To support the recent changes to the project application process, namely decoupling the ability to create full projects/releases from security coverage - we need to provide indicators on the update status page of which installed modules receive security coverage.
The changes would need to:
- Indicate which modules have security coverage and which do not.
- Provide visual indicators of coverage status via the shield icon and the !-alert icon
- For modules that are explicitly unsupported for known security issues or other reasons, it should indicate that
In addition the changes could:
- Provide an alert on each page for admins like the 'you are using a module with a security release' warning
@hestenet, @drumm, and @mlhess hope to help drive this forward. @Dries has given his blessing to prioritize this patch.
At the DA we have updated the update status xml to support this change: #2853696: Add security advisory coverage to update status XML and can make additional changes as needed.
We(the DA) want to get this committed as soon as possible, and so we're allocating our sprint time towards getting this ready, writing tests, and responding to any reviews.