-12-09 Visi...eases.', '2026-01-01')
    Failed asserting that actual size 0 matches expected size 1.
    
    /builds/project/drupal/vendor/phpunit/phpunit/src/Framework/Constraint/Constraint.php:122
    /builds/project/drupal/vendor/phpunit/phpunit/src/Framework/Constraint/Constraint.php:56
    /builds/project/drupal/core/modules/update/tests/src/Functional/UpdateSemverCoreSecurityCoverageTest.php:48
    /builds/project/drupal/vendor/phpunit/phpunit/src/Framework/TestResult.php:729
    
    6)
    Drupal\Tests\update\Functional\UpdateSemverCoreSecurityCoverageTest::testSecurityCoverageMessage
    with data set "10.6.0, supported, 6 months warn" ('10.6.0', 'sec.10.6.0',
    'Warnings found', 'Covered until 2026-12-09 Upda...eases.', '2026-06-10')
    Failed asserting that actual size 0 matches expected size 1.
    
    /builds/project/drupal/vendor/phpunit/phpunit/src/Framework/Constraint/Constraint.php:122
    /builds/project/drupal/vendor/phpunit/phpunit/src/Framework/Constraint/Constraint.php:56
    /builds/project/drupal/core/modules/update/tests/src/Functional/UpdateSemverCoreSecurityCoverageTest.php:48
    /builds/project/drupal/vendor/phpunit/phpunit/src/Framework/TestResult.php:729
7)
Drupal\Tests\update\Functional\UpdateSemverCoreSecurityCoverageTest::testSecurityCoverageMessage
with data set "10.6.0, supported, last day warn" ('10.6.0', 'sec.10.6.0',
'Warnings found', 'Covered until 2026-12-09 Upda...eases.', '2026-12-09')
Failed asserting that actual size 0 matches expected size 1.
/builds/project/drupal/vendor/phpunit/phpunit/src/Framework/Constraint/Constraint.php:122
/builds/project/drupal/vendor/phpunit/phpunit/src/Framework/Constraint/Constraint.php:56
/builds/project/drupal/core/modules/update/tests/src/Functional/UpdateSemverCoreSecurityCoverageTest.php:48
/builds/project/drupal/vendor/phpunit/phpunit/src/Framework/TestResult.php:729
8)
Drupal\Tests\update\Functional\UpdateSemverCoreSecurityCoverageTest::testSecurityCoverageMessage
with data set "10.6.0, support over" ('10.6.0', 'sec.10.6.0', 'Errors
found', 'Coverage has ended Update to ...eases.', '2026-12-10')
Failed asserting that actual size 0 matches expected size 1.
/builds/project/drupal/vendor/phpunit/phpunit/src/Framework/Constraint/Constraint.php:122
/builds/project/drupal/vendor/phpunit/phpunit/src/Framework/Constraint/Constraint.php:56
/builds/project/drupal/core/modules/update/tests/src/Functional/UpdateSemverCoreSecurityCoverageTest.php:48
/builds/project/drupal/vendor/phpunit/phpunit/src/Framework/TestResult.php:729
FAILURES!
Tests: 19, Assertions: 198, Failures: 8.
  • Comment 27 days ago β†’
    πŸ‡³πŸ‡ΏNew Zealand quietone New Zealand

    I've spent too much time on this today, partially due to having problems with debugging not working.

    All failing tests are all using the fixture 'sec.10.6.0'. Locally I get a 'No data available' warning. It seems that when getting the data from KeyValueExpirable, the data is already expired so nothing is returned. If I workaround that and run the test, the display shows "Out of date (version 10.6.0 available)" still not the correct message though.

  • Comment 26 days ago β†’
    πŸ‡³πŸ‡ΏNew Zealand quietone New Zealand

    It looks like the calculation of the expired time changed in #2991207: Drupal core should inform the user of the security coverage for the site's installed minor version including final 8.x LTS releases β†’ . If I revert the changes that commit made to UpdateProcessor.php then the one test case I am testing with passes. That is '10.5.0, supported'

  • Status changed to Needs review 26 days ago
  • Comment 26 days ago β†’
    πŸ‡³πŸ‡ΏNew Zealand quietone New Zealand

    This was calculating the date difference using the mock date and the current time. With the mock date in the future the time difference was always great enough for the update data in keyvalueexpirable was always expired. When the test got that data it would return an empty array and thus tests were failing when mock dates were used. The solution here is to add a test version of getCurrentTime that will return the mock date.

    Tests were failing for the test of the messages on the last day of security coverage. According to the test on the last day of security coverage there should be a warning message. I took that as the intention and changed the relevant if statement in \Drupal\update\ProjectSecurityRequirement::getDateEndRequirement to allow that.

  • Comment 12 days ago β†’
    πŸ‡ΊπŸ‡ΈUnited States xjm

    @quietone Thank you for fixing that silly test.

  • Comment 12 days ago β†’
    πŸ‡ΊπŸ‡ΈUnited States xjm

    Updated the IS for the reasoning for the dates.

  • Comment 12 days ago β†’
    πŸ‡ΊπŸ‡ΈUnited States xjm
  • Comment 12 days ago β†’
    πŸ‡ΊπŸ‡ΈUnited States xjm
  • Comment 8 days ago β†’
    πŸ‡ΊπŸ‡ΈUnited States xjm

    Confirmed the date expectations with @catch.

  • Comment 7 days ago β†’
    πŸ‡ΊπŸ‡ΈUnited States smustgrave

    So still not 100% how to test this one

    I applied a script that @xjm was kind enough to share
    php -r "include 'vendor/autoload.php'; \Drupal\Composer\Composer::setDrupalVersion('.', '10.whichever.whatever');"

    And set to 10.5.0

    I altered the variables SECURITY_COVERAGE_END_DATE_10_5 and SECURITY_COVERAGE_ENDING_WARN_DATE_10_5 to go back 1 year.

    But with or without the patch the page on /admin/reports/updates remains the same

  • Comment 7 days ago β†’
    πŸ‡ΊπŸ‡ΈUnited States xjm

    Sorry, I didn't do a very good job of explaining that there are two different ways of testing this. One involves faking the release data (both in core itself and also what it would get from Drupal.org), the way that the Update module does in its tests. The other method is to install production versions of core, and hack the constants and dates so that those production versions (say, 10.1 and 10.2) are the ones with specific end-of-life dates (rather than 10.5 and 10.6). The messages won't show up if Drupal thinks you're on an unsupported/invalid release; with the current logic, being on an unsupported release supercedes providing any info about security coverage. (I don't agree with this, FWIW, but it is out of scope just as it was the first time around).

    So here's testing it the second way which is probably easier to understand if you haven't worked with the Update module before, the way I suggested in the IS:

    Before patch

    1. git checkout 10.2.7; composer install
    2. php core/scripts/drupal quick-start standard
    3. Navigate to /admin/reports/status.
    4. Observe the following default message:

    With modified patch (pretending 10.2 is what 10.6 will be, and adjusting constants accordingly

    1. git checkout 10.4.x (so that the patch will apply)
    2. php -r "include 'vendor/autoload.php'; \Drupal\Composer\Composer::setDrupalVersion('.', '10.2.7');"
    3. curl https://git.drupalcode.org/project/drupal/-/merge_requests/8184.diff | git apply --index -
    4. rm -rf vendor; composer install
    5. Modify the patch with the following diff, to pretend our faux-10.2.7 is behaving as we expect 10.6.7 to (as per the IS suggestion):
      diff --git a/core/modules/update/src/ProjectSecurityData.php b/core/modules/update/src/ProjectSecurityData.php
index 472e408f2b..e5776ad2c1 100644
--- a/core/modules/update/src/ProjectSecurityData.php
+++ b/core/modules/update/src/ProjectSecurityData.php
@@ -44,9 +44,9 @@ final class ProjectSecurityData {
 
   const SECURITY_COVERAGE_ENDING_WARN_DATE_10_5 = '2025-12-10';
 
-  const SECURITY_COVERAGE_END_DATE_10_6 = '2026-12-09';
+  const SECURITY_COVERAGE_END_DATE_10_2 = '2024-12-09';
 
-  const SECURITY_COVERAGE_ENDING_WARN_DATE_10_6 = '2026-06-17';
+  const SECURITY_COVERAGE_ENDING_WARN_DATE_10_2 = '2024-06-17';
 
   /**
    * The existing (currently installed) version of the project

      With the current date, we now expect a warning about 10.2's encroaching EOL.

    6. php core/scripts/drupal quick-start standard
    7. Navigate to /admin/reports/status.
    8. Observe the following warning:
      Covered until 2024-Dec-09. Update to a supported minor version soon to continue receiving security updates. Visit the release cycle overview for more information on supported releases." />

      9. You can continue to adjust dates and versions from there to see what the messages would look like before the warning date, or after the EOL date. It "just works" with the appropriately named constants and appropriate dates.

  • Comment 7 days ago β†’
    πŸ‡ΊπŸ‡ΈUnited States xjm

    Oh also note that this has nothing to do with admin/reports/updates. It affects a status report message shown for stable, known core versions.

  • Comment 7 days ago β†’
    πŸ‡ΊπŸ‡ΈUnited States xjm
contrib.social Blog FAQ Discussions
Production build 0.69.0 2024