Mahara 1.2.5
Milestone information
- Project:
- Mahara
- Series:
- 1.2
- Version:
- 1.2.5
- Released:
- Registrant:
- François Marier
- Release registered:
- Active:
- No. Drivers cannot target bugs and blueprints to this milestone.
Activities
- Assigned to you:
- No blueprints or bugs assigned to you.
- Assignees:
- 1 Dan Marsden, 1 François Marier, 1 PiersHarding, 3 Richard Mansfield
- Blueprints:
- No blueprints are targeted to this milestone.
- Bugs:
- 6 Fix Released
Download files for this release
Release notes
Mahara 1.2.5 Release Notes
This is a major security release of Mahara 1.2. Stable releases are fit
for general use. If you find a bug, please report it to the tracker:
https:/
This release includes an upgrade path from 1.0. If you wish to
upgrade, we encourage you to make a copy of your website and test the
upgrade on it first, to minimise the effect of any potential
unforeseen problems.
Changes from 1.2.4:
* Multiple XSS vulnerabilities (CVE-2010-1667)
* Multiple CSRF vulnerabilities (CVE-2010-1668)
* SQL Injection (CVE-2010-1669)
* Removal of dangerous auth plugin configuration options (CVE-2010-1670)
* New version of HTML Purifier fixing an IE-only XSS (CVE-2010-2479)
* Better handling of cron events to avoid sending duplicate emails
* Fix problems when mime_content_type() is missing
* Improved detection of https on Windows
* Set the correct envolope sender for emails sent on cron
* Set the locale in Mahara instead of in language packs
Changelog
0 blueprints and 6 bugs targeted
Bug report | Importance | Assignee | Status | |||
---|---|---|---|---|---|---|
571505 | #571505 | XSS in HTML purifier 3.0.0 and 4.0.0 | 2 Critical | François Marier | 10 Fix Released | |
556972 | #556972 | 1.2.2->1.2.4 upgrade fails with "Failed to upgrade!" error on core in upgrade.php | 3 High | Richard Mansfield | 10 Fix Released | |
594891 | #594891 | Adding internal authinstance as parent of xmlrpc allows login to existing accounts without a password | 4 Medium | Richard Mansfield | 10 Fix Released | |
537492 | #537492 | Group View Creation Error | 1 Undecided | Richard Mansfield | 10 Fix Released | |
579762 | #579762 | site disabled for upgrade message fails to appear | 1 Undecided | PiersHarding | 10 Fix Released | |
587823 | #587823 | incorrect https check | 1 Undecided | Dan Marsden | 10 Fix Released |