Today we released MODX Revolution 2.2.8. This is a patch release that corrects two
extremely critical security vulnerabilities. It also includes a number of improvements and corrects several issues related to URLs and contexts.
This is a security patch release should be considered a mandatory upgrade. If you are unable to upgrade to 2.2.8 at this time, you may
install this patch until you can upgrade, however, the patch may affect performance and should be uninstalled once upgraded.
If you need help upgrading your site, please contact your website builder or find a
MODX Professional.
Here are the highlights of changes in the 2.2.8 release:
- Closed security vulnerabilities related to Context initialization and HTTP_MODAUTH
- Improve performance of modTemplateVar::getRenderDirectories()
- Prevent conditional output filter recursion
- Fixed resource IDs pairing with the wrong Context
- Fixed link tags render as empty strings when FURLs are enabled with SQLSRV
- For more details read the complete changelog
Download Revolution 2.2.8 now or read the
complete announcement details at the MODX Blog.
[ed. note: smashingred last edited this post 10 years, 11 months ago.]