We launched new forums in March 2019—join us there. In a hurry for help with your website? Get Help Now!
  • MODx Revolution 2.0.3 Tightens Security and Offers Many Fixes and Improvements

    MODx Revolution improves daily and we are seeing ever-increasing use in production sites since it was released this past July. Wider adoption means more people are working with the finer details and we are finding and requesting enhancements and improvements for Revolution. As is to be expected, people are also finding things that don’t work quite right and therefore submitted bug reports to Jira.

    As this release closes a set of vulnerabilities we recommend you upgrade all versions of MODx Revolution 2.0.x to 2.0.3.

    The Revolution 2.0.3 release contains a number of fixes and improvements and here are the highlights:

    - Corrected potential cross-site scripting and file insertion vulnerabilities reported here: http://modxcms.com/forums/index.php/topic,55062.0.html
    - Improvements and fixes for Contexts regarding access and settings.
    - Corrected issue with Elements where "Clear Cache on Save" checkbox wouldn’t store value on save.
    - Enhanced System Info panel to get more details from phpinfo().
    - A number of improvements and fixes to Form Customization
    - Lots more little fixes with big impact.

    Revolution gets better with every release, so download it now to try it or update your existing Revolution sites.

    Download Revolution 2.0.3-pl
    Read the Revolution Documentation
    Read the Installation Guide or Upgrade Guide
    Check the Installation Requirements

    As with all releases, please submit bug reports and feature requests. You should also read the documentation, post feedback and successes in the MODx Community forums.

    Thanks,
    The MODx Team

    Complete Changelog/Release Notes:
    MODx Revolution 2.0.3-pl (September 30, 2010)
    ====================================
    - Fixed error in modResource::cleanAlias when context var is not available
    - [#MODX-2376] Fixed issues with updating settings on the context page
    - Fixed security issue with login screen and resource TV controller that allowed html injection
    - Fixed issue where clear cache checkbox isn't checked on Element pages
    - [#MODX-2370] Fixed various bugs with plugin event association on plugin page
    - [#MODX-1823] Improved the System Info panel by extracting data from phpinfo()
    - [#MODX-2362] Added missing OnResourceTVFormPrerender event
    - [#MODX-2374] Fixed issue where children nodes were not being moved with parent into new context
    - [#MODX-2373] Fixed imageTV issue where thumbnail was not cleared on data clearing
    - [#MODX-364] Fixed regClient* methods in cacheable Snippets on cacheable Resources
    - [#MODX-2370] Fixed issue with saving property sets on plugin events
    - [#MODX-2369] Fixed issue with modLinkTag and output filters where the filter commands were included in the URL
    - [#MODX-2350] Ensure that new Contexts always have Admin and Resource policy for Admin user group assigned to them
    - [#MODX-2352] Ensure that Context Settings appropriately override System Settings in core-level parsing where a Context is existent (example: site_unavailable_page)
    - [#MODX-2356] Ensure that OnResourceDelete and OnResourceUndelete events in update processors fire at correct times, after save()
    - [#MODX-2361] Ensure that a user in the Administrator group *always* has access to a Context when it is restricted in another user group
    - [#MODX-2357] Fixed bug that occurs when hiding a tab with FC rule that is the default active tab
    - [#MODX-2358] Fixed rare bug occurring with treestate in Chrome due to undefined variables in path
    - Fixed various issues with package management and the add new package button
    - Fixed bug where ?v=203pl is being added to content with .js in it, due to earlier commit to prevent js caching
    - Fixed issues with ellipsis/limit filters and special chars
    - [#MODX-2353] Fixed bugs with checkbox/radio TVs and complex values with HTML/quotes in them
    - Fixed some bugs with deleting a file in MODx.Browser in the actual view pane
    - [#MODX-2354] Fixed issue with imageTV and incorrect preview url reference
    - Fixed ellipsis output filter to use … instead of ...
    - [#MODX-2327] Fixed bugs with Form Customization not being respected
    - [#MODX-2349] Fixed bug with Form Customization and fieldDefault rule with template field
    - Added code to prevent caching of JS after upgrades by postfixing version to JS URLs
    - [#MODX-2342] Fixed issue where xhtml_urls setting wasnt included in build
    - [#MODX-2345] Fixed issue with templates and categories in mgr not persisting
    - [#MODX-2341] Fixed issue with redirect statement on login page in certain environments
    - [#MODX-2343] File upload now respects upload_* extension restrictions
    - [#MODX-2344] Respect context-specific filemanager_path in upload/remove actions on directory tree in mgr
      Author of zero books. Formerly of many strange things. Pairs well with meats. Conversations are magical experiences. He's dangerous around code but a markup magician. BlogTwitterLinkedInGitHub

    This discussion is closed to further replies. Keep calm and carry on.