MODX contributors and the integration team are proud to announce MODX Revolution 2.8.3. MODX Revolution 2.8.3 adds additional compatibility for PHP 8 and fixes a number of bugs and security issues.
Note: Sites that use rich text editors such as TinyMCE RTE, TinyMCE Wrapper, and similar will have issues with 2.8.2 related to the media browser. 2.8.3 provides resolution for these issues.
You can get a full list of changes by reviewing the changelog, but below are some of the significant revisions in this release.
- XSS issues reported by Solar Security (#15720)
- Adjust filtering of placeholders and accessible options for
- Pass auth token to Browser controller config (#15692)
- Update to PHPMailer 6.4.1 (#15693)
- Patch MagpieRSS for basic use in PHP 8 (#15721)
- Avoid setting headers for modStaticResource when returning content (#15715)
- Fix incorrect id format (#15709)
- Fix filesize() calculation for static resources (#15697)
- Return content from non-binary static resources (#15702)
- Fix PHP 8 compatibility with phpThumb (#15706)
- Fix PHP 8 warnings in modPhpThumb (#15705)
- Fix PHPMailer version display (#15704)
- PHP 8 compatibility (#15699)
Staying up-to-date with new releases is a good habit to keep your MODX-powered websites secure. The security issues addressed in this release are limited to users that have a valid login to access the MODX Manager. A couple of the issues allowed changes or access beyond limited Manager users’ permissions. As such we recommend you upgrade as soon as possible.
Some of the security improvements in 2.8.3 will affect certain site configurations. Read about these changes and how to make any appropriate adjustments when upgrading to 2.8.3.
The release would not be possible without the attention and effort of our community contributors including wfoojjaec, Jason Coward, Mark Hamstra, MODX Bot, Murray Wood, Ivan Bochkarev Ivan and many more.