<![CDATA[ MODX Evolution 1.0.5 Tightens Security and Lots of Little Improvements - My Forums]]> https://forums.modx.com/thread/?thread=237 <![CDATA[Re: MODX Evolution 1.0.5 Tightens Security and Lots of Little Improvements]]> https://forums.modx.com/thread/237/modx-evolution-1-0-5-tightens-security-and-lots-of-little-improvements#dis-post-412069
We're excited to continue to build on Evolution and look forward to some major improvements in 1.1.

so am i, being a huge evo user i was wondering if there were any news of an upcoming release
not that the current one isn't always the most intelligent cms i know by far... but well, just for the pleasure of hearing a little about it smiley

keep going
have swing]]> virtualbear Feb 15, 2012, 12:43 PM https://forums.modx.com/thread/237/modx-evolution-1-0-5-tightens-security-and-lots-of-little-improvements#dis-post-412069 <![CDATA[MODX Evolution 1.0.5 Tightens Security and Lots of Little Improvements]]> https://forums.modx.com/thread/237/modx-evolution-1-0-5-tightens-security-and-lots-of-little-improvements#dis-post-1626 A Long Time Coming But Evolution 1.0.5 is Here.

It’s been more than 6 months since Evolution 1.0.4 was released and many people are making the move to Revolution but we are committed to continue building on and refining our beloved Evolution and making sure it is as safe and easy as ever. Due to a number of imporant security improvements we consider upgrading to Evolution 1.0.5 mandatory.

Some highlights of this release include:

  • Security Enhancements—ongoing work to make sure your sites are safe from malicious attackers, including a workaround for a major PHP security bug that could crash servers running outdated versions of PHP
  • Manager Bugfixes and Enhancements—Over 20 improvments to the Manager to make it behave more consistently and predictably
  • Custom TVs and Widgets—Site builders can now define the HTML markup and behavior of TVs for truly custom TV behavior by inserting code directly into Input or Output widgets or using the @FILE binding to attach behaviors via files on the fielsystem
  • Template Inheritance Improvements—controllable via a System Setting, now you can specific Template inheritance for child docs based on Siblings (with a fallback to parent), Parents (current behavior) or just the System Default.
  • @INHERIT Improvements—Now works fully with @FILE bindings and also allows you to specify a default fallback in the event no ancestor values are found

  • Multibyte Language Enhancements—the Japanese community provided many enhancments to the core to improve experiences in multi-byte languages
  • All Major Core Components Updated—All major Add-ons brought up to their latest version, including jQuery 1.4.4

Download Evolution 1.0.5
Discuss Evolution 1.0.5
File a bug on Evo 1.0.5

We’re excited to continue to build on Evolution and look forward to some major improvements in 1.1.

We’d also like to take the time to thank the members of the MODX Community that contributed fixes and improvements in 1.0.5:

Yama, Max Paprikas, Goldsky, Nick Crossland, Coroico, lammikko, Susan Ottwell, David Bunker, Andrei Rimsa Alvares, WebSee, Thomas Jakobi, Zaigham R, Andrew andchir, Charlie Madison, Terry Mohan, Brett Florio, Keith Penton, and Esche Lev.

Sincerely,
The MODX Team

Changelog/Release Notes:
This file shows the changes in recent releases of MODx. The most current release is usually the
development release, and is only shown to give an idea of what's currently in the pipeline.

MODx Evolution 1.0.5 (Jan 19, 2011)
===================================
--------------------------------------------
Security:
--------------------------------------------
* [#MODX-1035] fix XSS vulnerability in installer
* [#2787] fix XSS vuln. in image editor
* [#3352] work around critical PHP bug 53632
* [#3437] fix vulnerability in AjaxSearch allowing attacker to view arbitrary files (JVN#95385972)
* [#3429] fix SQL injection vulnerability in AjaxSearch allowing attacker to execute arbitrary PHP code (JVN#54092716)

--------------------------------------------
Bugfixes:
--------------------------------------------
* [#MODX-2245] 3 events not firing: OnWebChangePassword, OnManagerSaveUser, OnManagerChangePassword
* [#MODX-1331] Resources in tree unclickable if pagetitle contains line break
* [#100] fix TV with Input Type 'Date' and Widget 'Unixtime' returns wrong value
* [#435] improve installer handling of Sample Site option
* [#359] published date always set due to ManagerManager demo rules
* [#488] Fix bad check for mysql strict mode
* [#595] Fix bad path on Resource Editor rich text fields when TMCE in "root relative" mode
* [#1252] Fix @SELECT multi-select listbox TV losing its value when switching Content field "Editor to use"
* [#321] stop parser from running case-mismatched snippet calls
* [#343] Fix Hiding "Validate Referer" warning messes up the setting itself
* [#432] Fix TV date-layer display problem with multiple datefields in FF 3.6.3
* [#445] Fix error displaying filenames with non-Latin charsets
* [#577] Fix Spanish UTF8 language file
* [#760] Fix Document tree not loading in children
* [#609] Fix web_groups and member_groups tables can have duplicate entries
* [#364] Fix W3C validation problem with TV image output widget
* [#2957] Allow multibyte strings in QuickManager+ TV buttons
* [#2711] Re-fix path bug in Image Editor
* [#3060] Fix message count on Manager welcome page
* [#1070] Fixed bug in DocManager where it would not create new TV values, only update existing ones
* [#3163] Fix RSS feed encode issue
* [#1871] Fix for file manager when aggressive caching/pre-fetching is used at the ISP level (e.g. satellite internet)

--------------------------------------------
Additional Improvements & Updates:
--------------------------------------------
* [#MODX-1734] Add context parameter to the getLoginUserName() API function
* [#4] getDocumentObject allows full alias path to be specified
* [#443] TinyMCE updated to 3.3.9.2
* [#23] Quick Manager+ updated to 1.5.4
* [#421] ManagerManager updated to 0.3.9
* [#421] AjaxSearch updated to 1.9.2
* [#359][#421] Default Chunk for ManagerManager rules now "mm_rules"; Since demo rules are "mm_demo_rules", MM is now disabled on install
* [#308] Return to active tab for Elements, regardless of "Remember tabs" system setting
* [#331] Updated Czech language file
* [#881] Improvements to Template inheritance (moved from plugin into core, added system setting to control behavior)
* [#592] Adjustment of manager fonts
* [#476] Improvement to New user's default role
* [#378] Check for and disallow reserved words in Template Variable names
* [#1360] Better handling of Template Switcher plugin
* [#833] Manager and Web User comments field no longer limited to 255 characters
* [#1132] New system setting to strip characters from files uploaded in Manage Files (using same logic configured for aliases)
* [#190] Resolve hostnames config option deprecated
* [#1065] Let manager themes have their own welcome.html page
* [#216] Optimization of core methods (getParentIds & getChildIds)
* [#819] Improvement in config.inc.php file (new installs only) so proper MODX_SITE_URL constant is set in API Mode
* [#2867] Improvements to installer with respect to handling of Demo Site option and related elements
* [#2867] Laid foundation for "installsets" or preset groups of installer elements
* [#2963] New icons in manager resource tree (to reflect site start, error page, site unavailable and unauthorized system settings)
* [#594] Tweaked Quick Manager window open style
* [#487] Links updated in demo site content
* [#3075] Apply monospace font to manager textarea fields
* [#999] Enhance ordering logic when displaying lists of TVs
* [#2953] Fix QuickManager+ Google Chrome font problem (text-shadow)
* [#3063][#3064][#3065] Replace calls to deprecated db-related parser methods with calls to db class methods
* [#2961] Wayfinder improvement - allow use of [+wf.alias+]
* [#3061] Allow @ and . characters in remembered login name
* [#3062] Corrections to ActionList item names (given that Documents are now Resources and Resources are now Elements)
* [#3115] Automatically regenerate siteCache if it not found
* [#835] @INHERIT improved to work with @FILE, and to allow additional data after the @INHERIT
* [#3092] Remove db user and pw from hidden form fields in installer
* [#194] Improve and fix bugs in markup on Edit Resource screen
* [*3168] remove debugging output from DocManager when updating TVs
* [#546] Improve DocManager usability by adding checkboxes to TVs and removing "ignore list", which was hard to use
* [#3361] Allow custom TemplateVariables and output widgets
* [#3362] Updated distributed jQuery library to 1.4.4 and updated AjaxSearch, QuickManager+ and ManagerManager to use it
* [#2627] New event allows plugin to inject custom markup into manager's header (header.inc.php)
* [#3385] Wayfinder optimization when hideSubMenus is enabled
* [#3386] Breadcrumbs optimizations
* [#3543] Personalize updated to 2.1[/code.]
]]> smashingred Jan 19, 2011, 04:50 PM https://forums.modx.com/thread/237/modx-evolution-1-0-5-tightens-security-and-lots-of-little-improvements#dis-post-1626