Revolution 2.2.8—Fixes Critical Security Issues

Today we released MODX Revolution 2.2.8. This is a patch release that corrects two extremely critical security vulnerabilities. It also includes a number of improvements and corrects several issues related to URLs and contexts.

This is a security patch release should be considered a mandatory upgrade. If you are unable to upgrade to 2.2.8 at this time, you may install this patch until you can upgrade, however, the patch may affect performance and should be uninstalled once upgraded.

If you need help upgrading your site, please contact your website builder or find a MODX Professional.

Here are the highlights of changes in the 2.2.8 release:

  • Closed security vulnerabilities related to Context initialization and HTTP_MODAUTH
  • Improve performance of modTemplateVar::getRenderDirectories()
  • Prevent conditional output filter recursion
  • Fixed resource IDs pairing with the wrong Context
  • Fixed link tags render as empty strings when FURLs are enabled with SQLSRV
  • For more details read the complete changelog

Here's what you need to get started or upgrade to MODX Revoluton 2.2.8:

MODX is only as good as it is because of many individual community members and users that take the time to report issues and request new features. Make sure you read the documentation, post feedback and share your successes in the MODX community forums.

On behalf of the entire MODX Team,
Thank-you!

About
Jay heads up Customer Development and Delight at MODX. He started with MODX while running his small web development and marketing company and has a background in Marketing and Management. He lives with his wife Tracy and daughter Georgia in a small riverside town on the South Shore of Nova Scotia.

http://www.jaygilmore.ca


13 Comments


  1. Dave F
    Jun 05, 2013 at 12:44 AM
    This update completely broke the Gallery component and all of my gallery pages :( :( :(

    1. Dave F
      Jun 05, 2013 at 12:46 AM
      Should have mentioned I'm getting the following errors now:

      Resource with gallery on frontend: Fatal error: Call to undefined function getDivisors() in /home/chaletso/public_html/core/cache/includes/elements/modsnippet/2.include.cache.php on line 481

      Backend Gallery component page: Fatal error: Uncaught exception 'SmartyException' with message 'Unable to load template file 'home.tpl'' in /home/chaletso/public_html/core/model/smarty/sysplugins/smarty_internal_template.php:162 Stack trace: #0 /home/chaletso/public_html/core/model/smarty/sysplugins/smarty_internal_template.php(537): Smarty_Internal_Template->isExisting(true) #1 /home/chaletso/public_html/core/model/smarty/Smarty.class.php(335): Smarty_Internal_Template->getRenderedTemplate() #2 /home/chaletso/public_html/core/model/modx/modmanagercontroller.class.php(257): Smarty->fetch('home.tpl') #3 /home/chaletso/public_html/core/model/modx/modmanagercontroller.class.php(174): modManagerController->fetchTemplate('home.tpl') #4 /home/chaletso/public_html/core/model/modx/modmanagerresponse.class.php(121): modManagerController->render() #5 /home/chaletso/public_html/core/model/modx/modmanagerrequest.class.php(173): modManagerResponse->outputContent(Array) #6 /home/chaletso/public_html/core/model/modx/modmanagerrequest.class.php(124): modManagerRequest- in /home/chaletso/public_html/core/model/smarty/sysplugins/smarty_internal_template.php on line 162

      1. Jay Gilmore
        Jun 05, 2013 at 01:33 AM
        Dave,

        So sorry you're having trouble after the update. I've not seen any reports of this yet. I think the best case is for you to ask for help in the forums with complete environment details and any other errors you might be seeing. Feel free to post the link to your thread here.

        1. Dave F
          Jun 05, 2013 at 01:50 AM
          Thanks Jay. I did solve this btw after reading some tips on similar errors. I will post my solutions in the case someone else comes across this.

          The first error was Fatal error: Call to undefined function getDivisors() in /home/chaletso/public_html/core/cache/includes/elements/modsnippet/2.include.cache.php on line 481

          The last part of that error tells me there is a problem with snippet with the id 2 (which in my case was the getResources snippet) .. going to package management and reinstalling getResources, solved that problem.

          For the 2nd problem, just needed to reinstall the gallery component.

          There was another problem where I couldn't edit any resources and the error was similar to the first but towards the end said "modplugin/1.includecache..." . Plugin with id 1 was tinyMCE and you guessed it, just a reinstall :)

          So thank goodness, the fixes were simple and everything is working fine now.

          1. Bert Oost
            Jun 05, 2013 at 07:48 AM
            I didn't have any problems so far with these update. Did it several times and worked great! Also sites with Gallery component updated nicely..

            1. Jeroen Kenters
              Jun 05, 2013 at 11:28 AM
              So far not a single problem here either. Did not have a site with Gallery so far, but tinymce and getResources still work as before without updating/reinstalling.

              1. warenhaus
                Jun 05, 2013 at 03:34 PM
                worked. but an unrelated note: I was looking for this post on modx.com, and browsing through the navigation menu I couldn't find the blog. so I googled mdox blog and found it.
                the blog being an important communication tool, it should not be hidden in the footer in small font.

                1. Jay Gilmore
                  Jun 05, 2013 at 03:38 PM
                  Warenhaus, we'll look at the making it even easier to find the Blog, however, it is linked in the global navigation beside the search bar. Just above the main site navigation. While it's more subtle than the main navigation perhaps we could locate it somewhere else too. Have any suggestions? Learn maybe?

                  1. Viktor
                    Jun 05, 2013 at 05:49 PM
                    Tried to upgrade from modx revolution v2.2.0pl. After upgrade manager is ok, but frontend gets fatal error:



                    ( ! ) Fatal error: Allowed memory size of 134217728 bytes exhausted (tried to allocate 571610 bytes) in ../core/model/modx/modparser.class.php on line 201



                    It's not always the same line in modparser.class.php - depends where memory goes out of range. For Example I also get:



                    Fatal error: Allowed memory size of 134217728 bytes exhausted (tried to allocate 10995690 bytes) in ../core/model/modx/modparser.class.php on line 120



                    Any ideas?

                    Here is the Stack trace of the later error:



                    Call Stack

                    # Time Memory Function Location

                    1 0,0004 357848 {main}( ) ..\index.php:0

                    2 0,0738 7374424 modX->handleRequest( ) ..\index.php:126

                    3 0,0753 7631728 modRequest->handleRequest( ) ..\modx.class.php:1337

                    4 0,1020 8934360 modRequest->prepareResponse( ) ..\modrequest.class.php:129

                    5 0,1029 9044792 modResponse->outputContent( ) ..\modrequest.class.php:145

                    6 0,3469 10354096 modParser->processElementTags( ) ..\modresponse.class.php:83

                    7 0,3473 10368072 modParser->processTag( ) ..\modparser.class.php:221

                    8 0,3645 10842840 modScript->process( ) ..\modparser.class.php:484

                    9 3,2647 20575008 modParser->processElementTags( ) ..\modscript.class.php:81

                    10 17,1375 40565808 modParser->processTag( ) ..\modparser.class.php:221

                    11 17,1401 49019224 modParser->processElementTags( ) ..\modparser.class.php:399

                    12 17,2046 65920464 modParser->processTag( ) ..\modparser.class.php:221

                    13 17,2098 65935464 modScript->process( ) ..\modparser.class.php:484

                    14 21,4888 77600784 modParser->processElementTags( ) ..\modscript.class.php:81

                    15 29,9004 86917496 modParser->processTag( ) ..\modparser.class.php:221

                    16 29,9006 87433680 modParser->processElementTags( ) ..\modparser.class.php:399

                    17 29,9036 88435208 modParser->processTag( ) ..\modparser.class.php:221

                    18 29,9086 88450208 modScript->process( ) ..\modparser.class.php:484

                    19 34,1406 100142568 modParser->processElementTags( ) ..\modscript.class.php:81

                    20 34,1531 111833408 modParser->collectElementTags( ) ..\modparser.class.php:203

                    21 34,1630 122850064 substr ( )




                    1. Jay Gilmore
                      Jun 06, 2013 at 10:45 AM
                      Viktor,

                      Could you start a thread in the Revo 2.2. forum, where we could have people help you with additional information: http://forums.modx.com/board/?board=264 Feel free to share the link to your post here.

                    2. Phil W
                      Jun 06, 2013 at 06:45 AM
                      All good here.10 sites updated - 8 cpanel, 2 modxcloud - no issues. All have gallery and it survived. Excellently smooth!

                      1. Stanley High School
                        Jun 10, 2013 at 09:07 AM
                        Impressive work !

                        1. Michael Grace
                          Jun 17, 2013 at 04:21 PM
                          Worked great and fixed the context links issues we were having. Thanks.

                          To leave a comment, please Login.