Jay Gilmore Reply #1, 1 year, 7 months ago
The MODx Revolution 2.0.3 release addresses a pair of reported security vulnerabilities with MODx Revolution 2.0.2-pl and possibly earlier releases:
Input passed via the "modhash" parameter to manager/index.php is not properly sanitized before being returned to the user and input passed via the "class_key" parameter to manager/controllers/default/resource/tvs.php is not properly verified before being used to include files.
We recommend that anyone running previous versions of MODx Revolution upgrade to 2.0.3.
Download MODx Revolution 2.0.3-pl: http://modxcms.com/download/#pl
Details of other improvements introduced in the 2.0.3 release can be found here: http://modxcms.com/forums/index.php/topic,55104.0.html
Input passed via the "modhash" parameter to manager/index.php is not properly sanitized before being returned to the user and input passed via the "class_key" parameter to manager/controllers/default/resource/tvs.php is not properly verified before being used to include files.
We recommend that anyone running previous versions of MODx Revolution upgrade to 2.0.3.
Download MODx Revolution 2.0.3-pl: http://modxcms.com/download/#pl
Details of other improvements introduced in the 2.0.3 release can be found here: http://modxcms.com/forums/index.php/topic,55104.0.html