This is the multi-page printable view of this section. Click here to print.

Return to the regular view of this page.

SA-CORE-2018-002 security update

    This document is archived but may contain useful information for troubleshooting future updates. For updated update steps, visit How to upgrade YMCA Website Services.


    To update your OpenY site with security fix from Drupal core https://www.drupal.org/sa-core-2018-002 OpenY team is suggesting 2 options- via patch and via Drupal core upgrade(or OpenY upgrade). Drupal core upgrade or OpenY upgrade is not always possible, but security issue should be fixed asap. So consider to apply patch and plan OpenY upgrade later.

    How to apply patch

    Patching OpenY releases 8.0.1 - 8.1.0 (Drupal core 8.2.x)

    For patching your very old OpenY release it is highly recommended to upgrade OpenY to latest version or at least to one of the 8.1.1-8.1.6 (Drupal core 8.3.x) with Drupal core upgrade to 8.3.9 https://www.drupal.org/project/drupal/releases/8.3.9 . In case if it is not possible right now, follow steps below:

    ssh -l root YOUR_SERVER_DOMAIN_NAME
    cd /var/www/html
    wget https://raw.githubusercontent.com/YCloudYUSA/yusaopeny-project/8.1.x/scripts/patches/8.2.x.patch
    

    Now you are ready to patch your site. But before patching - make a backup of the file which is about to be patched

    cp docroot/core/lib/Drupal/Core/DrupalKernel.php /var/backups/DrupalKernel.php
    

    To patch your site run the command to test if the patch can be applied:

    patch -p1 --dry-run < 8.2.x.patch
    

    You should see a result

    # patch -p1 --dry-run < 8.2.x.patch
    checking file docroot/core/lib/Drupal/Core/DrupalKernel.php
    checking file docroot/core/lib/Drupal/Core/Security/RequestSanitizer.php
    

    In case if result different - stop on this step and let us know you have issue. In case if all good proceed with a command below, which will patch your site:

    patch -p1 < 8.2.x.patch
    

    You should see the same output as previously, but now your site is patched.

    TIP: In case if you are using git repository for your site run

    git add docroot/core/lib/Drupal/Core/DrupalKernel.php docroot/core/lib/Drupal/Core/Security && git commit -m "Patching OpenY core" && git push
    

    to store your patched core into your own repository.

    Patching OpenY releases 8.1.1 - 8.1.6 (Drupal core 8.3.x)

    For patching your relatively old OpenY release it is highly recommended to upgrade OpenY to latest version or at least to one of the 8.1.7-8.1.10 (Drupal core 8.4.x) with Drupal core upgrade to 8.4.6 https://www.drupal.org/project/drupal/releases/8.4.6 . In case if it is not possible right now, follow steps below:

    ssh -l root YOUR_SERVER_DOMAIN_NAME
    cd /var/www/html
    wget https://raw.githubusercontent.com/YCloudYUSA/yusaopeny-project/8.1.x/scripts/patches/8.3.x.patch
    

    Now you are ready to patch your site. But before patching - make a backup of the file which is about to be patched

    cp docroot/core/lib/Drupal/Core/DrupalKernel.php /var/backups/DrupalKernel.php
    

    To patch your site run the command to test if the patch can be applied:

    patch -p1 --dry-run < 8.3.x.patch
    

    You should see a result

    # patch -p1 --dry-run < 8.3.x.patch
    checking file docroot/core/lib/Drupal/Core/DrupalKernel.php
    checking file docroot/core/lib/Drupal/Core/Security/RequestSanitizer.php
    

    In case if result different - stop on this step and let us know you have issue. In case if all good proceed with a command below, which will patch your site:

    patch -p1 < 8.3.x.patch
    

    You should see the same output as previously, but now your site is patched.

    TIP: In case if you are using git repository for your site run

    git add docroot/core/lib/Drupal/Core/DrupalKernel.php docroot/core/lib/Drupal/Core/Security && git commit -m "Patching OpenY core" && git push
    

    to store your patched core into your own repository.

    Patching OpenY releases 8.1.7 - 8.1.9 (Drupal core 8.4.x)

    For patching your OpenY release it is highly recommended to upgrade OpenY to latest version (8.1.10 or never) or at least to one of the 8.1.10 (Drupal core 8.4.x) with Drupal core upgrade to 8.4.6 https://www.drupal.org/project/drupal/releases/8.4.6 . In case if it is not possible right now, follow steps below:

    ssh -l root YOUR_SERVER_DOMAIN_NAME
    cd /var/www/html
    wget https://raw.githubusercontent.com/YCloudYUSA/yusaopeny-project/8.1.x/scripts/patches/8.4.x.patch
    

    Now you are ready to patch your site. But before patching - make a backup of the file which is about to be patched

    cp docroot/core/lib/Drupal/Core/DrupalKernel.php /var/backups/DrupalKernel.php
    

    To patch your site run the command to test if the patch can be applied:

    patch -p1 --dry-run < 8.4.x.patch
    

    You should see a result

    # patch -p1 --dry-run < 8.4.x.patch
    checking file docroot/core/lib/Drupal/Core/DrupalKernel.php
    checking file docroot/core/lib/Drupal/Core/Security/RequestSanitizer.php
    

    In case if result different - stop on this step and let us know you have issue. In case if all good proceed with a command below, which will patch your site:

    patch -p1 < 8.4.x.patch
    

    You should see the same output as previously, but now your site is patched.

    TIP: In case if you are using git repository for your site run

    git add docroot/core/lib/Drupal/Core/DrupalKernel.php docroot/core/lib/Drupal/Core/Security && git commit -m "Patching OpenY core" && git push
    

    to store your patched core into your own repository.

    ==========================

    How to patch your Digitalocean OpenY install

    In case if you have followed tutorial https://www.youtube.com/watch?v=V3K4-RLjxQo you should have your OPenY installed on you DigitalOcean server(droplet) in a predictable for current document folder. That’s why we prepared a short how to patch your OpenY site in a most simple way if you are not a Tech Guru, but just a user

    1. Log in as an admin user to your site admin UI by visiting /user/login URI page.
    2. Go to /admin/reports/status after login and search for Drupal Version string. It should be something like 8.2.x, 8.3.x or 8.4.x (x - some number too, like 8.4.2, for example). Based on your finding follow the steps below to your version
    3. Login to your ВigitalOcean cloud console at digitalocean.com and find Access Console in the dropdown for the droplet you are using for the OpenY image
    4. You should see a popup window with a black screen where console asks you for the login. Use root user and a password generated for you upon droplet creation.
    5. After login to a console run the command below, respectively to the version of your Drupal core.

    One line script to patch 8.2.x Drupal core for OpenY

    Type manually exact line

    bash < <(curl -s https://raw.githubusercontent.com/YCloudYUSA/yusaopeny-project/8.1.x/scripts/patches/run8.2.x.sh)
    

    and hit Enter. You should see OpenY was patched message.

    One line script to patch 8.3.x Drupal core for OpenY

    Type manually exact line

    bash < <(curl -s https://raw.githubusercontent.com/YCloudYUSA/yusaopeny-project/8.1.x/scripts/patches/run8.3.x.sh)
    

    and hit Enter. You should see OpenY was patched message.

    One line script to patch 8.4.x Drupal core for OpenY

    Type manually exact line

    bash < <(curl -s https://raw.githubusercontent.com/YCloudYUSA/yusaopeny-project/8.1.x/scripts/patches/run8.2.x.sh)
    

    and hit Enter. You should see OpenY was patched message.