Mahara 16.04.2

Milestone information

Project:
Mahara
Series:
16.04
Version:
16.04.2
Released:
2016-07-11  
Registrant:
Robert Lyon
Release registered:
2016-07-11
Active:
No. Drivers cannot target bugs and blueprints to this milestone.  

Download RDF metadata

Activities

Assigned to you:
No blueprints or bugs assigned to you.
Assignees:
2 Aaron Wells
Blueprints:
No blueprints are targeted to this milestone.
Bugs:
26 Fix Released

Download files for this release

After you've downloaded a file, you can verify its authenticity using its MD5 sum or signature. (How do I verify a download?)

File Description Downloads
download icon mahara-16.04.2.zip (md5, sig) release tarball 967
last downloaded 12 weeks ago
download icon mahara-16.04.2.tar.bz2 (md5, sig) release tarball 116
last downloaded 61 weeks ago
download icon mahara-16.04.2.tar.gz (md5, sig) release tarball 113
last downloaded 52 weeks ago
Total downloads: 1,196

Release notes 

Mahara 16.04.2 Release Notes

This is a stable release of Mahara 16.04. Stable releases are fit for
general use. If you find a bug, please report it to the tracker:

https://bugs.launchpad.net/mahara/+filebug

This release includes an upgrade path from 1.1.0. If you wish to
upgrade, we encourage you to make a copy of your website and test the
upgrade on it first, to minimise the effect of any potential
unforeseen problems.

Changelog 

View the full changelog

* Bug 1463203: Upgrade Behat to 3.0
 * Bug 1515929: Duplicate records in usr_custom_layout cause fatal crash when copying a collection
 * Bug 1521818: Tagged journal entries block granting access to all entries in the journal
 * Bug 1528351: Block order numbers out of sync with number of blocks in a cell
 * Bug 1528993: Objectionable content URL doesn't work with Clean URL
 * Bug 1529753: Real name is displayed when it shouldn't be
 * Bug 1531987: Review HTTP headers to improve security
 * Bug 1534081: Fullscreen button is missing in embedded Vimeo video
 * Bug 1537912: No login link when "Links and resources" block is present
 * Bug 1542786: Institution statistics don't show proper names
 * Bug 1558361: XSS vulnerability due to window.opener (target="_blank" and window.open())
 * Bug 1510082: Dashboard inbox & notifications not working.
 * Bug 1513716: Intermittent error "Call to a member function StartTrans() on a non-object" when saving a blog post in 15.04
 * Bug 1520011: copying and pasting text with quots is displaying as '"Note"'
 * Bug 1523719: Sorting blocks in column not working correctly
 * Bug 1540722: Behat step for entering text into a dynamically named TinyMCE field
 * Bug 1541174: Update Readme to handle supported Internet Explorer browsers better
 * Bug 1547441: The texte "Image formatting options" is not translable
 * Bug 1556692: Problem with MNet usernames greater than 30 characters, when $CFG->usersuniquebyusername is used
 * Bug 1499572: array to string conversion on SQLExceptions/ADODB_Exceptions
 * Bug 1523499: Broken links in installer
 * Bug 1524601: Speed up minaccept by only linting changed files
 * Bug 1558387: Use $CFG->cacheversion for HTMLPurifier revision number
 * First release candidate for 16.04
 *
 * First release candidate for 1.4
 *
 * Please test and report issues to https://bugs.launchpad.net/mahara
 * Bug 1566366: Session referer check should not be set if using SAML
 * Bug 1415247: Behat uploading a file step is currently broken
 * Bug 1508721: Session setting should be more secure
 * Bug 1509129: Crash when posting a public comment that no one will be notified about
 * Bug 1517478: No button for choose a folder
 * Bug 1560633: Increase column event_log.data to "longtext"
 * Bug 1565669: External video doesn't play when block is on auto-retract
 * Bug 1567100: $user->find_by_username is NOT case insensitive
 * Bug 1567186: Passwords can accidentially end up in logs from badly made plugins
 * Bug 1567784: Session ID's not being regenerated
 * Bug 1570640: Badly setup authinstance can cause 'This Auth plugin has not been initialised' error
 * Bug 1570744: Duplicate session headers not removed in PHP 5.3
 * Bug 1571421: Illegal join expression when searching shared-with-me
 * Bug 1572377: autocomplete / select2 not using current language
 * Bug 1575969: PHP7 exception handler needs to accept Throwables
 * Bug 1503103: When new accounts are created, default storage quota is not applied
 * Bug 1528986: Ojectionable content modal's text box doesn't resize properly
 * Bug 1530606: Internal image slideshow doesn't have "First" and "Last" buttons anymore
 * Bug 1555407: image gallery display bug in Safari 8.0.4
 * Bug 1561239: Remove target="_blank" link from webservices OAuth page
 * Bug 1566127: PHP 5.3 incompatible array declarations
 * Bug 1568631: Allow skins on group homepages
 * Bug 1570667: Image gallery arrow issues with descriptions / dark images
 * Bug 1575955: PHP7 compatibility problems with function parameters
 * Bug 1482473: Reword block position selection combobox
 * Bug 1514641: Blocktype rendering error when artefact is not found
 * Bug 1515473: 15.04 Unit tests fail using MySql
 * Bug 1518842: No Readme.Mahara file for Fontawesome
 * Bug 1553860: Bottom line missing for sent message on first message in sent box
 * Bug 1415247: Behat uploading a file step is currently broken
 * Bug 1561239: Remove target="_blank" link from webservices OAuth page
 * Bug 1575955: PHP7 compatibility problems with function parameters
 * Bug 1566366: Session referer check should not be set if using SAML
 * Bug 1508721: Session setting should be more secure
 * Bug 1560633: Increase column event_log.data to "longtext"
 * Bug 1567100: $user->find_by_username is NOT case insensitive
 * Bug 1567186: Passwords can accidentially end up in logs from badly made plugins
 * Bug 1567784: Session ID's not being regenerated
 * Bug 1570640: Badly setup authinstance can cause 'This Auth plugin has not been initialised' error
 * Bug 1570744: Duplicate session headers not removed in PHP 5.3
 * Bug 1575969: PHP7 exception handler needs to accept Throwables
 * Bug 1503103: When new accounts are created, default storage quota is not applied
 * Bug 1515473: 15.04 Unit tests fail using MySql
 * Bug #1397110 Cannot add image to template files
 * Bug #1415247 Behat uploading a file step is currently broken
 * Bug #1555410 unread email icon in the banner display wrong
 * Bug #1572407 Elasticsearch save config not including artefact/lib.php
 * Bug #1577259 PHP7 fixing dwoo dynamic property references
 * Bug #1578000 "Call to undefined function artefact_instance_from_id()" when deleting a profile icon
 * Bug #1578701 Butons "Select all" "Slect none" in OpenBadge displayer are not translated
 * Bug #1578995 In the skin module the background position of the image cannot be translated
 * Bug #1579628 Modern theme: disappearing password label
 * Bug #1579999 PHP Fatal error: Class 'Session' not found
 * Bug #1581183 Pagination broken in MyFriends block
 * Bug #1581262 Upgrade error with unable to execute install_system_portfolio_view
 * Bug #1582778 Japanese text jumbled when submitted with image
 * Bug #1582934 Navigation not entirely / not visible on iPad
 * Bug #1587474 No indents forum reply fails when the last post has been deleted
 * Bug #1588606 Properly checking if group template is a site template
 * Bug #1588613 Mahara not respecting session lifetime setting from admin config page
 * Bug #1354222 Files within a group aren't deleted after deleting the group
 * Bug #1530702 New messages in inbox aren't displayed in bold in "Inbox" block
 * Bug #1545375 Button border missing when no second button in web services application connections
 * Bug #1548522 Avatars overlap in friends block
 * Bug #1561239 Remove target="_blank" link from webservices OAuth page
 * Bug #1577258 More PHP7 compatibility problems with function parameters
 * Bug #1578512 Escape filenames with quotes in them, in Content-Disposition:attachment headers
 * Bug #1582039 Submitted portfolios don't appear in group pages block automatically
 * Bug #1582472 No moving of long blocks
 * Bug #1582989 Make top line on "Edit" button more visible on certain pages
 * Bug #1583433 "I trigger the cron" behat step doesn't work if you have a non-default urlsecret set.
 * Bug #1588091 StudentID not displayed in content
 * Bug #1590293 Inconsistencies in how we handle $CFG->session_timeout
 * Bug #1590300 Weirdness in edit tabs for site templates
 * Bug #1567152 Undefined property warning on "Find groups" page
 * Bug #1581227 PHP Fatal error: Call to undefined function log_()
 * Bug #1582967 Comment deletion forms & buttons with non-unique IDs
 * Bug #1583435 Make it easier to run one specific feature file
 * Bug #1531610 Clean up inconsistencies in the paginators
 * Bug 1508684: Unserialize untrusted data when importing skins
 * Bug 1565198: "Recent journal entries" block should mention journal context in config
 * Bug 1576643: TinyMCE is not available on the iPad
 * Bug 1580399: Users can login to suspended institutions via external auth under some circumstances
 * Bug 1591304: Can't edit pages if "Users can choose page themes" is enabled.
 * Bug 1591782: Default theme breaks with skin background
 * Bug 1592213: Render issue with Masonry on Skins page
 * Bug 1592236: Sessions: constantly asked to log in to access the Users Admin screen
 * Bug 1596755: Ocean theme - tabbing through unselected sub-menu items
 * Bug 1599305: $USER->get('grouproles') returning values for deleted groups
 * Bug 1599958: Embedly content will not display on profile page
 * Bug 1084336: mnet: mahara doesn't implement kill_child which results in not being logged out when logged out from a remote IdP over mnet
 * Bug 1234615: Not checking artefact permissions before exporting
 * Bug 1588599: PHP 7 unrecoverable errors in 16.04
 * Bug 1591759: Importing leap2a textbox giving error when textbox is empty
 * Bug 1592276: Still SSRF vulnerability in external feed
 * Bug 1595789: "$cfg->urlsecret = null;" doesn't work during installation
 * Bug 1597549: Share access for site wide Profile page error
 * Bug 1598974: Mahara as MNet IDP breaks because of longer session ids
 * Bug 1599373: Don't print "share page" link when viewing site template pages
 * Bug 1599375: Hide default portfolio page site template from site pages sharing list
 * Bug 1600069: See other's profile images one is not meant to
 * Bug 1590626: Field with error is not highlighted on profile wall
 * Bug 1599404: The function "get_mahara_install_subdirectory" doesn't correctly handle a URL with a missing trailing slash
 * Bug 1600668: Google drive folders no longer work in Google Apps block
 * Bug 1537908: Warnings when LDAP server is not available

0 blueprints and 26 bugs targeted

Bug report Importance Assignee Status
1508684 #1508684 Unserialize untrusted data when importing skins 2 Critical   10 Fix Released
1537908 #1537908 Warnings when LDAP server is not available 3 High   10 Fix Released
1565198 #1565198 "Recent journal entries" block should mention journal context in config 3 High   10 Fix Released
1576643 #1576643 TinyMCE is not available on the iPad 3 High   10 Fix Released
1580399 #1580399 Users can login to suspended institutions via external auth under some circumstances 3 High   10 Fix Released
1591304 #1591304 Can't edit pages if "Users can choose page themes" is enabled. 3 High   10 Fix Released
1591782 #1591782 Default theme breaks with skin background 3 High   10 Fix Released
1592213 #1592213 Render issue with Masonry on Skins page 3 High   10 Fix Released
1592236 #1592236 Sessions: constantly asked to log in to access the Users Admin screen 3 High   10 Fix Released
1596755 #1596755 Ocean theme - tabbing through unselected sub-menu items 3 High   10 Fix Released
1599305 #1599305 $USER->get('grouproles') returning values for deleted groups 3 High   10 Fix Released
1599958 #1599958 Embedly content will not display on profile page 3 High   10 Fix Released
1084336 #1084336 mnet: mahara doesn't implement kill_child which results in not being logged out when logged out from a remote IdP over mnet 4 Medium   10 Fix Released
1234615 #1234615 Not checking artefact permissions before exporting 4 Medium   10 Fix Released
1588599 #1588599 PHP 7 unrecoverable errors in 16.04 4 Medium   10 Fix Released
1591759 #1591759 Importing leap2a textbox giving error when textbox is empty 4 Medium   10 Fix Released
1592276 #1592276 Still SSRF vulnerability in external feed 4 Medium Aaron Wells  10 Fix Released
1595789 #1595789 "$cfg->urlsecret = null;" doesn't work during installation 4 Medium Aaron Wells  10 Fix Released
1597549 #1597549 Share access for site wide Profile page error 4 Medium   10 Fix Released
1598974 #1598974 Mahara as MNet IDP breaks because of longer session ids 4 Medium   10 Fix Released
1599373 #1599373 Don't print "share page" link when viewing site template pages 4 Medium   10 Fix Released
1599375 #1599375 Hide default portfolio page site template from site pages sharing list 4 Medium   10 Fix Released
1600069 #1600069 See other's profile images one is not meant to 4 Medium   10 Fix Released
1590626 #1590626 Field with error is not highlighted on profile wall 5 Low   10 Fix Released
1599404 #1599404 The function "get_mahara_install_subdirectory" doesn't correctly handle a URL with a missing trailing slash 5 Low   10 Fix Released
1600668 #1600668 Google drive folders no longer work in Google Apps block 1 Undecided   10 Fix Released
This milestone contains Public information
Everyone can see this information.