Security is very important to Mahara developers. As potential issues are reported to us, we will test, patch and release fixes as quickly as possible.

Mahara does not have a bug bounty program. We still appreciate security bug reports and will list their reporters in the Security researchers section of our contributors page as a thank you.

Security announcements

You can see the previous security issues on our bug tracker or subscribe to security announcements from this forum via email or RSS.

How to test Mahara for security issues

We do not approve test accounts on mahara.org that are created for the purpose of finding security or other issues.

Please install a local copy of Mahara using the latest code from the Git repository on your own infrastructure to test the software. It is open source and you do not incur any fees for installing it.

How to report a security issue?

Please review our guidelines.

Security in our development process

Mahara developers are committed to achieving the highest standard of security. All commits to the Mahara git repository are reviewed by at least one developer who will enforce the guidelines found in Developer_Area/How_to_Review_Code.

Some of the developers are also members of the security team and follow these guidelines.

Mahara Security Bug Bounty Program (ended)

The Mahara Security Bug Bounty Program ended in October 2012. Please see the announcement for further information.