- Issue created by @prudloff
- ๐บ๐ธUnited States greggles Denver, Colorado, USA
benjifisher โ credited greggles โ .
- ๐ฆ๐บAustralia larowlan ๐ฆ๐บ๐.au GMT+10
benjifisher โ credited larowlan โ .
- ๐บ๐ธUnited States benjifisher Boston area
This issue only affects the 10.3.x branch. I am updating this issue and changing the target of the MR. Let's see if that resolves the failing test.
This bug report needs tests. I am adding the tag for that and leaving the issue at NW, even if the tests pass.
I am adding issue credit for those who commented on the private issue.
- ๐บ๐ธUnited States benjifisher Boston area
I am adding ๐ Conditionally disable access to update manager routes Fixed as a related issue, since that is the issue that introduced the bug.
- ๐บ๐ธUnited States benjifisher Boston area
The tests all pass now that the original commit is made on the 10.3.x branch.
I tried adding a test, but it is not working. :-( At least, it fails when I run it locally. I added the test to the MR anyway: maybe someone else can see what is wrong.
- ๐บ๐ธUnited States benjifisher Boston area
I tried adding
\Drupal::service('router.route_provider')->reset();
to the test, but that did not help. - ๐ณ๐ฟNew Zealand quietone
@benjifisher, this should be on 11.x.
10.3 is in security mode now and Drupal 10 is now in maintenance mode, adding a test is not eligible for commit. There is a very limited set of changed allowed in https://www.drupal.org/about/core/policies/core-change-policies/allowed-changes#s-maintenance-minor-releases.
- ๐บ๐ธUnited States benjifisher Boston area
@quietone:
From Comment #11:
This issue only affects the 10.3.x branch.
So we may decide not to fix this issue, but moving it back to the 11.x branch does not make sense.
Something went wrong with the link in your comment, but the list at https://www.drupal.org/about/core/policies/core-change-policies/allowed-... โ does not mention security fixes, which seems odd to me. The security team decided that this issue can be fixed in public, as a "security improvement" or "security hardening". I think that should make this issue eligible.
If new tests are not allowed, then that makes it easier. I removed the test and updated the MR.
- ๐ณ๐ฟNew Zealand quietone
@benjifisher, I got this wrong. This is about security and is thus eligible. It is my mistake and sorry for the noise.
- ๐บ๐ธUnited States smustgrave
Curious why does this not affect 11.x? Code appears to be the same.
- ๐บ๐ธUnited States benjifisher Boston area
Since we are not adding tests to the 10.3.x branch, the current MR does not have any of my code. So I think I am eligible to review this issue: RTBC.
@smustgrave: As you pointed out in Comment #4, the same change, applied to the 11.x branch, causes a test failure. Looking at that failing test, I think the route subscriber is auto-wired (and so it is considered a bug to add the tag the old way).
-
longwave โ
committed 5060a93b on 10.3.x
Issue #3502835 by benjifisher, prudloff, catch, greggles, larowlan,...
-
longwave โ
committed 5060a93b on 10.3.x
- ๐ฌ๐งUnited Kingdom longwave UK
This was released as part of Drupal 10.3.13. It is not applicable to later branches.
Automatically closed - issue fixed for 2 weeks with no activity.