Hi folks, has anybody else noticed a big decrease in responsiveness from Mura support lately?

Anyone having issues 'reloading' Mura today? Using CF 2018, Java 11.0.14 and today running into an issue with

moment.cfc

. This is Mura 10 (the paid version). More in thread...

Last night (eu time) we’ve release a security fix for #masacms, the vulnerability also exists in Mura 6.1, 7.0 and 7.1. We don’t know what the status is for Mura X. If you are running Mura 6.1 or later, please have a look at the the changes in Masa CMS 7.3.4 and apply these manually on your Mura instance. Or migrate to Masa CMS, let me know if you’ll need help with that.

(apologies for the crosspost but probably should've put this here) We have an install of Mura that is about 3 years old and which as been running in Docker that whole time. It was on Mura 7.3.1 and Lucee 5.3.6. I'd been putting off and putting off doing anything with it because it 'just worked' but it really needed to be running current versions both of Lucee and Mura or Masa. We rebuilt the docker images with our updated Lucee base images and then by cloning the Masa repo instead of the Mura repo and dropped it in our Docker swarm. It 'just worked' - all sites running, admin logins, everything. Smoothest update we've had for anything in a while! Thanks guys!

has anybody integrated gatsby with mura to generate static pages from mura? i did find this by @ronnieduke, so i'm guessing they have made it happen.

Is there anybody available here to answer a question regarding an older version of Mura?

Mura CMS < 10.0.580 is vulnerable to a recently-discovered authentication bypass vulnerability (cf. a similar issue in Masa CMS -- https://cfml.slack.com/archives/C02EB3Y57SR/p1670358749665149) Posting this here for general awareness. Organizations running older Mura CMS versions will want to determine their best upgrade/patch strategies for this one.

Can I access Mura cfc handlers via ajax url? If so, what would that url be?

Can I leverage the JavaLoader present in Mura (6) for loading additional jars without restarting the server / application?

I released the full advisory on the Mura CMS / Masa CMS authentication bypass vulnerability (CVE-2022-47003 / CVE-2022-47002) today - https://hoyahaxa.blogspot.com/2023/03/authentication-bypass-mura-masa.html. In addition to technical details about the vulnerability, I also share some thoughts on quick fixes for sites running older, unsupported open source Mura CMS that can't immediately migrate to Masa CMS.

@jsteenbergen has left the channel

@nick has left the channel

All of the sudden, we cannot login to MURA CMS Admin with any user (we have several setup as admins) including the admin user. If I punch in a username/password that is WRONG, I get the login failed message "No account was found with that Username and Password." If I punch in a username/password that is RIGHT, it just takes me back to the same login page, no re-direct, with no message at all. I know the passwords are 100% correct. Any suggestions?

We're running Coldfusion 10 on the server.