function _update_equivalent_security_releases in Drupal 8
Identifies equivalent security releases with a hardcoded list.
Generally, only the latest minor version of Drupal 8 is supported. However, when security fixes are backported to an old branch, and the site owner updates to the release containing the backported fix, they should not see "Security update required!" again if the only other security releases are releases for the same advisories.
@internal
Return value
string[] A list of security release numbers that are equivalent to this release (i.e. covered by the same advisory), for backported security fixes only.
Deprecated
in drupal:8.6.0 and is removed from drupal:9.0.0. Use the 'Insecure' release type tag in update XML provided by Drupal.org to determine if releases are insecure.
File
- core/
modules/ update/ update.module, line 434 - Handles updates of Drupal core and contributed projects.
Code
function _update_equivalent_security_releases() {
trigger_error("_update_equivalent_security_releases() was a temporary fix and will be removed before 9.0.0. Use the 'Insecure' release type tag in update XML provided by Drupal.org to determine if releases are insecure.", E_USER_DEPRECATED);
switch (\Drupal::VERSION) {
case '8.3.8':
return [
'8.4.5',
'8.5.0-rc1',
];
case '8.3.9':
return [
'8.4.6',
'8.5.1',
];
case '8.4.5':
return [
'8.5.0-rc1',
];
case '8.4.6':
return [
'8.5.1',
];
case '8.4.7':
return [
'8.5.2',
];
case '8.4.8':
return [
'8.5.3',
];
}
return [];
}