Mahara

Mahara 1.2.9

Series 1.2
1.2.9

Milestone information

Project:: Mahara

Series:: 1.2

Version:: 1.2.9

Released:: 2011-05-10

Registrant:: Richard Mansfield

Release registered:: 2011-05-10

Active:: No. Drivers cannot target bugs and blueprints to this milestone.

Download RDF metadata

Activities

Assigned to you:: No blueprints or bugs assigned to you.

Assignees:: 7 Richard Mansfield, 1 Ruslan Kabalin

Blueprints:: No blueprints are targeted to this milestone.

Bugs:: 8 Fix Released

Download files for this release

Release notes

Mahara 1.2.9 Release Notes

This is a stable release of Mahara 1.2. Stable releases are fit for
general use. If you find a bug, please report it to the tracker:

https://bugs.launchpad.net/mahara/+filebug

This release includes an upgrade path from 1.0. If you wish to
upgrade, we encourage you to make a copy of your website and test the
upgrade on it first, to minimise the effect of any potential
unforeseen problems.

Changes from 1.2.8:

* Privilege escalations (CVE-2011-1402)
* Fixes to session key validation (CVE-2011-1403)
* Information disclosure in AJAX calls (CVE-2011-1404)
* Sanitisation of HTML emails (CVE-2011-1405)
* https to http downgrade (CVE-2011-1406)

Changelog

View the full changelog

Ensure that secure connection is being used when wwwroot is set to ^https
Escape body of html emails (bug #772860)
Prevent unauthorised information disclosure
Fix pieforms sesskey validation (bug #771598)
Fix privilege escalation vulns in secret url & user suspension

0 blueprints and 8 bugs targeted

Bug report			Importance	Assignee	Status
685942	#685942	Possible https to http downgrade	3 High	Ruslan Kabalin	10 Fix Released
746182	#746182	Overriding start/stop dates not checked	3 High	Richard Mansfield	10 Fix Released
771592	#771592	Edit permission not checked in newviewtoken.json.php	3 High	Richard Mansfield	10 Fix Released
771598	#771598	Session key validation not working in pieforms	3 High	Richard Mansfield	10 Fix Released
771614	#771614	Check permissions and remove user suspension code from admin/users/search.json.php	3 High	Richard Mansfield	10 Fix Released
772160	#772160	Userlist element json script reveals user information	3 High	Richard Mansfield	10 Fix Released
772179	#772179	Ajax script for friend search pagination reveals user information	3 High	Richard Mansfield	10 Fix Released
772860	#772860	HTML emails not escaped	3 High	Richard Mansfield	10 Fix Released

Related milestones and releases

This milestone contains Public information

Everyone can see this information.