Mahara 1.7.8

Final release for the Mahara 1.7 series.

Milestone information

Project:
Mahara
Series:
1.7
Version:
1.7.8
Released:
2014-10-21  
Registrant:
Aaron Wells
Release registered:
2014-10-21
Active:
No. Drivers cannot target bugs and blueprints to this milestone.  

Download RDF metadata

Activities

Assigned to you:
No blueprints or bugs assigned to you.
Assignees:
3 Robert Lyon
Blueprints:
No blueprints are targeted to this milestone.
Bugs:
6 Fix Released

Download files for this release

After you've downloaded a file, you can verify its authenticity using its MD5 sum or signature. (How do I verify a download?)

File Description Downloads
download icon mahara-1.7.8.zip (md5, sig) release tarball 86
last downloaded 3 weeks ago
download icon mahara-1.7.8.tar.gz (md5, sig) release tarball 54
last downloaded 3 weeks ago
download icon mahara-1.7.8.tar.bz2 (md5, sig) release tarball 20
last downloaded 3 weeks ago
Total downloads: 160

Release notes 

Mahara 1.7.8 Release Notes

This is a stable release of Mahara 1.7. Stable releases are fit for
general use. If you find a bug, please report it to the tracker:

https://bugs.launchpad.net/mahara/+filebug

This release includes an upgrade path from 1.1.0. If you wish to
upgrade, we encourage you to make a copy of your website and test the
upgrade on it first, to minimise the effect of any potential
unforeseen problems.

Changes from 1.7.7:

 * Bug 1367939: Error on registration if confirmed registration is turned on and copy collection in play
 * Bug 1380434: An error appears when importing an extracted portfolio
 * Bug 1318995: File import of zipped PDF does not detect filetype correctly
 * Bug 1353759: Google maps embed not working in Google Apps block
 * Bug 1381868: XSS with institution full name on user profile page
 * Bug 1337547: Static function 'X' should not be abstract

Changelog 

View the full changelog

1.7.8 (2014-10-22)
- Bug 1367939: Error on registration if confirmed registration is turned on and copy collection in play
- Bug 1380434: An error appears when importing an extracted portfolio
- Bug 1318995: File import of zipped PDF does not detect filetype correctly
- Bug 1353759: Google maps embed not working in Google Apps block
- Bug 1381868: XSS with institution full name on user profile page
- Bug 1337547: Static function 'X' should not be abstract

1.7.7 (2014-08-01)
-

1.7.6 (2014-05-13)
- Bug 1302251: MS Office files being seen as zip archives
- Bug 1306365: When copying a page the originator's profile picture carries over
- Bug 1308857: The menu of the default theme doesn't close on the iPad
- Bug 1310761: Warning messages in error log when making a group public
- Bug 1318430: Increasing PHP max_execution_time during installation

1.7.5 (2014-04-03)
- Bug #1058416: Copying page in a collection only gives "untitled" title for clean URLs
- Bug #1081947: Use of CAST() causes extreme slowdown in large MySQL sites
- Bug #1249858: Mahara can't figure out mime types because of a finfo() bug
- Bug #1266976: Update to HTMLPurifier 4.6.0
- Bug #1284876: Suspended users can log in via password reset email
- Bug #1284878: external feed rss not updating
- Bug #1287350: New Google Drive URL
- Bug #974855: "Generate sitemap" option has empty help file
- Bug #1053708: A full list of Pages don't show up
- Bug #1070046: select query uses more than MAX_JOIN_SIZE on mysql
- Bug #1099811: group files error after upgrade
- Bug #1239928: Prezi doesn't load
- Bug #1255361: Error adding files to Institution pages
- Bug #1259377: Explanation when there are no tasks in a plan is unclear
- Bug #996337: Forum post delay setting only sticks after you clicked "Save"
- Bug #1075760: reporting objectional material with no message doesn't get sent to admin with digest emails
- Bug #1195120: Delete superflous fullstop on /admin/groups/uploadcsv.php
- Bug #1203082: Change password warning contains escaped html
- Bug #1246024: error message disappears too fast
- Bug #1253462: Undefined property: stdClass::$urlid after doing feedback

1.7.4 (2013-10-29)
-

1.7.3 (2013-10-03)
- Bug #1211758 Security bug: Arbitrary image download
- Bug #1175446 Security bug: user supplied $_SERVER['HTTP_HOST'] can be used for injections
- Bug #1233500 Security bug: Not checking ownership of blocks before editing them
- Bug #1158625 Make profile information not avaialble for public when not shared
- Bug #1207140 The embedded iframe filter doesn't support scheme-relative URLs such as "//youtube.com" (now used in the YouTube and Vi$
- Bug #1218091 Pager in search in a block doesn't work
- Bug #1195489 After installation, make the installer "jump" to the "Continue" link at the bottom of the page
- Bug #1214647 When an auth instance is deleted, disable it as a parent authority
- Bug #1215190 LDAP support for non-standard port LDAP Urls
- Bug #1215702 Reduce false positives in syntax checker for unbracketed SQL tables
- Bug #1218684 Alt tag in the artefact chooser panel only says "Preview"
- Bug #1219499 Some RSS feed channel images are rendered too large in External feeds block
- Bug #1222368 Missing lang string for group page with clean URL
- Bug #1227372 Missing lang string for existing URL on allowed iframes
- Bug #1095208 uploading a file - "Loading" message remains
- Bug #1165592 "Cron is not running" not displayed in red anymous
- Bug #1188001 Page view throws headdata warning, if group submissions enabled
- Bug #1213908 Undefined variable $id in group/report.php
- Bug #1072972 Internal search ignores 'KATAKANA-HIRAGANA PROLONGED SOUND MARK'

1.7.2 (2013-07-25)
- Bug #1177187: program code error when create new rss feed in mahara 1.7.1
- Bug #1130990: creating a journal with licence requirements on causes errors
- Bug #1132660: "invite user to group" form on user profile page throws headdata error
- Bug #1166879: Multiple blogs parameter uncheck when profile is updated
- Bug #1171310: Can bypass comment moderation by editing a comment
- Bug #1180194: Changing the auth method requires info about remoteuser getting lost
- Bug #1180243: Installation hangs with "Mahara requires InnoDB tables" on mysql 5.6
- Bug #1190186: Masquerading sessions report fails if database tables have prefix
- Bug #1191453: Don't show password in cleartext
- Bug #1171365: Resume: Let user set gender to "unspecified"
- Bug #1179299: "Other (enter URL" not translatable for license
- Bug #1180263: Help not shown in edit note/text box form
- Bug #1185661: HTML export doesn't list Pages on the index page
- Bug #1195269: Resume "birthdate" field, if empty auto-fills to 1 Jan 1970
- Bug #1150831: Trailing slash missing in directory URL

1.7.1 (2013-05-02)
- Bug #1171714: Bug that can cause RSS feeds to be randomly copied between users
- Bug #1016253: Don't include RSS block passwords in Leap2A archives
- Bug #1016253: Fix terminal error when there's a mistake in an authenticated RSS feed
- Bug #1016253: Don't send RSS block passwords to the browser in plain text
- Bug #1172096: If the URL of an RSS feed block is changed, force password re-entry
- Bug #1088609: Fix moderation of anonymous comments
- Bug #1170587: Potential artefacts installation issue
- Bug #1171641: Correct license code's support for $cfg->dbprefix
- Bug #1168617: Add missing tooltip text to group admin page
- Bug #1165587: Updating YouTube favicon for externalmedia block
- Bug #788882: Fix decompression of ZIP files containing subdirectories
- Bug #1173440: Address bug in group edit form when cleanurls toggled on & off
- Bug #1051792: Fix a warning when uploading users via CSV
- Bug #1101984: Make filebrowser error messages have a red background
- Bug #1174540: Fix warnings when licenses are disabled
- Bug #1039865: Remove explicit CAST to improve MySQL performance during upgrade
-

1.7.1 (2013-05-02)
- Bug #1171714: Bug that can cause RSS feeds to be randomly copied between users
- Bug #1016253: Don't include RSS block passwords in Leap2A archives
- Bug #1016253: Fix terminal error when there's a mistake in an authenticated RSS feed
- Bug #1016253: Don't send RSS block passwords to the browser in plain text
- Bug #1172096: If the URL of an RSS feed block is changed, force password re-entry
- Bug #1088609: Fix moderation of anonymous comments
- Bug #1170587: Potential artefacts installation issue
- Bug #1171641: Correct license code's support for $cfg->dbprefix
- Bug #1168617: Add missing tooltip text to group admin page
- Bug #1165587: Updating YouTube favicon for externalmedia block
- Bug #788882: Fix decompression of ZIP files containing subdirectories
- Bug #1173440: Address bug in group edit form when cleanurls toggled on & off
- Bug #1051792: Fix a warning when uploading users via CSV
- Bug #1101984: Make filebrowser error messages have a red background
- Bug #1174540: Fix warnings when licenses are disabled
-

1.7.0 (2013-04-19)
- Bug 1100187: First option under "manage institutions", institution is not capitalised
- Bug 1100024: Relocate "Shared pages" menu item
- Bug 1095499: License metadata for every artefact
- Bug 1085566: Add logged in filter to admin search
- Bug 1081194: Add 'groups I can join' to groups search condition and make it default
- Bug 1051868: Add support for "retractable" blocks
- Bug 1040337: Upgraded TinyMCE to 3.5.8
- Bug 1033070: Increase limit on group members block
- Bug 1027574: Improve logging of what admins do while masqueraded
- Bug 939299: Display more collections on the overview page
- Bug 1100030: Take out word-break in the CSS
- Bug 1057259: Add year to forum post dates
- Bug 1051497: Correct word spacing between posts and entries on journal page
- Bug 1050655: forum post notification subject should be the post subject not the topic subject
- Bug 1021653: Ensure length of input fields is sufficient for required data
- Bug 1006706: Missing lang strings in view/urls.php
- Bug 952625: Pending registrations have an unreasonable expiry time
- Bug 920263: Make "Institution expiry date" column not be in italics
- Bug 913320: Separate "Suspend / delete user" on /admin/users/edit.php
- Bug 1100104: Account deleted notice to include contact information
- Bug 1100066: dwoo function str doesn't take extra arguments that are "0"
- Bug 1073136: Fix ordering of forums when there are more than 10 forums
- Bug 1072850: Facebook doesn't pick up Mahara's Facebook logo
- Bug 1069811: Quota exceeded message for groups
- Bug 1069664: "Text on background" does not change for top right-hand corner in configurable theme
- Bug 1068962: "Delete users" button should be red on /admin/users/suspended.php
- Bug 1051529: Activating spellchecker brings up warning
- Bug 1046617: hard-coded plural logic on /group/find.php
- Bug 1023834: Refactor login form elements code duplication
- Bug 1154928: Warning when adding a new user or add users via CSV
- Bug 1145178: Warning after installing other language packs
- Bug 1095834: Wrong result when searching for the special string: '0'
- Bug 1089730: Plain editor not available in Resume area instead of WYSIWYG editor
- Bug 1081309: export fails if files missing from dataroot
- Bug 1079451: split function is deprecated but still used
- Bug 1074974: WMV files are not recognized by Internal Media block when uploaded directly in the block
- Bug 1072967: Add user-unique message IDs to forum emails
- Bug 1069274: "Allow copying" is not shown on the institution and site access list
- Bug 1068952: Update of user information brings warnings
- Bug 1056544: The number of topics on /interaction/forum/view.php doesn't count the sticky topics
- Bug 1111066: define('CLI') should bypass auth_setup() in init.php
- Bug 1091506: Allowed iframe sources page doesn't allow sideblocks
- Bug 1091504: Suspended and expired users page is not displayed as selected in menu
- Bug 1031560: json_headers change to use application/json
- Bug 1046647: Warnings when access "Group files" tab
- Bug 1046641: "Group files" tab does not show up until the user re-login.
- Bug 900983: Notification after user has been masqueraded

1.6.4 (2013-04-15)
- Bug #1153423 Stored XSS in TinyMCE editor
- Bug #1141446 Google presentation embed code doesn't work

1.6.3 (2013-02-15)
- Bug #1082416 XMLRPC with Firefox 17.0 not possible
- Bug #1091764 Cross site Scripting(XSS) Vulnerability in notes page
- Bug #1103748 included flowplayer 3.2.7 is vulnerable
- Bug #1113180 Delete Wall Post Throws 404 Error
- Bug #1115832 collection navigation links break after "show more" with cleanurls
- Bug #1089282 Pagination links are broken due to encoding of encoded ampersands
- Bug #1090203 Double encoding of & in 'url' for pagination causes pagination links to be broken
- Bug #1085569 Link to user profile takes on comment ID
- Bug #1097788 forum next page link
-

1.6.2 (2012-11-23)
- Bug #1079498: Fix XSS in pagination URL
- Fix the rss image exceptions preventing updating (Bug #1081431)
- Check originals directory before iterator in upgrade (Bug #1080498)
- Fix mnet jump-back link regression (Bug #1079260)
- Escape table names in profile image query (Bug #1077013)
-

1.6.1 (2012-10-24)
- Fix regression with mobile upload token (Bug #1057878)
-

1.6.0 (2012-10-19)
- A new "responsive theme", designed to work fluidly on many screen sizes; especially mobile devices
- Members of multiple institutions can decide which theme to use
- Basic support for theming logged-out users
- Option for images to be resized at upload time
- Ability to add journal entries directly from a page
- Tagged journal entries block can show full entries
- Collections can be submitted to groups
- Mobile uploads support multiple devices
- Mobile API support for journal entries and attaching files to journal entries
- Mobile API support for syncing messages, tags, files, and journals
- Breadcrumbs in small headers are visible at all times
- New "Unpublish" button for journal entries
- Optional "Clean URLs" for user profiles, portfolio page, groups and group pages with support for subdomains
- More sorting options on member's listing in a group
- Collections are available for groups, institutions and on the site level
- Group information expanded to include number of forums, topics and posts
- Group admins can enable and view participation reports within groups
- Editability of group content can be limited with a start and end time
- Pagination for forum topics
- Statistics for institutions and more statistics at the site level
- Cron error message appears red for visibility
- Option to add institution staff rights during registration approval
- Configurable SafeIframe site list
- Option to allow self registration process for users authenticating via Persona
- Cron can poll an imap inbox for mail bounces
- Option to allow local customisation of "Edit site pages" list
- "User search" in the admin area links to profile pages
-

1.6rc1 (2012-09-17)
-
- First Release Candidate for 1.6.0

1.5.2 (2012-07-31)
- Logged-in user's name unescaped in top right header
- BrowserID changed login URL
- Textbox upgrade inserts too many rows per query in MySQL
- sprintf function problems with pluralrule
- "Copy page" button on group homepage to always copy page into personal portfolio

1.5.1 (2012-05-04)
- Use MySQL database collation for string literals (bug #985608)
- Make download.php publicly accessible (bug #979538)

1.5.0 (2012-04-17)
- A new theme for younger students called "Primary School"
- Optional drop-down menus for the site navigation
- Support for institution logos to replace the site header logo
- New institution theme with configurable colours
- Reusable text boxes, a.k.a. "Notes"
- Block to display journal entries with a particular tag
- Block to display a user's watchlist
- Improvements to online users sideblock (e.g. limit on number of users to display)
- Image gallery displays external galleries (flickr, Panoramio, Photobucket, Picasa, Windows Live)
- Support for embedding content from Glogster, Prezi, Slideshare, Vimeo, Voki and WikiEducator
- Add an option to include feedback in HTML export
- Implementation of the SafeIFrame feature of HTML Purifier to facilitate the use of specified iFrames
- Copying of collections
- Pages and collections can be shared with institutions
- Allow original author of a copyable page to retain permission to see copies of the page
- More search options on "Shared pages"
- Added and updated many help texts and descriptions
- Improvements to search usability
- WYSIWYG fullscreen option
- Profile pictures are available in the files area
- Multiple file uploads
- Institution landing page listing institution admins and staff
- Users can suggest and invite others to groups
- Group admins can hide members
- Group and group member CSV uploads
- Group file quotas
- Admins can suspend, delete, and change the authentication method for multiple users in one action
- Admin report on user pages access lists
- Support for custom links in the footer menu
- User file quotas are configurable by institution and visible on the user accounts page
- Set general account preferences when adding users for internal authentication
- Allow institutions more control over access to user profiles
- Allow site admin to specify a default notification method for new users
- MNet key regeneration button and functions to export dashboard info to Moodle
- User CSV upload can make updates to existing users
- Sitemap generation
- CLI install and upgrade abilities for unattended installations
- BrowserID authentication method
- More user-friendly password policy with password salts, bcrypt storage and brute force prevention
- Student ID and display name can be set from LDAP
- Confirmation of new user registrations via self-registration method prior to account creation

1.4.2 (2012-03-06)
- Fix PHP Fatal Error in user/view.php (Bug #885588)
- Fixes to Selenium tests
- Blog block pagination bug prevents images from being displayed (Bug #886581)
- Fixed youtube filter Bug #884438
- Ensure that default SAML behaviour is to match user to remote user name (Bug #932909)
- Update the registration URL to support SSL (Bug #943772)

1.4.1 (2011-11-01)
- XSS in unvalidated URI attributes (CVE-2011-2771)
- Information disclosure exposing private messages (CVE-2011-2774)
- DoS via invalid or excessively large images (CVE-2011-2773)
- CSRF to trick admins into adding a user to an institution (CVE-2011-2773)
- Fix broken links on export page
- Fix problems with blog, plan and comment pagination, and comment deletion
- Fix embedding issues with google docs and multimedia content
- Fix issues preventing tinymce and pieforms javascript loading for text areas
- Fix fatal errors for collections and image galleries
- Fix issues with settings for search plugin and mail preferences
- Ensure that bulk imported users are forced to change passwords

1.4.0 (2011-06-14)
- new Google Apps and Image Gallery blocks
- star ratings with comments
- easier page for sharing content with others
- ability to add comments on file artefacts
- support for SSL-based SMTP and LDAP servers
- administration interace for mail server configuration
- remote avatar (Gravatar) support for HTTPS sites
- "views" are now "pages" and "blogs" are now "journals"
- lots of small changes to make the interface more consistent
- pages can now display more than one embedded video at a time
- added a fullscreen button to the internal video player
- added spellchecker and undo button to the WYSIWYG editor
- spam checks now also performed on forum posts
- support for new Youtube Iframe embed code
- optional site-wide maximum quota
- working start/stop overrides on pages
- removal of the obsolete and broken Solr search plugin
- removal of the httpswwwroot setting
- removal of the .htaccess file

1.3.6 (2011-05-10)
- Privilege escalations (CVE-2011-1402)
- Fixes to session key validation (CVE-2011-1403)
- Information disclosure in AJAX calls (CVE-2011-1404)
- Sanitisation of HTML emails (CVE-2011-1405)
- https to http downgrade (CVE-2011-1406)

1.3.5 (2011-03-29)
- Upgrade to HTML Purifier 4.3.0 (includes security fixes)

1.3.4 (2011-03-24)
- Blogs get deleted without sesskey check (CVE 2011-0440)
- XSS in select box validation (CVE 2011-0439)
- Leap2A fixes
- Fix for out of memory errors

1.3.3 (2010-11-07)
- Fix for XSS vulnerability (CVE-2010-3871)
- Fixes to category namespaces and encoding in Leap2a import/export
- Updates to selenium tests
- Fixes to permissions in secret URL views and feedback attachments
- Fixes in view creation wizard, embedded media block, js calendar

1.3.2 (2010-10-08)
- Bug fixes to group homepage, blogs, LDAP authentication, view themes, and embedded video.

1.3.1 (2010-09-17)
- Bug fixes in upgrade from 1.2.x
- Browse user files while in group views
- Reporting of max file size errors on upload
- Fix missing logged out language selector
- Minor fixes in UI workflow, themes & default language pack

1.3.0 (2010-09-10)
- User-configurable home page (Dashboard View)
- Simpler main navigation
- Basic Mahara information & help on home page
- View/artefact feedback enhancements:
- Collections (sets of Views that are linked to one another)
- Plans (task lists)
- Users can change the theme for individual views
- Support for Gravatar profile icons
- Configurable number of items in external feed, blog blocks
- New block types: notifications, recently modified views, recent forum posts
- More user-friendly notifications & help text
- Show entire thread when replying to personal messages
- External objects that have <embed> or <object> tags can be embedded into blog posts, text boxes or uploaded within an HTML file
- Locking of blogposts and files in submitted views
- Atom feeds for public blogs and forums
- new flash-based video player with support for .mp4 files (H.264)
- Moodle Repository plugin support (allows a user's Mahara files to be accessed from their Moodle account)
- Portfolio API to allow import of artefacts from Moodle over MNET.
- Configurable group home page (Group Homepage View)
- Improved ways to add/invite users to invite only and "course membership" groups:
- View submission from group page and from the view itself
- Group categories for use in group searches
- Admin group management page for group deletion/assignment of group admins
- Groups can disable new view access notifictions
- View access to group only notified when the view owner also belongs to the group
- Bulk user import & export (experimental)
- CAPTCHAs replaced with new anti-spam features to make form-filling difficult for bots & check urls in content against known spam blacklists
- Site statistics & graphs in admin area
- Admin page shows link to latest Mahara release & status of cron
- Admin site options grouped into sections
- Record number of page hits on views & display these to the owner
- Facility to disable email addresses after receiving multiple bounces.
- Footer links can be disabled/enabled
- Online users can be disabled
- Indenting of threads can be disabled per-forum
- Active user sessions revoked on suspension
- Full security review of all db queries & templates; automatic template escaping enabled
- New version of HTMLPurifier allows safe <embed> and <object> tags in user html content
- Search options to make users always searchable by their real names & usernames
- Leap2a support updated to version 2010-07

1.2.6 (2010-09-01)
- Better mimetype detection
- New flash-based video player
- Bug fixes including upgrade from 1.0.x, blogpost image button
-

1.2.5 (2010-07-02)
- Multiple XSS vulnerabilities (CVE-2010-1667)
- Multiple CSRF vulnerabilities (CVE-2010-1668)
- SQL Injection (CVE-2010-1669)
- Removal of dangerous auth plugin configuration options (CVE-2010-1670)
- New version of HTML Purifier fixing an IE-only XSS (CVE-2010-2479)
- Better handling of cron events to avoid sending duplicate emails
- Fix problems when mime_content_type() is missing
- Improved detection of https on Windows
- Set the correct envolope sender for emails sent on cron
- Set the locale in Mahara instead of in language packs

1.2.4 (2010-04-06)
- Bug fixes

1.2.3 (2010-02-08)
- New authentication plugin: SAML
- Various Internet Explorer Fixes
- Blog post deletion fixes

1.2.2 (2009-12-08)
- Fix for broken upgrade in 1.2.1

1.2.1 (2009-12-08)
- Bug fixes

1.2.0 (2009-11-16)
- Mahara now ships with six themes: Aqua, Default, Fresh, Raw, Sunset, Ultima
- Site admins can now disable artefact and blocktype plugins
- Files section rewritten: works without javascript, uploading is easier
- Can extract .zip, .tar.gz and .tar.bz2 files in the files area
- Full Import/Export system with LEAP2A suport, and static HTML export
- Support for submitting views to MNET Peers for assessment (e.g. Moodle)
- View interface sped up, files can be uploaded on the View screen
- UTF8 database now required for new installs (old installs will continue to work)
- Allow more group type/join type combinations, and more control over group creation
- Simplifications to the blog (all users get one blog to start with)
- Added a new blocktype for specifying a license for a View
- RTL language pack support
- Upgraded tinyMCE to version 3.2.5
- Replaced Smarty with Dwoo

1.1.7 (2009-10-29)
- Upgraded HTMLPurifier to 4.0.0
- Fix creation of duplicate user accounts when using LDAP and XMLRPC authentication
- HTTPS logins supported
- Improvements to MNET: windows profile icon importing & links in emails
- Implemented "update user info on login" flag for LDAP
- CVE-2009-3298: Privelege escalation vulnerability
- CVE-2009-3299: Cross site scripting in resume
- Several bug fixes and minor translation updates across Mahara

1.1.6 (2009-08-04)
- Forum e-mail notifications now have a cleaner format, and allow users to unsubscribe immediately.
- Enforce UTF8 database upon installation.
- Upgraded bundled XML feed reader to 1.0.3, multiple bug fixes to RSS handling.
- Wall posts now have a configurable character limit.
- Fixed a very slow query affecting My Groups and user profile pages.
- Many bug fixes across all areas of Mahara.

1.1.5 (2009-06-22)
- Czech strings for Pieforms library
- Bug fixes for embedded media block, multibyte character string handling,
- public forums, email notifications
- Security fixes: multiple xss bugs and information disclosure bug for user files.

1.1.4 (2009-06-11)
- Dutch and Slovenian translations of pieform strings.
- Spanish translation of TinyMCE.
- Increase number of users shown on the admin/staff pages, and sort listing.
- List user institutions on profile page and search results.
- Bugfixes to view feedback, embedded media mimetypes, SSO, and more.

1.1.3 (2009-04-22)
- Fixed XSS vulnerabilities in user views (CVE-2009-0664)
- Prevent arbitrary code execution in html2text library (CVE-2008-5619)
- Allow course groups with membership by request
- Many minor improvements and bug fixes
1.1.2 (2009-03-10)
- Fixed multiple XSS vulnerabilities in user profile data and blogs
  (CVE-2009-0660)
- minor fixes to portfolio import, html validation, default theme and upgrade
  path from 1.0
- added support for embedding slideshare widgets
1.1.1 (2009-02-27)
- a few fixes to the upgrade path from 1.0
1.1.0 (2009-02-26)
- raft of new features over the 1.0 series of Mahara
- ability to copy Views
- many improvements to Groups
- ability to import content from other systems (such as Moodle 2.0)
- user profile pages such as Views
- many other smaller improvements and bugfixes have been made.

1.0.9 (2009-01-29)
- small bugfixes and minor layout improvements
- fixes the blank screens some people were seeing upon installation
- filters HTML that is used in the forums

1.0.8 (2009-01-07)
- fixes a bug that prevented email from being sent
- makes it much easier to install new language packs

1.0.7 (2008-12-23)
- increases the memory limit available to Mahara
- adds a 'powered by mahara' icon and link to the footer
- a few bugfixes

1.0.6 (2008-11-04)
- security fixes for vulnerabilities in 3rd party libraries

1.0.5 (2008-09-25)
- bug and stability fixes around user authentication and MNET

1.0.4 (2008-06-25)
- bug and stability fixes around the administration section

1.0.3 (2008-06-13)
- HTTP level performance improvements
- some MySQL fixes
- improvement to "login as" functionality
- some other bugfixes

1.0.2 (2007-04-28)
- more usability work for the Views interface
- bugfixes for videos in Views
- RSS blocktype is greatly improved, with the ability to show the
  feed icon and a full view of the feed
- bugfixes for SSO, authentication, and search.

1.0.1 (2008-04-09)
- minor bugfixes to the Resume, SSO, and MySQL support

0 blueprints and 6 bugs targeted

Bug report Importance Assignee Status
1367939 #1367939 Error on registration if confirmed registration is turned on and copy collection in play 3 High Robert Lyon  10 Fix Released
1380434 #1380434 An error appears when importing an extracted portfolio 3 High   10 Fix Released
1318995 #1318995 File import of zipped PDF does not detect filetype correctly 4 Medium Robert Lyon  10 Fix Released
1353759 #1353759 Google maps embed not working in Google Apps block 4 Medium Robert Lyon  10 Fix Released
1381868 #1381868 XSS with institution full name on user profile page 4 Medium   10 Fix Released
1337547 #1337547 Static function 'X' should not be abstract 5 Low   10 Fix Released
This milestone contains Public information
Everyone can see this information.