Join Log in
Score:4
avatar Drupal

Module is not longer supported on Drupal 8 but requires 8?

ve flag
Sam

I'm updating a Drupal 8 site that hasn't been touched in about a year (just updated to 8.9.12). One of the module updates is Menu Token.

The module page reads:

Drupal 7.x and 8.x versions
No longer supported.

But for the latest version (9.1.0-alpha1), it reads:

Requires Drupal: ^8 || ^9

So... I'm confused. Is this safe to install on D8? 8 isn't supported, but it requires 8?

Screen shot of Menu Token page:

menu token page

794
0 + 0
Score:4
apaderno avatar Drupal
us flag
apaderno

Drupal 8 releases have been programmatically marked as unsupported, in the same way it was done for Drupal 6 releases time ago. They are marked as unsupported because, once a Drupal branch is unsupported, no security issue will be handled by the Drupal.org Security Team, for that Drupal branch and any module compatible with that Drupal release.

What reported as Requires Drupal: ^8 || ^9 isn't the required Drupal versions but, more exactly, the Drupal versions with which the module is compatible. A release that is compatible with Drupal 8 and Drupal 9 is usually necessary to migrate a site to Drupal 9.
That doesn't mean a module that is compatible with Drupal 8 is always safe to be installed on Drupal 8; it could contains a security issue when the module runs on Drupal 8 that nobody discovered. In the case a security issue is reported, it's up to the project maintainers fix it for Drupal 8.

Notice also that, when a release isn't covered by the security advisory policy, security issues could still be reported. What changes is how those security issues are reported: For releases covered by the security advisory policy, users are required not to report them publicly, but report them to the Drupal Security Team, privately; that isn't required for releases not covered by the security advisory policy, which include the alpha, beta, and release candidate releases.
The 9.1.0-alpha1 release shown in the screenshot isn't covered by the security advisory policy, which means that release is secure to be used on Drupal 8 in the same way it's secure to be used on Drupal 9.

0 + 0
Score:2
avatar Drupal
cn flag
Patrick Kenny

Yes, it should be fine to install.

Then why does it say "no longer supported"?

Drupal 8 is end of life, so it is no longer receiving feature fixes or security patches. As a result, work on Drupal 8 (but not 9) modules is no longer being done. So, there is "no support" because "only the Drupal 9 version is supported."

However, the module still works just as well as it did before support ended for Drupal 8-- it's safe to install.

In other words, "not supported" can be interpreted as "please don't file bug reports/feature requests if you are still on Drupal 8."

What does "requires" mean?

"Requires" in the Downloads section is a hard technical requirement-- you must have one of the listed versions of Drupal to install the module.

0 + 0
Score:0
Marassa avatar Drupal
pk flag
Marassa

I think it's just some clumsy wording. It's the module's versions 7.* and 8.* that are no longer supported. The module's version 9.* is supported and would run on core versions 8 and 9.

0 + 0
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.