- MODX Senior Developer
splittingred Reply #1, 2 years, 10 months ago
There has been a reported security vulnerability for MODx Revolution 2.0 beta1 and beta2.
We have committed a temporary fix until we hit the root of the issue, which is a problem with the modAccessibleObject and Context Policy loading.
SVN users, to fix this vulnerability, please update to r5505.
Non-SVN users, please make the changes as illustrated here:
http://svn.modxcms.com/crucible/changelog/modx/?cs=5501
and here:
http://svn.modxcms.com/crucible/changelog/modx/?cs=5505
Again, MODx recommends that you not use any beta products on shared or public servers without acknowledging the risk of potential undiscovered vulnerabilities. If you do choose to use such products, MODx recommends using a restricted username and/or password that is limited only to the MODx install. This also applies to file and user permissions.
We apologize for any inconvience this might have caused.
We have committed a temporary fix until we hit the root of the issue, which is a problem with the modAccessibleObject and Context Policy loading.
SVN users, to fix this vulnerability, please update to r5505.
Non-SVN users, please make the changes as illustrated here:
http://svn.modxcms.com/crucible/changelog/modx/?cs=5501
and here:
http://svn.modxcms.com/crucible/changelog/modx/?cs=5505
Again, MODx recommends that you not use any beta products on shared or public servers without acknowledging the risk of potential undiscovered vulnerabilities. If you do choose to use such products, MODx recommends using a restricted username and/or password that is limited only to the MODx install. This also applies to file and user permissions.
We apologize for any inconvience this might have caused.