Blog Sections Open
MODX Evolution 1.0.15: Security Fixes and Hardened Cookies
MODX Evolution 1.0.15 focused on security hardening, including cookie flags, XSS fixes, and SQL injection closure.
MODX Evolution 1.0.15 was a security-focused release, and that alone makes it historically important. Rather than shipping cosmetic changes, it concentrated on hardening the platform in the areas that most directly affect real sites.
The release notes highlighted several key fixes:
- secure cookie handling to reduce leakage over unencrypted requests;
httponlycookie support inconfig.inc.php;SameOriginprotection headers;- multiple XSS fixes, including stricter output handling and safer treatment of
$_GETand$_POSTvalues; - a closed SQL injection vector.
For maintainers of older Evolution sites, this release marked the point where “we should update soon” became “we should not postpone this any longer”. Even if the site itself seemed stable, the security delta between older builds and 1.0.15 was too meaningful to ignore.
It also set the tone for later community builds: security fixes were not secondary maintenance work, but core release material worth surfacing clearly.
Source: Evolution CMS releases on GitHub.
MODX Evo Custom 1.1b-d7.1.1: Release Notes and Upgrade Context
Release notes for MODX Evo Custom 1.1b-d7.1.1, including mailer fixes, performance work, and manager improvements.
MODX Evolution 1.1b-d7.0.16: Release Notes and Upgrade Context
A concise release post for the 1.1b-d7.0.16 build, with the focus on what changed and why the branch mattered to active Evolution users.