Contrib.social

Use SA Affected Version to determine whether old versions are insecure

Open on Drupal.org →
Created on 24 August 2023, 10 months ago

Problem/Motivation

Something in the process of doing SAs is resulting in previous non-stable releases of a project not being marked as insecure when a stable release is marked a security fix.

Proposed resolution

Mark Beta, alpha and RC releases as insecure when a later stable release is marked a security release.

User interface changes

Beta, alpha, RC releases will show as insecure when a later stable release is marked a security release.

API changes

TBD

Data model changes

TBD

✨ Feature request
Status

Active

Version

3.0

Component

Code

Created by

🇺🇸United States DamienMcKenna NH, USA

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

  • Issue created by @DamienMcKenna
  • Comment 10 months ago →
    🇺🇸United States drumm NY, US

    We can’t completely switch, since affected versions does not cover Drupal-7-compatible contrib.

    What we can do for core and modern contrib is replace the “Mark previous releases as insecure” checkboxes with “Releases that will be marked as insecure: …” text.

contrib.social Blog FAQ Discussions
Production build 0.69.0 2024