A highly critical remote code execution vulnerability was recently discovered in Drupal CMS core settings. and user running Drupal are highly encouraged to upgrade immediately. On area Drupal is lacking is the ability to update or upgrade from its admin dashbaord.
You can not upgrade Drupal from its portal. so you’ll have to manaully update or upgrade to the latest version.
All previous version of Drupal are vulnerable. You can find out more about this vulnerability by going to this page
To resolve this remote code execurity vulnerability, you can either apply a patch or upgrade to the latest version of Drupal. Upgrading Drupal is the easiest method available and this post is going to show students and new users how to easily upgrade Drupal CMS.
To upgrade Drupal, continue with the steps below:
Step 1: Backup and Put Site in Maintanince Mode
Before uprgading your site, backup your content and database. and put your site in maintanance mode. You can do that by going to:
Logon to the admin interface and go to Administration > Configuration > Development > Maintenance mode.
Then put the site in maintanance mode and click Save.
You should always use maintenance mode when making major updates, particularly if the updates could disrupt visitors or the update process.
Step 2: Delete Drupal Core Files
Now that your site is in maintaninace mode, go and delete Drupal core directories by running the commands below.
Change into to your Drupal root directory. normally in /var/www/html/drupal or to where you installed it.
Then run the commands below to delete the core and vendor folders or directories. and remove all the file in the root directory.
sudo rm -rf core vendor sudo rm -f *.* .[a-z]*
Step 3: Restore Drupal Core Files with Latest
Now that you’ve deleted the core vendor folders as well as file in the root directory, go and download Drupal latest content. copy restore the files and folders you delete.
cd /tmp && wget https://ftp.drupal.org/files/projects/drupal-x.x.x.tar.gz tar -zxvf drupal-x.x.x.tar.gz
Next, copy the extracted files, particularly the core and vendor directory and files in the root of the downloaded folders. the reverse of what you did to delete the content above. This should restore the files and folders with the latest versions.
cd drupal-x.x.x sudo cp -R core vendor /var/www/html/drupal sudo cp *.* .[a-z]* /var/www/html/drupal
You may have to change the directory file permissions again. run the commands below
sudo chown -R www-data:www-data /var/www/html/drupal sudo chmod -R 755 /var/www/html/drupal
Step 4: Update the Core Database Tables
Finally, open your browser and browse to the site URL followed by update.php.
This will update the core database tables.
You should now be able to logon and go to your Drupal admin, navigate to Administration > Reports > Status report. Verify that everything is working as expected. You should see that the site is updated.
You can now go and take the site from maintenance mode.
You may also like the post below: