Mahara 1.4.5
Milestone information
- Active:
- No. Drivers cannot target bugs and blueprints to this milestone.
Activities
- Assigned to you:
- No blueprints or bugs assigned to you.
- Assignees:
- 5 Hugh Davenport
- Blueprints:
- No blueprints are targeted to this milestone.
- Bugs:
- 5 Fix Released
Download files for this release
Release notes
Mahara 1.4.5 Release Notes
This is a stable release of Mahara 1.4. Stable releases are fit for
general use. If you find a bug, please report it to the tracker:
https:/
This release includes an upgrade path from 1.0. If you wish to
upgrade, we encourage you to make a copy of your website and test the
upgrade on it first, to minimise the effect of any potential
unforeseen problems.
Changes from 1.4.4:
* Escape pieform errors displayed to users (Bug #1055232)
* Escape user uploaded SVG files (Bug #1061980)
* Fix Click-Jacking attack on account deletion page (Bug #1057240)
* Fix up old file permissions to remove executable (Bug #1057238)
* Escape user uploaded XHTML files (Bug #1055232)
* Fix saved file permissions (Bug #1057238)
* Remove clamav from site admin options (Bug #1057238)
Changelog
0 blueprints and 5 bugs targeted
| Bug report | Importance | Assignee | Status | |||
|---|---|---|---|---|---|---|
| 1055232 | #1055232 | XSS using user uploaded XHTML files | 2 Critical | Hugh Davenport | 10 Fix Released | |
| 1057238 | #1057238 | Arbitrary Code Execution via pathtoclam config setting | 2 Critical | Hugh Davenport | 10 Fix Released | |
| 1061980 | #1061980 | XSS using user uploaded SVG files | 2 Critical | Hugh Davenport | 10 Fix Released | |
| 1057240 | #1057240 | Click-Jacking attack on user account self-deletion page | 3 High | Hugh Davenport | 10 Fix Released | |
| 1063480 | #1063480 | Reflected XSS in user/group bulk CSV upload | 3 High | Hugh Davenport | 10 Fix Released | |
