Use SA Affected Version to determine whether old versions are insecure

Created on 24 August 2023, over 1 year ago

Problem/Motivation

Something in the process of doing SAs is resulting in previous non-stable releases of a project not being marked as insecure when a stable release is marked a security fix.

Proposed resolution

Mark Beta, alpha and RC releases as insecure when a later stable release is marked a security release.

User interface changes

Beta, alpha, RC releases will show as insecure when a later stable release is marked a security release.

API changes

TBD

Data model changes

TBD

Feature request
Status

Active

Version

3.0

Component

Code

Created by

🇺🇸United States DamienMcKenna NH, USA

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

  • Issue created by @DamienMcKenna
  • 🇺🇸United States drumm NY, US

    We can’t completely switch, since affected versions does not cover Drupal-7-compatible contrib.

    What we can do for core and modern contrib is replace the “Mark previous releases as insecure” checkboxes with “Releases that will be marked as insecure: …” text.

Production build 0.71.5 2024