diff --git a/core/includes/bootstrap.inc b/core/includes/bootstrap.inc
index e1c15fe..f7ecf52 100644
--- a/core/includes/bootstrap.inc
+++ b/core/includes/bootstrap.inc
@@ -517,11 +517,7 @@ function find_conf_path($http_host, $script_name, $require_settings = TRUE) {
 function config_get_config_directory($type = CONFIG_ACTIVE_DIRECTORY) {
   global $config_directories;
 
-  if ($test_prefix = drupal_valid_test_ua()) {
-    // @see Drupal\simpletest\WebTestBase::setUp()
-    $path = conf_path() . '/files/simpletest/' . substr($test_prefix, 10) . '/config_' . $type;
-  }
-  elseif (!empty($config_directories[$type])) {
+  if (!empty($config_directories[$type])) {
     // Allow a configuration directory path to be outside of webroot.
     if (empty($config_directories[$type]['absolute'])) {
       $path = conf_path() . '/files/' . $config_directories[$type]['path'];
@@ -2596,8 +2592,8 @@ function drupal_valid_test_ua($new_prefix = NULL) {
     return $test_prefix;
   }
 
-  if (isset($_SERVER['HTTP_USER_AGENT']) && preg_match("/^(simpletest\d+);(.+);(.+);(.+)$/", $_SERVER['HTTP_USER_AGENT'], $matches)) {
-    list(, $prefix, $time, $salt, $hmac) = $matches;
+  if (isset($_SERVER['HTTP_USER_AGENT']) && preg_match("/^(simpletest\d+);(.+);(.+);(.+)([YN])$/", $_SERVER['HTTP_USER_AGENT'], $matches)) {
+    list(, $prefix, $time, $salt, $hmac, $config) = $matches;
     $check_string =  $prefix . ';' . $time . ';' . $salt;
     // We use the salt from settings.php to make the HMAC key, since
     // the database is not yet initialized and we can't access any Drupal variables.
@@ -2608,6 +2604,7 @@ function drupal_valid_test_ua($new_prefix = NULL) {
     // and the HMAC must match.
     if ($time_diff >= 0 && $time_diff <= 5 && $hmac == drupal_hmac_base64($check_string, $key)) {
       $test_prefix = $prefix;
+      _drupal_test_overrides($test_prefix, $config);
       return $test_prefix;
     }
   }
@@ -2616,10 +2613,28 @@ function drupal_valid_test_ua($new_prefix = NULL) {
   return $test_prefix;
 }
 
+function _drupal_test_overrides($test_prefix, $config) {
+  global $conf;
+  $path_prefix = 'simpletest/' . substr($test_prefix, 10);
+  if ($config === 'Y') {
+    foreach (array(CONFIG_ACTIVE_DIRECTORY, CONFIG_STAGING_DIRECTORY) as $type) {
+      $GLOBALS['config_directories'][$type] = array('path' => $path_prefix . '/config_' . $type);
+    }
+  }
+  $filename = conf_path() . '/files/' . $path_prefix . '/override.php';
+  if (file_exists($filename)) {
+    $settings = settings()->getAll();
+    $conf_path = &drupal_static('conf_path');
+    // This can override $conf, $conf_path and $settings.
+    include $filename;
+    new Settings($settings);
+  }
+}
+
 /**
  * Generates a user agent string with a HMAC and timestamp for simpletest.
  */
-function drupal_generate_test_ua($prefix) {
+function drupal_generate_test_ua($prefix, $config = 'Y') {
   global $drupal_hash_salt;
   static $key;
 
@@ -2632,7 +2647,7 @@ function drupal_generate_test_ua($prefix) {
   // Generate a moderately secure HMAC based on the database credentials.
   $salt = uniqid('', TRUE);
   $check_string = $prefix . ';' . time() . ';' . $salt;
-  return $check_string . ';' . drupal_hmac_base64($check_string, $key);
+  return $check_string . ';' . drupal_hmac_base64($check_string, $key) . $config;
 }
 
 /**
diff --git a/core/includes/update.inc b/core/includes/update.inc
index dd553f7..1a9eb59 100644
--- a/core/includes/update.inc
+++ b/core/includes/update.inc
@@ -385,6 +385,7 @@ function update_prepare_d8_bootstrap() {
       $disabled_modules->save();
       $theme_config->save();
       $disabled_themes->save();
+      Drupal::service('kernel')->updateModules($sorted_with_filenames, $sorted_with_filenames);
 
       // Migrate the private key to state. This is used to create the token for
       // the upgrade batch so needs to be be done before the upgrade has begun.
diff --git a/core/modules/system/lib/Drupal/system/Tests/Upgrade/BareMinimalAnonymousUpgradePathTest.php b/core/modules/system/lib/Drupal/system/Tests/Upgrade/BareMinimalAnonymousUpgradePathTest.php
new file mode 100644
index 0000000..c97a3d0
--- /dev/null
+++ b/core/modules/system/lib/Drupal/system/Tests/Upgrade/BareMinimalAnonymousUpgradePathTest.php
@@ -0,0 +1,32 @@
+<?php
+/**
+ * Definition of Drupal\system\Tests\Upgrade\BareMinimalAnonymousUpgradePathTest.
+ */
+
+namespace Drupal\system\Tests\Upgrade;
+
+
+class BareMinimalAnonymousUpgradePathTest extends BareMinimalUpgradePathTest {
+  public static function getInfo() {
+    return array(
+      'name'  => 'Basic minimal profile upgrade, free access',
+      'description'  => 'Basic upgrade path tests for a minimal profile install with a bare database and update_free_access set to TRUE.',
+      'group' => 'Upgrade path',
+    );
+  }
+
+  protected function prepareD8Session() {
+    $new_settings['settings']['update_free_access'] = (object) array(
+      'value' => TRUE,
+      'required' => TRUE,
+    );
+    include_once DRUPAL_ROOT . '/core/includes/install.inc';
+    $filename = $this->public_files_directory . '/override.php';
+    file_put_contents($filename, "<?php\n");
+    drupal_rewrite_settings($new_settings, $filename);
+  }
+
+  protected function assertStillLoggedin() {
+    // We are not logged in, nothing to assert.
+  }
+}
diff --git a/core/modules/system/lib/Drupal/system/Tests/Upgrade/BareMinimalUpgradePathTest.php b/core/modules/system/lib/Drupal/system/Tests/Upgrade/BareMinimalUpgradePathTest.php
index 9c51bee..7f1abdd 100644
--- a/core/modules/system/lib/Drupal/system/Tests/Upgrade/BareMinimalUpgradePathTest.php
+++ b/core/modules/system/lib/Drupal/system/Tests/Upgrade/BareMinimalUpgradePathTest.php
@@ -43,12 +43,7 @@ public function testBasicMinimalUpgrade() {
     $this->assertResponse(200);
 
     // Verify that we are still logged in.
-    $this->drupalGet('user');
-    $this->clickLink(t('Edit'));
-    $this->assertEqual($this->getUrl(), url('user/1/edit', array('absolute' => TRUE)), 'We are still logged in as admin at the end of the upgrade.');
-
-    // Logout and verify that we can login back in with our initial password.
-    $this->drupalLogout();
+    $this->assertStillLoggedIn();
     $this->drupalLogin((object) array(
       'uid' => 1,
       'name' => 'admin',
@@ -95,4 +90,15 @@ public function testBasicMinimalUpgrade() {
     $this->assertEqual(array('default' => 'Drupal\Core\Mail\PhpMail'), config('system.mail')->get('interface'), 'Default mail configuration set.');
   }
 
+  /**
+   * Assert that we are still logged in.
+   */
+  protected function assertStillLoggedin() {
+    $this->drupalGet('user');
+    $this->clickLink(t('Edit'));
+    $this->assertEqual($this->getUrl(), url('user/1/edit', array('absolute' => TRUE)), 'We are still logged in as admin at the end of the upgrade.');
+
+    // Logout and verify that we can login back in with our initial password.
+    $this->drupalLogout();
+  }
 }
diff --git a/core/update.php b/core/update.php
index 7d41e9f..472204c 100644
--- a/core/update.php
+++ b/core/update.php
@@ -46,6 +46,9 @@
  * Renders a form with a list of available database updates.
  */
 function update_selection_page() {
+  // Make sure there is no stale theme registry.
+  cache()->deleteAll();
+
   drupal_set_title('Drupal database update');
   $elements = drupal_get_form('update_script_selection_form');
   $output = drupal_render($elements);