We launched new forums in March 2019—join us there. In a hurry for help with your website? Get Help Now!
MODX Community Forums Archive

[!important] Evolution v1.1.1 and security patch

  • yama Reply #1, 7 years, 4 months ago
    I am not sure whether my poor English will be transmitted, but I will announce it as simple as possible.

    https://forums.modx.com/thread/101240/evo-security-patch-1-0-12-and-above
    It is as already described here. Very thanks, @iusemodx .

    http://extras.evolution-cms.com/packages/core/security-fix.html
    Here is a simple patch to fix. It is easiest to use this. If you are driving Evolution v1.0.12 or later, please apply this patch promptly. Do not forget to test the operation of eForm and AjaxSearch. If there is new problem, we will fix it soon, so please let me know.
    And...A patch for evoGallery(module) is also included. If you open it with a text editor, overwrite it with uploadify.php whose content is empty.

    https://github.com/modxcms/evolution/archive/1.1.1_security_fix.zip
    If you are running Evolution older than v1.0.12, please use this. Just update normally, overwrite all files and open "install/" folder in browser. Then you can proceed as instructed and it's easy.

    Brief explanation.
    This vulnerability is not caused by the core.So you do not have to update the whole core.
    There is a reason why correspondence is divided before and after v1.0.12. This is because eForm's mail sending method changes before and after v1.0.12 because overwriting eForm will not work.
    People who want to know more about vulnerabilities, please give me PM. However, we can not respond if there are too many inquiries.

    Although v1.2 release is prepared, in v1.2 the appearance of the management screen changes and the processing of each part is optimized. Because there is a possibility that several new problems may be hidden, those who aim to resolve the vulnerability as soon as possible do not wait for v1.2 release and adopt v1.1.1.

    If you can support our development activities, please try v 1.2. If you do, we are glad. It can not evolve with conservative users alone. Evolution is v1.2 or later and opens the door to a new challenge, with the participation of new developers. I hope to grow with the excellent brother "MODX Revolution". Eventually got longer message, thanks. [ed. note: yama last edited this post 7 years, 4 months ago.]
      • 23610
      • 37 Posts
      pmfx Reply #2, 7 years, 4 months ago
      Thanks yama for this detailed info! Very helpful.
        • 13226
        • 953 Posts
        iusemodx Reply #3, 7 years, 4 months ago
        Thumbs up Yama smiley

        Just to add:

        The database also needs to be checked, read more here and here
          Download the latest Evo release
          Report an issue about Evo
          Read the Evo documentation