rthrash Reply #1, 2 years, 1 month ago
The MODx Evolution 1.0.3 release addresses a number of reported security vulnerabilities with previous MODx Evolution 1.0.2 and earlier releases:
We strongly recommend that anyone running previous versions of MODx Evolution (including 0.9.x releases) consider Evolution 1.0.3 a mandatory upgrade.
Ddownload MODx Evolution 1.0.3: http://modxcms.com/download/
Details of other improvements introduced in the 1.0.3 release can be found here: http://modxcms.com/forums/index.php/topic,47756.0.html
-
* XSS possibilities with the SearchHighlight plugin (used by AjaxSearch) as reported in JVN#19774883 and JVN#46669729
* Unwanted information disclosure about the site structure in the TinyMCE plugin
* SQL Injection via WebLogin
We strongly recommend that anyone running previous versions of MODx Evolution (including 0.9.x releases) consider Evolution 1.0.3 a mandatory upgrade.
Ddownload MODx Evolution 1.0.3: http://modxcms.com/download/
Details of other improvements introduced in the 1.0.3 release can be found here: http://modxcms.com/forums/index.php/topic,47756.0.html