Mura 10: Release Notes

Version 10.1.4-RC

New page building experience, plus multiple security updates and bug fixes.

Added

  • To enhance the page-building experience, the Layout Manager now displays visual previews and text descriptions for each module, allowing content editors to instantly identify and select the right component without trial and error. MCPD-111

Changed

  • DOCKER ONLY Updated base image to Debian 13 (trixie).
  • Created variable to disable creation of Swagger documentation. MCPD-153
  • Include missing error dumps to existing error outputs when debug is enabled. MCPD-156

Removed

Deprecated

Fixed

  • Resolved content relocation bug in Mura core: users can no longer move content nodes to unauthorized parent nodes. MCPD-131
  • Resolved issue with duplicate query names MCPD-27
  • Resolved CSRF vulnerabilities. MCPD-142 MCPD-143 MCPD-144 MCPD-145 MCPD-146 MCPD-147 MCPD-148
  • Resolved admin function error thrown when deleting page from the front end. MCPD-129

Security

  • Resolved multiple SQL Injection vulnerabilities. MCPD-160 MCPD-161

Version 10.1.3

Default Docker image now runs with non-privileged user.   

Added

Changed

Removed

Deprecated

Fixed

  • Added support for Coldfusion (2023 Release) Update 14 and Coldfusion (2021 Release) Update 20 MCPD-118
  • Fixed an issue with a query string that was not properly sorting results. MCPD-110
  • Fixed an admin interface navigation issue. MCPD-90

Security

  • **DOCKER ONLY** Updated services to run as mura_user. This will require updates to your Dockerfile! USER mura_user before copying your files and running the container. MCPD-91
  • Closed IPv6 Open Redirect vulnerability.MCPD-119

Version 10.1.3-RC

Default Docker image now runs with non-privileged user.   

Added

Changed

Removed

Deprecated

Fixed

  • Added support for Coldfusion (2023 Release) Update 14 and Coldfusion (2021 Release) Update 20 MCPD-118
  • Fixed an issue with a query string that was not properly sorting results. MCPD-110
  • Fixed an admin interface navigation issue. MCPD-90

Security

  • **DOCKER ONLY** Updated services to run as mura_user. This will require updates to your Dockerfile! USER mura_user before copying your files and running the container. MCPD-91
  • Closed IPv6 Open Redirect vulnerability.MCPD-119

Version 10.1.2

Multiple security updates for Docker implementations and bug fixes.

Added

Changed

  • Mura.js update. Fixing a reported issue with dynamic pages.
  • DOCKER ONLY Upgraded Tomcat to 9.0.90 to resolve vulnerabilities.
  • DOCKER ONLY Updated Lucee to Lucee Light-5.4.7.2 to resolve vulnerabilities.

Removed

Deprecated

Fixed

  • Fixed preview tooltip in Mura admin
  • DOCKER ONLY Create a directory if one does not exist in the container when assets are mapped to an external source.

Security

  • DOCKER ONLY Resolved CVE-2024-34750
  • DOCKER ONLY Resolved CVE-2024-38286
  • DOCKER ONLY Resolved CVE-2023-46589
  • DOCKER ONLY Resolved CVE-2024-21634
  • DOCKER ONLY Resolved CVE-2024-24549
  • DOCKER ONLY Resolved CVE-2024-23672

Version 10.1.2-RC

Multiple security updates for Docker implementations and bug fixes.

Added

Changed

  • Mura.js update. Fixing a reported issue with dynamic pages.
  • DOCKER ONLY Upgraded Tomcat to 9.0.90 to resolve vulnerabilities.
  • DOCKER ONLY Updated Luceee to Lucee Light-5.4.7.2 to resolve vulnerabilites.

Removed

Deprecated

Fixed

  • Fixed preview tooltip in Mura admin
  • DOCKER ONLY Create a directory if one does not exist in the container when assets are mapped to an external source.

Security

  • DOCKER ONLY Resolved CVE-2024-34750
  • DOCKER ONLY Resolved CVE-2024-38286
  • DOCKER ONLY Resolved CVE-2023-46589
  • DOCKER ONLY Resolved CVE-2024-21634
  • DOCKER ONLY Resolved CVE-2024-24549
  • DOCKER ONLY Resolved CVE-2024-23672

Version 10.1.1

Added Linked Template module and other additional features to the admin interface to facilitate easier site administration and fixed multiple high vulnerabilities.

Added

  • DOCKER ONLY Updated the buildspec.yaml to use docker buildx to facilitate multi architecture build MCPD-68
  • DOCKER ONLY Build action creates ARM and AMD images
  • Added additional functionality to the User Maintenance Form & Group Listing page in the Mura admin. MCPD-93
  • Creates a Linked Template module that automatically updates all instances of the Linked Template on the site when an update to the Linked Template occurs. MCPD-86

Changed

Removed

  • Removed app/config/version.cfm file, version is set in app/core/version.cfmMCPD-89

Deprecated

Fixed

  • Removed default value of useCategoryIntersect from collections index.cfm file. This should be set on the collection. This default value overrides the setting on the collection. MCPD-48

Security

  • Fixed CSV injection vulnerability MCPD-82
  • Fixed a SSRF vulnerability. MCPD-83

Version 10.1.1-RC

Added Linked Template module and other additional features to the admin interface to facilitate easier site administration and fixed multiple high vulnerabilities.

Added

  • DOCKER ONLY Updated the buildspec.yaml to use docker buildx to facilitate multi architecture build MCPD-68
  • DOCKER ONLY Build action creates ARM and AMD images
  • Added additional functionality to the User Maintenance Form & Group Listing page in the Mura admin. MCPD-93
  • Creates a Linked Template module that automatically updates all instances of the Linked Template on the site when an update to the Linked Template occurs. MCPD-86

Changed

Removed

  • Removed app/config/version.cfm file, version is set in app/core/version.cfmMCPD-89

Deprecated

Fixed

  • Removed default value of useCategoryIntersect from collections index.cfm file. This should be set on the collection. This default value overrides the setting on the collection. MCPD-48

Security

  • Fixed CSV injection vulnerability MCPD-82
  • Fixed a SSRF vulnerability. MCPD-83

Version 10.1.0

Creating Release Notes and Security Updates

Added

  • CHANGELOG.md to track changes for Release Notes. MCPD-75
  • GitHub Workflow to dynamically create Release Notes in Github on Merge to branch. MCPD-75
  • GitHub Workflows for running Unit Tests. BAD-123

Changed

  • DOCKER ONLY Updated Dockerfile to remove usage of test Lucee image. Lucee version remains 5.4.6.9.

Removed

Deprecated

Fixed

Security

  • DOCKER ONLY Removed old, unused, unsupported Lucee extension JSON 1.0.0. Responsible for 20 Critical and 22 High vulnerabilities

Version 10.1.0-RC

Creating Release Notes and Security Updates

Added

  • CHANGELOG.md to track changes for Release Notes. MCPD-75
  • GitHub Workflow to dynamically create Release Notes in Github on Merge to branch. MCPD-75
  • GitHub Workflows for running Unit Tests. BAD-123

Changed

  • DOCKER ONLY Updated Dockerfile to remove usage of test Lucee image. Lucee version remains 5.4.6.9.

Removed

Deprecated

Fixed

Security

  • DOCKER ONLY Removed old, unused, unsupported Lucee extension JSON 1.0.0. Responsible for 20 Critical and 22 High vulnerabilities