Today a highly critical security update (SA-CORE-2014-005) was released for Drupal 7. Any Drupal site running Drupal 7.31 or lower needs to update to 7.32 or apply the patch immediately. Here are some tips to get your Drupal 7 site updated today!
Option 1: Hotfix
This is the "OMG I don't have time to update Drupal core right now" option. You'll still need to do the actual upgrade later though! This is just a temporary fix. It protects you from the security hole, but you'll still need to update Drupal core for a long-term fix.
There is just one file updated in this security update and so patching is pretty straightforward. This is a good option especially if you're just trying to quickly update a bunch of personal sites that you maintain and don't have time to do a full upgrade to 7.32. (Thanks to fellow Lullabot Matt Robison for this tip.)
- Make sure you're in your drupal root directory.
- Run this command:
curl https://www.drupal.org/files/issues/SA-CORE-2014-005-D7.patch | patch -p1
- Make yourself a reminder on your calendar to do the real update!
Option 2: Use drush to update Drupal core
This is a good option for non-production sites, like on your local or development servers. You can then push the update up to your production site using git or other usual means.
- Navigate to your drupal root in Terminal (or other command line interface) (or use a drush alias, if you have one).
- Run the command
drush up drupal
Option 3: Upgrade Drupal Core Manually
This is a bit more time consuming but is ultimately the safest way to go. However, if it's so time consuming that you're putting it off, see option 1 and apply the patch!
For this, I'm just going to point you to two resources:
- Update Drupal Core (documentation handbook page on drupal.org)
- For our members, a Drupalize.Me video on Updating Drupal Core
Whatever you choose, update today!
This is a super-important security update. There should be an option for everyone here, whether or not you "have the time." Update your Drupal 7 sites today!
By the way, the Drupalize.Me site was updated first thing today! Your data and trust is so important to us. Thank you for being a member.