How to patch OJS » Open Journal Theme

How to patch OJS

Patching the OJS version 3.2.1-x

Warning!  We are not responsible if there is failure and damage to your OJS and database if you follow this step.

PKP developers are very dedicated to OJS maintenance and we need to give high appreciation for their attention to the OJS application. One of the examples of this is the periodic and responsive updates to the OJS application when security vulnerabilities and bugs have been reported by their users. This bug can cause your OJS to be accessed by hackers and threaten your OJS site to lose its database.

One of the bugs in OJS 3.2.1-x is caused by a bug that was found in the Laravel / illuminate package, this package is a core part of the database scripts used by OJS. for example in OJS 3.2.1.2 a security hole was found at the following link:

That leads to the following page:
https://github.com/pkp/pkp-lib/issues/6632

More specifically, this issue is a security vulnerability bug in laravel applications which is addressed on the following page :
https://github.com/advisories/GHSA-3p32-j457-pg5x

The solution is to patch your ojs. Remember that patching is not upgrading OJS but only updating some scripts to fix this vulnerability. This patch activity can only be done through SSH access on the server. Unfortunately, some panels do not support SSH access so you will need to do this on a different machine and using a Linux operating system. If you found hard to do this on SSH you can download the compressed fix on the part of this post.

Here are the steps:

  1. Backup your OJS including the ojs_files folder and public files.
  2. Login on your ssh OJS server
  3. Click the Security Issue link announced by PKP on the following page:
    https://pkp.sfu.ca/ojs/ojs_download/
    Search according to your version of OJS. For example, you are using ojs version 3.2.1-2 then you can click the security issue code link.
  4. Have a look at the following sections::

Perform the command by running the patch according to your ojs version. For example in the image above your ojs uses version 3.2.1-x, then you can run the patch command by running the script that is presented on the patching page. For example in the patching version of ojs 3.2.1-x, it is asked to patch the lib / pkp folder, the command that must be done is:

cd lib/pkp
wget -q -O – “https://github.com/pkp/pkp-lib/commit/339c2510a39fd288a0676a4edf98eebc74a7c739.diff” | patch -p1 –dry-run

The code above which starts with Wget will only test patching your ojs because it uses the –dry-run parameter. Make sure that you will receive the following output which means that the checking process is going well and can proceed to real patching.

Patching it with the command:
wget -q -O –
“https://github.com/pkp/pkp-lib/commit/339c2510a39fd288a0676a4edf98eebc74a7c739.diff” | patch -p1

Make sure that you get the following output:

Which means that the patching process was successful.

If you don’t get the output message above then it is recommended that you restore your version of OJS and analyze the output generated from the ssh command so that you can fix it.

OJS Patch file version 3.2.1.2:

To make it easier for you to patch this we have made this Patch file specifically for OJS version 3.2.1.2. Please remember this is for OJS 3.2.1.2 only.

1. Please download the patch file at the link below :

https://drive.google.com/uc?export=download&id=1QOIrlAXZ6WS5YLkuNhptsdfE7gZ6vOJs

2. After the file is downloaded, delete the lib folder of your OJS. Extract the downloaded file and replace the OJS lib folder with this newly extracted lib folder.
3. And the OJS version 3.2.1.2 patching process is complete

 

Notes :
*The tutorial that we described above only patches the OJS version that you are currently using and not upgrading the OJS version.
*Previously, make sure you have made a backup of the lib folder in your OJS folder.

 

Furthermore, if you encounter problems, please write them in the comments

Leave a Comment

Your email address will not be published. Required fields are marked *

Open Journal Theme

Professional Publishing system services OJS, OMP, Dspace, Eprints

Need More Services  or Question?

Openjournaltheme.com started in 2016 by a passionate team that focused to provide affordable OJS, OMP,  OPS,  Dspace, Eprints products and services. Our mission to help publishers to be more focus on their content research rather than tackled by many technical OJS issues.

Under the legal company name :
Inovasi Informatik Sinergi Inc.

Secure Payment :

All the clients financial account data is stored in the respective third-party site (such as Paypal, Wise and Direct Payment).
Your financial account is guaranteed protected. We never keep any of the clients’ financial data.

Exit mobile version