Mahara 1.0.15
Milestone information
- Project:
- Mahara
- Series:
- 1.0
- Version:
- 1.0.15
- Released:
- Registrant:
- François Marier
- Release registered:
- Active:
- No. Drivers cannot target bugs and blueprints to this milestone.
Activities
- Assigned to you:
- No blueprints or bugs assigned to you.
- Assignees:
- 1 François Marier
- Blueprints:
- No blueprints are targeted to this milestone.
- Bugs:
- 2 Fix Released
Download files for this release
Release notes
Mahara 1.0.15 Release Notes
This is a stable release of Mahara 1.0. Stable releases are fit for
general use. If you find a bug, please report it to the tracker:
https:/
This release includes an upgrade path from 1.0. If you wish to
upgrade, we encourage you to make a copy of your website and test the
upgrade on it first, to minimise the effect of any potential
unforeseen problems.
Changes from 1.0.14:
* Multiple XSS vulnerabilities (CVE-2010-1667)
* Multiple CSRF vulnerabilities (CVE-2010-1668)
* Removal of dangerous auth plugin configuration options (CVE-2010-1670)
* New version of HTML Purifier fixing an IE-only XSS (CVE-2010-2479)
Changelog
View the full changelog
0 blueprints and 2 bugs targeted
Bug report | Importance | Assignee | Status | |||
---|---|---|---|---|---|---|
571505 | #571505 | XSS in HTML purifier 3.0.0 and 4.0.0 | 2 Critical | François Marier | 10 Fix Released | |
594891 | #594891 | Adding internal authinstance as parent of xmlrpc allows login to existing accounts without a password | 4 Medium | 10 Fix Released |