Drupal
/
drupal
mirror of https://git.drupalcode.org/project/drupal.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Issue #2989243 by xjm: _update_equivalent_security_releases() should not diverge per branch 

(cherry picked from commit a3d8fa1604)
8.7.x
Nathaniel Catchpole 2018-07-31 23:36:01 +09:00 committed by xjm
parent 6254e18dfa
commit fab1556de5
1 changed files with 54 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

54
core/modules/update/update.module
View File

@ -405,9 +405,63 @@ function update_get_available($refresh = FALSE) {
$available = \Drupal::keyValueExpirable('update_available_releases')->getAll();
}
// Check for security releases that are covered under the same security
// advisories as the site's current release, and override the update status
// data so that those releases are not flagged as needed security updates.
// Any security releases beyond those specific releases will still be shown
// as required security updates.
// @todo This is a temporary fix to allow minor-version backports of security
// fixes to be shown as secure. It should not be included in the codebase of
// any release or branch other than such backports. Replace this with
// https://www.drupal.org/project/drupal/issues/2804155.
foreach (_update_equivalent_security_releases() as $equivalent_release) {
if (!empty($available['drupal']['releases'][$equivalent_release]['terms']['Release type'])) {
$security_release_key = array_search('Security update', $available['drupal']['releases'][$equivalent_release]['terms']['Release type']);
if ($security_release_key !== FALSE) {
unset($available['drupal']['releases'][$equivalent_release]['terms']['Release type'][$security_release_key]);
}
}
}
return $available;
}
/**
* Identifies equivalent security releases with a hardcoded list.
*
* Generally, only the latest minor version of Drupal 8 is supported. However,
* when security fixes are backported to an old branch, and the site owner
* updates to the release containing the backported fix, they should not
* see "Security update required!" again if the only other security releases
* are releases for the same advisories.
*
* @return string[]
* A list of security release numbers that are equivalent to this release
* (i.e. covered by the same advisory), for backported security fixes only.
*
* @todo This is a temporary fix to allow minor-version backports of security
* fixes to be shown as secure. Replace this with
* https://www.drupal.org/project/drupal/issues/2766491.
*/
function _update_equivalent_security_releases() {
switch (\Drupal::VERSION) {
case '8.3.8':
return ['8.4.5', '8.5.0-rc1'];
case '8.3.9':
return ['8.4.6', '8.5.1'];
case '8.4.5':
return ['8.5.0-rc1'];
case '8.4.6':
return ['8.5.1'];
case '8.4.7':
return ['8.5.2'];
case '8.4.8':
return ['8.5.3'];
}
return [];
}
/**
* Adds a task to the queue for fetching release history data for a project.
*