modx Japan フォーラム

modx Japan フォーラム http://modxcms-jp.com/ modx日本語フォーラム＆日本公式サイトフォーラムの最新記事フィード ja 2012-01-19T00:52:27+09:00 MODx Japanese Team hourly 1 2012-01-19T00:52:27+09:00 <![CDATA[WebMatrix版 1.0.5J-r10-p1リリースしました。]]> http://modx.jp/news/800.html 2012-01-19T00:52:27+09:00 MODX JAPAN <![CDATA[2011年振り返り]]> http://modx.jp/news/796.html 2011-12-31T19:55:37+09:00 MODX JAPAN <![CDATA[MODX Revolution 2.2 RC3 をリリースしました]]> http://modx.jp/news/794.html 2011-12-24T15:00:00+09:00 MODX JAPAN <![CDATA[MODX Evolution 1.0.5J-r10をリリースしました]]> http://modx.jp/news/793.html 2011-12-22T22:22:22+09:00 MODX JAPAN <![CDATA[MODX Revolution 2.2 RC2 をリリースしました]]> http://modx.jp/news/792.html 2011-12-17T19:20:00+09:00 MODX JAPAN <![CDATA[MODX Evolution日本語版 Microsoft WebMatrixに対応・配信開始。]]> http://modx.jp/news/790.html 2011-12-09T18:41:35+09:00 MODX JAPAN <![CDATA[MODX Evolution 1.0.5J-r9をリリースしました]]> http://modx.jp/news/787.html 2011-12-05T23:45:00+09:00 MODX JAPAN <![CDATA[CMSカンファレンス with WeeklyCMS on Microsoft参加します。]]> http://modx.jp/news/788.html 2011-12-05T23:37:46+09:00 MODX JAPAN <![CDATA[MODX勉強会「麦乃大学」開催します]]> http://modx.jp/news/784.html 2011-11-22T01:15:13+09:00 MODX JAPAN <![CDATA[オープンソースカンファレンス 2011 Tokyo/Fall開催中]]> http://modx.jp/news/781.html 2011-11-19T15:23:37+09:00 MODX JAPAN <![CDATA[Re: Community Forum Transition to New Discuss Forum [Scheduled Downtime]]]> http://modxcms.com/forums/index.php/topic,67900.msg381421.html#msg381421
We'll also post any updates on the maintenance page as we go.]]> Important News 2011-08-20T07:05:09+09:00 <![CDATA[Community Forum Transition to New Discuss Forum [Scheduled Downtime]]]> http://modxcms.com/forums/index.php/topic,67900.msg381177.html#msg381177
Should we encounter any issues or major bugs that prevent the migration, we will attempt to do the migration/transition in 2 weeks on Saturday, September 3rd, 2011. We will post any change to this plan here.

Thanks to those of you who helped and are helping test the new forums. We sincerely appreciate your valuable time and feedback.

The MODX Team]]> Important News 2011-08-18T23:32:03+09:00 <![CDATA[MODX Revolution 2.1.3 Out Now - Resolves Tag Parsing Issue]]> http://modxcms.com/forums/index.php/topic,66947.msg376951.html#msg376951 Revolution 2.1.3 Resolves Tag Parsing Issue

An astute MODX user reported an issue occurring with nested tags being parsed incorrectly which led us to release Revolution 2.1.3. Some of the other more minor bug fixes include: Resource tree sorting, double-slash in the file path from drag-and-drop and includeParent input option in Resource List TV.

For more information about the MODX Revolution 2.1 release, please review the original Announcement.

Download Revolution 2.1.3
Read the Revolution 2.1.3 Documentation
Read the Installation Guide
Upgrade Guide
Check the Installation Requirements

We're always improvi...]]> Important News 2011-07-23T05:07:40+09:00 <![CDATA[Revolution 2.1.2 Out Now - Lots of Little Fixes and MS SQL Server Improvements]]> http://modxcms.com/forums/index.php/topic,66364.msg374161.html#msg374161 Revolution 2.1.2 Updated and Optimized

In this update several interface and performance issues have been resolved. Since the release of MODX Revolution 2.1.1 we have been making refinements and improving Revolution based on your feedback and issues we found. You may notice several usability improvements to the Manager and better performance on Microsoft SQL Server installs.

Here are some highlights of the changes to MODX Revolution 2.1.2:

Corrected caching issues with non-cacheable MODX tags in Resources
File browser to thumbnail path issue resolved
Corrected scrolling issues with custom manager pages not using ExtJS
Optimizations and improvements added for MODX on Microsoft SQL Server
Usability improvements in manager interface

For more information about the MODX Revolution 2.1 release, please review the original Announcement.

Download [url=http://modx.com/...]]> Important News 2011-07-07T04:39:12+09:00 <![CDATA[Revolution 2.1.1 Out Now: Fix to Package Management, Hardening and More]]> http://modxcms.com/forums/index.php/topic,65151.msg368235.html#msg368235 Revolution 2.1.1 Fixes Package Management Issue, Enhances Security and Much More

A week ago we released the highly anticipated MODX Revolution 2.1 which added Microsoft SQL Server support, huge performance and caching improvements, the elimination of thousands of lines of long-deprecated code and so much more. It has been our most successful release to date in terms of download statistics. There were more than 5500 downloads in just one week—more than 785 a day! With so many downloads and people using this new version of Revo, it was inevitable and expected we would find a few issues needing to be solved. Thanks to all those who downloaded, deployed and especially to those of you who reported issues and filed feature requests.

Here are the highlights of the changes in Revolution 2.1.1:

Corrected an issue with Package Management relating to updates of Extras
Hardened manager security against CSRF attacks in unlikely case an attacker had previous Administrator credentials.

]]> Important News 2011-06-02T06:03:18+09:00 <![CDATA[Revolution 2.1-pl Out Now]]> http://modxcms.com/forums/index.php/topic,64823.msg366624.html#msg366624 Revolution 2.1 Adds Support for Microsoft SQL Server, Huge Performance Improvements, Long-deprecated Code Eliminated

MODX Revolution 2.1 is a huge milestone for MODX. It adds Microsoft SQL Server support, huge performance and caching improvements, the elimination of thousands of lines of long-deprecated code and so much more. We are incredibly excited about this release and want to thank all the community members that have tested and reported issues in the lead up to this day.

What's New In 2.1:

Full Microsoft SQL Server support is new in 2.1. This is pretty cool and we're very excited about offering developers the choice of running MODX Revolution on a full MS stack.
The MODX caching system has been restructured to vastly improve caching times and performance. It now properly implements file locking, partitioning and multiple format support. We've seen cache file sizes drop to nearly 30% (or greater) of their previous size and page load time significantly decrease. The co...

]]> Important News 2011-05-25T04:16:07+09:00 <![CDATA[Out Now! Revolution 2.1 RC4: Final Testing before Public Release]]> http://modxcms.com/forums/index.php/topic,64086.msg362540.html#msg362540 Revolution 2.1 Release Candidate 4: Final Testing before Public Release

As you may already know, MODX Revolution 2.1 is a huge milestone in the development and future of MODX. From Microsoft SQL Server support to caching improvements to the elimination of thousands of lines of deprecated code, Release Candidate 4 (RC-4) fixes a number of additional issues and bugs identified by community members in the previous Release Candidate.

We still need help from the community to ensure MODX Revolution is ready for its official public release. Testing, translations, documentation and updating Add-ons will all be part of this Release Candidate period which closes May 9th, 2011. We encourage you to test and use this release and welcome reports of issues to make sure that 2.1.0-pl will be a near-flawless release.

Test and Prepare
This is a Release Candidate and therefore should not be considered safe for deployment on production servers without thorough testing in a development or test environment....]]> Important News 2011-05-03T21:35:42+09:00 <![CDATA[Re: MODx Forum Guidelines]]> http://modxcms.com/forums/index.php/topic,1030.msg359270.html#msg359270 Important News 2011-04-14T22:07:26+09:00 <![CDATA[Re: Revolution 2.1 RC3 Lightens Further and Gets Lots of Little Fixes]]> http://modxcms.com/forums/index.php/topic,63339.msg358752.html#msg358752 http://bugs.modx.com/projects/revo/issues/new

Thanks.]]> Important News 2011-04-12T06:41:17+09:00 <![CDATA[Re: Revolution 2.1 RC2 Lightens Further and Gets Lots of Little Fixes]]> http://modxcms.com/forums/index.php/topic,63339.msg358713.html#msg358713
For those who have already downloaded rc2, the patch for the bug can be found here: https://github.com/modxcms/revolution/commit/47bdab9230afe12f5261e69765972e70c2d2e9f6]]> Important News 2011-04-12T03:11:31+09:00 <![CDATA[MODx Evo 1.0.4 (and prior) SQL Injection and Directory Traversal Vulnerabities]]> http://modxcms.com/forums/index.php/topic,60451.msg343741.html#msg343741 Status: Solved
Product: MODx Evolution
Severity: High
Versions: 1.0.4 and prior
Advisory Date: 2011-01-26
Fixed Date: 2011-01-19
Impact:
a) A remote attacker may access or view arbitrary files on the server.
b) A remote attacker may execute arbitrary PHP code as a result of SQL injection.

Description
JPCERT/CC has issued the following advisories:
a) http://jvn.jp/en/jp/JVN95385972/index.html
b) http://jvn.jp/en/jp/JVN54092716/index.html

Solution
Upgrade to MODx Revolution 1.0.5 available here: http://modxcms.com/download.html#ga
Read the Release Announcement for Evolution 1.0.5.
]]> Security Notices 2011-01-29T05:13:31+09:00 <![CDATA[Critical PHP Bug Security Notice and Patch]]> http://modxcms.com/forums/index.php/topic,59421.msg338158.html#msg338158
More information can be found here:

This bug can affect MODx installations. MODx Revolution has been patched in GitHub for this. It is highly recommended that all MODx Revolution users patch their MODx installations with the fix made in this commit: https://github.com/modxcms/revolution/commit/3d8175c010374a3662fb86492fe7e808df0bae66 (do not copy the entire modx.class.php file, just the affected lines)

To patch for Revolution, simply paste the following lines into the file "core/model/modx/modx.class.php" after line 30 (after the comments):
[code]if (strstr(str_replace('.','',serialize($_REQUEST)), '22250738585072011')) {
header('Status: 422 Unprocessable Entity'); die();
}[/code...]]> Security Notices 2011-01-07T00:43:30+09:00 <![CDATA[Critical Security Upgrade Notice for FormIt, Quip and Login]]> http://modxcms.com/forums/index.php/topic,58313.msg332802.html#msg332802 FormIt, Quip and Login that could be used to expose system settings including database information.

This has been been corrected and new versions have been posted. Upgrading of FormIt, Login and Quip to the latest versions via Package Manager should be considered critical.

This only affects MODX Revolution installations that have installed the Extras FormIt, Quip and Login.

]]> Security Notices 2010-12-09T23:17:16+09:00 <![CDATA[phpThumb Command-Injection Vulnerability]]> http://modxcms.com/forums/index.php/topic,55314.msg318284.html#msg318284

Quote from: http://www.juniper.net/security/auto/vulnerabilities/vuln39605.html

The application is prone to a command-injection vulnerability because it fails to adequately sanitize user-supplied input to the 'fltr[]' parameter in the 'phpThumb.php' script.

Attackers can exploit this issue to execute arbitrary commands in the context of the webserver.

Note that successful exploitation requires 'ImageMagick' to be installed.

phpThumb() 1.7.9 is affected; other versions may also be vulnerable.

If you are using phpThumb on any of your sites either as part of a plugin or standalone, you should use the following fix to secure your site:
http://modxcms.com/forums/index.php/topic,54874.msg316279.html#msg316279

Note: This vulnerability does not affect the phpThumb that is included in the MODx Revolution distribution.
]]> Security Notices 2010-10-06T01:01:07+09:00 <![CDATA[MODx Revolution 2.0.3 Addresses Pair of Vulnerabilities]]> http://modxcms.com/forums/index.php/topic,55105.msg317273.html#msg317273 reported security vulnerabilities with MODx Revolution 2.0.2-pl and possibly earlier releases:

Input passed via the "modhash" parameter to manager/index.php is not properly sanitized before being returned to the user and input passed via the "class_key" parameter to manager/controllers/default/resource/tvs.php is not properly verified before being used to include files.

We recommend that anyone running previous versions of MODx Revolution upgrade to 2.0.3.

Download MODx Revolution 2.0.3-pl: http://modxcms.com/download/#pl

Details of other improvements introduced in the 2.0.3 release can be found here: http://modxcms.com/forums/index.php/topic,55104.0.html]]> Security Notices 2010-10-01T03:47:17+09:00 <![CDATA[MODx Revolution Cross-Site Scripting and Local File Inclusion Vulnerabilities]]> http://modxcms.com/forums/index.php/topic,55062.msg317079.html#msg317079 Status: Solved (See: Notice on fix)
Product: MODx Revolution
Risk: Moderate
Versions: 2.0.x
Vunerability type: Cross-Site Scripting and Local File Inclusion Vulnerabilities
Report Date: 2010-09-29
Fixed Date: 2010-09-29

Description
Issue reported as Secunia Advisory SA41638.

Input passed via the "modahsh" parameter to manager/index.php is not properly sanitized before being returned to the user and input passed via the "class_key" parameter to manager/controllers/default/resource/tvs.php is not properly verified before being used to include files.

Affected Releases
MODx Revolution 2.0.2-pl however it is possible previous releases contain the vulnerability.

Solution
Upgrade to MODx Revolution 2.0.3 available here: http://modxcms.com/download.html#pl
Read the Release Announcement[/ur...]]> Security Notices 2010-09-30T04:50:16+09:00 <![CDATA[MODx Evolution SQL Injection Vulnerability]]> http://modxcms.com/forums/index.php/topic,50207.msg292386.html#msg292386 Product: MODx Evolution
Risk: Moderate
Versions: 1.0.3 and all previous releases
Vunerability type: SQL Injection
Report Date: 2010-May-28
Fixed Date: 2010-May-28

Description
Issue reported as HTB22412. Attacker could potentially compromise MODx Evolution via an unsanitized variable on the /manager/index.php.

No actual destructive exploit has yet been created or proven. The proof of concept offered on the htbridge.ch site, and variants, can only cause a SQL error to be displayed.

Affected Releases
All MODx 0.9.x/Evolution releases prior to and including MODx Evolution 1.0.3 are affected.

Solution
Upgrade to MODx Evolution 1.0.4 or later: http://modxcms.com/download.html#ga]]> Security Notices 2010-06-08T06:59:22+09:00 <![CDATA[Security updates in MODx Evolution 1.0.3. You really should upgrade.]]> http://modxcms.com/forums/index.php/topic,47759.msg280304.html#msg280304

XSS possibilities with the SearchHighlight plugin (used by AjaxSearch) as reported in JVN#19774883 and JVN#46669729
Unwanted information disclosure about the site structure in the TinyMCE plugin
SQL Injection via WebLogin

We strongly recommend that anyone running previous versions of MODx Evolution (including 0.9.x releases) consider Evolution 1.0.3 a mandatory upgrade.

Ddownload MODx Evolution 1.0.3: http://modxcms.com/download/

Details of other improvements introduced in the 1.0.3 release can be found here: http://modxcms.com/forums/index.php/topic,47756.0.html]]> Security Notices 2010-04-02T12:11:06+09:00 <![CDATA[MODx CMS Japan 日本公式フォーラム (Official Forums)]]> http://modxcms.com/forums/index.php/topic,38992.msg235150.html#msg235150 MODx CMS Japan 日本公式フォーラムがスタートします！
(MODx CMS Japan official forum starts in September 2009.)

日本公式フォーラムに関する事前アナウンス(Announce)
http://modxcms.com/forums/index.php/topic,38596.0.html

===== MODx CMS Japan Official Forum =====

トップページ(Top Page) http://modxcms-jp.com/bb/
RSSフィード(RSS Feed) http://modxcms-jp.com/bb/rss.php?mode=posts

===== Category / SubForum =====

コミュニティ(Community)　http://modxcms-jp.com/bb/viewforum.php?f=18

セキュリティ情報(Security)　http://modxcms-jp.com/bb/viewforum.php?f=33
お知らせ(Information)　http://modxcms-jp.com/bb/viewforum.php?f=19
雑談(Off-topic)　[url=http://modxcms...

]]> Japanese 2009-08-20T19:59:31+09:00 <![CDATA[Security Fix for MODx Revolution 2.0-beta2 (and beta1)]]> http://modxcms.com/forums/index.php/topic,37961.msg229068.html#msg229068
We have committed a temporary fix until we hit the root of the issue, which is a problem with the modAccessibleObject and Context Policy loading.

SVN users, to fix this vulnerability, please update to r5505.

Non-SVN users, please make the changes as illustrated here:
http://svn.modxcms.com/crucible/changelog/modx/?cs=5501

and here:
http://svn.modxcms.com/crucible/changelog/modx/?cs=5505

Again, MODx recommends that you not use any beta products on shared or public servers without acknowledging the risk of potential undiscovered vulnerabilities. If you do choose to use such products, MODx recommends using a restricted username and/or password that is limited only to the MODx install. This also applies to file and user permissions.

We apologize for any inconvience this might have caused.]]> Security Notices 2009-07-24T04:28:34+09:00 <![CDATA[Re: Reflect RFI Exploit]]> http://modxcms.com/forums/index.php/topic,30875.msg187190.html#msg187190 Security Notices 2008-11-25T07:46:49+09:00