Note that the instructions given below are only recommended for products based on Carbon 4.2.0. The instructions for Carbon 4.4.x products are given in the administration guide for Carbon 4.4.x.
According to the WSO2 patch application process, once the patches are created as explained in Creating a Carbon Kernel Patch, you can apply them either as individual patches or as a collection of patches. However, when the patches increase, it is more convenient to apply patches as a collection.
Note that if you forcefully stop the server using the Ctrl + C command while patches are being applied to the server, the metadata file (prePatchedDir.txt) that is used for storing the applied patch list will get corrupted and cause an error. This issue has been fixed from Carbon 4.3.0 onwards.
See the following topics:
Before you begin
- You can download all WSO2 Carbon Kernel patches from here.
- You can download security patches from here.
- Before you apply a patch, check its
README.txtfile for any configuration changes required.
Applying patches to the product
You can apply patches to your product in two ways:
- Apply each patch individually.
- If you want to apply multiple patches, create a collective patch and apply it to the product. A collective patch is a single patch that includes all the JAR files from the individual patches that should be applied.
Follow the steps given below to apply an individual patch or a collective patch to the product:
- Copy the patches to the
Start the Carbon server. The patches will then be incrementally applied to the
Before applying any patches, the process first creates a backup folder named
<PRODUCT_HOME>/repository/components/patches/directory, which will contain the original content of the
<PRODUCT_HOME>/repository/components/plugins/directory. This step enables you to revert back to the previous state if something goes wrong during operations.
Prior to Carbon 4.2.0 version, users were expected to apply patches by starting the server with
wso2server.sh -DapplyPatches. Now, you do not have to issue a special command to trigger the patch application process. It starts automatically if there are changes in the
<PRODUCT_HOME>/repository/components/patches directory. It verifies all the latest JARs in the
patches directories against the JARs in the
plugins directory by comparing the MD5s of JARs.
Verifying the patch application
After the patch application process is completed, the patch verification process ensures that the latest patches are correctly applied to the
- All patch related logs are recorded in the
<PRODUCT_HOME>/repository/components/patches/.metadata/prePatchedJARs.txtmeta file contains the list of patched JARs and the md5 values.
The patch directory information of all the applied patched will be in the
Do not change the data in the
<PRODUCT_HOME>/repository/components/default/configuration/prePatchedDir.txtfile. The patch application process gets the pre-patched list from this file and compares the list with the patches available in the
patchesdirectories. If you change the data in this file, you will get a startup error when applying patches.