We have been notified of a potential security vulnerability in X2Engine. This vulnerability will be fixed in the next release, but it is too important to wait until then. It affects all versions from 2.8 through 4.1.7.
To patch/fix this vulnerability on your installation before the update:
1. Download the following archive:
Security-Patch-Jul31-2014.tar.gz 997.11KB 3 downloads
Or, if you're on 4.1.7, download the following package and proceed to step 4:
Jul31-2014-4.1.7-security-patch.tar.gz 20.79KB 11 downloads
2. Unpack the archive
3. Find the archive file within the contents that corresponds to your version of X2Engine (their names should contain version number)
4. Unpack the archive for your version
5. Copy SiteController.php into X2Engine on your web server, to replace the file protected/controllers/SiteController.php
Also included is a git patch for the corresponding version that will apply the relevant changes.
Effective immediately, error/bug reports submitted from all instances of X2Engine that do not have this patch will be ignored/denied.