Revolution 2.2.13—Fixes Critical Security Issue

by Jay Stephen Gilmore

Published on March 7, 2014

Today we released MODX Revolution 2.2.13. This is a patch release that corrects an extremely critical security vulnerability that exists in all versions prior to and including 2.2.12. As this is a security release it should be considered a mandatory upgrade.

If you are unable to upgrade to 2.2.13 and are running Revolution 2.2.6 through 2.2.11 inclusive, you can replace the modx.class.php with the one from the relevant ‘pl2’ tag in the MODX Revolution repository. If you are running 2.2.12 you can use the modx.class.php file from 2.2.13.

E.g. for v2.2.10-pl it would be:

For releases prior to 2.2.6, please contact MODX Support for assistance patching your version, or to get help with an upgrade to 2.2.13.

For MODX Cloud users, we have enabled preventative measures to protect against this vulnerability, giving you more time to upgrade your sites.

If you need help upgrading your site, please contact your website builder or find a MODX Professional.

The next patch release, 2.2.14 will include the changes that were originally to be in 2.2.13 in GitHub.

Here’s what you need to get started or upgrade to MODX Revoluton 2.2.13:

MODX is only as good as it is because of many individual community members and users that take the time to report issues and request new features. Make sure you read the documentation, post feedback and share your successes in the MODX community forums.

On behalf of the entire MODX Team,

Millions Rely on MODX

In 2005, MODX could power a fully mobile-responsive website using HTML5 and CSS3, even though those technologies weren’t invented yet. And with MODX today, you’re ready not only for what you need now but also what comes next.

Try MODX Right Now