Mahara 1.6.7
Milestone information
- Active:
- No. Drivers cannot target bugs and blueprints to this milestone.
Activities
- Assigned to you:
- No blueprints or bugs assigned to you.
- Assignees:
- 3 Aaron Wells, 2 Kristina Hoeppner, 3 Robert Lyon
- Blueprints:
- No blueprints are targeted to this milestone.
- Bugs:
- 15 Fix Released
Download files for this release
Release notes
Mahara 1.6.7 Release Notes
This is a stable release of Mahara 1.6. Stable releases are fit for
general use. If you find a bug, please report it to the tracker:
https:/
This release includes an upgrade path from 1.0. If you wish to
upgrade, we encourage you to make a copy of your website and test the
upgrade on it first, to minimise the effect of any potential
unforeseen problems.
Changes from 1.6.6:
Security issues:
* Bug #1211758 Arbitrary image download
* Bug #1175446 user supplied $_SERVER[
* Bug #1233500 Not checking ownership of blocks before editing them
Other issues:
* Bug #1158625 Make profile information not avaialble for public when not shared
* Bug #1207140 The embedded iframe filter doesn't support scheme-relative URLs such as "//youtube.com" (now used in the YouTube and Vimeo embed code)
* Bug #1218091 Pager in search in a block doesn't work
* Bug #1195269 Resume "birthdate" field, if empty auto-fills to 1 Jan 1970
* Bug #1195489 After installation, make the installer "jump" to the "Continue" link at the bottom of the page
* Bug #1215190 LDAP support for non-standard port LDAP Urls
* Bug #1215702 Reduce false positives in syntax checker for unbracketed SQL tables
* Bug #1218684 Alt tag in the artefact chooser panel only says "Preview"
* Bug #1219499 Some RSS feed channel images are rendered too large in External feeds block
* Bug #1227372 Missing lang string for existing URL on allowed iframes
* Bug #1165592 "Cron is not running" not displayed in red anymous
* Bug #1213908 Undefined variable $id in group/report.php