Release notes

Table of contents

7.4.7

What’s Changed

New Contributors

Full Changelog: 7.4.6…7.4.7

7.4.6

Security Vulnerability Fix

What was the issue ?

We’ve been informed about multiple high and critical vulnerabilities in Masa CMS.

What is fixed ?

  • The mentioned vulnerabilities have been fixed.
  • Additional security improvements have been made.

What versions are affected?

Masa CMS versions 7.2, 7.3 and 7.4 are affected.

What should you upgrade ?

  • If you’re on Masa CMS 7.4, you should update to version 7.4.6 immediately. This can be done by using the “Update Masa CMS Core” option in the menu of the Masa CMS Administrator or by applying a manual update.
  • If you’re on Masa CMS 7.3, you should update to version 7.3.13 immediately. This can be done by applying a manual update.
  • If you’re on Masa CMS 7.2, you should update to version 7.2.8 immediately. This can be done by applying a manual update.

What’s Changed

  • Sections can act as fieldsets by @grantshepert
  • Disable enableMuraTag, enableDynamicContent and sharableRemoteSessions by default
  • Additional security improvements have been made

Full Changelog: 7.4.5…7.4.6

7.3.13

Security Vulnerability Fix

What was the issue ?

We’ve been informed about multiple high and critical vulnerabilities in Masa CMS.

What is fixed ?

  • The mentioned vulnerabilities have been fixed.

What versions are affected?

Masa CMS versions 7.2, 7.3 and 7.4 are affected.

What should you upgrade ?

  • If you’re on Masa CMS 7.4, you should update to version 7.4.6 immediately. This can be done by using the “Update Masa CMS Core” option in the menu of the Masa CMS Administrator or by applying a manual update.
  • If you’re on Masa CMS 7.3, you should update to version 7.3.13 immediately. This can be done by applying a manual update.
  • If you’re on Masa CMS 7.2, you should update to version 7.2.8 immediately. This can be done by applying a manual update.

What’s Changed

  • Disable enableMuraTag, enableDynamicContent and sharableRemoteSessions by default
  • Additional security improvements have been made

Full Changelog: 7.3.12…7.3.13

7.2.8

Security Vulnerability Fix

What was the issue ?

We’ve been informed about multiple high and critical vulnerabilities in Masa CMS.

What is fixed ?

  • The mentioned vulnerabilities have been fixed.

What versions are affected?

Masa CMS versions 7.2, 7.3 and 7.4 are affected.

What should you upgrade ?

  • If you’re on Masa CMS 7.4, you should update to version 7.4.6 immediately. This can be done by using the “Update Masa CMS Core” option in the menu of the Masa CMS Administrator or by applying a manual update.
  • If you’re on Masa CMS 7.3, you should update to version 7.3.13 immediately. This can be done by applying a manual update.
  • If you’re on Masa CMS 7.2, you should update to version 7.2.8 immediately. This can be done by applying a manual update.

What’s Changed

  • Disable enableMuraTag, enableDynamicContent and sharableRemoteSessions by default
  • Additional security improvements have been made

Full Changelog: 7.2.7…7.2.8

7.4.5

Security Vulnerability Fix

What was the issue ?

We’ve been informed about a critical vulnerability in Masa CMS.

What is fixed ?

  • The mentioned vulnerability has been fixed.
  • Additional security improvements have been made.

What versions are affected?

Masa CMS versions 7.2, 7.3 and 7.4 are affected.

What should you upgrade ?

  • If you’re on Masa CMS 7.4, you should update to version 7.4.5 immediately. This can be done by using the “Update Masa CMS Core” option in the menu of the Masa CMS Administrator or by applying a manual update.
  • If you’re on Masa CMS 7.3, you should update to version 7.3.12 immediately. This can be done by applying a manual update.
  • If you’re on Masa CMS 7.2, you should update to version 7.2.7 immediately. This can be done by applying a manual update.

What’s Changed

New Contributors

Full Changelog: 7.4.4…7.4.5

7.3.12

Security Vulnerability Fix

What was the issue ?

We’ve been informed about a critical vulnerability in Masa CMS.

What is fixed ?

  • The mentioned vulnerability has been fixed.
  • Additional security improvements have been made.

What versions are affected?

Masa CMS versions 7.2, 7.3 and 7.4 are affected.

What should you upgrade ?

  • If you’re on Masa CMS 7.4, you should update to version 7.4.5 immediately. This can be done by using the “Update Masa CMS Core” option in the menu of the Masa CMS Administrator or by applying a manual update.
  • If you’re on Masa CMS 7.3, you should update to version 7.3.12 immediately. This can be done by applying a manual update.
  • If you’re on Masa CMS 7.2, you should update to version 7.2.7 immediately. This can be done by applying a manual update.

Full Changelog: 7.3.11…7.3.12

7.2.7

Security Vulnerability Fix

What was the issue ?

We’ve been informed about a critical vulnerability in Masa CMS.

What is fixed ?

  • The mentioned vulnerability has been fixed.
  • Additional security improvements have been made.

What versions are affected?

Masa CMS versions 7.2, 7.3 and 7.4 are affected.

What should you upgrade ?

  • If you’re on Masa CMS 7.4, you should update to version 7.4.5 immediately. This can be done by using the “Update Masa CMS Core” option in the menu of the Masa CMS Administrator or by applying a manual update.
  • If you’re on Masa CMS 7.3, you should update to version 7.3.12 immediately. This can be done by applying a manual update.
  • If you’re on Masa CMS 7.2, you should update to version 7.2.7 immediately. This can be done by applying a manual update.

Full Changelog: 7.2.6…7.2.7

7.4.4

What’s Changed

New Contributors

Full Changelog: 7.4.3…7.4.4

7.4.3

What’s Changed

New Contributors

Full Changelog: 7.4.2…7.4.3

7.4.2

Security Vulnerability Fix

What was the issue ?

We’ve been informed of multiple vulnerabilities in Masa CMS.

What is fixed ?

  • The mentioned vulnerabilities have been fixed.
  • Security fixes from the MuraLabs repository have been copied over to Masa CMS.
  • Multiple dependancies have been updated to their latest releases.
  • Unused dependancies have been removed.

What versions are affected?

Masa CMS versions 7.2, 7.3 and 7.4 are affected.

What should you upgrade ?

  • If you’re on Masa CMS 7.4, you should update to version 7.4.2 immediately. This can be done by using the “Update Masa CMS Core” option in the menu of the Masa CMS Administrator or by applying a manual update.
  • If you’re on Masa CMS 7.3, you should update to version 7.3.11 immediately. This can be done by applying a manual update.
  • If you’re on Masa CMS 7.2, you should update to version 7.2.6 immediately. This can be done by applying a manual update.

Full Changelog: 7.4.1…7.4.2

7.3.11

Security Vulnerability Fix

What was the issue ?

We’ve been informed of multiple vulnerabilities in Masa CMS.

What is fixed ?

  • The mentioned vulnerabilities have been fixed.
  • Security fixes from the MuraLabs repository have been copied over to Masa CMS.
  • Multiple dependancies have been updated to their latest releases.
  • Unused dependancies have been removed.

What versions are affected?

Masa CMS versions 7.2, 7.3 and 7.4 are affected.

What should you upgrade ?

  • If you’re on Masa CMS 7.4, you should update to version 7.4.2 immediately. This can be done by using the “Update Masa CMS Core” option in the menu of the Masa CMS Administrator or by applying a manual update.
  • If you’re on Masa CMS 7.3, you should update to version 7.3.11 immediately. This can be done by applying a manual update.
  • If you’re on Masa CMS 7.2, you should update to version 7.2.6 immediately. This can be done by applying a manual update.

Full Changelog: 7.3.10…7.3.11

7.2.6

Security Vulnerability Fix

What was the issue ?

We’ve been informed of multiple vulnerabilities in Masa CMS.

What is fixed ?

  • The mentioned vulnerabilities have been fixed.
  • Security fixes from the MuraLabs repository have been copied over to Masa CMS.

What versions are affected?

Masa CMS versions 7.2, 7.3 and 7.4 are affected.

What should you upgrade ?

  • If you’re on Masa CMS 7.4, you should update to version 7.4.2 immediately. This can be done by using the “Update Masa CMS Core” option in the menu of the Masa CMS Administrator or by applying a manual update.
  • If you’re on Masa CMS 7.3, you should update to version 7.3.11 immediately. This can be done by applying a manual update.
  • If you’re on Masa CMS 7.2, you should update to version 7.2.6 immediately. This can be done by applying a manual update.

Full Changelog: 7.2.5…7.2.6

7.4.1

What’s Changed

  • fix issue with ids in db update script by @guustnieuwenhuis in #157
  • Replace hard-coded references to /admin directory by @jimblesphere in #177
  • Update filebrowser.cfc by @chexy in #175
  • error when related content is scheduled, missing column parentType by @sejourla in #174
  • Update database driver created by setup for MySQL/Lucee by @quetwo in #141
  • fixed broken styling on categories tab
  • fixed broken styling on component editing (front-end)
  • fixed StructKeyDelete function by @ejespersen-AMS
  • fixed class extensions in components

Full Changelog: 7.4.0…7.4.1

7.4.0

What’s Changed

  • updated default theme to the latest version
  • updated mura.js to the latest version
  • new setting showextensionsindefault to show the basic tab extended attributes below the editor
  • new search module
  • new primarynav module
  • new gotofirstchild module
  • new nextprevnav module
  • new gattedasset module
  • new button module
  • new info module
  • new media module
  • reviewed navigation module
  • reviewed form module
  • reviewed image module
  • reviewed CTA module

7.4.0-beta.3

7.3.10

Security Vulnerability Fix

What was the issue ?

We’ve been informed of an authentication bypass vulnerability in Masa CMS.

What is fixed ?

The mentioned vulnerability has been fixed.

What versions are affected?

Masa CMS versions 7.2, 7.3 and 7.4-beta are affected.

What should you upgrade ?

If you’re on Masa CMS 7.3, you should update to version 7.3.10 immediately. This can be done by using the “Update Masa CMS Core” option in the menu of the Masa CMS Administrator or by applying a manual update.

7.2.5

Security Vulnerability Fix

What was the issue ?

We’ve been informed of an authentication bypass vulnerability in Masa CMS.

What is fixed ?

The mentioned vulnerability has been fixed.

What versions are affected?

Masa CMS versions 7.2, 7.3 and 7.4-beta are affected.

What should you upgrade ?

If you’re on Masa CMS 7.2, you should update to version 7.2.5 immediately. This can be done by applying a manual update.

7.3.9

What’s Changed

  • Update filebrowser.cfc by @jimblesphere in #128
  • fix empty admin minified JS files
  • replace We Are Orange with We Are North (https://www.wearenorth.eu/updates/we-are-north-now-not-orange-heres-why/)

Full Changelog: 7.3.8…7.3.9

7.4.0-beta.2

fixed an issue with empty generated javascript files

7.4.0-beta.1

This is a pre-release version of 7.4 including the follow updates:

  • update for the default theme
  • new setting showextensionsindefault to show the basic tab extended attributes below the editor
  • new search module
  • new primarynav module
  • new gotofirstchild module
  • new nextprevnav module

7.3.8

Bug fixes for:

and CKEditor update to version 4.19.1

7.4.0-alpha.2

This is a pre-release version of 7.4 including the follow updates:

  • new Gatted Asset module
  • reviewed Navigation module

7.3.7

Security Vulnerability Fix

What was the issue ?

We’ve been informed of a path traversal vulnerability in Masa CMS CVE-2021-42183.

What is fixed ?

The mentioned vulnerability has been fixed.

What versions are affected?

Masa CMS versions 7.2 and 7.3 are affected.

What should you upgrade ?

If you’re on Masa CMS 7.2, you should update to version 7.2.4 immediately. This can be done by applying a manual update.

7.2.4

Security Vulnerability Fix

What was the issue ?

We’ve been informed of a path traversal vulnerability in Masa CMS CVE-2021-42183.

What is fixed ?

The mentioned vulnerability has been fixed.

What versions are affected?

Masa CMS versions 7.2 and 7.3 are affected.

What should you upgrade ?

If you’re on Masa CMS 7.2, you should update to version 7.2.4 immediately. This can be done by applying a manual update.

7.3.6

Security Vulnerability Fix

What was the issue ?

We’ve been informed of a XSS security vulnerability in the Masa CMS administrator.

What is fixed ?

Additional protection against XSS attacks is implemented to further secure the Masa CMS administrator.

What versions are affected?

Masa CMS versions 7.2 and 7.3 are affected.

What should you upgrade ?

If you’re on Masa CMS 7.2, you should update to version 7.2.3 immediately. This can be done by applying a manual update.

7.2.3

Security Vulnerability Fix

What was the issue ?

We’ve been informed of a XSS security vulnerability in the Masa CMS administrator.

What is fixed ?

Additional protection against XSS attacks is implemented to further secure the Masa CMS administrator.

What versions are affected?

Masa CMS versions 7.2 and 7.3 are affected.

What should you upgrade ?

If you’re on Masa CMS 7.2, you should update to version 7.2.3 immediately. This can be done by applying a manual update.

7.4.0-alpha.1

This is a pre-release version of 7.4 including the follow updates:

  • updated mura.js to the latest version
  • new Button module
  • new Info module
  • new Media module
  • reviewed Form module
  • reviewed Image module
  • reviewed CTA module

7.3.5

Bug fixes

  • bug fixes for
    • issue 74
    • fixes for integration with s3 in File Browser

7.3.4

Security Vulnerability Fix

What was the issue ?

We’ve been informed of a XSS security vulnerability in the Masa CMS administrator.

What is fixed ?

Additional protection against XSS attacks is implemented to further secure the Masa CMS administrator.

What versions are affected?

Masa CMS versions 7.2 and 7.3 are affected.

What should you upgrade ?

If you’re on Masa CMS 7.3, you should update to version 7.3.4 immediately. This can be done by using the “Update Masa CMS Core” option in the menu of the Masa CMS Administrator or by applying a manual update.

7.3.3

Bug fixes

  • bug fixes for
    • issue 75
    • JS error when publishing a page with an undefined canonicalurl
    • JS error when starting inline editing

7.3.2

Bug fixes

7.3.1

Bug fixes

7.3

New features

Bug fixes

  • Old, unused code from Advertisement Manager removed from codebase
  • Fixed a tenacious JavaScript console error
  • ORM Scaffolder option list and option values list were incorrectly displayed

Deprecations

7.2.2

Security Vulnerability Fix

What was the issue ?

We’ve been informed of a XSS security vulnerability in the Masa CMS administrator.

What is fixed ?

Additional protection against XSS attacks is implemented to further secure the Masa CMS administrator.

What versions are affected?

Masa CMS versions 7.2 and 7.3 are affected.

What should you upgrade ?

If you’re on Masa CMS 7.3, you should update to version 7.3.4 immediately. This can be done by using the “Update Masa CMS Core” option in the menu of the Masa CMS Administrator or by applying a manual update.

7.2.1

Security Vulnerability Fix

What was the issue ?

We’ve been informed of a security vulnerability that allows any user to request files outside the asset folder from the server.

What is fixed ?

We’ve improved the security around the assets API endpoint that is affected, to validate that the user can only request assets from the assets folder. In the process we’ve also applied restrictions to the asset upload endpoint, so that only logged in editors can upload assets.

What versions are affected?

Only Masa CMS version 7.2 is affected

What should you upgrade ?

If you’re on Masa CMS 7.2, you should update to version 7.2.1 immediately. This can be done by using the “Update Masa CMS Core” option in the menu of the Masa CMS Administrator or by applying a manual update.

7.2

Mura CMS becomes Masa CMS

  • Renamed Mura CMS to Masa CMS
  • Replaced Mura CMS logo’s with Masa CMS logo’s
  • Removed Mura CMS contributor agreement
  • Removed obsolete Docker config
  • Removed CKFinder license
  • Bugfixes

New features

  • Setting for enabling/disabling File Manager, disabled by default
  • New image upload in CKEditor, without using CKFinder