MODX Revolution 2.8

The eighth minor release of MODX Revolution 2 is available for download.

By Jason Coward
October 6, 2020
MODX Revolution 2.8

MODX contributors and the integration team are proud to announce the 8th minor version release of MODX Revolution 2. MODX 2.8.0 features several bug fixes, enhances in-Manager security and updates some functional libraries used in MODX Revolution

Highlights

You can get a full list of changes by reviewing the changelog, but below are some of the significant revisions in this release.

Security

  • Prevent limited manager users from interacting with files in any media source
  • Fix assorted stored XSS issues in the manager
  • Fix XSS in file upload and file tree
  • Prevent potential XXE vulnerability in modRestService
  • Prevent XSS on a Template name in TV Template access grid
  • Prevent XSS on a Template's name
  • Prevent path traversal when sending a registry message

Other Significant Changes

  • Fix the display of the pagination toolbar
  • Check if a file exists during the upload pocess
  • Fix the incorrect path setting when uploading files
  • Create a dedicated method to get resource preview URL
  • Fixes a bug when emptying Resource trash
  • Fixes URL parameters in config.js processor
  • Set error message by field name instead of id
  • Add "Allow Blank" setting to URL, RichText, Image and File Template Variables
  • Add numberfield as Field Type option for System Settings
  • Add responsive styles for the login screen
  • Fixes a Fatal Error when upgrading from MODX Revolution 2.5.x or earlier
  • Improve the error handling and showing invalid fields when creating/editing resources or elements
  • Add "Update User Group" button to Access Control Lists > User Groups & Users for easier navigation
  • Add the image format webp to the list of allowed Uploadable File Types and Uploadable Image Types
  • Fallback to 0 if the an ID is not defined
  • Prevent rewrite of .well-known directory used by LetsEncrypt
  • Allow custom values in Listbox (Multi-Select) TV
  • Update xPDO to 2.8.1
  • Update phpThumb 1.7.15
  • Update PHPMailer to 5.2.28
  • Update Smarty to 3.1.36

Security is a Habit

Staying up-to-date with new releases is a good habit to keep your MODX-powered websites secure. The security issues fixed in 2.8.0 were limited to users that have a valid login to access the MODX Manager. A couple of the issues allowed changes or access beyond limited Manager users' permissions. As such we recommend you upgrade as soon as possible.

It Takes a Village…

The release would not be possible without the attention and effort of our community contributors.

Download MODX Revolution 2.8.0

Try it in MODX Cloud