MODX 2.5.2 Security Patch

From Sterc with love. For the community. Let's keep the web safe!

MODX 2.5.2 was released to fix several security issues. Unfortunately, some sites can't be fully updated to MODX Revolution 2.5.2. Therefore, we made patches available from MODX 2.3.3 and up to secure all the websites we maintain.

Now it is time to share these patches to make your life easier and keep our MODX ecosystem secure!

Patching is easy

Patching your website is fairly easy. If you follow the steps below, everything should turn out just fine. We can't take any blame if anything goes wrong though, so use this at your own risk.

Step 1
Download the (right-click and download) file. Within this zip-archive you will find the following folders:

  • modx-patch-2.3.3-2.5.2
  • modx-patch-2.3.5-2.5.2
  • modx-patch-2.3.6-2.5.2
  • modx-patch-2.4.0-2.5.2
  • modx-patch-2.4.2-2.5.2
  • modx-patch-2.4.3-2.5.2
  • modx-patch-2.4.4-2.5.2
  • modx-patch-2.5.0-2.5.2
  • modx-patch-2.5.1-2.5.2

The numbers in there represent your MODX version.

Step 2
Check it within your System Settings. Filter on "settings_version" and you find the MODX version and know which patch-folder you need.

Step 3
Is your FTP client able to merge folders and overwrite files? If not, try Panic's Transmit. It is free (trial) and able to merge folders and overwrite files and it was very timesaving for us when performing the emergency-patches.

Step 4
After downloading Transmit, just upload the folder and merge folders and overwrite files. Be sure that your folder-structure is the same. Otherwise you might have to do some manual uploading.

Step 5
Delete the security-folder within the connectors-folder if it is still there. It is no longer needed and deleting is required to keep it safe.

Step 6
Check your manager users table/page if there are any unknown users in there. If so: delete them.

Step 7
As a last step, to keep your install clean and clear for others: change the System Setting mentioned above (settings_version) to {current_version}-patched. Where {current_version} is the old value of that setting.

Step 8
Notify your colleagues and/or clients with the good news and have a great day!

A special thanks goes to our Lead developer Johan van der Molen for assembling this patch.


Contact Gauke Pieter Sietzema

Gauke Pieter Sietzema

Hey there!

Are you an agency and in need of MODX advice or help? 

Meet Gauke Pieter Sietzema, CTO of Sterc and Chairman of the MODX Advisory Board, but foremost he's a MODX user & developer.

Need advise or help with anything MODX related? Gauke is your man! Contact him by e-mail.

You can also find him on TwitterGithub and the MODX Community Slack.



Mail Gauke Pieter