Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
By sudheer_battula on
Hello All,
my drupal installation is sugesting me to have the security updates, i am able to download the updates, but i dont have any idea of how to install those updates... Can any one help me how to do that...
Thanks in advance for the help.
Sudheer
Comments
By updates you mean new
By updates you mean new updates for drupal 6.x or any contributed-module?
Back everything up
* If you edited / hacked the code in any of the files in your modules directory (including the CSS files) (which you shouldn't have, by the way, it's not good practice) then this will overwrite those changes. If you're concerned about that, go through each file that you need to update first using something like WinMerge to compare the differences between the two files.
Sudheer, I would appreciate it if you complete my survey (see this post) - sorry, but you're an ideal candidate!
Regards
Patrick Nelson
UnderDesign Web Designers and Developers in Nottingham and the UK
www.underdesign.co.uk
Thanks
Thanks, UnderDesign and eli03. I'm new to Drupal and, not long after I installed it on my PC, I got a message to install the Drupal 6.5 security update. But I wasn't sure how to do that.
You have helped me solve that problem.
Security updates
I have the same problems... A step-by-step how-to guide for security updates would help many users. Is there a Drupal How-To Wiki somewhere?
If the tar file contains a .txt file containing the necessary instructions that is great for those who found them but wouldn't the first time updater like to know the steps BEFORE downloading?
Knowing can be the greatest obstacle to teaching.
=-=
The .tar does indeed have an ungrade.txt included beyond that between the google search and the drupal.org search the instructions are easily found.
I don't understand why one would be in a position to worry about reading an upgrade.txt file before actually downloading and installing drupal myself but that aside there is documentation and videos and tutorials about doing so already available on drupal.org.
Um... isn't this post
Um... isn't this post evidence of the fact that people want that info? Maybe this is just me (and the topic creator), but I like to know what the heck is going on before I start downloading tar.gz files.
A google search for instructions is evidence of a lack of documentation handy to the user. That is not a desirable feature of an upgrade process. The instructions exist, yes, but a nice link to them in the Drupal admin section would be nice. The process is already too manual for my liking.
=-=
if you want something more techy, use drush.module
set up an SVN.
get involved with the DUX7 and request/see if there is already a similar request about upgrade instructions. Though, I'd not want them on my admin screen all the time.
you want changes? get involved beyond bitching on the forums.
Wowzer.
Sad to see that the open source mentality is still running rampant.
You have to keep in mind that you can easily alienate people who are new to a technology. We've all been tainted and abused by *ahemsdhsemonkeyschough*soft, and we've turned to a much better (in my experience) alternative.
There's a huge learning curve for the ex-borg among us (I are one) who are stepping boldly into the realm of Linux and open source. I, for one, will never look back, and as a Microsoft dev of no mean experience, I've been pleasantly surprised to see how viable these alternative platforms are becoming for people who are trying to break away from the junk that Redmond is stuffing up so horribly.
Granted, I'd rather have someone be honest and say something like, "yo, plebe, get an education already, but here's what you need...[insert magical link to save me]" than have super-friendly East Indian customer 'support' people help me bungle up my server any day of the week.
That being said, put the kid gloves on. Many of us are trying to replace over-promised, under-delivered solutions with something that actually works.
Please tell me that you don't really believe it's not ridiculous to install the latest available version of a tool only to be confronted with a hair-on-fire, "You gotta install this sub-release to keep your server from being totally wiped out" message like a week later.
I installed the latest available package (6.13) very recently, and now I'm getting security update notices to upgrade to 6.14...and you guys are talking about 6.15?! Does this mean that as soon as I (according to the 'readme') install the one I need, I'm going to be confronted with another 'critical' version already? Following that paradigm, this isn't going to make my life any easier than just writing my own code and doing it right the first time.
Updating a package for security reasons shouldn't be every week, especially on a live site (read: we didn't test properly yesterday when we launched). When the instructions are basically 'kill your site and replace it with this', that's not a viable option. My customers will lose their minds.
The message I'm looking at is, "To ensure the security of your server...". Come on. I'm not launching to production if I'm seeing stuff like that.
And I'm not going to continue to deploy if it's gonna be a continual battle of upgrading.
Bitching? Dang skippy. If we intend to see this project going beyond 83 worldwide non-commercial wikis about overclocking your toaster, then we need a better upgrade path, and safe tools to use.
=-=
You can't possibly be arguing against security updates? If so, that is what I deem ridiculous. Exploits are uncovered and this happens regardless of the software used. Those exploits are patched and a new version of core distributed. Whether you update your site or not is up to you. The larger the market share any one script holds the more often it is picked apart to locate ways to exploit it. A hacker isn't going to waste time with hacking a script that is only used on 10 sites when they can comb code and find an exploit in a script that is run on 10,000 sites.
Define: "very recently". I ask because Drupal 6.13 was released over 2 months before Drupal 6.14 (see below).
Are you not subscribed to the security newsletter?
Based on the release date of Drupal 6.14 you should have been getting warning of a new release on the 16th of September.
6.15 is simply a placeholder for the next release when it's needed. It's where bug fixes are applied and tested. and is in -dev.
Depends on how long you take to install 6.14 considering you are already 3 weeks behind.
The above is a misleading overstatement.
Let's deal with some public facts:
Drupal 6.13 was released 7/1/09 see: http://drupal.org/node/507568
Drupal 6.14 released 9/16/09 see: http://drupal.org/node/579476
Looks like over 2 months between secuirty releases to me?
I always find remarks like the above laughable. Especially after reading an opening like:
Seriously, 10's of thousands of hours, by 1000's of contributors, have gone into core itself. If you believe that you can devote that kind of time and make "0" mistakes, or have a PHP exploit surface, by all means ... we'd love to see it : )
The only way to stay 100% secure, and never do an update to a site is not to run a site or stick to standard HTML.
Yeah, well...
Okay, so I spazzed out a little with the update process. It was actually pretty painless. Forgive my unwarranted unload on you with the open-source crack. That's been a bit of a smoldering cauldron for me for the last year as I've fought my way from 'ls whack what?' to where I'm at with Linux. I tell you what, pitching the whole idea of the registry was a shock at first, but now it's all so simple and powerful, I love it.
I worked for several years at Microsoft and my claim to fame is almost 13,000 lines of code ownership on Whistler. I saw some business ethics and practices across several groups that turned my stomach enough to make me turn away from the greed over quality paradigm. Being forced to endure the pain of the not even bleeding edge of Vista ensured my marked migration away from their junk. I'm actually on a vendetta at my current company (which is mired down in 25 years of legacy Microsoft 'partnership') to evolve forward (not just sideways) into something better.
Thank God for you troopers who have kept the faith and endured the noobs to keep the open-source community moving forward. I'm proud to say that no Redmond product is currently running in my house, and life's never been better.
I recently installed Hyper-V on our newest blade, divvied the hardware up four ways to house 3 Microsoft servers and one Ubuntu 8.04 LTS 64-bit. While they only 'support' *snort* various SUSE and Red Hat distros, Canonical installs and runs like a dream on it. I'm totally sold on Linux and PHP over the swollen .NET and .aspx technologies. They've played themselves completely out of the pocket from day one with .NET. It's over-engineered and clunky. I swear, if I get one more yellow-screen-of-death, "a generic error occurred" message, I'm going to blow up the building.
Okay, I'm ranted out.
I DID, however, just build this site like a week or so ago, and then to have to upgrade so soon shook me a little, since the doc for upgrading was a little more involved than the update Tuesday 'button' I normally click to hose my server. (flay me as a plebe if you will :P ) [disclaimer: See the reply-reply below]
After following the Drupal upgrade path and learning the ins and outs, it's not so scary. Drupal upgraded like a dream, and the messages throughout were not only friendly, but informative.
Be patient with us, and thanks for replying without going bat-nuggets on me. :D
Karl
Hey, you edited while I was editing! No fair...
You're right, now that I've looked at my server, I see that I re-used the .tar file that I downloaded on my initial build in August. (yeah, because I'm smart, and saved myself the time of downloading the newest distro...Blech....live and learn...)
I've since built five more sites on that .tar, like a dummy. Very recently, in this case, is about a week and almost a half. But I built on an old .tar. Gah.
[quote]
"Looks like over 2 months between secuirty releases to me?
this isn't going to make my life any easier than just writing my own code and doing it right the first time.
I always find remarks like the above laughable. Especially after reading an opening like:
There's a huge learning curve for the ex-borg among us (I are one) who are stepping boldly into the realm of Linux and open source. "
[end quote]
Make no mistake, I have huge reservations about trusting other people's code. I've been burned too many times not to. As self deprecating as it is, I'm also the first to admit to being a dork, which is the case here because I mucked up my methodology by re-using old code to build new sites...definitely my bad.
That being said, I'm also realistic. I quickly realized that the quality of the code in the Drupal core is such that it would take me a decade to best it. I've also seen thousands of hours by thousands of knuckleheads come to naught (hello Vista), so I'm overly cautious.
Meh. :/ Enough of that cruft.
I'll say it here, even though it's probably old hat for you guys, what I've learned in a year of serious commitment to learning how the open-source community works, I've been so terribly impressed by the quality and quantity of code that I've seen, it's just amazing.
I've deduced a theory. I write excellent code. When I commit to a project, it's because I love what I do. I feel very 'at home' here because with the open-source community, I've found that same mentality.
You all love what you do. This (not just Drupal, but the whole 'copyleft' world) community creates and upgrades this stuff because they love it. Any day of the week, give me a product built not just with talent, but with passion.There's no passion in commercial, investor driven projects. There's just 'go the the freezer, get the box...'.
With what you guys do, it's about passion for being the best, and fighting through until you are the best. That's huge. I wanna be a part of that, so I'm pouring myself into learning how I CAN be a part of that, even though much of my day-to-day is fraught with working through the problems of using tools that are built by people who just like to count money at the end of the day.
Open-source has been a big breath of fresh air for me, and I see why I need to give back. You said 'get involved' earlier...well....I'll see you in the funnies. :D
Karl
geez
geez you guys need to get lives..
=-=
says the person commenting on comments near a year old. ;)
Hello Pot
Seconded
My installation is telling me to install security update 6.5
I downloaded it. Now what. It looks like the complete drupal package. Do I have to manually drop folders here and there?
edit: bad grammar.
you can read the readme file
you can read the readme file about updating or upgrading, also make sure that all your module is compatible with the current version before upgrading.
----------
My Drupal site: Captivating Capiz - Come and Visit the beautiful Philippine Paradise!
shoot. I'm sorry I missed
shoot. I'm sorry I missed that. Thanks.
=-=
don't trust overwriting files. physically delete the old module and upload the new one. This avoids problems caused when an old file is removed from the module not being removed from your installation because of overwriting.
upgrade 6.x to 6.x+1
Hi all. It seems that for each little step one wants to take in Drupal there is pages and pages of information, discussion, opinions etcetera.
It only confuses me (and I suppose a lot of newbies) and makes me uselessly loose days and days.
I have never dared to upgrade.
In fact I am even afraid to install new modules once I get something working at more than 70% (is the best I achieve under Drupal).
For example now everything has fallen apart after trying to use Gallery-Assist. Since then my web says that I don't have Javascript enabled, but it is. I un-installed Gallery-Assist, but of course the problem remains.
So since there is nothing more to loose I guess I'd just risk it all doing an upgrade.
But what?
Under http://drupal.org/upgrade/ it says "If upgrading from one minor release to another, such as 6.3 to 6.14, jump straight to the latest release within that major version."..... What does "jump straight to the latest release" mean? Just delete and substitute all the core modules and do an upgrade, or are there more essential steps to make?
Thanks
I started with Drupal in 2007 and then my life got stuck...
=-=
means if you are using 6.2 go to 6.14 and not 6.3 - 6.4 - 6.5 - 6.6
best practice with reference to upgrades be it core or modules. Is to do it on a test site, with an export of your current production database.
before deploying a new module or an upgraded module ALWAYS do backups of your database FIRST.
Therefore. new module update out?
put production site in offline mode
export your database
import it into a new database
copy your drupal codebase over
edit settings.php to point to new database
do your upgrade on that databse to ensure it works properly before attempting to do it on the production site. This may seem like work. However, it removed a layer of risk and keeps your production site in working order if something were to go wrong. Remember, modules and core itself are built by humans thus there is room for human error.
Decent backup recipe
This doesn't per se answer the original question, but does address general murkiness about the upgrade process:
http://answers.oreilly.com/topic/501-how-to-upgrade-drupal/
(intra-major upgrade)
How I upgraded...
For those who are interested, I ran some tests, and here's what I found...
I had the same issue--installed Drupal, played around a little, and then got the upgrade notice. First you have to download the file. It's a .tar.gz file, so it needs to be unzipped/unpacked...in Windows, I had to use a program called 7-Zip (you can google that, and I'm sure there are other options...that's just what I used). I had to unzip it to get it from a .tar.gz file to a .tar file, then I had to unpack the .tar file (7-Zip did both). That gave me all the Drupal files, and I just deleted the old folders/files and replaced them with the new ones. I knew this was a risk, but a part of me hoped that all my content, etc. would be safe in the database. Then I visited my URL hoping everything would show up, and it actually looked like a new install. But if you follow the prompts (choose language, etc.), you eventually get this message:
Drupal already installed
* To start over, you must empty your existing database.
* To install to a different database, edit the appropriate settings.php file in the sites folder.
* To upgrade an existing installation, proceed to the update script.
* View your existing site.
So I clicked the link for Update Script. I got a few prompts after that, but I just hit Continue throughout (and Update once to update the database--you'll see what I'm talking about), and it worked fine. My content was all saved and seemed okay. There may be some risks to this, and I may have lost things I'm not aware of, but I'm still just playing around, so I wasn't too worried about it. Hopefully this helps some of those who had questions about the upgrade.
thank you
it is really great post. after reading this and above post it is more clear how to do updates on our drupal web site Well done guys, thanks for spending time and sharing these informations with us.
the same issue
Thank you.
Yesterday, I upraded from an earlier version to Drupal 7.23, I followed the step by step you cited above (@rtothep), except I did not get any notifications concerning (drupal already installed)
but when I hit reports ==> status report I got an alert saying that I have immediately to proceed to the update script. I proceeded as you said and everything is working as expected.