You are here

private function ProjectSecurityData::getAdditionalSecurityCoveredMinors in Drupal 10

Same name and namespace in other branches
  1. 8 core/modules/update/src/ProjectSecurityData.php \Drupal\update\ProjectSecurityData::getAdditionalSecurityCoveredMinors()
  2. 9 core/modules/update/src/ProjectSecurityData.php \Drupal\update\ProjectSecurityData::getAdditionalSecurityCoveredMinors()

Gets the number of additional minor releases with security coverage.

This function compares the currently installed (existing) version of the project with two things:

  • The latest available official release of that project.
  • The target minor release where security coverage for the current release should expire. This target release is determined by getSecurityCoverageUntilVersion().

For the sake of example, assume that the currently installed version of Drupal is 8.7.11 and that static::CORE_MINORS_WITH_SECURITY_COVERAGE is 2.

Before the release of Drupal 8.8.0, this function would return 2.

After the release of Drupal 8.8.0 and before the release of 8.9.0, this function would return 1 to indicate that the next minor version release will end security coverage for 8.7.

When Drupal 8.9.0 is released, this function would return 0 to indicate that security coverage is over for 8.7.

If the currently installed version is 9.0.0, and there is no 9.1.0 release yet, the function would return 2. Once 9.1.0 is out, it would return 1. When 9.2.0 is released, it would again return 0.

Note: callers should not test this function's return value with empty() since 0 is a valid return value that has different meaning than NULL.

Parameters

string $security_covered_version: The version until which the existing version receives security coverage.

Return value

int|null The number of additional minor releases that receive security coverage, or NULL if this cannot be determined.

See also

\Drupal\update\ProjectSecurityData\getSecurityCoverageUntilVersion()

File

core/modules/update/src/ProjectSecurityData.php, line 216

Class

ProjectSecurityData
Calculates a project's security coverage information.

Namespace

Drupal\update

Code

private function getAdditionalSecurityCoveredMinors($security_covered_version) {
  $security_covered_version_major = ExtensionVersion::createFromVersionString($security_covered_version)
    ->getMajorVersion();
  $security_covered_version_minor = $this
    ->getSemanticMinorVersion($security_covered_version);
  foreach ($this->releases as $release_info) {
    try {
      $release = ProjectRelease::createFromArray($release_info);
    } catch (\UnexpectedValueException $exception) {

      // Ignore releases that are in an invalid format. Although this is
      // highly unlikely we should still process releases in the correct
      // format.
      watchdog_exception('update', $exception, 'Invalid project format: @release', [
        '@release' => print_r($release_info, TRUE),
      ]);
      continue;
    }
    $release_version = ExtensionVersion::createFromVersionString($release
      ->getVersion());
    if ($release_version
      ->getMajorVersion() === $security_covered_version_major && $release
      ->isPublished() && !$release_version
      ->getVersionExtra()) {

      // The releases are ordered with the most recent releases first.
      // Therefore, if we have found a published, official release with the
      // same major version as $security_covered_version, then this release
      // can be used to determine the latest minor.
      $latest_minor = $this
        ->getSemanticMinorVersion($release
        ->getVersion());
      break;
    }
  }

  // If $latest_minor is set, we know that $security_covered_version_minor and
  // $latest_minor have the same major version. Therefore, we can subtract to
  // determine the number of additional minor releases with security coverage.
  return isset($latest_minor) ? $security_covered_version_minor - $latest_minor : NULL;
}