Security Vulnerability Fix What was the issue ? We’ve been informed about multiple high and critical vulnerabilities in Masa CMS. What is fixed ? • The mentioned vulnerabilities have been fixed. • Additional security improvements have been made. What versions are affected? Masa CMS versions 7.2, 7.3 and 7.4 are affected. What should you upgrade ? • If you’re on Masa CMS 7.4, you should update to version 7.4.6 immediately. This can be done by using the “Update Masa CMS Core” option in the menu of the Masa CMS Administrator or by applying a manual update. • If you’re on Masa CMS 7.3, you should update to version 7.3.13 immediately. This can be done by applying a manual update. • If you’re on Masa CMS 7.2, you should update to version 7.2.8 immediately. This can be done by applying a manual update. What’s Changed • Sections can act as fieldsets by @grantshepert • Disable enableMuraTag, enableDynamicContent and sharableRemoteSessions by default • Additional security improvements have been made Full Changelog: 7.4.5...7.4.6

@guustnieuwenhuis we got the following report from a site after updating to 7.4.6: It seems some tags and text are being replaced with the text [INVALID] on display. Any script tags seem to be replaced and every instance on the entire site of the work Player is being replaced with P[INVALID]. What can cause this?

Check the ENABLEDYNAMICCONTENT config option. You might need to change the value to 'true' in your settings file. https://docs.masacms.com/getting-started/configuration/configuration-file/#enabledynamiccontent

What is the default setting for

autoupdateurl

to always get the latest version of a release, e.g.

7.2

?