MODX Revolution 2.5.7-pl

MODX 2.5.7-pl was released 5 years ago on 2017-04-20.

Downloads Changelog


  • Try all available methods when attempting to download transport packages [#13419]
  • Prevent stored XSS in UserGroup names and various other fields [#13418]
  • Prevent user/email enumeration in forgot password feature [#13408]
  • Prevent XSS cache poisoning via Host header [#13426]
  • Proper use of json_encode and error handling for outputArray() in processors [#13389]
  • Prevent reflected XSS in setup [#13424]
  • Fix local file inclusion vulnerability in setup action parameter [#13422]
  • Fix various local file inclusion preventions to also protect on windows [#13428]
  • Remove htaccess from allowed file types on new installations [#13423]
  • Prevent stored XSS in resource pagetitle [#13415]
  • Make search bar work as expected on Chrome & Firefox [#13405]