MODX

VERY IMPORTANT!If you have added the FileDownload snippet to a MODx site, please remove this snippet from your sites immediately.  There is a known vulnerability in this component that can expose critical database credentials by allowing exploiters ... [More] to download your config.inc.php file or any number of other critical files directly from your server.  A new version of the component will be available shortly that resolves this issue, but in the meantime, it is absolutely critical that you disable this snippet.Also, if you have a site with this snippet currently enabled, it is highly recommended that you change your database username/password after disabling the snippet as soon as possible.  It is possible that some sites have already been silently exploited and critical security information collected.Please note: FileDownload is not part of the core MODx distribution, so this only affects users who have downloaded and installed the FileDownload snippet.More information as soon ... [Less]

Please update your site to 0.9.2.2 for a proper fix to this issue as noted in the subsequent security notice.

IMPORTANT NOTEIf you are using Wayfinder with MODx 0.9.2.1 and you are upgrading or patching to 0.9.2.2, Wayfinder 1.0 WILL BREAK YOUR SITE following the upgrade!  You can fix this until a new release of Wayfinder is available that addresses the ... [More] problem by replacing line 77 of the Wayfinder 1.0 snippet:Code:        if (substr($this->modxVersion['code_name'],-4) >= 1392) {with these two lines:Code:        $revision= substr($this->modxVersion['code_name'],-4);        if ($revision >= 1392 && $revision != 1923) {If you make this change to Wayfinder before upgrading or applying the patch, everything should go smoothly. [Less]

0.9.2.2 is an important release which contains some measures to prevent possible XSS exploits that have been back-ported from the pending 095 release. This should be considered a mandatory and immediate upgrade. Existing installs can use the patch ... [More] distribution if you're running 0.9.2.1. Earlier installs should use the full upgrade as outlined on the download page.Download 0.9.2.2 [Less]

Please subscribe to MODx Security notices via one or both of the following two methods (powered by Feeburner):RSS: feed://feeds.feedburner.com/modxsecurityEmail: Subscribe to MODx Security Notices by Email

Please subscribe to MODx Security notices via one or both of the following two methods (powered by Feeburner):RSS: http://feeds.feedburner.com/modxsecurityEmail: Subscribe to MODx Security Notices by Email

Please subscribe to MODx Security notices via one or both of the following two methods (powered by Feeburner):RSS: http://feeds.feedburner.com/modxsecurityEmail: Subscribe to MODx Security Notices by Email

Please subscribe to MODx Security notices via one or both of the following two methods (powered by Feeburner):RSS: http://feeds.feedburner.com/modxsecurityEmail: Subscribe to MODx Security Notices by Email

0.9.2.2 is an important release which contains some measures to prevent possible XSS exploits that have been back-ported from the pending 095 release. This should be considered a mandatory and immediate upgrade. Existing installs can use the patch ... [More] distribution if you're running 0.9.2.1. Earlier installs should use the full upgrade as outlined on the download page.Download 0.9.2.2 [Less]

0.9.2.2 is an important release which contains some measures to prevent possible XSS exploits that have been back-ported from the pending 095 release. This should be considered a mandatory and immediate upgrade. Existing installs can use the patch ... [More] distribution if you're running 0.9.2.1. Earlier installs should use the full upgrade as outlined on the download page.Download 0.9.2.2 [Less]