You are here

function _update_equivalent_security_releases in Drupal 8

Identifies equivalent security releases with a hardcoded list.

Generally, only the latest minor version of Drupal 8 is supported. However, when security fixes are backported to an old branch, and the site owner updates to the release containing the backported fix, they should not see "Security update required!" again if the only other security releases are releases for the same advisories.

@internal

Return value

string[] A list of security release numbers that are equivalent to this release (i.e. covered by the same advisory), for backported security fixes only.

Deprecated

in drupal:8.6.0 and is removed from drupal:9.0.0. Use the 'Insecure' release type tag in update XML provided by Drupal.org to determine if releases are insecure.

File

core/modules/update/update.module, line 434
Handles updates of Drupal core and contributed projects.

Code

function _update_equivalent_security_releases() {
  trigger_error("_update_equivalent_security_releases() was a temporary fix and will be removed before 9.0.0. Use the 'Insecure' release type tag in update XML provided by Drupal.org to determine if releases are insecure.", E_USER_DEPRECATED);
  switch (\Drupal::VERSION) {
    case '8.3.8':
      return [
        '8.4.5',
        '8.5.0-rc1',
      ];
    case '8.3.9':
      return [
        '8.4.6',
        '8.5.1',
      ];
    case '8.4.5':
      return [
        '8.5.0-rc1',
      ];
    case '8.4.6':
      return [
        '8.5.1',
      ];
    case '8.4.7':
      return [
        '8.5.2',
      ];
    case '8.4.8':
      return [
        '8.5.3',
      ];
  }
  return [];
}