Release/7.4.6 (#44)

* add release notes for 7.4.6, 7.3.13 and 7.2.8
MasaCMS · Mar 7, 2024 · 63a0f51 · 63a0f51
1 parent 5bb7c18
commit 63a0f51
Show file tree

Hide file tree

Showing 2 changed files with 111 additions and 6 deletions.
diff --git a/01_getting-started/03_configuration/01_configuration-file.md b/01_getting-started/03_configuration/01_configuration-file.md
@@ -683,13 +683,24 @@ New in 7.4.3
   <dd>Setting whether the EmailBroadcaster can be enabled per site in Site Settings. --> Edit Settings --> Modules</dd>
 </dl>
 
+#### enabledynamiccontent
+
+<dl>
+  <dt>Type</dt>
+  <dd>boolean</dd>
+  <dt>Default</dt>
+  <dd><code>false</code></dd>
+  <dt>Description</dt>
+  <dd>Enable usage of script, object, applet, embed, layer, ilayer, frameset, param, meta, base, xss, marquee in content.</dd>
+</dl>
+
 #### enablemuratag
 
 <dl>
   <dt>Type</dt>
   <dd>boolean</dd>
   <dt>Default</dt>
-  <dd><code>true</code></dd>
+  <dd><code>false</code></dd>
   <dt>Description</dt>
   <dd>Configure whether the content in the [m] tag is parsed. This is a global setting; you can overwrite this setting per site in the contentRenderer.cfc.</dd>
 </dl>
@@ -1447,8 +1458,6 @@ New in 7.4.4
   <dd>Display a warning about 'posting' site bundles via direct upload, rather then placeing them on the webserver and then importing them.</dd>
 </dl>
 
-
-
 #### productionassetdir
 
 <dl>
@@ -1460,7 +1469,6 @@ New in 7.4.4
   <dd>-</dd>
 </dl>
 
-
 #### productionassetpath
 
 <dl>
@@ -1483,7 +1491,6 @@ New in 7.4.4
   <dd>-</dd>
 </dl>
 
-
 #### productionfiledir
 
 <dl>
@@ -1780,7 +1787,7 @@ New in 7.4.4
   <dt>Type</dt>
   <dd>boolean</dd>
   <dt>Default</dt>
-  <dd><code>true</code></dd>
+  <dd><code>false</code></dd>
   <dt>Description</dt>
   <dd>Enable or disable shareable remote sessions</dd>
 </dl>

diff --git a/07_release-notes.md b/07_release-notes.md
@@ -15,6 +15,104 @@ permalink: /release-notes/
 - TOC
 {:toc}
 
+## 7.4.6
+
+### Security Vulnerability Fix
+{: .no_toc }
+
+#### What was the issue ?
+{: .no_toc }
+We've been informed about multiple high and critical vulnerabilities in Masa CMS.
+
+#### What is fixed ?
+{: .no_toc }
+* The mentioned vulnerabilities have been fixed.
+* Additional security improvements have been made.
+
+#### What versions are affected?
+{: .no_toc }
+Masa CMS versions 7.2, 7.3 and 7.4 are affected.
+
+#### What should you upgrade ?
+{: .no_toc }
+
+* If you’re on Masa CMS 7.4, you should update to version 7.4.6 immediately. This can be done by using the “Update Masa CMS Core” option in the menu of the Masa CMS Administrator or by applying a manual update.
+* If you’re on Masa CMS 7.3, you should update to version 7.3.13 immediately. This can be done by applying a manual update.
+* If you’re on Masa CMS 7.2, you should update to version 7.2.8 immediately. This can be done by applying a manual update.
+
+### What's Changed
+{: .no_toc }
+
+* Sections can act as fieldsets by [@grantshepert](https://github.com/grantshepert)
+* Disable enableMuraTag, enableDynamicContent and sharableRemoteSessions by default
+* Additional security improvements have been made
+
+Full Changelog: [7.4.5...7.4.6](https://github.com/MasaCMS/MasaCMS/compare/7.4.5...7.4.6)
+
+## 7.3.13
+
+### Security Vulnerability Fix
+{: .no_toc }
+
+#### What was the issue ?
+{: .no_toc }
+We've been informed about multiple high and critical vulnerabilities in Masa CMS.
+
+#### What is fixed ?
+{: .no_toc }
+* The mentioned vulnerabilities have been fixed.
+
+#### What versions are affected?
+{: .no_toc }
+Masa CMS versions 7.2, 7.3 and 7.4 are affected.
+
+#### What should you upgrade ?
+{: .no_toc }
+
+* If you’re on Masa CMS 7.4, you should update to version 7.4.6 immediately. This can be done by using the “Update Masa CMS Core” option in the menu of the Masa CMS Administrator or by applying a manual update.
+* If you’re on Masa CMS 7.3, you should update to version 7.3.13 immediately. This can be done by applying a manual update.
+* If you’re on Masa CMS 7.2, you should update to version 7.2.8 immediately. This can be done by applying a manual update.
+
+### What's Changed
+{: .no_toc }
+
+* Disable enableMuraTag, enableDynamicContent and sharableRemoteSessions by default
+* Additional security improvements have been made
+
+Full Changelog: [7.3.12...7.3.13](https://github.com/MasaCMS/MasaCMS/compare/7.3.12...7.3.13)
+
+## 7.2.8
+
+### Security Vulnerability Fix
+{: .no_toc }
+
+#### What was the issue ?
+{: .no_toc }
+We've been informed about multiple high and critical vulnerabilities in Masa CMS.
+
+#### What is fixed ?
+{: .no_toc }
+* The mentioned vulnerabilities have been fixed.
+
+#### What versions are affected?
+{: .no_toc }
+Masa CMS versions 7.2, 7.3 and 7.4 are affected.
+
+#### What should you upgrade ?
+{: .no_toc }
+
+* If you’re on Masa CMS 7.4, you should update to version 7.4.6 immediately. This can be done by using the “Update Masa CMS Core” option in the menu of the Masa CMS Administrator or by applying a manual update.
+* If you’re on Masa CMS 7.3, you should update to version 7.3.13 immediately. This can be done by applying a manual update.
+* If you’re on Masa CMS 7.2, you should update to version 7.2.8 immediately. This can be done by applying a manual update.
+
+### What's Changed
+{: .no_toc }
+
+* Disable enableMuraTag, enableDynamicContent and sharableRemoteSessions by default
+* Additional security improvements have been made
+
+Full Changelog: [7.2.7...7.2.8](https://github.com/MasaCMS/MasaCMS/compare/7.2.7...7.2.8)
+
 ## 7.4.5
 
 ### Security Vulnerability Fix