Open eric-yellin opened 5 years ago
Maybe run drush cr
and retry.
I also have this problem. "drush cr" doesn't work. Unpacking the latest version manually doesn't work either (i.e. doing a manual upgrade, not using drush)
Here's a log of me updating via drush for about the 5th time today :)
root@micro:~# drush @tjh up
Update information last refreshed: Tue, 23/04/2019 - 09:46
Name Installed Version Proposed version Message
Drupal 8.6.15 8.6.15 SECURITY UPDATE available
Code updates will be made to drupal core.
WARNING: Updating core will discard any modifications made to Drupal core files, most noteworthy among these are .htaccess and robots.txt. If you have made any modifications to these files, please back them up before updating so that you can re-create your modifications in the updated version of the file.
Note: Updating core can potentially break your site. It is NOT recommended to update production sites without prior testing.
Do you really want to continue? (y/n): y
Project drupal was updated successfully. Installed version is now 8.6.15.
Backups were saved into the directory /root/drush-backups/diary/20190422214626/drupal. [ok]
No database updates required [success]
root@micro:~# drush @tjh cr
Cache rebuild complete. [ok]
root@micro:~# drush @tjh up
Update information last refreshed: Tue, 23/04/2019 - 09:46
Name Installed Version Proposed version Message
Drupal 8.6.15 8.6.15 SECURITY UPDATE available
Code updates will be made to drupal core.
WARNING: Updating core will discard any modifications made to Drupal core files, most noteworthy among these are .htaccess and robots.txt. If you have made any modifications to these files, please back them up before updating so that you can re-create your modifications in the updated version of the file.
Note: Updating core can potentially break your site. It is NOT recommended to update production sites without prior testing.
Do you really want to continue? (y/n): n
Rolling back all changes. Run again with --no-core to update modules only.
Cancelled. [cancel]
No database updates required [success]
root@micro:~# drush --version
Drush Version : 8.2.3
I have the same problem, with Drush 8.1.15 and on Windows 10. (Drupal 8.6.15)
I tried drush cr
and drush updatedb
(-> "no database updates required") but it hasn't solved the problem.
Am also seeing this with drush
version 8.2.3. Have tried drush rf
, drush cr
and drush updatedb
but it still says "8.6.15 SECURITY UPDATE available".
Drush version: 8.2.3 PHP version: 7.0 OS: Linux
The problem is that the code cycles through the releases for any release with a term of "Security update" ... it only bails when the version found matches the currently installed version. Hence now 8.7.0-rc1 is out (and is a security release) it populates the array and then hits this regardless of the version being higher;
if (!empty($project_data['security updates'])) {
$project_data['status'] = DRUSH_UPDATESTATUS_NOT_SECURE;
}
If you're like me and stuck on the 8.x branch due to needing deprecated commands (in our case, for CI usage mainly dl
) then just update your /lib/Drush/UpdateService/StatusInfoDrush.php
file;
// Stop searching once we hit the currently installed version.
if ($project_data['existing_version'] === $version) {
break;
}
// Skip over versions greater than our currently installed version.
elseif ($project_data['existing_version'] < $version) {
continue;
}
I'll make a patch if there's any chance of this being included? Was incredibly confused to see that version_minor
isn't used?
Sure, a PR would be welcome.
This command was written when drupal core only had 1 supported branch at a time.
I'll have a think about how to achieve it ... as the above isn't the answer, it's just a workaround for getting our CI jobs to pass. It needs to ignore version_major
+ version_minor
~ not all releases higher than the current version (else it'll ignore 8.6.16 too!) It's fine for us for now as we're on the ball with new security releases.
This is not a super easy problem to solve. If there is a newer security release on the same major.minor series that you are currently on, then you are definitely NOT secure. However, what if you are on the most recent release of your major.minor series, but there are also security releases available on a later major.minor series? These releases should cause your Drupal site to be flagged as insecure UNLESS all of those security releases have been applied to the release that you have installed.
In order to get this right, you'll have to look at the release notes for all of the security releases that appear on later branches. (You can perhaps optimize this by pruning releases that came out before the release currently installed on the active Drupal site, under the assumption that every security release fixes all known vulnerabilities.) You will need to pull out all occurrences of strings similar to "SA-CORE-yyyy-nn", and see if all of those also appear in the release notes of the security release already applied (or some earlier security release, if you do not prune releases as previously suggested).
Perhaps a good first step would be to add another output field that extracts and displays the list of "SA-CORE-yyyy-nn" advisories fixed in each release.
Just a note that this isn't that there's some hidden 8.6.15.1 that updates 8.6.15.0. Drush (8) is continually asking to update 8.6.15, no matter how many times 8.6.15 installed.
@TrevorBradleyCDN Read the issue, the reason this is happening is mentioned and understood now.
@tjharman Missed pobastic's earlier comment. Understood now - It's glitching on 8.7.0-beta being an available update.
Thanks!
After upgrading Drupal core to latest 8.6.15 version with Drush then running: 'drush ups' the output shows:
Expected behavior: No message to upgrade core should appear after upgrading to the latest version.
Drush version: 8.1.17 PHP version: 7.2 OS: Linux