I have R 4.1.3 and RStudio-server 2022.12.0 installed on a Red Hat 8.9 server. Now R has been detected as a security vulnerability so I need to upgrade R from 4.1.3 to the latest version 4.4.x. I am new to R and RStudio-server and have not done any upgrade before. Can anyone please suggest what the best approach is to install the latest R (assuming there is no in-place R upgrade), remove the older version of R, and if needed reconfigure the existing RStudio-server to use the latest version of R? Does RStudio server 2022.12.0 support R 4.4.x ?
Also, would there be any impact to the the RStudio users after the R upgrade? Appreciate your help.
How did you install R initially? Did you use EPEL?
Our recommendation is to not use R as provided by your OS, since version upgrades can be disruptive. Instead, we provide binary builds that install into /opt, c.f. Install R – Posit Docs.
Good news w.r.t. these versions: These builds for R >= 4.0.0 have all been patched for this CVE. So regardless where the R package came from initially, you could install R 4.1.3 from there. This should be the least disruptive approach.
If you do want to upgrade R (now or later), keep in mind that your users will have to reinstall any packages they had in their user libraries, since installed packages are version dependent and therefore stored in a version dependent path below ~/R.
Note that you should update RStudio Server as well if you want to upgrade R, since support for R 4.3 was added in 2023.03.0 and for R 4.4 in 2024.04.1.
Yes. I do need to upgrade R 4.1.3 to the latest version as 4.1.3 is being detected as a security vulnerability on the RHEL 8 server. Can you please suggest the best/easiest way to upgrade R? Is there an in-place upgrade or I will need to install the newest version first and then remove the old version?
As for RStudio Server, would that also be a new installation + remove the old one or is there a way to do an in-place upgrade from the current version 2022.12.0 ? Please advise. Thank you.
Excellent that you used our builds! In that case you can simply download and install version 4.1.3 from there again to get a version of R that has the relevant fix applied. The normal installation instructions should work, thought you might have to force the installation if the version number of the RPM is identical.
If you do decide to upgrade the version of R, which does make sense for other reasons than the mentioned security issue:
Update RStudio Server by following the installation instructions, which also does an in-place upgrade.
Install the new version of R into a parallel directory below /opt.
Make sure that the new version of R is on the PATH, e.g. by updating links in /usr/local/bin.
