next »

[OpenGeek]

VERY IMPORTANT!

If you have added the FileDownload snippet to a MODx site, please remove this snippet from your sites immediately.  There is a known vulnerability in this component that can expose critical database credentials by allowing exploiters to download your config.inc.php file or any number of other critical files directly from your server.  A new version of the component will be available shortly that resolves this issue, but in the meantime, it is absolutely critical that you disable this snippet.

Also, if you have a site with this snippet currently enabled, it is highly recommended that you change your database username/password after disabling the snippet as soon as possible.  It is possible that some sites have already been silently exploited and critical security information collected.

Please note: FileDownload is not part of the core MODx distribution, so this only affects users who have downloaded and installed the FileDownload snippet.

More information as soon as it becomes available.

[rthrash]

Our downloads will return later today after resolving this issue.

[rthrash]

Patched and back online.