Revolution 2.2.13—Fixes Critical Security Issue

Today we released MODX Revolution 2.2.13. This is a patch release that corrects an extremely critical security vulnerability that exists in all versions prior to and including 2.2.12. As this is a security release it should be considered a mandatory upgrade.

If you are unable to upgrade to 2.2.13 and are running Revolution 2.2.6 through 2.2.11 inclusive, you can replace the modx.class.php with the one from the relevant 'pl2' tag in the MODX Revolution repository. If you are running 2.2.12 you can use the modx.class.php file from 2.2.13.

E.g. for v2.2.10-pl it would be:

https://raw.github.com/modxcms/revolution/v2.2.10-pl2/core/model/modx/modx.class.php

For releases prior to 2.2.6, please contact MODX Support for assistance patching your version, or to get help with an upgrade to 2.2.13.

For MODX Cloud users, we have enabled preventative measures to protect against this vulnerability, giving you more time to upgrade your sites.

If you need help upgrading your site, please contact your website builder or find a MODX Professional.

The next patch release, 2.2.14 will include the changes that were originally to be in 2.2.13 in GitHub.

Here's what you need to get started or upgrade to MODX Revoluton 2.2.13:

MODX is only as good as it is because of many individual community members and users that take the time to report issues and request new features. Make sure you read the documentation, post feedback and share your successes in the MODX community forums.

On behalf of the entire MODX Team,
Thank-you!

Nice to meet you…

If you’re reading this, chances are you need assistance. Let’s get started:




How can we help?

Tell us the general reason for reaching out so we can connect you with the right team.

MODX Diagnostics

MODX’s Open Source software is 100% free for anyone to download and use. As the team behind it for more than a decade, we know it inside, out, and then some.

Like any software, sometimes things break; we can usually fix them very fast. But, we do have to charge for our time to support our families and fund its ongoing development. There are almost an unlimited variety of things that can cause problems, including server upgrades, corrupt files, accidental changes, outdated software, database hiccups and more. We will save you a lot of time and frustration, and get you back in action.

With our MODX Diagnostic service, we determine the source of issues, and often fix them on the spot. For more extensive problems needing more time, like hacked sites or overdue upgrades, we provide additional estimates and guidance. MODX Diagnostics cost $99 for standard business hours support (US Central Time), or $500 for priority, rush or after-hours emergencies.

If you don’t have budget for professional support from the source, you look for answers in the MODX Forums or Documentation, or seek help from MODXers in the Community Slack, or from MODX Professionals near you.

  I’m not ready to pay, let’s talk…

After submitting this form and completing payment, we will collect your access credentials in a secure support ticket. We look forward to helping restore your site back to full health.

Hi! We’d love to work together.

If you have a simple problem that needs our assistance, please request quick fix help here.

What should we keep in mind?

The project involves:
(select all that apply)
What are you planning?
(select all that apply)

Some other considerations

Specific project information

Commercial Support Customers

Customers with a current Commercial Support agreeement can get help using this form. Learn more about MODX Preferred Support.

Let’s get started

What seems to be the issue?

Contact MODX

We welcome conversations, ideas, inquiries and even the occassional cold sales call, but support and requests about how to use MODX software sent via this form cannot be guaranteed a response. That said, we try to respond to everyone that reaches out to us within two business days.

To report a security issue or file a bug for MODX software, please email security [at] modx.com to reach our security team. If you are looking for help with MODX, many times you can find an answer in the MODX Forums or MODX Documentation, from MODXers in realtime at the MODX Community Slack Channel, or from a MODX Professional near you.

How can we help?