diff --git a/composer.json b/composer.json
index a3beb420040a28e4ff70ca564c1543a5233bb96b..19fb2a3e410560f25effc0aa79b1ff92dd6c791f 100644
--- a/composer.json
+++ b/composer.json
@@ -266,7 +266,8 @@
         },
         "patches": {
             "drupal/core": {
-              "2799049": "patches/role_based_email_access-2799049-d87.patch"
+              "2799049": "patches/role_based_email_access-2799049-d87.patch",
+              "2949017": "https://www.drupal.org/files/issues/2018-09-19/allow-uid-1-to-delete-2949017-36-3.patch"
             },
             "drupal/better_exposed_filters": {
               "2961022": "https://www.drupal.org/files/issues/2018-09-27/better_exposed_filters-autosubmit-fix-2961022-4.patch"
diff --git a/vendor/composer/installed.json b/vendor/composer/installed.json
index 6c658fe8907eab9e641d3ddacbce94aa011fa399..3e427e11f37dbf9e4ecbff9b1ea9ea4ed9f06493 100644
--- a/vendor/composer/installed.json
+++ b/vendor/composer/installed.json
@@ -3752,7 +3752,8 @@
                 "merge-extra": false
             },
             "patches_applied": {
-                "2799049": "patches/role_based_email_access-2799049-d87.patch"
+                "2799049": "patches/role_based_email_access-2799049-d87.patch",
+                "2949017": "https://www.drupal.org/files/issues/2018-09-19/allow-uid-1-to-delete-2949017-36-3.patch"
             }
         },
         "installation-source": "dist",
diff --git a/web/core/PATCHES.txt b/web/core/PATCHES.txt
index c1b9dd1688b3b4c0ec4bcb22a19917f56890eca0..1df527946397999762989a1f413ce08e0bd13528 100644
--- a/web/core/PATCHES.txt
+++ b/web/core/PATCHES.txt
@@ -5,3 +5,7 @@ Patches applied to this directory:
 Source: patches/role_based_email_access-2799049-d87.patch
 
 
+2949017
+Source: https://www.drupal.org/files/issues/2018-09-19/allow-uid-1-to-delete-2949017-36-3.patch
+
+
diff --git a/web/core/modules/file/src/FileAccessControlHandler.php b/web/core/modules/file/src/FileAccessControlHandler.php
index 1e6768da645910d8026be13b98e44ce54e51dde9..8acf85eda1e35376e33f22dde7a6ca32ac96d311 100644
--- a/web/core/modules/file/src/FileAccessControlHandler.php
+++ b/web/core/modules/file/src/FileAccessControlHandler.php
@@ -64,8 +64,8 @@ protected function checkAccess(EntityInterface $entity, $operation, AccountInter
     if ($operation == 'delete' || $operation == 'update') {
       $account = $this->prepareUser($account);
       $file_uid = $entity->get('uid')->getValue();
-      // Only the file owner can update or delete the file entity.
-      if ($account->id() == $file_uid[0]['target_id']) {
+      // Only the file owner or UID 1 can update or delete the file entity.
+      if ($account->id() == $file_uid[0]['target_id'] || $account->id() == 1) {
         return AccessResult::allowed();
       }
       return AccessResult::forbidden('Only the file owner can update or delete the file entity.');