Today we released MODX Revolution 2.2.8. This is a patch release that corrects two extremely critical security vulnerabilities. It also includes a number of improvements and corrects several issues related to URLs and contexts.
This is a security patch release should be considered a mandatory upgrade. If you are unable to upgrade to 2.2.8 at this time, you may install this patch until you can upgrade, however, the patch may affect performance and should be uninstalled once upgraded.
If you need help upgrading your site, please contact your website builder or find a MODX Professional.
Here are the highlights of changes in the 2.2.8 release:
- Closed security vulnerabilities related to Context initialization and HTTP_MODAUTH
- Improve performance of modTemplateVar::getRenderDirectories()
- Prevent conditional output filter recursion
- Fixed resource IDs pairing with the wrong Context
- Fixed link tags render as empty strings when FURLs are enabled with SQLSRV
- For more details read the complete changelog
Here's what you need to get started or upgrade to MODX Revoluton 2.2.8:
- Download Revolution 2.2.8
- What's required to run Revolution 2.2
- How to install MODX Revolution
- How to upgrade MODX Revolution
- Read the MODX Revolution Documentation
- Get help with your Upgrade to Revolution 2.2.8 from a MODX Professional
MODX is only as good as it is because of many individual community members and users that take the time to report issues and request new features. Make sure you read the documentation, post feedback and share your successes in the MODX community forums.
On behalf of the entire MODX Team,