The MODx Revolution 2.0.3 release addresses a pair of
reported security vulnerabilities with MODx Revolution 2.0.2-pl and possibly earlier releases:
Input passed via the "modhash" parameter to manager/index.php is not properly sanitized before being returned to the user and input passed via the "class_key" parameter to manager/controllers/default/resource/tvs.php is not properly verified before being used to include files.
We recommend that anyone running previous versions of MODx Revolution upgrade to 2.0.3.
Download MODx Revolution 2.0.3-pl:
http://modxcms.com/download/#pl
Details of other improvements introduced in the 2.0.3 release can be found here:
http://modxcms.com/forums/index.php/topic,55104.0.html
Author of zero books. Formerly of many strange things. Pairs well with meats. Conversations are magical experiences. He's dangerous around code but a markup
magician.
Blog ✦
Twitter ✦
LinkedIn ✦
GitHub
MODX Staff