Mahara 1.0.14

Milestone information

Project:
Mahara
Series:
1.0
Version:
1.0.14
Released:
2010-04-06  
Registrant:
Fran├žois Marier
Release registered:
2010-04-06
Active:
No. Drivers cannot target bugs and blueprints to this milestone.  

Download RDF metadata

Activities

Assigned to you:
No blueprints or bugs assigned to you.
Assignees:
2 Evan Goldenberg
Blueprints:
No blueprints are targeted to this milestone.
Bugs:
2 Fix Released

Download files for this release

After you've downloaded a file, you can verify its authenticity using its MD5 sum or signature. (How do I verify a download?)

File Description Downloads
download icon mahara-1.0.14.zip (md5, sig) release tarball 14
last downloaded 30 weeks ago
download icon mahara-1.0.14.tar.bz2 (md5, sig) release tarball 9
last downloaded 39 weeks ago
download icon mahara-1.0.14.tar.gz (md5, sig) release tarball 12
last downloaded 41 weeks ago
Total downloads: 35

Release notes 

Mahara 1.0.14 Release Notes

This is a stable release of Mahara 1.0. Stable releases are fit for
general use. If you find a bug, please report it to the tracker:

https://bugs.launchpad.net/mahara/+filebug

This release includes an upgrade path from 1.0. If you wish to
upgrade, we encourage you to make a copy of your website and test the
upgrade on it first, to minimise the effect of any potential
unforeseen problems.

Changes from 1.0.13:

 * Security fixes to bundled copy of smarty (CVE-2008-4810, CVE-2008-4811 and CVE-2009-1669)
 * Fix for SQL injection in MNET usernames (CVE-2010-0400)

Changelog 

View the full changelog

security fix: patch two smarty vulnerabilities (bug #491129)
Security fix: use a placeholder to escape username

0 blueprints and 2 bugs targeted

Bug report Importance Assignee Status
534172 #534172 get_new_username() does not escape string used in SQL call 2 Critical Evan Goldenberg  10 Fix Released
491129 #491129 Smarty version in Mahara 1.0 and 1.1 has security vulnerabilities 1 Undecided Evan Goldenberg  10 Fix Released
This milestone contains Public information
Everyone can see this information.