MODx 2.8.0-pl
16 October 2020
MODx version 2.8.0-pl is now available (major release).
Upgrading to MODx 2.8.0-pl
MODx 2.8.0-pl can be upgraded to (or installed) using any of Installatron's products. Use Installatron's optional Automatic Update feature to automatically apply MODx updates as new versions are released, or use Installatron's Clone feature to duplicate an existing MODx install to test the 2.8.0-pl upgrade prior to applying it live. Get started managing your MODx installations with Installatron
What's New in MODx 2.8.0-pl
MODX 2.8.0 features several bug fixes, enhances in-Manager security and updates some functional libraries used in MODX Revolution.
Security
- Prevent limited manager users from interacting with files in any media source
- Fix assorted stored XSS issues in the manager
- Fix XSS in file upload and file tree
- Prevent potential XXE vulnerability in modRestService
- Prevent XSS on a Template name in TV Template access grid
- Prevent XSS on a Template's name
- Prevent path traversal when sending a registry message
Highlights
- Fix the display of the pagination toolbar
- Check if a file exists during the upload pocess
- Fix the incorrect path setting when uploading files
- Create a dedicated method to get resource preview URL
- Fixes a bug when emptying Resource trash
- Fixes URL parameters in config.js processor
- Set error message by field name instead of id
- Add "Allow Blank" setting to URL, RichText, Image and File Template Variables
- Add numberfield as Field Type option for System Settings
- Add responsive styles for the login screen
- Fixes a Fatal Error when upgrading from MODX Revolution 2.5.x or earlier
- Improve the error handling and showing invalid fields when creating/editing resources or elements
- Add "Update User Group" button to Access Control Lists > User Groups & Users for easier navigation
- Add the image format webp to the list of allowed Uploadable File Types and Uploadable Image Types
- Fallback to 0 if the an ID is not defined
- Prevent rewrite of .well-known directory used by LetsEncrypt
- Allow custom values in Listbox (Multi-Select) TV
- Update xPDO to 2.8.1
- Update phpThumb 1.7.15
- Update PHPMailer to 5.2.28
- Update Smarty to 3.1.36