Today we released MODX Revolution 2.2.13. This is a patch release that corrects an
extremely critical security vulnerability.
This is a security patch release should be considered a mandatory upgrade.
If you are unable to upgrade to 2.2.13 and running 2.2.6 through 2.2.11 inclusive, you can replace the modx.class.php with the one from the relevant 'pl2' tag in the MODX Revolution repository.
E.g. for v2.2.10-pl it would be:
https://raw.github.com/modxcms/revolution/v2.2.10-pl2/core/model/modx/modx.class.php
For releases prior to 2.2.6, please
contact MODX Support for assistance patching your version, or to get help with an upgrade to 2.2.13.
For
MODX Cloud users, we have enabled preventative measures to protect against this vulnerability, giving you more time to upgrade your sites.
The next patch release,
2.2.14 will include the changes that were originally to be in 2.2.13 in GitHub.
Read the complete
changelog.
Here's what you need to get started or upgrade to MODX Revolution 2.2.13:
We highly recommend keeping your software up-to-date. If you need help upgrading your site, please contact your website builder or contact a
MODX Professional.
MODX is only as good as it is because of many individual community members and users that take the time to
report issues and request new features. Make sure you
read the documentation,
post feedback and share your successes in the MODX community forums.
On behalf of the entire MODX Team,
Thank-you!