Subscribe: RSS
  • VERY IMPORTANT!

    If you have added the FileDownload snippet to a MODx site, please remove this snippet from your sites immediately. There is a known vulnerability in this component that can expose critical database credentials by allowing exploiters to download your config.inc.php file or any number of other critical files directly from your server. A new version of the component will be available shortly that resolves this issue, but in the meantime, it is absolutely critical that you disable this snippet.

    Also, if you have a site with this snippet currently enabled, it is highly recommended that you change your database username/password after disabling the snippet as soon as possible. It is possible that some sites have already been silently exploited and critical security information collected.

    Please note: FileDownload is not part of the core MODx distribution, so this only affects users who have downloaded and installed the FileDownload snippet.

    More information as soon as it becomes available.
    • Our downloads will return later today after resolving this issue.
        Ryan Thrash, MODX Co-Founder & Leader of Awesomeness
        Follow me on Twitter at @rthrash or catch my occasional unofficial thoughts at thrash.me
      • Patched and back online.
          Ryan Thrash, MODX Co-Founder & Leader of Awesomeness
          Follow me on Twitter at @rthrash or catch my occasional unofficial thoughts at thrash.me