Mahara

Mahara 1.6.7

  1. Series 1.6
  2. 1.6.7

Milestone information

Project:
Mahara
Series:
1.6
Version:
1.6.7
Released:
 
Registrant:
Son Nguyen
Release registered:
Active:
No. Drivers cannot target bugs and blueprints to this milestone.  

Download RDF metadata

Activities

Assigned to you:
No blueprints or bugs assigned to you.
Assignees:
3 Aaron Wells, 2 Kristina Hoeppner, 3 Robert Lyon
Blueprints:
No blueprints are targeted to this milestone.
Bugs:
15 Fix Released

Download files for this release

File Description Downloads

Release notes 

Mahara 1.6.7 Release Notes

This is a stable release of Mahara 1.6. Stable releases are fit for
general use. If you find a bug, please report it to the tracker:

https://bugs.launchpad.net/mahara/+filebug

This release includes an upgrade path from 1.0. If you wish to
upgrade, we encourage you to make a copy of your website and test the
upgrade on it first, to minimise the effect of any potential
unforeseen problems.

Changes from 1.6.6:

Security issues:
 * Bug #1211758 Arbitrary image download
 * Bug #1175446 user supplied $_SERVER['HTTP_HOST'] can be used for injections
 * Bug #1233500 Not checking ownership of blocks before editing them

Other issues:
 * Bug #1158625 Make profile information not avaialble for public when not shared
 * Bug #1207140 The embedded iframe filter doesn't support scheme-relative URLs such as "//youtube.com" (now used in the YouTube and Vimeo embed code)
 * Bug #1218091 Pager in search in a block doesn't work
 * Bug #1195269 Resume "birthdate" field, if empty auto-fills to 1 Jan 1970
 * Bug #1195489 After installation, make the installer "jump" to the "Continue" link at the bottom of the page
 * Bug #1215190 LDAP support for non-standard port LDAP Urls
 * Bug #1215702 Reduce false positives in syntax checker for unbracketed SQL tables
 * Bug #1218684 Alt tag in the artefact chooser panel only says "Preview"
 * Bug #1219499 Some RSS feed channel images are rendered too large in External feeds block
 * Bug #1227372 Missing lang string for existing URL on allowed iframes
 * Bug #1165592 "Cron is not running" not displayed in red anymous
 * Bug #1213908 Undefined variable $id in group/report.php

Changelog 

View the full changelog

For private profiles, hide all profile information from logged-out users
Bug 1211758 - Make sure user has permission to publish artefacts
Check if the block instance belongs to the view Bug#1233500
Add alt and title tag for blocks (Bug #1218684)
Add missing lang string for warning (Bug #1227372)
Fix permissions of group area (Bug #1034180)
Validate $_SERVER['HTTP_HOST'] before using it
Stop empty resume birthdate from auto-filling to Jan 1, 1970
LDAP support for LDAP URLs with non-standard ports
Missing lang string for group page with clean URL (Bug 1222368)
Rss images rendering too large in external feed block (Bug #1219499)
Fix for pagination when in edit blockinstance doing search (bug 1218091)
Fix display of the name of the sharing group on the Group Participation report
Reduce false positives in syntax checket for unbracketed SQL tables.
Correct Mahara 1.6 version number
New fix for the YouTube issue (bug #1207140)
Bug#1165592: Added span.error style to default theme style.css to make error text red.
admin/upgrade.php: Make installer jump to the bottom of the page when install is done

0 blueprints and 15 bugs targeted

Bug report Importance Assignee Status
1158625 #1158625 Make profile information not avaialble for public when not shared 3 High Aaron Wells  10 Fix Released
1207140 #1207140 The embedded iframe filter doesn't support scheme-relative URLs such as "//youtube.com" (now used in the YouTube and Vimeo embed code) 3 High Robert Lyon  10 Fix Released
1211758 #1211758 Arbitrary image download 3 High   10 Fix Released
1218091 #1218091 Pager in search in a block doesn't work 3 High Robert Lyon  10 Fix Released
1195269 #1195269 Resume "birthdate" field, if empty auto-fills to 1 Jan 1970 4 Medium Aaron Wells  10 Fix Released
1195489 #1195489 After installation, make the installer "jump" to the "Continue" link at the bottom of the page 4 Medium   10 Fix Released
1215190 #1215190 LDAP support for non-standard port LDAP Urls 4 Medium   10 Fix Released
1215702 #1215702 Reduce false positives in syntax checker for unbracketed SQL tables 4 Medium   10 Fix Released
1218684 #1218684 Alt tag in the artefact chooser panel only says "Preview" 4 Medium Kristina Hoeppner  10 Fix Released
1219499 #1219499 Some RSS feed channel images are rendered too large in External feeds block 4 Medium Robert Lyon  10 Fix Released
1227372 #1227372 Missing lang string for existing URL on allowed iframes 4 Medium Kristina Hoeppner  10 Fix Released
1165592 #1165592 "Cron is not running" not displayed in red anymore 5 Low   10 Fix Released
1175446 #1175446 user supplied $_SERVER['HTTP_HOST'] can be used for injections 5 Low Aaron Wells  10 Fix Released
1213908 #1213908 Undefined variable $id in group/report.php 5 Low   10 Fix Released
1233500 #1233500 Not checking ownership of blocks before editing them 1 Undecided   10 Fix Released
This milestone contains Public information
Everyone can see this information.