Mahara

Mahara 1.1.8

  1. Series 1.1
  2. 1.1.8

Milestone information

Project:
Mahara
Series:
1.1
Version:
1.1.8
Released:
 
Registrant:
François Marier
Release registered:
Active:
No. Drivers cannot target bugs and blueprints to this milestone.  

Download RDF metadata

Activities

Assigned to you:
No blueprints or bugs assigned to you.
Assignees:
2 Evan Goldenberg, 1 Nigel McNie, 2 Richard Mansfield
Blueprints:
No blueprints are targeted to this milestone.
Bugs:
5 Fix Released

Download files for this release

File Description Downloads

Release notes 

Mahara 1.1.8 Release Notes

This is a stable release of Mahara 1.1. Stable releases are fit for
general use. If you find a bug, please report it to the tracker:

https://bugs.launchpad.net/mahara/+filebug

This release includes an upgrade path from 1.0. If you wish to
upgrade, we encourage you to make a copy of your website and test the
upgrade on it first, to minimise the effect of any potential
unforeseen problems.

Changes from 1.1.7:

 * Security fixes to bundled copy of smarty (CVE-2008-4810, CVE-2008-4811 and CVE-2009-1669)
 * Fix for SQL injection in MNET usernames (CVE-2010-0400)
 * Fix sql error preventing blocks being moved down two or more places within the same column
 * Respect orderby search parameter in mysql search_user()
 * Solves group pagination problem with Safari and other browsers (LP: #547521)
 * Don't refuse to serve files from inside dataroot when dataroot has a symlink in it (LP: #547289)
 * Fix delete group heading (LP: #547639)

Changelog 

View the full changelog

security fix: patch two smarty vulnerabilities (bug #491129)
Security fix: use a placeholder to escape username
List files to ignore when exporting tarballs from git
Don't refuse to serve files from inside dataroot when dataroot has a symlink in it (Eduforge tracker, #3324)
Solves group pagination problem with Safari and other browsers (#3428)
Respect orderby search parameter in mysql search_user()
Fix sql error preventing blocks being moved down two or more places within the same column
Move delete group heading inside message box. Thanks to Yaju Mahida. (bug 3350)

0 blueprints and 5 bugs targeted

Bug report Importance Assignee Status
534172 #534172 get_new_username() does not escape string used in SQL call 2 Critical Evan Goldenberg  10 Fix Released
547639 #547639 Delete group header message. Screen Resolution and very large gape 3 High Richard Mansfield  10 Fix Released
547289 #547289 Downloads can be denied when dataroot specified in certain ways 4 Medium Richard Mansfield  10 Fix Released
547521 #547521 Group members pagination in Safari not working 4 Medium Nigel McNie  10 Fix Released
491129 #491129 Smarty version in Mahara 1.0 and 1.1 has security vulnerabilities 1 Undecided Evan Goldenberg  10 Fix Released
This milestone contains Public information
Everyone can see this information.