Mura 10: Release Notes

Version 10.1.3-RC

Default Docker image now runs with non-privileged user.   

Added

Changed

Removed

Deprecated

Fixed

  • Added support for Coldfusion (2023 Release) Update 14 and Coldfusion (2021 Release) Update 20 MCPD-118
  • Fixed an issue with a query string that was not properly sorting results. MCPD-110
  • Fixed an admin interface navigation issue. MCPD-90

Security

  • **DOCKER ONLY** Updated services to run as mura_user. This will require updates to your Dockerfile! USER mura_user before copying your files and running the container. MCPD-91
  • Closed IPv6 Open Redirect vulnerability.MCPD-119

Version 10.1.2

Multiple security updates for Docker implementations and bug fixes.

Added

Changed

  • Mura.js update. Fixing a reported issue with dynamic pages.
  • DOCKER ONLY Upgraded Tomcat to 9.0.90 to resolve vulnerabilities.
  • DOCKER ONLY Updated Lucee to Lucee Light-5.4.7.2 to resolve vulnerabilities.

Removed

Deprecated

Fixed

  • Fixed preview tooltip in Mura admin
  • DOCKER ONLY Create a directory if one does not exist in the container when assets are mapped to an external source.

Security

  • DOCKER ONLY Resolved CVE-2024-34750
  • DOCKER ONLY Resolved CVE-2024-38286
  • DOCKER ONLY Resolved CVE-2023-46589
  • DOCKER ONLY Resolved CVE-2024-21634
  • DOCKER ONLY Resolved CVE-2024-24549
  • DOCKER ONLY Resolved CVE-2024-23672

Version 10.1.2-RC

Multiple security updates for Docker implementations and bug fixes.

Added

Changed

  • Mura.js update. Fixing a reported issue with dynamic pages.
  • DOCKER ONLY Upgraded Tomcat to 9.0.90 to resolve vulnerabilities.
  • DOCKER ONLY Updated Luceee to Lucee Light-5.4.7.2 to resolve vulnerabilites.

Removed

Deprecated

Fixed

  • Fixed preview tooltip in Mura admin
  • DOCKER ONLY Create a directory if one does not exist in the container when assets are mapped to an external source.

Security

  • DOCKER ONLY Resolved CVE-2024-34750
  • DOCKER ONLY Resolved CVE-2024-38286
  • DOCKER ONLY Resolved CVE-2023-46589
  • DOCKER ONLY Resolved CVE-2024-21634
  • DOCKER ONLY Resolved CVE-2024-24549
  • DOCKER ONLY Resolved CVE-2024-23672

Version 10.1.1

Added Linked Template module and other additional features to the admin interface to facilitate easier site administration and fixed multiple high vulnerabilities.

Added

  • DOCKER ONLY Updated the buildspec.yaml to use docker buildx to facilitate multi architecture build MCPD-68
  • DOCKER ONLY Build action creates ARM and AMD images
  • Added additional functionality to the User Maintenance Form & Group Listing page in the Mura admin. MCPD-93
  • Creates a Linked Template module that automatically updates all instances of the Linked Template on the site when an update to the Linked Template occurs. MCPD-86

Changed

Removed

  • Removed app/config/version.cfm file, version is set in app/core/version.cfmMCPD-89

Deprecated

Fixed

  • Removed default value of useCategoryIntersect from collections index.cfm file. This should be set on the collection. This default value overrides the setting on the collection. MCPD-48

Security

  • Fixed CSV injection vulnerability MCPD-82
  • Fixed a SSRF vulnerability. MCPD-83

Version 10.1.1-RC

Added Linked Template module and other additional features to the admin interface to facilitate easier site administration and fixed multiple high vulnerabilities.

Added

  • DOCKER ONLY Updated the buildspec.yaml to use docker buildx to facilitate multi architecture build MCPD-68
  • DOCKER ONLY Build action creates ARM and AMD images
  • Added additional functionality to the User Maintenance Form & Group Listing page in the Mura admin. MCPD-93
  • Creates a Linked Template module that automatically updates all instances of the Linked Template on the site when an update to the Linked Template occurs. MCPD-86

Changed

Removed

  • Removed app/config/version.cfm file, version is set in app/core/version.cfmMCPD-89

Deprecated

Fixed

  • Removed default value of useCategoryIntersect from collections index.cfm file. This should be set on the collection. This default value overrides the setting on the collection. MCPD-48

Security

  • Fixed CSV injection vulnerability MCPD-82
  • Fixed a SSRF vulnerability. MCPD-83

Version 10.1.0

Creating Release Notes and Security Updates

Added

  • CHANGELOG.md to track changes for Release Notes. MCPD-75
  • GitHub Workflow to dynamically create Release Notes in Github on Merge to branch. MCPD-75
  • GitHub Workflows for running Unit Tests. BAD-123

Changed

  • DOCKER ONLY Updated Dockerfile to remove usage of test Lucee image. Lucee version remains 5.4.6.9.

Removed

Deprecated

Fixed

Security

  • DOCKER ONLY Removed old, unused, unsupported Lucee extension JSON 1.0.0. Responsible for 20 Critical and 22 High vulnerabilities

Version 10.1.0-RC

Creating Release Notes and Security Updates

Added

  • CHANGELOG.md to track changes for Release Notes. MCPD-75
  • GitHub Workflow to dynamically create Release Notes in Github on Merge to branch. MCPD-75
  • GitHub Workflows for running Unit Tests. BAD-123

Changed

  • DOCKER ONLY Updated Dockerfile to remove usage of test Lucee image. Lucee version remains 5.4.6.9.

Removed

Deprecated

Fixed

Security

  • DOCKER ONLY Removed old, unused, unsupported Lucee extension JSON 1.0.0. Responsible for 20 Critical and 22 High vulnerabilities