Revolution 2.5.7 was released today. This patch release makes you a little more secure. It contains fixes for low-risk security issues. Also, it corrects the inability to click on results in the search bar in the Manager in Chrome and Firefox.
Highlights of 2.5.7
Here are some of the most important changes in 2.5.7:
- Fix search bar results not clickable in Chrome & Firefox [#13405]
- Improve transport package downloads to be more reliable and use additional methods to download. [#13419]
- Make Forgot Password feature more secure [#13408]
- Proper use of json_encode and error handling for outputArray() in processors [#13389]
- Closing various low-risk security vectors for file inclusion, cross-site scripting (XSS) and more
For a complete list of changes in Revolution 2.5.7
read the changelog. If you haven’t upgraded to MODX Revolution 2.5.x yet, learn more from its original release announcement
Upgrading Is Critical
Revolution 2.5.2 contained critical security enhancements, and if you are not yet running 2.5.2 or higher, you should upgrade to 2.5.7 now. See below for more info.
We cannot stress the importance of diligently upgrading to the latest version of MODX enough. While no software is 100% secure, powering your site with the most current version usually helps protect you from hackers that rely on exploiting outdated software. If you’re not sure what version of MODX Revolution you’re running, log into your website Manager. If the version number doesn’t appear in the top left-hand corner of the Manager, go to <em>Manage>Reports>System Info</em>.
If you need help upgrading your site, please contact your website builder, find a MODX Professional
or get in touch with MODX Support
Let’s take the time to thank the individual contributors to this release: Mark Hamstra, Jason Coward, Thomas Jakobi, Romain Tripault, and Christian Seel.
We also would like to thank the two security consultants, Anti Räis of Clarified Security
and Tomáš Melicher of Citadelo
, who reported these issues so that we could make MODX more secure for everyone who uses it.
If you find a security issue with MODX Revolution, please send a detailed report to [email protected]
for review of our security team.
Get Started with Revo 2.5
Here’s what you need to get started or upgrade to MODX Revolution 2.5:
Ask Not What MODX Can Do For You
MODX is possible because of the many individual community members and users that take the time to report issues, request new features
, and submit code to the project
. Make sure you read the documentation
, post feedback and share your experiences
in the MODX community forums.
On behalf of the entire MODX Team, we thank you!
[ed. note: smashingred last edited this post 6 years, 7 months ago.]