Contrib.social

Show a security notification on the updates page for modules not covered by the security policy

Open on Drupal.org →
Created on 23 November 2023, about 1 year ago
Updated 27 November 2023, about 1 year ago

Problem/Motivation

Currently, as long as the installed module is the latest version, it shows as green in the update report. I believe that if a module is not covered by the Drupal security advisory policy, that information belongs on this report.

Steps to reproduce

Steps:
1. Install the latest version of the Masquerade module on a development site https://www.drupal.org/project/masquerade
2. Go to /admin/reports/updates
3. Filter by masquerade

Expected result: the Masquerade module is marked as "up to date — not covered by Drupal security advisory policy" and is shaded red.
Actual result: the Masquerade module is marked as "up to date" with no mention that it is not covered by Drupal security advisory policy and is shaded green.

Proposed resolution

Explicitly call out that unsupported modules are not covered by the Drupal security advisory policy in this report. This will benefit people who take over maintenance of a website.

Remaining tasks

User interface changes

Explicitly call out that unsupported modules are not covered by the triple security advisory policy in this report.

API changes

Data model changes

Release notes snippet

Feature request
Status

Needs work

Version

11.0 🔥

Component
Update 

Last updated 11 days ago

  • Maintained by
  • 🇺🇸United States @tedbow
  • 🇺🇸United States @dww
Created by

🇺🇸United States charles belov San Francisco, CA, US

Live updates comments and jobs are added and updated live.
  • Needs change record

    A change record needs to be drafted before an issue is committed. Note: Change records used to be called change notifications.

  • Needs issue summary update

    Issue summaries save everyone time if they are kept up-to-date. See Update issue summary task instructions.

  • Needs subsystem maintainer review

    It is used to alert the maintainer(s) of a particular core subsystem that an issue significantly impacts their subsystem, and their signoff is needed (see the governance policy draft for more information). Also, if you use this tag, make sure the issue component is set to the correct subsystem. If an issue significantly impacts more than one subsystem, use needs framework manager review instead.

Sign in to follow issues

Comments & Activities

  • Issue created by @charles belov
  • Comment about 1 year ago
    🇺🇸United States charles belov San Francisco, CA, US
  • Status changed to Needs review about 1 year ago
  • Comment about 1 year ago
    🇮🇳India adwivedi008

    Added security status

  • Status changed to Needs work about 1 year ago
  • Comment about 1 year ago
    🇺🇸United States smustgrave

    Like the idea

    1. will need test coverage
    2. A change record if twig templates need to be updated (need to check all themes)
    3. UI changes should be documented in issue summary
    4. Probably need submaintainer maybe framework manager sign off.

  • Comment about 1 year ago
    🇸🇰Slovakia poker10

    Just an idea, but what if we use something like the shield icon which is used in the releases section in contrib modules and place this icon directly after the module version? The long text looks a bit weird.

  • Comment about 1 year ago
    🇺🇸United States charles belov San Francisco, CA, US

    @poker10: Assuming you mean all supported modules would show the shield, I'd concur with that, as it would be consistent with what we show on the project page on drupal.org. It would need the corresponding alt and title text as well.

contrib.social Blog FAQ Discussions
Production build 0.71.5 2024