Further emphasize upgrade notice for critical security updates

Problem statement

We will have a mechanism for showing a notification to administrators when their instance is out of date, and highlighting if they are out of date for security fixes: #295266 (comment 478318077)

This is a great first iteration to better surfacing the need for these users to upgrade. However every so often, we can find critical security vulnerabilities within our product, that can justify even broader messaging to administrators or potentially even users.

As of 14.5 (assuming the above ships) the most we can do is show a notification dot and an Update ASAP in the admin menu. Is there more we can do for particularly severe security vulnerabilities?

Potential solutions

Solutions could take the form of something like:

1. Extending the JSON returned to allow for a text field to provide additional context on the need to upgrade, or benefits of upgrading.
2. Having an additional "wider notification" function for critical security vulnerabilities, which will notify a wider audience, or notify admins in a much more obvious fashion.
3. Generating email messages or other content to administrators to prompt them to upgrade.
4. And so on

Updates

August 31, 2022

We have a number of issues related to this feature that are being worked on. This is the order or operations in order to complete this deliverable.

1. Upgrade badge seems to be gone from admin view
2. List latest 3 stable versions in the version check endpoint
3. Version Check API (check.json) - Add details field to API response
4. Add a call-to-action to the version indicator
5. Instrument and track upgrade notification views
6. Display details of missing security fixes in /help page

May 31, 2022

We should only use the notification for admins

• Figma spec 🔗