Revolution 2.2.13—Fixes Critical Security Issue

Today we released MODX Revolution 2.2.13. This is a patch release that corrects an extremely critical security vulnerability that exists in all versions prior to and including 2.2.12. As this is a security release it should be considered a mandatory upgrade.

If you are unable to upgrade to 2.2.13 and are running Revolution 2.2.6 through 2.2.11 inclusive, you can replace the modx.class.php with the one from the relevant ‘pl2’ tag in the MODX Revolution repository. If you are running 2.2.12 you can use the modx.class.php file from 2.2.13.

E.g. for v2.2.10-pl it would be:

For releases prior to 2.2.6, please contact MODX Support for assistance patching your version, or to get help with an upgrade to 2.2.13.

For MODX Cloud users, we have enabled preventative measures to protect against this vulnerability, giving you more time to upgrade your sites.

If you need help upgrading your site, please contact your website builder or find a MODX Professional.

The next patch release, 2.2.14 will include the changes that were originally to be in 2.2.13 in GitHub.

Here’s what you need to get started or upgrade to MODX Revoluton 2.2.13:

MODX is only as good as it is because of many individual community members and users that take the time to report issues and request new features. Make sure you read the documentation, post feedback and share your successes in the MODX community forums.

On behalf of the entire MODX Team,

Jay heads up Customer Development and Delight at MODX. He started with MODX while running his small web development and marketing company and has a background in Marketing and Management. He lives with his wife Tracy and daughter Georgia in a small riverside town on the South Shore of Nova Scotia.


To leave a comment, please Login.