Hosting MODx

2.8.3-pl
 (release di sicurezza)
28 Maggio - 60MBNOTICE

The MODX 2.8.2 and 2.8.3 releases contain several security improvements, which may have an adverse effect on existing sites. Read https://docs.modx.com/current/en/getting-started/maintenance/upgrading/2.8.2 for full details.



Security

XSS issues reported by Solar Security

Adjust filtering of placeholders and accessible options for @SELECT

Pass auth token to Browser controller config

Update to PHPMailer 6.4.1



Other Changes

Patch MagpieRSS for basic use in PHP 8

Avoid setting headers for modStaticResource when returning content

Fix incorrect id format

Fix filesize() calculation for static resources

Return content from non-binary static resources

Fix PHP 8 compatibility with phpThumb

Fix PHP 8 warnings in modPhpThumb

Fix PHPMailer version display

PHP 8 compatibility

Per saperne di più: https://modx.com/blog/modx-revolution-2.8.3






2.8.2-pl
 (release di sicurezza)
30 Aprile - 60MBSecurity

Prevent access to sensitive user data [#15678]

Add permissions to enforce access to specific resource types [#15655]

Flatten nested lexicon parameters by dot notation [#15490]

Restrict static resources to predefined path [#15656]

Prevent XSSI access to MODx.config by requiring auth token [#15644]



Other Changes

PHP 8 Compatibility [#15335]

Fix Plugin and Template name validation [#15349]

Support SameSite attribute in session cookies [#15666]

Fix bug with special chars in directory or file names [#15505]

Update PHPMailer to 6.4.0 [#15618]

Update xPDO to version 2.8.3-pl

Update Smarty to 3.1.39 [#15566]

Per saperne di più: https://modx.com/blog/modx-revolution-2.8.2






2.8.1-pl
 (release di sicurezza)
31 Ottobre 2020 - 60MBSecurity

Fix XSS in resource group name at TV > Access Permissions

Fix XSS in resource list TV



Changes

Fix alias_visible/syncsite checkboxes when switching templates

Allow directories with name "0"

Fix login button margins on mobile

Hide Update User Group button on Users tab when editing User Group

Only log session info if session is initialized

Avoid returning resource_groups on resource save

Fix JS TypeError if image/file TV fails validation

Add upload_check_exists system setting

Fix fatal error in url TV input type

Fix fatal error in System Info

Per saperne di più: https://modx.com/blog/modx-revolution-2.8.1






2.8.0-pl
 (versione principale)
16 Ottobre 2020 - 60MBMODX 2.8.0 features several bug fixes, enhances in-Manager security and updates some functional libraries used in MODX Revolution.



Security

Prevent limited manager users from interacting with files in any media source

Fix assorted stored XSS issues in the manager

Fix XSS in file upload and file tree

Prevent potential XXE vulnerability in modRestService

Prevent XSS on a Template name in TV Template access grid

Prevent XSS on a Template's name

Prevent path traversal when sending a registry message



Highlights

Fix the display of the pagination toolbar

Check if a file exists during the upload pocess

Fix the incorrect path setting when uploading files

Create a dedicated method to get resource preview URL

Fixes a bug when emptying Resource trash

Fixes URL parameters in config.js processor

Set error message by field name instead of id

Add "Allow Blank" setting to URL, RichText, Image and File Template Variables

Add numberfield as Field Type option for System Settings

Add responsive styles for the login screen

Fixes a Fatal Error when upgrading from MODX Revolution 2.5.x or earlier

Improve the error handling and showing invalid fields when creating/editing resources or elements

Add "Update User Group" button to Access Control Lists > User Groups & Users for easier navigation

Add the image format webp to the list of allowed Uploadable File Types and Uploadable Image Types

Fallback to 0 if the an ID is not defined

Prevent rewrite of .well-known directory used by LetsEncrypt

Allow custom values in Listbox (Multi-Select) TV

Update xPDO to 2.8.1

Update phpThumb 1.7.15

Update PHPMailer to 5.2.28

Update Smarty to 3.1.36

Per saperne di più: https://modx.com/blog/modx-revolution-2.8



visualizzare più versioni




2.7.3-pl

28 Febbraio 2020 - 60MBHighlights

Fix PHP 7.4 deprecation warnings from curly brace string offset access syntax

Make the media browser work on mobile

Limit the deprecated modAction warnings when installing or uninstalling extras

Fix a MySQL ANSI_QUOTES strict mode compatibility issue

Add missing AddToGroup events in modSecurityGroupUserCreateProcessor

Fix xPDOFileCache->delete() when a directory with same cache key exists

Per saperne di più: https://modx.com/blog/modx-revolution-2.7.3






2.7.2-pl

28 Settembre 2019 - 60MBHighlights

Update PHPMailer to 5.2.27 to address small but potential vulnerability

Upon setup completion the setup directory is locked

Updated phpThumb to a version that fixes images getting a black background color when converting an image with transparency to a format without alpha support

The default RSS feed URLs feed_modx_security and feed_modx_news now use HTTPS

Fix for thumbnails not rendering for media sources with spaces in URL’s

Restore PHP 5.3 compatibility



Bug Fixes

Allow safe html in system setting description

Fix incorrect password behavior and message

Resolve 0 integer values marked as undefined when required

Fix transparency in .png for Template Variables

Prevent users without edit_locked permission from editing locked elements

Lock setup after it is successfully executed

Allow an empty caption when duplicating a Template Variable

Escape instances of new MySQL reserved word rank

Check if modx-content is defined before calling doLayout

Add additional .sub class in menu for nested li

Update PHPMailer to 5.2.27 to address potential vulnerability

Check for default URL scheme value as string

Fix notices regarding IMG_WEBP constants not being defined for PHP version where support for WEBP isn't advertised

Fix an issue where an resource would not be published when the pub_date is equal to "now"

Added default styles for scroll in webkit based browsers

The menu entry "Manager Actions" has been renamed to "Manager log"

Updated phpThumb to a version that fixes images getting a black background color when converting an image with transparency to a format without alpha support.

Check extracted files for allowed extensions by option

Improved security in contexts in the manager

Fix using wrong option for upload_images

Fix for thumbnails not rendering for media sources with spaces in URL's

The default RSS feed URLs `feed_modx_security` and `feed_modx_news` now use HTTPS

The value for the preview tooltip in the trash manager is now properly encoded

Change icon to proper one for descending sort order

Don't execute the upgrade script for the last installed version again

Fix friendly_alias_realtime system setting not working as expected

Fix deprecated create_function() calls in modProcessor and modConnectorResponse

Fix deprecated each() in the lang.js.php connector

Restore PHP 5.3 compatibility

Per saperne di più: https://modx.com/blog/modx-revolution-2.7.2






2.7.1-pl

16 Maggio 2019 - 60MBHighlights

If a validation error occurs when saving an element, it now switches to the tab relevant to the issue.

Introduced an option to prevent removal of static files if automated static files are turned off.

The display of information about missing dependencies when you install a package/extra is improved.

A number of XSS (cross-site scripting) issues that require authenticated manager sessions were addressed in the manager.



Bug Fixes

Fix ctl/cmd+click behavior to open URL in new window/tab

Show all resources to purge in the trash manager and change tree options for deleted resources

Handle deprecated warnings for sendRedirect in modX class instead of modResponse

Updated phpThumb to version 1.7.15-201902101903 which has basic support for WebP

Fixed CVE-2018-17556

Fixes bunch of various XSS issues in the manager

Fix issue with resource list preventing parents from working correctly

Fixed issues with tab width and very long strings in the vertical tabs

Refactored tag input renderer to fix rendering with empty options list

Fix duplicating static templates, snippets etc. with an empty category

Don't include the resource ID in real time aliases

Move resource_uri and resource_uri_overide to page-settings-right-box-left region

Fix position slide-in/slide-out button of Resource tree

Fix context menu position on user page "Access Permissions" tab

Fixed bug with unexpected incremented TV ranks in Form Customization

Improve description of the system setting user_settings_desc to clarify meaning

Improved display of information about (missing) dependencies when you install a package/extra

Fix an issue where old static files where removed even if the automate static files system setting was turned off for that element type

Nested categories display their name instead of their id

Fixed case when empty date TVs can be saved even if "allow blank" is set to false

Fix empty Constraint column in Form Customization if constraint value is zero

Don't remove the trailing slash when redirecting to the manager after logging in

Added explanatory text with MODX tag to the description of the System Settings, Context Settings and Lexicon Management sections

Bugfix for transport resolution, if the package is not found on the current provider

When deleting an element in the tree, the confirmation window will show the translated element type name

Fix edit empty files from tree

Enhanced the error message of a wrong MODX_CORE_PATH

Fix checkDownloadedDependencies query to make package dependencies work properly

Don't remove static files if automated static files are turned off

Image template variable values escape/encode JavaScript tags only

Switch to the tab where the validation error occurs when saving an element

Make working Preview menu option in the recent edited resources widget

Apply Form Customization rules for TV's when a wildcard action is used

Add a Unit Test for testing the build process

Don't force the manager date time format for the date of birth field

Prevent symlinks and weblink to target itself

Checkbox Use current alias in alias path in the Form Customization sets

Use the right table name when fetching the MODX package providers

Fixed position of context menu in the media browser

Fix "undefined" text in Trash manager button tooltip.

Fix a broken top-menu

Fix the missing description for the system setting "Automatic Template Assignment"

Update config.js.php processor to be class based

Make the flat file processor deprecated message more useful

Fix missing styles on resource data heading

Remove unnecessary h2 on resource update heading

Use proper element icons in elements tree

Fix incorrect margin on the uberbar submit button

Fix error message overflowing on TVs

Per saperne di più: https://modx.com/blog/modx-revolution-2.7.1






2.7.0-pl
 (versione principale)
9 Dicembre 2018 - 60MBThis is a new major release of MODx.



Highlights

Add recursive method to replace reserved characters

Update phpThumb to 1.7.15-201810050741

Fixed error log line wrapping problem

Fixed call to a member function deprecated() of null

Deprecate 0.9.x parser migration utilities for removal in 3.0

Add some deprecated logging

Validate the ID target for symlinks and weblinks

Add native PHP password hashing

Enable automatic static elements workflow

Fix and normalize combo-boolean tv option values

Allow a middle mouse click to open links in a new tab/window

Fixing getlist processors for combos that have a page size

Improved messages on plugin editor page

Add "OnBeforeRegisterClientScripts" event

Trash manager

Implemented quick create buttons on tree nodes for documents

Copy file/folder path to clipboard

Add method for logging deprecated method usage

Fixing user combo with preselected user ids

Restore the setup options window title, if two packages are installed with setup options

On PHP 5.4+, clone the modSystemEvent object so values can be transmitted between plugins

Make path for custom MODX error handler class configurable

Resolve issue with package update window when clicked multiple times

Update Smarty to 3.1.33

Fixed the name of system setting about allowing or not eval in TV

Hide Input Option Values for TV types where irrelevant

Improve display of double-height dashboard widget

Fix for the password length error message during setup

Apply containerOptions correctly when creating database during installation

Use max_input_nesting_level for max depth argument in modX::sanitize

Pass missing signature to lexicon when package uninstall fails

Prevent double-click resulting in blank page from media browser

Clear system/phpthumb connector properties to prevent unnecessary warnings

Constrain MODx.Window to browser's viewable area by default

Delete files in media browser with '&' in the file name

Prevent invalid relative media source path from revealing root path contents

Prevent an infinite loop in sendErrorPage()

Got rid of bower from theme build process

Set the min-height of a x-combo-list-item when it is empty (no text)

Fixed manager header height on resize

Improved performance and requests timing by changing the counting of children via subqueries

Improved the isBinary checks in modFileHandler class

Fixing images escaping their container in media browser

New RewriteRule to hide dot directories from the public access.

New system setting with default media source type value

Fixed handling $depth variable during recursive calls in getTree method

Prevent header overriding in included template of error unavailable

Add ability to see all elements under tree nodes for Categories

Correct display of policy permissions in access control grids

Make the resource class a little closer to SOLID principles

Smart detecting of used plugins for expanding rows in grids

Login forgotten password improvements

Enhancement for dashboard jumping around on page load

Set the caption for node elements inside categories

Make policies in grid sortable by enabled/disabled mark

Remove non-functional cache_disabled system setting

Reduce log level to WARN when calling non-cacheable tags inside cacheable ones

Remove cache_system_settings from system settings

Prevent directory traversal and limit files deleted when clearing modFileRegister

Filtering user parameters before passing them into phpthumb class

Update phpThumb to 1.7.15-201806071234

Require minimal PHP version (in composer.json)

Prefer ampersand replacement of the the translit class

Add iconv_ascii transliteration

Add set_sudo permission

Log setlocale errors

Various improvements regarding password generation and validation

Make error.log location customizable

Add system setting for partial resource cache clearing feature

Prevent line-wrap in error log

Add template icon for resources in search results in the uberbar

Remove duplicate code of password generator and fix an issue with the empty value of password_generated_length setting

Add ID number to manager pages (resources and elements)

Add option to supply waitMsg on submit in MODX windows

Show validation errors when setting a new user password

Add CLI install script for use with composer create-project

Allow extension packages to have an empty table_prefix

Add wildcard support to form customization actions

Make HTTPS server check accept any non-empty value

Add ability to search by id on all objects in manager search

Add automatic_template_assignment feature

Media Browser optimizations

Add "Purge Old Versions" button to the package version listing to clean up old versions

New resource option "Use current alias in alias path" to allow hiding resources from the URI

Make $modx->setDebug support E_LEVEL constants (e.g. E_NOTICE/E_ERROR) and fix setting debug to 1 not working

Use stricter check for string type in resource tree to avoid uncaught error in edge cases

Allow plugins OnDocFormRender to set templates with $resource->set('template', 3)

Add "filterPathSegment" output filter to turn a string into url-safe string

Make sure requests to containers without the container suffix are redirected to the right url with container suffix

Ignore spaces in allowedExtensions properties and relevant system settings to ensure the right file types show up

Add list of recent manager log entries to the Resource Overview page

Prevent notices for undefined Smarty placeholders

Remove some unused images

Fix incorrect hex colors in TV input options description

Change modResource.description column to text

Fix modDbRegister->clear and use fully qualified name

Per saperne di più: https://raw.githubusercontent.com/modxcms/revolution/v2.7.0-pl/core/docs/changelog.txt