MODX Evolution 1.0.6 (and prior) Security Issue

Earlier this week it was exposed that there was a critical security vulnerability with MODX Evolution, versions 1.0.6 and below, that could allow unauthorized access to the MODX Manager. Details about this issue can be found on the MODX forums. MODX has released an update for this in version 1.0.7 as well as offered other options to mitigate this issue, as mentioned on the blog. To help ensure the security of your site, it is important that one of the 3 items be completed, with our recommended approach being to upgrade to 1.0.7 as we always recommend keeping the install up to date.

What version is my website running?

Many of the websites we build for our clients are built on MODX, but there are are 2 versions of MODX. The newest codebase is MODX Revolution and their older, more mature codebase is MODX Evolution. Knowing which version you have is important when looking at version numbers to ensure you are determining if you have the most recent version.

Since MODX Revolution is its newest codebase, upgrades are made more often, mainly to enhance features and fix bugs. The most recent MODX Revolution version is 2.2.5.

Evolution, the older, more mature codebase goes through changes less frequently. However, these updates are usually security related as in the recent release of Evolution 1.0.7 that fixed the critical security issue mentioned above.

Your current version can be found once logged into the manager along the top, in the right-hand corner for Evolution and left-hand corner for Revolution. Please reference our blog post on How to find out what version of MODX you have for more help.

Wait, what is MODX?

MODX is the content management system your website is likely built on. If you want to learn more, we happen to have a posting about our cms of choice: MODX.

What does this mean for my website?

We have clients on both Evolution and Revolution and encourage keeping their websites up-to-date. Upgrades like these happen all the time in the open-source community and we like to stay right on top of it, helping your website be as secure and functional as possible. If you have any questions please do not hesitate to contact our office!

We offer updates to clients who are not under a maintenance agreement for a flat rate. Our updating involves a full backup of the database and files and thorough checking to make sure the upgrades were installed properly. If major issues do occur during the upgrade, we can roll back to how it was before we started or fully work through the issues after discussing costs and options with you. To schedule the upgrade, please contact us at support@threeeyedbird.com and the team will get you started!

Clients under maintenance agreements will be scheduled for the upgrade soon after testing with your website if it hasn't been done already. You should receive email notifications of this. If you do not, please contact us at support@threeeyedbird.com to schedule the upgrade.