From Mahara Wiki

< Releases

This is a stable release of Mahara 1.0. Stable releases are fit for
general use. If you find a bug, please report it to the tracker:

This release includes an upgrade path from 1.0. If you wish to
upgrade, we encourage you to make a copy of your website and test the
upgrade on it first, to minimise the effect of any potential
unforeseen problems.

Changes from 1.0.14:

  • Multiple XSS vulnerabilities (CVE-2010-1667)
  • Multiple CSRF vulnerabilities (CVE-2010-1668)
  • Removal of dangerous auth plugin configuration options (CVE-2010-1670)
  • New version of HTML Purifier fixing an IE-only XSS (CVE-2010-2479)