I have tested this item ✅ successfully on f4b53c8

Hint for other testers how I have tested

On a Linux (or if Windows: WSL) command line, I've called curl to post the request:

curl --user-agent "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:89.0) Gecko/20100101 Firefox/89.0" -H "X-JUpdate-Token: <my automated updates token>" -X POST https://<my subdomain>/api/index.php/v1/joomlaupdate/finalizeUpdate

The --user-agent parameter was necessary for me because my special hardened .htaccess file on my subdomains blocks certain user agents.

Of course you have to replace the <my automated updates token> by the token you can see in and copy from the automated update parameters of the Joomla Update component, and the <my subdomain> by the actual URL of your site.

Your site should be on Joomla 5.4.1, and automated updates should be enabled.

Result without the PR:

{"links":{"self":"https:\/\/test1.richard-fath.de\/api\/index.php\/v1\/joomlaupdate\/finalizeUpdate"},"data":{"type":"updates","id":"finalizeUpdate","attributes":{"success":true}}}

Result without the PR:

{"links":{"self":"https:\/\/test1.richard-fath.de\/api\/index.php\/v1\/joomlaupdate\/finalizeUpdate"},"data":{"type":"updates","id":"finalizeUpdate","attributes":{"success":true,"errors":[]}}}

I.e. with the PR there is an additional attribute "errors":[] in the response data.

In case of success (like here) it is an empty array.

For producing an error I have crated a new update SQL script administrator/components/com_admin/sql/updates/mysql/5.4.2-2025-11-30.sql with an invalid SQL statement:

INSERT INTO `#__bla` (`blubb`) VALUES ('');

After that I've repeated the API call.
Result:

{"links":{"self":"https:\/\/test1.richard-fath.de\/api\/index.php\/v1\/joomlaupdate\/finalizeUpdate"},"data":{"type":"updates","id":"finalizeUpdate","attributes":{"success":false,"errors":["Exception: installer::parseSchemaUpdates finished with \"false\" result. in test1\/administrator\/components\/com_joomlaupdate\/src\/Model\/UpdateModel.php:1067\nStack trace:\n#0 test1\/api\/components\/com_joomlaupdate\/src\/View\/Updates\/JsonapiView.php(120): Joomla\\Component\\Joomlaupdate\\Administrator\\Model\\UpdateModel->finaliseUpgrade()\n#1 test1\/api\/components\/com_joomlaupdate\/src\/Controller\/UpdatesController.php(104): Joomla\\Component\\Joomlaupdate\\Api\\View\\Updates\\JsonapiView->finalizeUpdate()\n#2 test1\/libraries\/src\/MVC\/Controller\/BaseController.php(730): Joomla\\Component\\Joomlaupdate\\Api\\Controller\\UpdatesController->finalizeUpdate()\n#3 test1\/libraries\/src\/Dispatcher\/ApiDispatcher.php(61): Joomla\\CMS\\MVC\\Controller\\BaseController->execute()\n#4 test1\/libraries\/src\/Component\/ComponentHelper.php(361): Joomla\\CMS\\Dispatcher\\ApiDispatcher->dispatch()\n#5 test1\/libraries\/src\/Application\/ApiApplication.php(433): Joomla\\CMS\\Component\\ComponentHelper::renderComponent()\n#6 test1\/libraries\/src\/Application\/ApiApplication.php(116): Joomla\\CMS\\Application\\ApiApplication->dispatch()\n#7 test1\/libraries\/src\/Application\/CMSApplication.php(304): Joomla\\CMS\\Application\\ApiApplication->doExecute()\n#8 test1\/api\/includes\/app.php(50): Joomla\\CMS\\Application\\CMSApplication->execute()\n#9 test1\/api\/index.php(31): require_once('\/homepages\/38\/d...')\n#10 {main}"]}}}

(with the absolute path to the files removed).

I.e. the new errors attribute contains the exception details and the call stack.

Of course you should remove that bad update SQL script after the test.

Thanks for the great testing instructions @richard67, unfortunately I have tried on 3 different sites and I am not getting past

curl --user-agent "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:89.0) Gecko/20100101 Firefox/89.0" -H "X-JUpdate-Token: <my automated updates token>" -X POST https://<my subdomain>/api/index.php/v1/joomlaupdate/finalizeUpdate

(with of course updating <my automated updates token> and <my subdomain>, for 2 sites, I just get a blank line after pressing enter and then eventually,

a. curl: (28) Failed to connect to www.domain.com port 443: Connection timed out

for another site, I get Method Not Allowed and for a 4th, I get a 403 forbidden:

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
<p>You don't have permission to access this resource.</p>
</body></html>

so I'm not having much fun :/ lol

I assume you added your token and just removed it from your post?

I assume you added your token and just removed it from your post?

Hi @brianteeman, yes absolutely.

@exlemor SSL is ok for your site? I.e. not a self signed certificate? curl is a bit strict with that.

@exlemor SSL is ok for your site? I.e. not a self signed certificate? curl is a bit strict with that.

These are all live sites (some testing installations, some not) all on the internet with Let's Encrypt SSL certs not self-signed.

@exlemor I've allowed myself to add the missing tickmarks for quoting code (or markup) on Github to your comment with your result.

a. curl: (28) Failed to connect to www.domain.com port 443: Connection timed out

Sure that this site was reachable with https from that client where you have used curl?

for another site, I get Method Not Allowed and for a 4th, I get a 403 forbidden:

Do these sites have an .htaccess file, and if so, does it contain this section? https://github.com/joomla/joomla-cms/blob/5.4-dev/htaccess.txt#L102-L113

Do they maybe have also an .htaccess file in the parent folder which forbids the api requests?

@exlemor I've allowed myself to add the missing tickmarks for quoting code (or markup) on Github to your comment with your result.

Thanks for the fix.

a. curl: (28) Failed to connect to www.domain.com port 443: Connection timed out

Sure that this site was reachable with https from that client where you have used curl?

Yes, just checked it, reachable - when I do a verbose curl, it seems to be negotiating up until the You don't have permission message

for another site, I get Method Not Allowed and for a 4th, I get a 403 forbidden:

Do these sites have an .htaccess file, and if so, does it contain this section? https://github.com/joomla/joomla-cms/blob/5.4-dev/htaccess.txt#L102-L113

Yes, they do, it's the unedited .htaccess file that comes with Joomla.

Do they maybe have also an .htaccess file in the parent folder which forbids the api requests?

Yes, there is as this test installation is in the /_j540/ sub-folder but it too is the default installation .htaccess file.

@exlemor And you have used the token from the Joomla Update component's automated update settings, not the API token which might be configured for the regular API access for the superuser?

@exlemor And you have used the token from the Joomla Update component's automated update settings, not the API token which might be configured for the regular API access for the superuser?

Absolutely Sir, I (usually ;) ) try to follow directions :p 🤪😂 especially when it's repeated.

Then I have no idea why it fails for your sites.

Then I have no idea why it fails for your sites.

😭 but thank you very much for taking the time to look into it!

I have tested this item ✅ successfully on f4b53c8

Tested with live site, starting with nigthly build full package, enabled Automated Updates

• Tested "success": true

curl -H "X-JUpdate-Token: wg...zG" -X POST https://joomla-test.heikol.de/api/index.php/v1/joomlaupdate/finalizeUpdate  | jq
{
  "links": {
    "self": "https://joomla-test.heikol.de/api/index.php/v1/joomlaupdate/finalizeUpdate"
  },
  "data": {
    "type": "updates",
    "id": "finalizeUpdate",
    "attributes": {
      "success": true
    }
  }
}

• Created invalid blubb SQL-statement like #46493 (comment)
• Seen "success": False without error description

  "data": {
    "type": "updates",
    "id": "finalizeUpdate",
    "attributes": {
      "success": false
    }
  }
  

• Applied PR in overwriting api/components/com_joomlaupdate/src/View/Updates/JsonapiView.php
• Error description is also listed:

  "data": {
    "type": "updates",
    "id": "finalizeUpdate",
    "attributes": {
      "success": false,
      "errors": [
        "Exception: installer::parseSchemaUpdates finished with \"false\" result. in public_html/administrator/components/com_joomlaupdate/src/Model/UpdateModel.php:1067\nStack trace:\n#0 public_html/api/components/com_joomlaupdate/src/View/Updates/JsonapiView.php(120): Joomla\\Component\\Joomlaupdate\\Administrator\\Model\\UpdateModel->finaliseUpgrade()\n#1 public_html/api/components/com_joomlaupdate/src/Controller/UpdatesController.php(104): Joomla\\Component\\Joomlaupdate\\Api\\View\\Updates\\JsonapiView->finalizeUpdate()\n#2 public_html/libraries/src/MVC/Controller/BaseController.php(730): Joomla\\Component\\Joomlaupdate\\Api\\Controller\\UpdatesController->finalizeUpdate()\n#3 public_html/libraries/src/Dispatcher/ApiDispatcher.php(61): Joomla\\CMS\\MVC\\Controller\\BaseController->execute()\n#4 public_html/libraries/src/Component/ComponentHelper.php(361): Joomla\\CMS\\Dispatcher\\ApiDispatcher->dispatch()\n#5 public_html/libraries/src/Application/ApiApplication.php(433): Joomla\\CMS\\Component\\ComponentHelper::renderComponent()\n#6 public_html/libraries/src/Application/ApiApplication.php(116): Joomla\\CMS\\Application\\ApiApplication->dispatch()\n#7 public_html/libraries/src/Application/CMSApplication.php(304): Joomla\\CMS\\Application\\ApiApplication->doExecute()\n#8 public_html/api/includes/app.php(50): Joomla\\CMS\\Application\\CMSApplication->execute()\n#9 public_html/api/index.php(31): require_once('...')\n#10 {main}"
      ]
    }
  }

• Deleted invalid blubb SQL-statement and checked "success": true without errors is still working

RTC

@SniperSister Thanks for this PR, and thanks @muhme for testing.