*
* @deprecated in Drupal 8.3.x and will be removed before Drupal 9.0.0.
* Use \Drupal\update\UpdateManagerInterface::NOT_SECURE instead.
+ *
+ * @see https://www.drupal.org/node/2831620
*/
const UPDATE_NOT_SECURE = 1;
*
* @deprecated in Drupal 8.3.x and will be removed before Drupal 9.0.0.
* Use \Drupal\update\UpdateManagerInterface::REVOKED instead.
+ *
+ * @see https://www.drupal.org/node/2831620
*/
const UPDATE_REVOKED = 2;
*
* @deprecated in Drupal 8.3.x and will be removed before Drupal 9.0.0.
* Use \Drupal\update\UpdateManagerInterface::NOT_SUPPORTED instead.
+ *
+ * @see https://www.drupal.org/node/2831620
*/
const UPDATE_NOT_SUPPORTED = 3;
*
* @deprecated in Drupal 8.3.x and will be removed before Drupal 9.0.0.
* Use \Drupal\update\UpdateManagerInterface::NOT_CURRENT instead.
+ *
+ * @see https://www.drupal.org/node/2831620
*/
const UPDATE_NOT_CURRENT = 4;
*
* @deprecated in Drupal 8.3.x and will be removed before Drupal 9.0.0.
* Use \Drupal\update\UpdateManagerInterface::CURRENT instead.
+ *
+ * @see https://www.drupal.org/node/2831620
*/
const UPDATE_CURRENT = 5;
*
* @deprecated in Drupal 8.3.x and will be removed before Drupal 9.0.0.
* Use \Drupal\update\UpdateFetcherInterface::NOT_CHECKED instead.
+ *
+ * @see https://www.drupal.org/node/2831620
*/
const UPDATE_NOT_CHECKED = -1;
*
* @deprecated in Drupal 8.3.x and will be removed before Drupal 9.0.0.
* Use \Drupal\update\UpdateFetcherInterface::UNKNOWN instead.
+ *
+ * @see https://www.drupal.org/node/2831620
*/
const UPDATE_UNKNOWN = -2;
*
* @deprecated in Drupal 8.3.x and will be removed before Drupal 9.0.0.
* Use \Drupal\update\UpdateFetcherInterface::NOT_FETCHED instead.
+ *
+ * @see https://www.drupal.org/node/2831620
*/
const UPDATE_NOT_FETCHED = -3;
*
* @deprecated in Drupal 8.3.x and will be removed before Drupal 9.0.0.
* Use \Drupal\update\UpdateFetcherInterface::FETCH_PENDING instead.
+ *
+ * @see https://www.drupal.org/node/2831620
*/
const UPDATE_FETCH_PENDING = -4;
foreach ($projects as $key => $project) {
// If there's no data at all, we clearly need to fetch some.
if (empty($available[$key])) {
- //update_create_fetch_task($project);
+ // update_create_fetch_task($project);
\Drupal::service('update.processor')->createFetchTask($project);
$needs_refresh = TRUE;
continue;
$available = \Drupal::keyValueExpirable('update_available_releases')->getAll();
}
+ // Check for security releases that are covered under the same security
+ // advisories as the site's current release, and override the update status
+ // data so that those releases are not flagged as needed security updates.
+ // Any security releases beyond those specific releases will still be shown
+ // as required security updates.
+
+ // @todo This is a temporary fix to allow minor-version backports of security
+ // fixes to be shown as secure. It should not be included in the codebase of
+ // any release or branch other than such backports. Replace this with
+ // https://www.drupal.org/project/drupal/issues/2766491.
+ foreach (_update_equivalent_security_releases() as $equivalent_release) {
+ if (!empty($available['drupal']['releases'][$equivalent_release]['terms']['Release type'])) {
+ $security_release_key = array_search('Security update', $available['drupal']['releases'][$equivalent_release]['terms']['Release type']);
+ if ($security_release_key !== FALSE) {
+ unset($available['drupal']['releases'][$equivalent_release]['terms']['Release type'][$security_release_key]);
+ }
+ }
+ }
return $available;
}
+/**
+ * Identifies equivalent security releases with a hardcoded list.
+ *
+ * Generally, only the latest minor version of Drupal 8 is supported. However,
+ * when security fixes are backported to an old branch, and the site owner
+ * updates to the release containing the backported fix, they should not
+ * see "Security update required!" again if the only other security releases
+ * are releases for the same advisories.
+ *
+ * @return string[]
+ * A list of security release numbers that are equivalent to this release
+ * (i.e. covered by the same advisory), for backported security fixes only.
+ *
+ * @todo This is a temporary fix to allow minor-version backports of security
+ * fixes to be shown as secure. It should not be included in the codebase of
+ * any release or branch other than such backports. Replace this with
+ * https://www.drupal.org/project/drupal/issues/2766491.
+ */
+function _update_equivalent_security_releases() {
+ switch (\Drupal::VERSION) {
+ case '8.4.5':
+ return ['8.5.0-rc1'];
+ case '8.4.6':
+ return ['8.5.1'];
+ }
+
+ return [];
+}
+
/**
* Adds a task to the queue for fetching release history data for a project.
*