I have just read the latest post on the vulnerabilities found in 0.9.6.1:
http://modxcms.com/forums/index.php/topic,21290.msg135206.html#msg135206
This says that the current download on the website (which is marked as version 0.9.6.1) includes the patches.
However, I think that the patch updates modx from 0.9.6.1 to 0.9.6.2, so shouldn’t the download be marked as 0.9.6.2, not 0.9.6.1, now?
I just realised that this post might have been better off in the 0.9.6.1 (or new 0.9.6.2?) thread. If someone has the appropriate permissions, then feel free to move it.
Paul
-
MODX Staff
- 12,272 Posts
The current download on the site is marked as 0961p1 (patch 1). The only difference between it and the 0961 download is that the files outlined in the security thread were applied and a new .zip and .tar.gz updloaded.
0962 will be a different release with many more fixes and expanded manager functionality.
Ryan Thrash, MODX Co-Founder
Follow me on Twitter at @rthrash or catch my occasional unofficial thoughts at thrash.me
Ryan,
The site I updated (
http://bellands.com bottom of the page) now reports itself as 9.6.2. I think it got that way from me doing the security upgrade. It was a while ago and I can’t remember whether I uploaded or typed in the diffs by hand. I don’t
think I did anything directly to make it report as 9.6.2 but it’s possible that I did and forgot. At the time I made the fix, I was working on a zillion things at the same time. Luckily, things have settled down some since then.
Bob
-
MODX Staff
- 12,272 Posts
If you applied the patch it will report as 0962, as that was originally intended to be released as part of a broader upgrade.
Ryan Thrash, MODX Co-Founder
Follow me on Twitter at @rthrash or catch my occasional unofficial thoughts at thrash.me