Skip to main content Link Search Menu Expand Document (external link)

Release notes

Table of contents

7.3.9

What’s Changed

  • Update filebrowser.cfc by @jimblesphere in #128
  • fix empty admin minified JS files
  • replace We Are Orange with We Are North (https://www.wearenorth.eu/updates/we-are-north-now-not-orange-heres-why/)

Full Changelog: 7.3.8…7.3.9

7.4.0-beta.2

fixed an issue with empty generated javascript files

7.4.0-beta.1

This is a pre-release version of 7.4 including the follow updates:

  • update for the default theme
  • new setting showextensionsindefault to show the basic tab extended attributes below the editor
  • new search module
  • new primarynav module
  • new gotofirstchild module
  • new nextprevnav module

7.3.8

Bug fixes for:

and CKEditor update to version 4.19.1

7.4.0-alpha.2

This is a pre-release version of 7.4 including the follow updates:

  • new Gatted Asset module
  • reviewed Navigation module

7.3.7

Security Vulnerability Fix

What was the issue ?

We’ve been informed of a path traversal vulnerability in Masa CMS CVE-2021-42183.

What is fixed ?

The mentioned vulnerability has been fixed.

What versions are affected?

Masa CMS versions 7.2 and 7.3 are affected.

What should you upgrade ?

If you’re on Masa CMS 7.2, you should update to version 7.2.4 immediately. This can be done by applying a manual update.

7.2.4

Security Vulnerability Fix

What was the issue ?

We’ve been informed of a path traversal vulnerability in Masa CMS CVE-2021-42183.

What is fixed ?

The mentioned vulnerability has been fixed.

What versions are affected?

Masa CMS versions 7.2 and 7.3 are affected.

What should you upgrade ?

If you’re on Masa CMS 7.2, you should update to version 7.2.4 immediately. This can be done by applying a manual update.

7.3.6

Security Vulnerability Fix

What was the issue ?

We’ve been informed of a XSS security vulnerability in the Masa CMS administrator.

What is fixed ?

Additional protection against XSS attacks is implemented to further secure the Masa CMS administrator.

What versions are affected?

Masa CMS versions 7.2 and 7.3 are affected.

What should you upgrade ?

If you’re on Masa CMS 7.2, you should update to version 7.2.3 immediately. This can be done by applying a manual update.

7.2.3

Security Vulnerability Fix

What was the issue ?

We’ve been informed of a XSS security vulnerability in the Masa CMS administrator.

What is fixed ?

Additional protection against XSS attacks is implemented to further secure the Masa CMS administrator.

What versions are affected?

Masa CMS versions 7.2 and 7.3 are affected.

What should you upgrade ?

If you’re on Masa CMS 7.2, you should update to version 7.2.3 immediately. This can be done by applying a manual update.

7.4.0-alpha.1

This is a pre-release version of 7.4 including the follow updates:

  • updated mura.js to the latest version
  • new Button module
  • new Info module
  • new Media module
  • reviewed Form module
  • reviewed Image module
  • reviewed CTA module

7.3.5

Bug fixes

  • bug fixes for
    • issue 74
    • fixes for integration with s3 in File Browser

7.3.4

Security Vulnerability Fix

What was the issue ?

We’ve been informed of a XSS security vulnerability in the Masa CMS administrator.

What is fixed ?

Additional protection against XSS attacks is implemented to further secure the Masa CMS administrator.

What versions are affected?

Masa CMS versions 7.2 and 7.3 are affected.

What should you upgrade ?

If you’re on Masa CMS 7.3, you should update to version 7.3.4 immediately. This can be done by using the “Update Masa CMS Core” option in the menu of the Masa CMS Administrator or by applying a manual update.

7.3.3

Bug fixes

  • bug fixes for
    • issue 75
    • JS error when publishing a page with an undefined canonicalurl
    • JS error when starting inline editing

7.3.2

Bug fixes

7.3.1

Bug fixes

7.3

New features

Bug fixes

  • Old, unused code from Advertisement Manager removed from codebase
  • Fixed a tenacious JavaScript console error
  • ORM Scaffolder option list and option values list were incorrectly displayed

Deprecations

7.2.2

Security Vulnerability Fix

What was the issue ?

We’ve been informed of a XSS security vulnerability in the Masa CMS administrator.

What is fixed ?

Additional protection against XSS attacks is implemented to further secure the Masa CMS administrator.

What versions are affected?

Masa CMS versions 7.2 and 7.3 are affected.

What should you upgrade ?

If you’re on Masa CMS 7.3, you should update to version 7.3.4 immediately. This can be done by using the “Update Masa CMS Core” option in the menu of the Masa CMS Administrator or by applying a manual update.

7.2.1

Security Vulnerability Fix

What was the issue ?

We’ve been informed of a security vulnerability that allows any user to request files outside the asset folder from the server.

What is fixed ?

We’ve improved the security around the assets API endpoint that is affected, to validate that the user can only request assets from the assets folder. In the process we’ve also applied restrictions to the asset upload endpoint, so that only logged in editors can upload assets.

What versions are affected?

Only Masa CMS version 7.2 is affected

What should you upgrade ?

If you’re on Masa CMS 7.2, you should update to version 7.2.1 immediately. This can be done by using the “Update Masa CMS Core” option in the menu of the Masa CMS Administrator or by applying a manual update.

7.2

Mura CMS becomes Masa CMS

  • Renamed Mura CMS to Masa CMS
  • Replaced Mura CMS logo’s with Masa CMS logo’s
  • Removed Mura CMS contributor agreement
  • Removed obsolete Docker config
  • Removed CKFinder license
  • Bugfixes

New features

  • Setting for enabling/disabling File Manager, disabled by default
  • New image upload in CKEditor, without using CKFinder