Mahara 1.5.4

Milestone information

Project:
Mahara
Series:
1.5
Version:
1.5.4
Released:
2012-10-10  
Registrant:
Melissa Draper
Release registered:
2012-10-10
Active:
No. Drivers cannot target bugs and blueprints to this milestone.  

Download RDF metadata

Activities

Assigned to you:
No blueprints or bugs assigned to you.
Assignees:
5 Hugh Davenport
Blueprints:
No blueprints are targeted to this milestone.
Bugs:
5 Fix Released

Download files for this release

After you've downloaded a file, you can verify its authenticity using its MD5 sum or signature. (How do I verify a download?)

File Description Downloads
download icon mahara-1.5.4.zip (md5, sig) release tarball 375
last downloaded 16 weeks ago
download icon mahara-1.5.4.tar.bz2 (md5, sig) release tarball 42
last downloaded 11 weeks ago
download icon mahara-1.5.4.tar.gz (md5, sig) release tarball 92
last downloaded 181 weeks ago
Total downloads: 509

Release notes 

Mahara 1.5.4 Release Notes

This is a stable release of Mahara 1.5. Stable releases are fit for
general use. If you find a bug, please report it to the tracker:

https://bugs.launchpad.net/mahara/+filebug

This release includes an upgrade path from 1.0. If you wish to
upgrade, we encourage you to make a copy of your website and test the
upgrade on it first, to minimise the effect of any potential
unforeseen problems.

Changes from 1.5.3:

 * Escape pieform errors displayed to users
 * Escape user uploaded SVG files
 * Fix Click-Jacking attack on account deletion page
 * Fix up old file permissions to remove executable
 * Escape user uploaded XHTML files
 * Fix saved file permissions
 * Remove clamav from site admin options

Changelog 

View the full changelog

Escape pieform errors displayed to users (Bug #1055232)
Escape user uploaded SVG files (Bug #1061980)
Fix Click-Jacking attack on account deletion page (Bug #1057240)
Fix up old file permissions to remove executable (Bug #1057238)
Escape user uploaded XHTML files (Bug #1055232)
Fix saved file permissions (Bug #1057238)
Remove clamav from site admin options (Bug #1057238)

0 blueprints and 5 bugs targeted

Bug report Importance Assignee Status
1055232 #1055232 XSS using user uploaded XHTML files 2 Critical Hugh Davenport  10 Fix Released
1057238 #1057238 Arbitrary Code Execution via pathtoclam config setting 2 Critical Hugh Davenport  10 Fix Released
1061980 #1061980 XSS using user uploaded SVG files 2 Critical Hugh Davenport  10 Fix Released
1057240 #1057240 Click-Jacking attack on user account self-deletion page 3 High Hugh Davenport  10 Fix Released
1063480 #1063480 Reflected XSS in user/group bulk CSV upload 3 High Hugh Davenport  10 Fix Released
This milestone contains Public information
Everyone can see this information.