Actions

Difference between revisions of "Developer Area/Plugins/Third party"

From Mahara Wiki

< Developer Area‎ | Plugins
Line 26: Line 26:
 
! Security fix
 
! Security fix
 
! Notes
 
! Notes
! style="font-weight:normal;" | Estimated time
 
! style="font-weight:normal;" | Notifications
 
 
|-
 
|-
 
| ADODB
 
| ADODB
Line 38: Line 36:
 
| Security - 5.21.0 incl.5.21.0-beta.1 - 2020-12-20<br />- adodb: prevent SQL injection in SelectLimit()<br />- session: add 'httponly' flag to cookie<br /><br />Minor<br />- Deprecation<br />  - mysqli: Deprecate $optionFlags property in favor<br />    of standard setConnectionParameter() method<br />
 
| Security - 5.21.0 incl.5.21.0-beta.1 - 2020-12-20<br />- adodb: prevent SQL injection in SelectLimit()<br />- session: add 'httponly' flag to cookie<br /><br />Minor<br />- Deprecation<br />  - mysqli: Deprecate $optionFlags property in favor<br />    of standard setConnectionParameter() method<br />
 
| Yes
 
| Yes
|
+
| ADOB release all news on current releases<br />important bug fixes on https://twitter.com/ADOdb_announce first.
|
 
| ADOB release all news on current releases + important bug fixes on https://twitter.com/ADOdb_announce first.
 
 
|-
 
|-
 
| Bootstrap
 
| Bootstrap
Line 52: Line 48:
 
|  
 
|  
 
|  
 
|  
|
 
| <br />
 
 
|-
 
|-
 
| Bootstrap <br />Datetimepicker
 
| Bootstrap <br />Datetimepicker
Line 65: Line 59:
 
|  
 
|  
 
| runs using bootstrap and moment.js  <br />There is a version 5 but not finished.
 
| runs using bootstrap and moment.js  <br />There is a version 5 but not finished.
|
 
|
 
 
|-
 
|-
 
| Chart.js
 
| Chart.js
Line 76: Line 68:
 
| LTS 2.x - 2.9.4<br />Active 3.x<br />
 
| LTS 2.x - 2.9.4<br />Active 3.x<br />
 
| Minor - 2.9.4: bug fixes<br /><br />Major - 3.0.0 breaking changes<br />- https://www.chartjs.org/docs/next/getting-started/v3-migration<br />- https://www.npmjs.com/package/chart.js  <br />- https://www.chartjs.org/docs/next/typedoc/<br />- https://www.chartjs.org/samples/next/  <br />- https://www.chartjs.org/docs/next/<br /><br />Minor - 3.0.1 bug fixes
 
| Minor - 2.9.4: bug fixes<br /><br />Major - 3.0.0 breaking changes<br />- https://www.chartjs.org/docs/next/getting-started/v3-migration<br />- https://www.npmjs.com/package/chart.js  <br />- https://www.chartjs.org/docs/next/typedoc/<br />- https://www.chartjs.org/samples/next/  <br />- https://www.chartjs.org/docs/next/<br /><br />Minor - 3.0.1 bug fixes
|
 
|
 
 
|  
 
|  
 
|  
 
|  
Line 89: Line 79:
 
| Active
 
| Active
 
| Patch fix
 
| Patch fix
|
 
|
 
 
|  
 
|  
 
|  
 
|  
Line 104: Line 92:
 
|  
 
|  
 
| Site talks about versions 2021.6 and 2021.2.3 which are not available on GitHub.<br />
 
| Site talks about versions 2021.6 and 2021.2.3 which are not available on GitHub.<br />
|
 
|
 
 
|-
 
|-
 
| CSS Tidy
 
| CSS Tidy
Line 116: Line 102:
 
| None
 
| None
 
| -
 
| -
|
 
|
 
 
|  
 
|  
 
|-
 
|-
Line 128: Line 112:
 
| Active
 
| Active
 
| Minor - changelog not available.
 
| Minor - changelog not available.
|
 
|
 
 
|  
 
|  
 
|  
 
|  
Line 141: Line 123:
 
| Active<br />
 
| Active<br />
 
| Patch fix
 
| Patch fix
|
 
|
 
 
|  
 
|  
 
|  
 
|  
Line 154: Line 134:
 
| Active
 
| Active
 
| Minor<br />- moved the ./src/options.js previewTemplate in its own<br />  preview-template.html file<br />- Dropzone triggers custom events on DOM using dropzone
 
| Minor<br />- moved the ./src/options.js previewTemplate in its own<br />  preview-template.html file<br />- Dropzone triggers custom events on DOM using dropzone
|
 
|
 
 
|  
 
|  
 
|  
 
|  
Line 167: Line 145:
 
| Deprecated<br />
 
| Deprecated<br />
 
| Replace
 
| Replace
|
 
|
 
 
|  
 
|  
 
|  
 
|  
Line 182: Line 158:
 
|  
 
|  
 
| https://github.com/elastic/elasticsearch-php/blob/master/CHANGELOG.md <br /> Patch in review to upgrade to 7.5, (Bug 1840101: update elasticsearch-php to 7.5) <br />  -  currently works with ES server 6.8, but not 7.<br />Note that our code needs to be upgraded so we can connect to ES server 7.6, which is a separate issue.
 
| https://github.com/elastic/elasticsearch-php/blob/master/CHANGELOG.md <br /> Patch in review to upgrade to 7.5, (Bug 1840101: update elasticsearch-php to 7.5) <br />  -  currently works with ES server 6.8, but not 7.<br />Note that our code needs to be upgraded so we can connect to ES server 7.6, which is a separate issue.
|
 
|
 
 
|-
 
|-
 
| fancybox3
 
| fancybox3
Line 194: Line 168:
 
| None
 
| None
 
|  
 
|  
| https://fancyapps.com/next/
+
| https://fancyapps.com/next/<br />Notifications: https://twitter.com/thefancyapps<br />
|
 
| https://twitter.com/thefancyapps
 
 
|-
 
|-
 
| gridstack
 
| gridstack
Line 207: Line 179:
 
| WIP - Robert<br />
 
| WIP - Robert<br />
 
|  
 
|  
| A lot of activity in the past few months - looks to be significant structural changes, including removing jquery.
+
| A lot of activity in the past few months - looks to be significant structural changes, including removing jquery.<br />Slack channel: [https://join.slack.com/t/gridstackjs/shared_invite/enQtODE1NzkxMTUzNTIzLTA1NTEzZGE2N<br />zliMGY5M2IwN2UzNWUzYmY2YTA0OTFlMTlmMDA3MTg3MGViZTRhZjM0N2QyODMyMjc1NzY4ZWQ slack channel]<br /><br />
| <br />
 
| questions can be posted in their slack channel <br />[https://join.slack.com/t/gridstackjs/shared_invite/enQtODE1NzkxMTUzNTIzLTA1NTEzZGE2NzliMGY5M2IwN2UzNWUzYmY2YTA0OTFlMTlmMDA3MTg3MGViZTRhZjM0N2QyODMyMjc1NzY4ZWQ slack channel]
 
 
|-
 
|-
 
| HTML Purifier
 
| HTML Purifier
Line 219: Line 189:
 
| Inactive, 2020
 
| Inactive, 2020
 
| None
 
| None
|
 
|
 
 
|  
 
|  
 
| https://github.com/ezyang/htmlpurifier/blob/v4.13.0/NEWS
 
| https://github.com/ezyang/htmlpurifier/blob/v4.13.0/NEWS
Line 232: Line 200:
 
| Inactive, 2020
 
| Inactive, 2020
 
| None
 
| None
|
 
|
 
 
|  
 
|  
 
|  
 
|  
Line 246: Line 212:
 
| Minor
 
| Minor
 
|  
 
|  
| https://blog.jquery.com/2021/03/02/jquery-3-6-0-released/
+
| https://blog.jquery.com/2021/03/02/jquery-3-6-0-released/<br />News: - QA: https://forum.jquery.com/<br />Twitter: https://twitter.com/jquery
|
 
| Twitter: https://twitter.com/jquery <br /> QA: https://forum.jquery.com/<br /> IRC https://irc.jquery.org/Looks like Bug #1840101 has started looking into this.
 
 
|-
 
|-
 
| jQuery mobile
 
| jQuery mobile
Line 260: Line 224:
 
|  
 
|  
 
| https://blog.jquerymobile.com - lack of resources but wish to maintain.
 
| https://blog.jquerymobile.com - lack of resources but wish to maintain.
|
 
|
 
 
|-
 
|-
 
| jQuery UI
 
| jQuery UI
Line 273: Line 235:
 
|  
 
|  
 
| https://blog.jqueryui.com/ - lack of resources but with to maintain.
 
| https://blog.jqueryui.com/ - lack of resources but with to maintain.
|
 
|
 
 
|-
 
|-
 
| jQuery UI plugin <br />touch-punch
 
| jQuery UI plugin <br />touch-punch
Line 284: Line 244:
 
| Deprecated
 
| Deprecated
 
| None
 
| None
|
 
|
 
 
|  
 
|  
 
|  
 
|  
Line 297: Line 255:
 
| Active
 
| Active
 
| None
 
| None
|
 
|
 
 
|  
 
|  
 
|  
 
|  
Line 310: Line 266:
 
| Active
 
| Active
 
| Major 2.x
 
| Major 2.x
|
 
|
 
 
|  
 
|  
 
|  
 
|  
Line 323: Line 277:
 
| Inactive, 2018
 
| Inactive, 2018
 
| None
 
| None
|
 
|
 
 
|  
 
|  
 
| Twitter: https://twitter.com/naadydev
 
| Twitter: https://twitter.com/naadydev
Line 338: Line 290:
 
|  
 
|  
 
| Lodash was brought in with gridstack- gridstack v0.5.0 no longer have it as a requirement
 
| Lodash was brought in with gridstack- gridstack v0.5.0 no longer have it as a requirement
|
 
|
 
 
|-
 
|-
 
| Marked
 
| Marked
Line 349: Line 299:
 
| Active
 
| Active
 
| Minor - v2.1.1, v2.1.2, v2.1.3<br />Major 3.x - breaking changes
 
| Minor - v2.1.1, v2.1.2, v2.1.3<br />Major 3.x - breaking changes
|
 
|
 
 
|  
 
|  
 
|  
 
|  
Line 362: Line 310:
 
| Inactive, 2018
 
| Inactive, 2018
 
| None
 
| None
|
 
|
 
 
|  
 
|  
 
|  
 
|  
Line 377: Line 323:
 
|  
 
|  
 
| Our version is now forked to keep make it work with Tinymce 5
 
| Our version is now forked to keep make it work with Tinymce 5
|
 
|
 
 
|-
 
|-
 
| Moment.js
 
| Moment.js
Line 388: Line 332:
 
| Inactive, 2020
 
| Inactive, 2020
 
| None
 
| None
|
 
|
 
 
|  
 
|  
 
|  
 
|  
Line 403: Line 345:
 
|  
 
|  
 
| We should replace with an oauth2 php library https://oauth.net/code/php/ and / or checkout what Moodle do
 
| We should replace with an oauth2 php library https://oauth.net/code/php/ and / or checkout what Moodle do
|
 
|
 
 
|-
 
|-
 
| PDFjs
 
| PDFjs
Line 414: Line 354:
 
| Active
 
| Active
 
| Minor <br />- improving text layer rendering<br />- accessibility for screen readers
 
| Minor <br />- improving text layer rendering<br />- accessibility for screen readers
|
 
|
 
 
|  
 
|  
 
|  
 
|  
Line 428: Line 366:
 
| Minor 6.5.0 - security release<br />Minor 6.5.1 - maintenance release
 
| Minor 6.5.0 - security release<br />Minor 6.5.1 - maintenance release
 
| Yes
 
| Yes
|
 
|
 
 
|  
 
|  
 
|-
 
|-
Line 442: Line 378:
 
|  
 
|  
 
| https://dev.to/fezvrasta/smarter-tooltips-and-popovers-with-popper-2-44bh
 
| https://dev.to/fezvrasta/smarter-tooltips-and-popovers-with-popper-2-44bh
|
 
|
 
 
|-
 
|-
 
| ReCaptcha
 
| ReCaptcha
Line 455: Line 389:
 
|  
 
|  
 
| This client supports both v2 and v3.
 
| This client supports both v2 and v3.
|
 
|
 
 
|-
 
|-
 
| simplesamlphp
 
| simplesamlphp
Line 467: Line 399:
 
| Minor<br />- do not accept the hashed admin password for authentication<br />- strengthen against prev security vulnerabilities -3rd party<br />  modules may be affected.<br />
 
| Minor<br />- do not accept the hashed admin password for authentication<br />- strengthen against prev security vulnerabilities -3rd party<br />  modules may be affected.<br />
 
| Related<br />
 
| Related<br />
|
 
|
 
 
|  
 
|  
 
|-
 
|-
Line 479: Line 409:
 
| Active
 
| Active
 
| Patch fix
 
| Patch fix
|
 
|
 
 
|  
 
|  
 
|  
 
|  
Line 489: Line 417:
 
| Multiple licenses
 
| Multiple licenses
 
| - n/a<br />- 2.29<br />- 5.000<br />- 8.11
 
| - n/a<br />- 2.29<br />- 5.000<br />- 8.11
|
 
|
 
 
|  
 
|  
 
|  
 
|  
Line 507: Line 433:
 
|  
 
|  
 
| changes to unicode for fontawesome <br />- https://github.com/FortAwesome/Font-Awesome/blob/master/UPGRADING.md
 
| changes to unicode for fontawesome <br />- https://github.com/FortAwesome/Font-Awesome/blob/master/UPGRADING.md
|
 
|
 
 
|-
 
|-
 
| TinyMCE
 
| TinyMCE
Line 519: Line 443:
 
| Minor - small
 
| Minor - small
 
|  
 
|  
| https://www.tiny.cloud/docs/changelog/<br />Test on mobile when updating
+
| https://www.tiny.cloud/docs/changelog/<br />Test on mobile when updating<br />Blog: https://www.tiny.cloud/blog/category/news-and-updates/
|
 
| Blog: https://www.tiny.cloud/blog/category/news-and-updates/
 
 
|-
 
|-
 
| Video.js
 
| Video.js
Line 531: Line 453:
 
| Active
 
| Active
 
| Minor<br />- use setup-node cache and remove individual cache step<br />- playbackRates() method<br />
 
| Minor<br />- use setup-node cache and remove individual cache step<br />- playbackRates() method<br />
|
 
|
 
 
|  
 
|  
 
|  
 
|  
Line 545: Line 465:
 
| None
 
| None
 
|  
 
|  
|
 
| <br />
 
 
|  
 
|  
 
|-
 
|-
Line 559: Line 477:
 
|  
 
|  
 
| There is a list of libraries that Mahara uses sitting in this file which also need updating too
 
| There is a list of libraries that Mahara uses sitting in this file which also need updating too
|
 
|
 
 
|}
 
|}

Revision as of 13:54, 20 August 2021

A list of the third party plugins within Mahara.

A helpful way to update this list is to go:

 find ./htdocs -type f -iname "README.Mahara" -exec grep 'Version' -B1 {} \; -print

on the current codebase.

Note: another thing to keep in sync is the country names we use for 'Country' dropdowns. To check what the current state of play is

 perl -MLocale::Country -le 'print join("\n", sort map { country2code($_) . " => " . country2code($_, LOCALE_CODE_ALPHA_3) . ", // " . $_ } all_country_names())'

and check the results against htdocs/lib/country.php and htdocs/lang/en.utf8/mahara.php files For any confusion you can also check against https://www.iso.org

Indicating what version they are on in Mahara and what they currently are on at time of publishing 18 Feb 2021.

Current versions marked in Red indicate the plugin needs updating/upgrading.

Name Readme file URL License Current version Latest version Support Upgrade type Security fix Notes
ADODB ./htdocs/lib/adodb/ - https://adodb.org/dokuwiki/doku.php
- https://github.com/ADOdb/ADOdb
- https://github.com/ADOdb/ADOdb/blob/v5.21.0/docs/changelog.md
- BSD 3-Clause
- GNU Lesser General Public Licence
5.20.20
5.21.1 End 5.20.20 Security - 5.21.0 incl.5.21.0-beta.1 - 2020-12-20
- adodb: prevent SQL injection in SelectLimit()
- session: add 'httponly' flag to cookie

Minor
- Deprecation
- mysqli: Deprecate $optionFlags property in favor
of standard setConnectionParameter() method
Yes ADOB release all news on current releases
important bug fixes on https://twitter.com/ADOdb_announce first.
Bootstrap htdocs/lib/bootstrap/assets/javascripts/
- https://getbootstrap.com/
- https://github.com/twbs/release
MIT License 4.6.0 5.1.0 Ends 4.x (LTS) - 01 Nov 2022 Major
Bootstrap
Datetimepicker
./htdocs/js/bootstrap-datetimepicker/ - https://getdatepicker.com/
- https://github.com/tempusdominus/bootstrap-4
MIT License 4.17.47 5.39.0 Inactive,
v4 not maintained
None runs using bootstrap and moment.js
There is a version 5 but not finished.
Chart.js ./htdocs/js/chartjs/ http://www.chartjs.org MIT License 2.9.3 3.5.1 LTS 2.x - 2.9.4
Active 3.x
Minor - 2.9.4: bug fixes

Major - 3.0.0 breaking changes
- https://www.chartjs.org/docs/next/getting-started/v3-migration
- https://www.npmjs.com/package/chart.js
- https://www.chartjs.org/docs/next/typedoc/
- https://www.chartjs.org/samples/next/
- https://www.chartjs.org/docs/next/

Minor - 3.0.1 bug fixes
Clipboard js ./htdocs/js/clipboard/ https://clipboardjs.com/ MIT License 2.0.6 2.0.8 Active Patch fix
Cookie consent ./htdocs/js/cookieconsent/ - https://www.osano.com/cookieconsent
- https://github.com/osano/cookieconsent
MIT License 3.1.1 3.1.1 New updates are
proprietary.
None Site talks about versions 2021.6 and 2021.2.3 which are not available on GitHub.
CSS Tidy ./htdocs/lib/csstidy/ https://github.com/Cerdic/CSSTidy LGPL 1.7.1 1.7.3 Inactive, 2020 None -
Dragon-drop ./htdocs/js/dragondrop/ https://github.com/schne324/dragon-drop MIT License 3.2.1 3.6.1 Active Minor - changelog not available.
Datatables https://datatables.net/
https://datatables.net/download/index
MIT License 1.10.20 1.10.25 Active
Patch fix
Dropzone ./htdocs/js/dropzone/ https://github.com/dropzone/dropzone/release


MIT License 5.7.6 5.9.2 Active Minor
- moved the ./src/options.js previewTemplate in its own
preview-template.html file
- Dropzone triggers custom events on DOM using dropzone
Dwoo ./htdocs/lib/dwoo/ - http://dwoo.org/
- https://github.com/dwoo-project/dwoo
GNU Lesser General Public License 1.3.7 1.3.7 Deprecated
Replace
Elastic Search ./htdocs/lib/elasticsearch/ https://github.com/elastic/elasticsearch-php Apache v2.0
LGPL v2.1
6.1.0 7.11.0 Active
WIP - Gold https://github.com/elastic/elasticsearch-php/blob/master/CHANGELOG.md
Patch in review to upgrade to 7.5, (Bug 1840101: update elasticsearch-php to 7.5)
- currently works with ES server 6.8, but not 7.
Note that our code needs to be upgraded so we can connect to ES server 7.6, which is a separate issue.
fancybox3 ./htdocs/js/fancybox/ https://github.com/fancyapps/ui - in BETA stage
https://fancyapps.com/docs/ui/installation
Creative Commons: CC BY-SA 4.0 license 3.5.6 3.5.7 Inactive
- v3 deprecated
- v4 in beta stage
None https://fancyapps.com/next/
Notifications: https://twitter.com/thefancyapps
gridstack ./htdocs/js/gridstack/ https://github.com/gridstack/gridstack.js MIT License 0.6.4 3.3.0 Active WIP - Robert
A lot of activity in the past few months - looks to be significant structural changes, including removing jquery.
Slack channel:
zliMGY5M2IwN2UzNWUzYmY2YTA0OTFlMTlmMDA3MTg3MGViZTRhZjM0N2QyODMyMjc1NzY4ZWQ slack channel


HTML Purifier ./htdocs/lib/htmlpurifier/ http://www.htmlpurifier.org/ LGPL v2.1+ 4.13.0 4.13.0 Inactive, 2020 None https://github.com/ezyang/htmlpurifier/blob/v4.13.0/NEWS
Javascript templates ./htdocs/js/javascript-templates/ https://github.com/blueimp/JavaScript-Templates MIT License 3.19.0 3.19.0 Inactive, 2020 None
jQuery ./htdocs/js/jquery/ http://jquery.com/
https://github.com/jquery/jquery
MIT License 3.5.1 3.6.0 Active Minor https://blog.jquery.com/2021/03/02/jquery-3-6-0-released/
News: - QA: https://forum.jquery.com/
Twitter: https://twitter.com/jquery
jQuery mobile ./htdocs/js/jquery/jquery-mobile/ http://jquerymobile.com MIT License 1.5.0-alpha.1 1.5.0-rc1 Inactive, 2017 None https://blog.jquerymobile.com - lack of resources but wish to maintain.
jQuery UI ./htdocs/js/jquery/jquery-ui/ http://jqueryui.com/ MIT License 1.12.1 1.12.1 Inactive, 2017 None https://blog.jqueryui.com/ - lack of resources but with to maintain.
jQuery UI plugin
touch-punch
./htdocs/js/jquery/jquery-ui/
jquery-ui-touch-punch.min.js
http://touchpunch.furf.com/
https://github.com/furf/jquery-ui-touch-punch
MIT or GPL Version 2 licenses 0.2.3 0.2.3 Deprecated None
JS Color ./htdocs/js/jscolor/README.Mahara http://jscolor.com/ GPL 3 2.4.5 2.4.5 Active None
Json editor ./htdocs/js/jsoneditor/README.Mahara https://github.com/json-editor/json-editor MIT License 1.3.5 2.5.4 Active Major 2.x
jTLine .htdocs/js/jTLine/README.Mahara https://naadydev.github.io/jTLine/ MIT License 1.0 1.0 Inactive, 2018 None Twitter: https://twitter.com/naadydev
Lodash ./htdocs/js/lodash/README.Mahara https://github.com/lodash/lodash MIT License 4.17.15 4.17.21 Active Patch fix Lodash was brought in with gridstack- gridstack v0.5.0 no longer have it as a requirement
Marked ./htdocs/js/marked/README.Mahara https://github.com/markedjs/marked MIT License 2.0.0 3.0.0 Active Minor - v2.1.1, v2.1.2, v2.1.3
Major 3.x - breaking changes
Masonry ./htdocs/js/masonry/README.Mahara https://masonry.desandro.com/
https://github.com/desandro/masonry
MIT License 4.2.2 4.2.2 Inactive, 2018 None
TinyMCE -Mathslate ./htdocs/js/tinymce/plugins/mathslate/ https://github.com/dthies/tinymce4-mathslate GPL 3 1.1 1.1 Forked version, 2015 None Our version is now forked to keep make it work with Tinymce 5
Moment.js ./htdocs/js/momentjs/ http://momentjs.com/ MIT License 2.29.1 2.29.1 Inactive, 2020 None
Oauth PHP ./htdocs/webservice/libs/oauth-php/ https://code.google.com/archive/p/oauth-php/ MIT License 175 175 Archived, 2010 Replace We should replace with an oauth2 php library https://oauth.net/code/php/ and / or checkout what Moodle do
PDFjs ./htdocs/artefact/file/blocktype/pdf/js/pdfjs/ http://mozilla.github.io/pdf.js/getting_started/#download
https://github.com/mozilla/pdf.js
Apache License 2 2.8.335
2.9.359
Active Minor
- improving text layer rendering
- accessibility for screen readers
PHPMailer ./htdocs/lib/phpmailer/ https://github.com/PHPMailer/PHPMailer LGPL 6.2.0 6.5.1 Active
Minor 6.5.0 - security release
Minor 6.5.1 - maintenance release
Yes
Popper ./htdocs/lib/popper/ https://popper.js.org/ MIT License 1.16.0 2.9.3 Active v2
LTS 1.16.1 w/o warnings
(when we use bootstrap 5 supporting v2.x)
Major 2.x - breaking 2020
2.9.3
(while we are still at bootstrapr4)

Minor 1.16.1, Mar 2020
https://dev.to/fezvrasta/smarter-tooltips-and-popovers-with-popper-2-44bh
ReCaptcha ./htdocs/lib/recaptcha/ https://github.com/google/recaptcha BSD-3 1.2.1 1.2.4 Active Patch fix This client supports both v2 and v3.
simplesamlphp /htdocs/auth/saml/extlib/simplesamlphp/ https://github.com/simplesamlphp/simplesamlphp GPL 2.1 1.18.7 1.19.1 Active Minor
- do not accept the hashed admin password for authentication
- strengthen against prev security vulnerabilities -3rd party
modules may be affected.
Related
Select2 ./htdocs/js/select2/ https://select2.org/ MIT License 4.0.9 4.0.13 Active Patch fix
Skin fonts
font-squirrel
/htdocs/lib/fonts/README.Mahara
- http://www.fontsquirrel.com/fonts/Aurulent-Sans
- http://www.fontsquirrel.com/fonts/DejaVu-Sans
- http://scripts.sil.org/cms/scripts/page.php?item_id=CharisSIL
- http://sourceforge.net/projects/gs-fonts/
Multiple licenses - n/a
- 2.29
- 5.000
- 8.11
System fonts
fontawesome
- ./htdocs/theme/raw/fonts/
- ./htdocs/theme/raw/sass/lib/font-awesome/
- http://fontawesome.io
- https://www.google.com/fonts/specimen/Open+Sans
- https://www.google.com/fonts/specimen/Roboto+Slab
- http://fontawesome.io/license
- MIT License
- Apache License version 2.0
- 5.8.1
- 1
- 1
- 1.9
- 5.14.0
- 1
- 1
- 1.9
changes to unicode for fontawesome
- https://github.com/FortAwesome/Font-Awesome/blob/master/UPGRADING.md
TinyMCE ./htdocs/js/tinymce/README.Mahara https://www.tiny.cloud/
https://www.tiny.cloud/get-tiny/self-hosted
LGPL 2.1 5.7.0 5.8.2 Active Minor - small https://www.tiny.cloud/docs/changelog/
Test on mobile when updating
Blog: https://www.tiny.cloud/blog/category/news-and-updates/
Video.js ./htdocs/artefact/file/blocktype/internalmedia/
videojs/
http://videojs.com/
https://github.com/videojs/video.js
Apache License 2.0 7.11.4 7.14.3 Active Minor
- use setup-node cache and remove individual cache step
- playbackRates() method
zxcvbn ./htdocs/js/zxcvbn/ https://github.com/dropbox/zxcvbn MIT License 4.4.2 4.4.2 Inactive, 2017 None
composer.json
dependencies
https://git.mahara.org/mahara/mahara/
-/blob/master/external/composer.json
Check for updates for each dependency inside the .json file. There is a list of libraries that Mahara uses sitting in this file which also need updating too