In the past few releases of Grav we have implemented Nonces (Numbers used only once) to secure forms and actions against CSRF attacks. We missed a few actions, and have adjusted our Nonce generation mechanism to be more performant.
However, the downside of this development is that it has caused some issues with some areas of the Admin to stop functioning until fixed. One of these actions that was missed previously was the Update buttons. This of course has caused a problem for upgrading Grav. But, not to fear, there is a simple solution!
Please check out the Grav Changelog for a complete list of changes.
How to update via Admin Plugin
We believe we have fixed all of these issues now in the Grav Admin Plugin v1.0.0-rc.7, however they do still exist in 1.0.0-rc.6, so if this looks familiar:
You will need to follow the following instructions:
-
first update all your plugins and themes via the Maintenance Panel in the Dashboard
-
Clear your browser cache by holding down
SHIFT
and clicking theReload
button in your browser's toolbar. This will ensure you are running the latest version of the JavaScript library that has the fixed Nonce support. -
Now you should be able to update Grav successfully through the Update notice.
How to Update via GPM
The Nonce changes do not effect GPM, so updating is a simple affair. Simply navigate to the root of the Grav install in your terminal and type:
$ bin/gpm selfupgrade
This will upgrade the Grav core to the latest version. Additionally, you should update all your plugins and themes to the latest version. You can do this using the command below:
$ bin/gpm update