Jump to content
X2Community Forums

Important Security Patch

Guest x2demitri

Recommended Posts

Guest x2demitri



We have been notified of a potential security vulnerability in X2Engine. This vulnerability will be fixed in the next release, but it is too important to wait until then. It affects all versions from 2.8 through 4.1.7.


To patch/fix this vulnerability on your installation before the update:


1. Download the following archive:


Or, if you're on 4.1.7, download the following package and proceed to step 4:


2. Unpack the archive

3. Find the archive file within the contents that corresponds to your version of X2Engine (their names should contain version number)

4. Unpack the archive for your version

5. Copy SiteController.php into X2Engine on your web server, to replace the file protected/controllers/SiteController.php


Also included is a git patch for the corresponding version that will apply the relevant changes.


Effective immediately, error/bug reports submitted from all instances of X2Engine that do not have this patch will be ignored/denied.

Link to post
Share on other sites
  • Create New...