Hello,

I installed Drupal 6.2 and I upgraded it by patching to 6.3 and then 6.4. However, I still receive security warnings about Drupal version in admin/reports/updates. Is that a normal behaviour?

Thanks!

Comments

cog.rusty’s picture

Can you give an exact example of the security warnings that you are getting? What is it about?

toniher’s picture

Sorry for the formatting:

Drupal 6.2

Recommended version: 6.4 (2008-Aug-14)

Security update: 6.4 (2008-Aug-14)

Security update: 6.3 (2008-Jul-09)

Includes: Block, Blog, Color, Comment, Content translation, Database logging, Filter, Garland, Help, Locale, Menu, Node, Path, System, Taxonomy, Tracker, Update status, User

As I can read in http://drupal.org/node/280571 "If you are unable to upgrade immediately, you can apply a patch to secure your installation until you are able to do a proper upgrade. The patches fix security vulnerabilities, but do not contain other fixes which were released in these versions.", I understand it complains because I only patch security issues but there could be more updated issues, isn't it?

cog.rusty’s picture

I don't know for sure what is going on, but here is a guess.

My guess is that the update status report does not check the actual code changes, but gets its information from the system table in the database, from the "last update" serial numbers for each module. Those serial numbers are updated by each module's .install file when running update.php during an update, so they are probably misleading now.

scoutbaker’s picture

AFAIK, applying the patches will only update the components to fix the security issue. To upgrade, you need to download the full code and follow the process for performing an upgrade.

"Nice to meet you Rose...run for your life." - The Doctor