Come together with the global Drupal community in Rotterdam, 28 Sept – 1 Oct 2026. Sessions, contribution, connection, and Early Bird savings until 8 June.e-commerce 5.x-3.4 contains a security update. however, the update status module states that 3.4 is insecure and requires an update to 5.x-4.0-alpha5+. i think this is a different problem than http://drupal.org/node/190240
i understand why update status might be recommending the upgrade to 4.0-alpha5 (due to it being labeled a default version) but it shouldn't be reporting this as a security issue, should it?
Comments
Comment #1
webernet commentedThis is a duplicate of the issue you mentioned.
Module maintainers should never set an ALPHA as the default ("Recommended") release (unless it's more stable than any of the other available releases).
The default release (in this case, alpha5) is a security release, so update status is functioning as intended by marking it as a security issue.