Version confusion: 6.x-1.8 or 6.x-1.9?

Sub

This needs to be resolved, as it's discouraging site owners to deploy a security update.

I reverted to older version.
Please advise soon.
David

Subscribing

Sub

Update status XML shows 6.x-1.9 status as unpublished. I suspect this has to do with the recent change to git and may be affecting other projects. Can anyone confirm?

drush shows only 6.x-1.8 as latest. Can't update.

Subscribing.

Subscribing

i had same result:

Secure Pages 6.x-1.9 6.x-1.9 Installed version REVOKED

There's the notes, 1.9 is correct. Drupal.org at times take longer to update the security information than the tarball... You have to check again in a day or so and report the problem then if it persists.

http://drupal.org/node/1070596

Subscribing

Hey,
Same problem here. Running Drupal core 6.2

Here is an error message:

Secure Pages 6.x-1.9 Revoked
Recommended version: 6.x-1.8 (2009-May-04)
Release revoked: Your currently installed release has been revoked, and is no longer available for download. Disabling everything included in this release or upgrading is strongly recommended!

needs to be resolved ASAP
thanks

Yeah... It has been more than 24h and it is still wrong in our "Available updates". So something's fishy happened.

Time to alert the security/webmaster guys I guess.

Same issue on my site.

100% of the contrib mod security updates I have needed to apply since D6 came out have run me through this sort of nonsense... insisting that I backlevel to the insecure version.

At this time it has been about three days since I received notification via "[Security-news] DRUPAL-SA-CONTRIB-2011-011 - Secure Pages - Open redirect" to update this module, I just refreshed Available Updates, the red error stating "go back to 6.x-1.8 is still there.

I suppose this is not the contrib mod's fault, and is a problem with Drupal core / Available Updates.

Still, it (the red annoying error) NEEDS to get fixed!

I thought this was a problem with update.module and posted http://drupal.org/node/1079618 there. I was surprised that this had been outstanding so long, and even more so after I found this thread.

Add one more to the request that this get fixed.

Fixed. This was caused by two problems:

A) When the security team published the SA and the release node, no one triggered a rebuild of the release history XML for securepages. That's supposed to be part of the process, so there's no lag where users see errors like this, but apparently it was forgotten in this case. Normally, the release history is regenerated whenever the packaging script is run, but there's nothing to automate a rebuild when an unpublished security update release is finally published, so for now, that remains a manual step (and hence, error-prone).

B) During the Git migration, we reorganized the code that periodically re-generates the release history XML feeds at updates.drupal.org for all projects, and the job that used to regenerate all the history every 6 hours hasn't been running. :( That's now configured, and we should be rebuilding all the history every 6 hours again. It's still lame to publish security releases and leave update status complaining for 6 hours at a time, but at least it's not days on end anymore. ;)

Sorry for the trouble...
-Derek