Update status XML

Drupal’s update status infrastructure provides information on available releases at https://updates.drupal.org/release-history/{project}/[current|all|5.x|6.x|7.x|8.x]. For example, https://updates.drupal.org/release-history/drupal/current.

The canonical API implementation is Drupal Core’s update module.

There are 2 versions of elements returned, the current endpoint, and legacy all, 8.x, 7.x, etc. current includes projects with versions either prefixed with 8.x- or without an API compatibility prefix.

Top-level <project> element

• <title> The project title, as shown on the Drupal.org project page.
• <short_name> The project short or machine name on Drupal.org.
• <dc:creator> The project author’s user name on the Drupal.org project page.
• <type> The project type, either project_core, project_distribution, project_drupalorg, project_module, project_theme, project_theme_engine, or project_translation.
• <api_version> Legacy-only, the version of the API used to retrieve this project information.
• <supported_branches> In current only, “branches” which are marked as supported by the project’s maintainers. A branch in this case is the release version, truncated after the final .; it does not have any relation to Git branches. For example, the branch of 8.7.3 is 8.7., the branch of 7.x-1.2-alpha3 is 7.x-1.. The branches are comma-separated. Complete examples are 8.6.,8.7.,8.8.,8.9.,9.0. and 8.x-1.
• <recommended_major> Legacy-only, the highest major version recommended by the project’s maintainers.
• <supported_majors> Legacy-only, comma-separated major versions supported by the project’s maintainers.
• <default_major> Legacy-only, the lowest supported major version.
• <project_status> The project status, normally published, unsupported if no branches are supported, or unpublished.
• <link> URL for the Drupal.org project page.

<terms> element

Contains multiple <term> elements, each containing a <name> and <value> element. Names include:

• Projects The human-readable project type, such as Drupal core, Distributions, Modules, Themes, Theme engines, or Translations
• Maintenance status The maintenance status from the project page, such as Actively maintained, Minimally maintained, Seeking co-maintainer(s), Seeking new maintainer, or Unsupported
• Development status The development status from the project page, such as Under active development, Maintenance fixes only, No further development, Obsolete
• Module categories For modules only, the module categories from the project page, such as Administration, Community, or Content Access Control.

<releases> element

Contains multiple <release> elements, ordered by version with the highest version first, each containing:

• <name> The human-readable release name, such as “token 8.x-1.5”
• <version> The release’s version number, like 8.x-1.5
• <tag> The Git tag or branch name, like 8.x-1.5 or 8.x-1.x
• <version_major> Legacy-only, the parsed major version number component, if it exists. Such as 1
• <version_minor> Legacy-only, the parsed minor version number component, if it exists. Such as 2
• <version_patch> Legacy-only, the parsed patch version number component, if it exists. Such as 5
• <version_extra> Legacy-only, the parsed extra version number component, if it exists. Such as beta1 or rc3
• <status> Always published
• <release_link> The URL for the release notes page.
• <download_link> The URL for one of the downloads.
• <date> Unix timestamp of release creation, specifically the time the packaged download was generated.
• <mdhash> Legacy-only, the MD5 hash of the file in <download_link>
• <filesize> Legacy-only, the size of the file in <download_link> in bytes.
• <files> contains multiple <file> elements with children:
  • <url> URL of the file.
  • <archive_type> Either tar.gz or zip
  • <md5> MD5 hash of the file.
  • <size> Size of the file in bytes.
  • <filedate> Unix timestamp of the file creation date, when the release was packaged.
• <terms> contains multiple <term> elements, each containing a <name> and <value> element. Names include:
  • Release type “Bug fixes” or “New features.” If the release is a security update, “Security update.” If the release is known to be insecure, there is a security update in a future version, “Insecure.”
• <security> The security advisory coverage for the release. If covered, with a covered="1" attribute. Contains human-readable explanation like “Covered by Drupal's security advisory policy,” “Project has not opted into security advisory coverage!” or “Beta releases are not covered by Drupal security advisories.”
• <core_compatibility> In current only, the release’s core compatibility. From the project’s .info.yml file; if there is one matching {project short name}.info.yml, or falls back to the shortest file name, as a best guess at the project’s “primary” component. If available, core_version_requirement is used, otherwise core_api