Patching the OJS version 3.2.1-x
Warning! We are not responsible if there is failure and damage to your OJS and database if you follow this step.
PKP developers are very dedicated to OJS maintenance and we need to give high appreciation for their attention to the OJS application. One of the examples of this is the periodic and responsive updates to the OJS application when security vulnerabilities and bugs have been reported by their users. This bug can cause your OJS to be accessed by hackers and threaten your OJS site to lose its database.
One of the bugs in OJS 3.2.1-x is caused by a bug that was found in the Laravel / illuminate package, this package is a core part of the database scripts used by OJS. for example in OJS 220.127.116.11 a security hole was found at the following link:
That leads to the following page:
More specifically, this issue is a security vulnerability bug in laravel applications which is addressed on the following page :
The solution is to patch your ojs. Remember that patching is not upgrading OJS but only updating some scripts to fix this vulnerability. This patch activity can only be done through SSH access on the server. Unfortunately, some panels do not support SSH access so you will need to do this on a different machine and using a Linux operating system. If you found hard to do this on SSH you can download the compressed fix on the part of this post.
Here are the steps:
- Backup your OJS including the ojs_files folder and public files.
- Login on your ssh OJS server
- Click the Security Issue link announced by PKP on the following page:
Search according to your version of OJS. For example, you are using ojs version 3.2.1-2 then you can click the security issue code link.
- Have a look at the following sections::
Perform the command by running the patch according to your ojs version. For example in the image above your ojs uses version 3.2.1-x, then you can run the patch command by running the script that is presented on the patching page. For example in the patching version of ojs 3.2.1-x, it is asked to patch the lib / pkp folder, the command that must be done is:
wget -q -O – “https://github.com/pkp/pkp-lib/commit/339c2510a39fd288a0676a4edf98eebc74a7c739.diff” | patch -p1 –dry-run
The code above which starts with Wget will only test patching your ojs because it uses the –dry-run parameter. Make sure that you will receive the following output which means that the checking process is going well and can proceed to real patching.
Patching it with the command:
wget -q -O –
“https://github.com/pkp/pkp-lib/commit/339c2510a39fd288a0676a4edf98eebc74a7c739.diff” | patch -p1
Make sure that you get the following output:
Which means that the patching process was successful.
If you don’t get the output message above then it is recommended that you restore your version of OJS and analyze the output generated from the ssh command so that you can fix it.
OJS Patch file version 18.104.22.168:
To make it easier for you to patch this we have made this Patch file specifically for OJS version 22.214.171.124. Please remember this is for OJS 126.96.36.199 only.
1. Please download the patch file at the link below :
2. After the file is downloaded, delete the lib folder of your OJS. Extract the downloaded file and replace the OJS lib folder with this newly extracted lib folder.
3. And the OJS version 188.8.131.52 patching process is complete
*The tutorial that we described above only patches the OJS version that you are currently using and not upgrading the OJS version.
*Previously, make sure you have made a backup of the lib folder in your OJS folder.
Furthermore, if you encounter problems, please write them in the comments