Actions

Releases/1.2.5: Difference between revisions

From Mahara Wiki

< Releases
m (Catadmin moved page Release Notes/1.2.5 to Releases/1.2.5 without leaving a redirect)
mNo edit summary
 
Line 21: Line 21:


</div>
</div>
[[Category:Release Notes]]

Latest revision as of 18:03, 19 Haziran 2019

This is a major security release of Mahara 1.2. Stable releases are fit
for general use. If you find a bug, please report it to the tracker:

https://bugs.launchpad.net/mahara/+filebug

This release includes an upgrade path from 1.0. If you wish to
upgrade, we encourage you to make a copy of your website and test the
upgrade on it first, to minimise the effect of any potential
unforeseen problems.

Changes from 1.2.4:

  • Multiple XSS vulnerabilities (CVE-2010-1667)
  • Multiple CSRF vulnerabilities (CVE-2010-1668)
  • SQL Injection (CVE-2010-1669)
  • Removal of dangerous auth plugin configuration options (CVE-2010-1670)
  • New version of HTML Purifier fixing an IE-only XSS (CVE-2010-2479)
  • Better handling of cron events to avoid sending duplicate emails
  • Fix problems when mime_content_type() is missing
  • Improved detection of https on Windows
  • Set the correct envolope sender for emails sent on cron
  • Set the locale in Mahara instead of in language packs