MODX contributors and the integration team are proud to announce MODX Revolution 2.8.1. MODX Revolution 2.8 introduced a new API for developers to generate Resource previews even for sessionless contexts and fixed numerous security vulnerabilities and bugs. This release builds on that, addressing additional bugs and further enhancing in-Manager security.
Highlights
You can get a full list of changes by reviewing the changelog, but below are some of the significant revisions in this release.
Security
- Fix XSS in resource group name at TV > Access Permissions [#15280]
- Fix XSS in resource list TV [#15280]
Other Changes
- Fix alias_visible/syncsite checkboxes when switching templates [#15289]
- Allow directories with name "0" [#15296]
- Fix login button margins on mobile [#15300]
- Hide Update User Group button on Users tab when editing User Group [#15290]
- Only log session info if session is initialized [#15292]
- Avoid returning resource_groups on resource save [#15293]
- Fix JS TypeError if image/file TV fails validation [#15282]
- Add
upload_check_exists
system setting [#15285] - Fix fatal error in url TV input type [#15279]
- Fix fatal error in System Info [#15277]
Security is a Habit
Staying up-to-date with new releases is a good habit to keep your MODX-powered websites secure. The security issues addressed in 2.8.0 and this release are limited to users that have a valid login to access the MODX Manager. A couple of the issues allowed changes or access beyond limited Manager users’ permissions. As such we recommend you upgrade as soon as possible.
It Takes a Village…
The release would not be possible without the attention and effort of our community contributors including Jason Coward, Mark Hamstra, Ivan Bochkarev, Jan Peca, Carl Bohman, Ruslan-Aleev, sergant210, wfoojjaec, and many more.