Mahara 1.8.7

Milestone information

Project:
Mahara
Series:
1.8
Version:
1.8.7
Released:
2015-04-20  
Registrant:
Robert Lyon
Release registered:
2015-04-20
Active:
No. Drivers cannot target bugs and blueprints to this milestone.  

Download RDF metadata

Activities

Assigned to you:
No blueprints or bugs assigned to you.
Assignees:
2 Aaron Wells, 4 Robert Lyon
Blueprints:
No blueprints are targeted to this milestone.
Bugs:
24 Fix Released

Download files for this release

After you've downloaded a file, you can verify its authenticity using its MD5 sum or signature. (How do I verify a download?)

File Description Downloads
download icon mahara-1.8.7.zip (md5, sig) release tarball 49
last downloaded 4 weeks ago
download icon mahara-1.8.7.tar.gz (md5, sig) release tarball 50
last downloaded 4 weeks ago
download icon mahara-1.8.7.tar.bz2 (md5, sig) release tarball 14
last downloaded 4 weeks ago
Total downloads: 113

Release notes 

Mahara 1.8.7 Release Notes

This is a stable release of Mahara 1.8. Stable releases are fit for
general use. If you find a bug, please report it to the tracker:

https://bugs.launchpad.net/mahara/+filebug

This release includes an upgrade path from 1.1.0. If you wish to
upgrade, we encourage you to make a copy of your website and test the
upgrade on it first, to minimise the effect of any potential
unforeseen problems.

Changes from 1.8.6:

 *
 * Bug 1364170: Parent auth fails due to mixed case checking
 * Bug 1404117: XSS via uploaded XML
 * Bug 1387858: Draft journal entries are visible to others
 * Bug 1190788: Can cause arbitrary SWF files to execute in the browser
 * Bug 1435750: Google URLs changes
 * Bug 1439194: Notes and attached files
 * Bug 1440908: Clicking 'more' in friend request is not working
 * Bug 1286935: Allowed iframe check doesn't handle URLs with a question mark immediately after the domain name
 * Bug 1348024: users can stay logged into suspended institution
 * Bug 1392700: Images not displayed - blog post by tag
 * Bug 1390833: File attachments aren't copied when note is copied
 * Bug 1397068: Flickr API now requires use of https for endpoint
 * Bug 1399311: SQL syntax error in cron_event_log_expire on key word SECONDS
 * Bug 1414474: Sub navigation background color not used for sub navigation
 * Bug 1425306: Users can delete submitted page through URL
 * Bug 1428266: Missing page description when export/import via Leap2a
 * Bug 1429647: Watchlist lets you watch and receive notifications about pages you don't have view access to
 * Bug 1436841: Add External Media - YouTube Video
 * Bug 1429871: Link underlining in skins doesn't work
 * Bug 1400511: Cannot cancel comment form after validation fails
 * Bug 1415709: "Deprecated" warning coming from BBCode parser
 * Bug 1422232: elasticsearch - reset and indexing

Changelog 

View the full changelog

Adding in 'last of series' message to README
Allow prefixes that end in / to try ? and # as well
Stopping SWF files XSS exploitation (Bug #1190788)
Stopping the elasticsearch cron running at same time as reset index
Getting suspended institutions to keep their user out. (Bug 1348024)
Allowing the skin underline setting to work (Bug #1429871)
Update the block configdata for attachments. Bug 1439194
The accepting friend notification contains full url (Bug #1440908)
Double-check the viewid when setting up watchlist viewing (Bug 1429647)
Extract description in 'summary' entry when Leap import. Bug 1428266
Adding another filter/match for google spreadsheets (Bug #1435750)
Allowing for youtube-nocookie.com urls to work (Bug #1436841)
Make sure submitted page cannot be deleted via URL (Bug #1425306)
Add the method update_artefact_references() to HTML artefact (Note)
Checking the remoteusername for parent auth better (Bug #1364170)
Display cleaned content of XML file. Bug 1404117
Removing the from/join check in minaccept
Fix deprecated warning in BBCode library
Fixing problem where custom subnav background not showing (Bug #1414474)
Refactor the tagged blogpost blocktype. Bug 1392700
Make sure draft post not visible. Bug 1387858
Updating test/versioncheck.php with latest from master
Fix MySQL syntax error in cron task
Fix page error on form cancel after validation fails (Bug #1400511)
Using https for flickr request url (Bug #1397068)

0 blueprints and 24 bugs targeted

Bug report Importance Assignee Status
1190788 #1190788 Can cause arbitrary SWF files to execute in the browser 3 High   10 Fix Released
1364170 #1364170 Parent auth fails due to mixed case checking 3 High Robert Lyon  10 Fix Released
1387858 #1387858 Draft journal entries are visible to others 3 High   10 Fix Released
1404117 #1404117 XSS via uploaded XML 3 High   10 Fix Released
1417364 #1417364 Remove the check for SQL "from" and "join" from minaccept script 3 High   10 Fix Released
1435750 #1435750 Google URLs changes 3 High   10 Fix Released
1439194 #1439194 Notes and attached files 3 High   10 Fix Released
1440908 #1440908 Clicking 'more' in friend request is not working 3 High   10 Fix Released
1215662 #1215662 Check for correct version.php numbers in pre-commit script 4 Medium Aaron Wells  10 Fix Released
1286935 #1286935 Allowed iframe check doesn't handle URLs with a question mark immediately after the domain name 4 Medium   10 Fix Released
1348024 #1348024 users can stay logged into suspended institution 4 Medium   10 Fix Released
1390833 #1390833 File attachments aren't copied when note is copied 4 Medium   10 Fix Released
1392700 #1392700 Images not displayed - blog post by tag 4 Medium   10 Fix Released
1397068 #1397068 Flickr API now requires use of https for endpoint 4 Medium   10 Fix Released
1399311 #1399311 SQL syntax error in cron_event_log_expire on key word SECONDS 4 Medium Aaron Wells  10 Fix Released
1414474 #1414474 Sub navigation background color not used for sub navigation 4 Medium Robert Lyon  10 Fix Released
1425306 #1425306 Users can delete submitted page through URL 4 Medium Robert Lyon  10 Fix Released
1428266 #1428266 Missing page description when export/import via Leap2a 4 Medium   10 Fix Released
1429647 #1429647 Watchlist lets you watch and receive notifications about pages you don't have view access to 4 Medium   10 Fix Released
1429871 #1429871 Link underlining in skins doesn't work 4 Medium   10 Fix Released
1436841 #1436841 Add External Media - YouTube Video 4 Medium Robert Lyon  10 Fix Released
1400511 #1400511 Cannot cancel comment form after validation fails 5 Low   10 Fix Released
1415709 #1415709 "Deprecated" warning coming from BBCode parser 5 Low   10 Fix Released
1422232 #1422232 elasticsearch - reset and indexing 5 Low   10 Fix Released
This milestone contains Public information
Everyone can see this information.