Please take notice that two security vulnerabilities have been reported and confirmed in 3rd-party scripts that are included in the MODx 0.9.6.1 distributions. Please see
http://www.securityfocus.com/archive/1/485707/30/0/threaded for details.
You need to take immediate action to protect your site( s ).
For 0.9.6.1
Go to
http://svn.modxcms.com/trac/tattoo/changeset/3281 and you can choose from three options for applying the changes to your existing installations: download the zip archive from the link at the bottom (
http://svn.modxcms.com/trac/tattoo/changeset/3281?format=zip&new=3281) and overwrite your existing files, get the unified diff (
http://svn.modxcms.com/trac/tattoo/changeset/3281?format=diff&new=3281) and apply as a patch, or apply the diffs detailed on the page manually.
For 0.9.6
Same as above, though I recommend upgrading to 0.9.6.1 first to make sure you have the latest bug fixes.
Alternative for 0.9.6 or before...
Grab the latest trunk from
SVN and upgrade your installation normally.
Additional information, and an 0.9.6.2 official release with these patches included will be available shortly.