MODX contributors and the integration team are proud to announce MODX Revolution 2.8.2. MODX Revolution 2.8.2 adds compatibility for PHP 8 and fixes a number of bugs and security issues.
Note: Sites that use rich text editors such as TinyMCE RTE, TinyMCE Wrapper, and similar will have issues with 2.8.2 related to the media browser. We’re integrating a fix and 2.8.3 will be available in the next week.
You can get a full list of changes by reviewing the changelog, but below are some of the significant revisions in this release.
- Prevent access to sensitive user data [#15678]
- Add permissions to enforce access to specific resource types [#15655]
- Flatten nested lexicon parameters by dot notation [#15490]
- Restrict static resources to predefined path [#15656]
- Prevent XSSI access to
MODx.configby requiring auth token [#15644]
- PHP 8 Compatibility [#15335]
- Fix Plugin and Template name validation [#15349]
- Support SameSite attribute in session cookies [#15666]
- Fix bug with special chars in directory or file names [#15505]
- Update PHPMailer to 6.4.0 [#15618]
- Update xPDO to version 2.8.3-pl
- Update Smarty to 3.1.39 [#15566]
Security is a Habit
Staying up-to-date with new releases is a good habit to keep your MODX-powered websites secure. The security issues addressed in this release are limited to users that have a valid login to access the MODX Manager. A couple of the issues allowed changes or access beyond limited Manager users’ permissions. As such we recommend you upgrade as soon as possible.
Special Notes on Upgrading to 2.8.2
Some of the security improvements in 2.8.2 will affect certain site configurations. Read about these changes and how to make any appropriate adjustments when upgrading to 2.8.2.
It Takes a Village…
The release would not be possible without the attention and effort of our community contributors including Mark Hamstra, Jason Coward, Thomas Jakobi, Bochkarev Ivan, Ivan Klimchuk, Ruslan Aleev, Sergey Shlokov, Raffy, Bruno17, wfoojjaec, and many more.