Today we released MODX Revolution 2.2.13. This is a patch release that corrects an extremely critical security vulnerability that exists in all versions prior to and including 2.2.12. As this is a security release it should be considered a mandatory upgrade.
If you are unable to upgrade to 2.2.13 and are running Revolution 2.2.6 through 2.2.11 inclusive, you can replace the modx.class.php with the one from the relevant 'pl2' tag in the MODX Revolution repository. If you are running 2.2.12 you can use the modx.class.php file from 2.2.13.
E.g. for v2.2.10-pl it would be:
For releases prior to 2.2.6, please contact MODX Support for assistance patching your version, or to get help with an upgrade to 2.2.13.
For MODX Cloud users, we have enabled preventative measures to protect against this vulnerability, giving you more time to upgrade your sites.
If you need help upgrading your site, please contact your website builder or find a MODX Professional.
The next patch release, 2.2.14 will include the changes that were originally to be in 2.2.13 in GitHub.
Here's what you need to get started or upgrade to MODX Revoluton 2.2.13:
- Download Revolution 2.2.13
- What's required to run Revolution 2.2
- How to install MODX Revolution
- How to upgrade MODX Revolution
- Read the MODX Revolution Documentation
- Get help with your Upgrade to Revolution 2.2.13 from a MODX Professional
MODX is only as good as it is because of many individual community members and users that take the time to report issues and request new features. Make sure you read the documentation, post feedback and share your successes in the MODX community forums.
On behalf of the entire MODX Team,