MODX contributors and the integration team are proud to announce the 8th minor version release of MODX Revolution 2. MODX 2.8.0 features several bug fixes, enhances in-Manager security and updates some functional libraries used in MODX Revolution
Highlights
You can get a full list of changes by reviewing the changelog, but below are some of the significant revisions in this release.
Security
- Prevent limited manager users from interacting with files in any media source
- Fix assorted stored XSS issues in the manager
- Fix XSS in file upload and file tree
- Prevent potential XXE vulnerability in modRestService
- Prevent XSS on a Template name in TV Template access grid
- Prevent XSS on a Template's name
- Prevent path traversal when sending a registry message
Other Significant Changes
- Fix the display of the pagination toolbar
- Check if a file exists during the upload pocess
- Fix the incorrect path setting when uploading files
- Create a dedicated method to get resource preview URL
- Fixes a bug when emptying Resource trash
- Fixes URL parameters in config.js processor
- Set error message by field name instead of id
- Add "Allow Blank" setting to URL, RichText, Image and File Template Variables
- Add
numberfield
as Field Type option for System Settings - Add responsive styles for the login screen
- Fixes a Fatal Error when upgrading from MODX Revolution 2.5.x or earlier
- Improve the error handling and showing invalid fields when creating/editing resources or elements
- Add "Update User Group" button to Access Control Lists > User Groups & Users for easier navigation
- Add the image format
webp
to the list of allowedUploadable File Types
andUploadable Image Types
- Fallback to
0
if the an ID is not defined - Prevent rewrite of
.well-known
directory used by LetsEncrypt - Allow custom values in Listbox (Multi-Select) TV
- Update xPDO to 2.8.1
- Update phpThumb 1.7.15
- Update PHPMailer to 5.2.28
- Update Smarty to 3.1.36
Security is a Habit
Staying up-to-date with new releases is a good habit to keep your MODX-powered websites secure. The security issues fixed in 2.8.0 were limited to users that have a valid login to access the MODX Manager. A couple of the issues allowed changes or access beyond limited Manager users' permissions. As such we recommend you upgrade as soon as possible.
It Takes a Village…
The release would not be possible without the attention and effort of our community contributors.