Joomla 3.6.4 open_basedir restriction

    After i update to Joomla 3.6.4 (High Risk Security), all 5 updates websites dosent work.


    Sites on Joomla 3.6.3 , Wordpress, and all other php sites works fine.


    If i restart the php process, and open a Joomla 3.6.4 site, the first opened site is shown, the other 4 not.
    This works with all site, the first loaded Joomla is showen, the other 4 not.


    php error show this:


    Code
    1. Warning: require(): open_basedir restriction in effect. File(/var/www/virtual/DOMAIN1/htdocs/libraries/vendor/composer/../joomla/string/src/phputf8/utf8.php) is not within the allowed path(s): (/var/www/virtual/DOMAIN2/:/usr/share/php/:/dev/random:/dev/urandom) in /var/www/virtual/DOMAIN2/htdocs/libraries/vendor/composer/autoload_real.php on line 66 Warning: require(/var/www/virtual/DOMAIN1/htdocs/libraries/vendor/composer/../joomla/string/src/phputf8/utf8.php): failed to open stream: Operation not permitted in /var/www/virtual/DOMAIN2/htdocs/libraries/vendor/composer/autoload_real.php on line 66 Fatal error: require(): Failed opening required '/var/www/virtual/DOMAIN1/htdocs/libraries/vendor/composer/../joomla/string/src/phputf8/utf8.php' (include_path='.:/usr/share/php') in /var/www/virtual/DOMAIN2/htdocs/libraries/vendor/composer/autoload_real.php on line 66


    Data:
    Debian 8.5
    PHP 5.6.27-0+deb8u1
    Server version: Apache/2.4.10 (Debian)
    PHP Limit 256M

    Edited once, last by BudSpencer ().

    This error wants to tell you, that DOMAIN2 want to get some file from DOMAIN1, which is forbidden from security reasons. Probably, something went wrong during this update process.

    Thank, i knew it, but why, this is the question, everytime i update a site to Joomla 3.6.4 this happend.
    On Joomla <3.6.3 everthing is working fine.


    Any idea how i can fix this, because Joomla 3.6.3 has high risk vulnarbilitys

    @BudSpencer


    This occurs because your setup is wrong (as stated by @theqkash). Here, A script from DOMAIN2 try to access a file from DOMAIN1 which is not allowed by default for security reasons (customers are isolated as much as possible from each others). If you want allow this, you must tune the configuration by using the following listener: https://github.com/i-MSCP/imsc…p_confoptions_override.pl


    You must, for DOMAIN1, set the open_basedir parameter value such as /var/www/virtual/DOMAIN2/:/var/www/virtual/DOMAIN1/:/usr/share/php/:/dev/random:/dev/urandom


    If you understand nothing, we could do the job for you but online support is not free ;)

    badge.php?id=1239063037&bid=2518&key=1747635596&format=png&z=547451206

    SSH key for online support

    All Sites working again:


    Solution:
    Joomla 3.6.3 and higher has changend the Composer Components.
    You can update to 3.6.4 just restore one Old File from Joomla 3.6.2 "autoload_real.php" in /libary/vendor/composer
    The 3.6.2 autoload_real.php file has no Security issues.