diff --git a/hotfix/2.4.2/Dockerfile b/hotfix/2.4.2/Dockerfile
new file mode 100644
index 0000000000..1464cf469a
--- /dev/null
+++ b/hotfix/2.4.2/Dockerfile
@@ -0,0 +1,10 @@
+FROM sharelatex/sharelatex:2.4.1
+
+
+# Patch: Fixes anonymous read/write sharing
+ADD anonymous-metadata-router.patch /var/www/sharelatex/web/app/src/anonymous-metadata-router.patch
+RUN cd /var/www/sharelatex/web/app/src && \
+    patch < anonymous-metadata-router.patch
+ADD anonymous-metadata-contacts.patch /var/www/sharelatex/web/app/src/Features/Contacts/anonymous-metadata-contacts.patch
+RUN cd /var/www/sharelatex/web/app/src/Features/Contacts && \
+    patch < anonymous-metadata-contacts.patch
diff --git a/hotfix/2.4.2/anonymous-metadata-contacts.patch b/hotfix/2.4.2/anonymous-metadata-contacts.patch
new file mode 100644
index 0000000000..e0ff95c876
--- /dev/null
+++ b/hotfix/2.4.2/anonymous-metadata-contacts.patch
@@ -0,0 +1,20 @@
+--- a/ContactRouter.js
++++ b/ContactRouter.js
+@@ -5,6 +5,8 @@
+  * DS102: Remove unnecessary code created because of implicit returns
+  * Full docs: https://github.com/decaffeinate/decaffeinate/blob/master/docs/suggestions.md
+  */
++const Settings = require('settings-sharelatex')
++
+ const AuthenticationController = require('../Authentication/AuthenticationController')
+ const ContactController = require('./ContactController')
+ 
+@@ -12,7 +14,7 @@
+   apply(webRouter, apiRouter) {
+     return webRouter.get(
+       '/user/contacts',
+-      AuthenticationController.requireLogin(),
++      Settings.allowAnonymousReadAndWriteSharing ? (req, res, next) => { next() } : AuthenticationController.requireLogin(),
+       ContactController.getContacts
+     )
+   }
diff --git a/hotfix/2.4.2/anonymous-metadata-router.patch b/hotfix/2.4.2/anonymous-metadata-router.patch
new file mode 100644
index 0000000000..f1a7a70525
--- /dev/null
+++ b/hotfix/2.4.2/anonymous-metadata-router.patch
@@ -0,0 +1,23 @@
+--- a/router.js
++++ b/router.js
+@@ -607,16 +607,17 @@
+     ProjectDownloadsController.downloadMultipleProjects
+   )
+ 
++  console.log(`allowAnonymousReadAndWriteSharing: ${Settings.allowAnonymousReadAndWriteSharing}`)
+   webRouter.get(
+     '/project/:project_id/metadata',
+     AuthorizationMiddleware.ensureUserCanReadProject,
+-    AuthenticationController.requireLogin(),
++    Settings.allowAnonymousReadAndWriteSharing ? (req, res, next) => { next() } : AuthenticationController.requireLogin(),
+     MetaController.getMetadata
+-  )
++  ) 
+   webRouter.post(
+     '/project/:project_id/doc/:doc_id/metadata',
+     AuthorizationMiddleware.ensureUserCanReadProject,
+-    AuthenticationController.requireLogin(),
++    Settings.allowAnonymousReadAndWriteSharing ? (req, res, next) => { next() } : AuthenticationController.requireLogin(),
+     MetaController.broadcastMetadataForDoc
+   )
+   privateApiRouter.post(
\ No newline at end of file