The most important is to have a full backup and roll back strategy. Don't claim the mountain with a rope!
Temporarily add write access to protected files and directories:chmod 777 web/sites/default
chmod 666 web/sites/default/*settings.php
chmod 666 web/sites/default/*services.yml
From your Drupal project rootexport COMPOSER_ALLOW_SUPERUSER=1
0) (Optional) If you ever had a direct drupal/core line, remove it:composer remove drupal/core --no-update || true
1) Bump the blocking contrib to D11‑compatible versions (no update yet)composer require drupal/bootstrap5:^4 \ drupal/simple_oauth:^6 \ drupal/xmlsitemap:^2 --no-update
2) Bump Drupal core meta-packages to 11 (per the official guide)composer require 'drupal/core-recommended:^11' \ 'drupal/core-composer-scaffold:^11' \ 'drupal/core-project-message:^11' --no-update
(Optional) If you use core-dev/Drush:composer require 'drupal/core-dev:^11' --dev --no-update || truecomposer require 'drush/drush:^13' --no-update || true
3) Update core + the three modules in one shot, allowing Symfony to move to 7.xcomposer update "drupal/core-*" drupal/bootstrap5 drupal/simple_oauth drupal/xmlsitemap --with-all-dependencies
4) Finish updrush updb -y && drush cr
Don't forget to restore read-only access to the sites/default directory:
chmod 755 web/sites/default
chmod 644 web/sites/default/*settings.php
chmod 644 web/sites/default/*services.yml
- Log in to post comments