The MODX Cloud infrastructure is regularly maintained, and the security of your sites is our number one priority in MODX Cloud. Further, we employ technology that allows us to patch the Operating System kernel without downtime due to forced reboots. You should never worry about the infrastructure on which your sites run in MODX Cloud, or ever having to maintain servers yourself.
Critical System Maintenance
Critical security patches are applied as they are released, regardless of normal scheduled patch windows. Kernel updates are automatically applied without requiring a reboot, within one hour of release.
MODX subscribes to mailing lists for advanced notice of security patch releases. For example, the day that critical security issues like ShellShock, Heartbleed, POODLE, FREAK and BEAST were disclosed, the MODX Cloud infrastructure was patched against their exploitation. (More info on those here.)
Regular Weekly Patching
We also schedule time each week for other patches, bugfixes and updates, so important software components are kept up to date. PHP is a custom build and is patched when security vulnerabilities that affect our infrastructure, or otherwise critical bug fixes or vulnerability patches, are released.