Mahara 1.2.9
Milestone information
- Project:
- Mahara
- Series:
- 1.2
- Version:
- 1.2.9
- Released:
- Registrant:
- Richard Mansfield
- Release registered:
- Active:
- No. Drivers cannot target bugs and blueprints to this milestone.
Activities
- Assigned to you:
- No blueprints or bugs assigned to you.
- Assignees:
- 7 Richard Mansfield, 1 Ruslan Kabalin
- Blueprints:
- No blueprints are targeted to this milestone.
- Bugs:
- 8 Fix Released
Download files for this release
Release notes
Mahara 1.2.9 Release Notes
This is a stable release of Mahara 1.2. Stable releases are fit for
general use. If you find a bug, please report it to the tracker:
https:/
This release includes an upgrade path from 1.0. If you wish to
upgrade, we encourage you to make a copy of your website and test the
upgrade on it first, to minimise the effect of any potential
unforeseen problems.
Changes from 1.2.8:
* Privilege escalations (CVE-2011-1402)
* Fixes to session key validation (CVE-2011-1403)
* Information disclosure in AJAX calls (CVE-2011-1404)
* Sanitisation of HTML emails (CVE-2011-1405)
* https to http downgrade (CVE-2011-1406)
Changelog
View the full changelog
0 blueprints and 8 bugs targeted
Bug report | Importance | Assignee | Status | |||
---|---|---|---|---|---|---|
685942 | #685942 | Possible https to http downgrade | 3 High | Ruslan Kabalin | 10 Fix Released | |
746182 | #746182 | Overriding start/stop dates not checked | 3 High | Richard Mansfield | 10 Fix Released | |
771592 | #771592 | Edit permission not checked in newviewtoken.json.php | 3 High | Richard Mansfield | 10 Fix Released | |
771598 | #771598 | Session key validation not working in pieforms | 3 High | Richard Mansfield | 10 Fix Released | |
771614 | #771614 | Check permissions and remove user suspension code from admin/users/search.json.php | 3 High | Richard Mansfield | 10 Fix Released | |
772160 | #772160 | Userlist element json script reveals user information | 3 High | Richard Mansfield | 10 Fix Released | |
772179 | #772179 | Ajax script for friend search pagination reveals user information | 3 High | Richard Mansfield | 10 Fix Released | |
772860 | #772860 | HTML emails not escaped | 3 High | Richard Mansfield | 10 Fix Released |