Mahara 1.2.9

Milestone information

Richard Mansfield
Release registered:
No. Drivers cannot target bugs and blueprints to this milestone.  

Download RDF metadata


Assigned to you:
No blueprints or bugs assigned to you.
7 Richard Mansfield, 1 Ruslan Kabalin
No blueprints are targeted to this milestone.
8 Fix Released

Download files for this release

After you've downloaded a file, you can verify its authenticity using its MD5 sum or signature. (How do I verify a download?)

File Description Downloads
download icon mahara-1.2.9.tar.bz2 (md5, sig) release tarball 65
last downloaded 3 weeks ago
download icon mahara-1.2.9.tar.gz (md5, sig) release tarball 55
last downloaded 2 weeks ago
download icon (md5, sig) release tarball 76
last downloaded 5 days ago
Total downloads: 196

Release notes 

Mahara 1.2.9 Release Notes

This is a stable release of Mahara 1.2. Stable releases are fit for
general use. If you find a bug, please report it to the tracker:

This release includes an upgrade path from 1.0. If you wish to
upgrade, we encourage you to make a copy of your website and test the
upgrade on it first, to minimise the effect of any potential
unforeseen problems.

Changes from 1.2.8:

 * Privilege escalations (CVE-2011-1402)
 * Fixes to session key validation (CVE-2011-1403)
 * Information disclosure in AJAX calls (CVE-2011-1404)
 * Sanitisation of HTML emails (CVE-2011-1405)
 * https to http downgrade (CVE-2011-1406)


View the full changelog

Ensure that secure connection is being used when wwwroot is set to ^https
Escape body of html emails (bug #772860)
Prevent unauthorised information disclosure
Fix pieforms sesskey validation (bug #771598)
Fix privilege escalation vulns in secret url & user suspension

0 blueprints and 8 bugs targeted

Bug report Importance Assignee Status
685942 #685942 Possible https to http downgrade 3 High Ruslan Kabalin  10 Fix Released
746182 #746182 Overriding start/stop dates not checked 3 High Richard Mansfield  10 Fix Released
771592 #771592 Edit permission not checked in newviewtoken.json.php 3 High Richard Mansfield  10 Fix Released
771598 #771598 Session key validation not working in pieforms 3 High Richard Mansfield  10 Fix Released
771614 #771614 Check permissions and remove user suspension code from admin/users/search.json.php 3 High Richard Mansfield  10 Fix Released
772160 #772160 Userlist element json script reveals user information 3 High Richard Mansfield  10 Fix Released
772179 #772179 Ajax script for friend search pagination reveals user information 3 High Richard Mansfield  10 Fix Released
772860 #772860 HTML emails not escaped 3 High Richard Mansfield  10 Fix Released
This milestone contains Public information
Everyone can see this information.