Mahara Changelog

What's new in Mahara 15.10.0

Oct 30, 2015
  • New Features:
  • Using the Bootstrap framework for CSS and HTML and increasingly Javascript
  • New themes
  • Journals on group, institution and site level
  • Direct replies to feedback comments
  • Defining the default page template in the administration area
  • Displaying collections instead of collection pages on the dashboard, profile and in "Shared with me"
  • General usability improvements
  • MathJax and mhchem support in the visual editor
  • Statistics for active users by institution
  • Better email address management in the administration area
  • Security bugs:
  • Bug #1447377: Stored XSS in user reports access lists, and shared tabs for user/group/institution
  • Bug #1472439 XSS in "add to watchlist" link on artefact detail screen
  • Bug #1480329 Session key is not checked during file upload
  • Bug #1460368 Even if you disallow anonymous comments at the site level, you can still place anonymous comments on artefacts
  • Bug #1463629 Prevent HTTP iframes on HTTPS sites
  • Bug #1470281 Use "nosniff" header to prevent potential XSS via untrusted files in IE

New in Mahara 1.8.0 (Oct 28, 2013)

  • New features:
  • Turned the block chooser vertical and scrolling, to accomodate longer Pages
  • The Image block and Text Box block are now conveniently at the top of the block chooser
  • Page layouts can now have rows as well as columns
  • Users can import leap2a files into their existing Mahara account
  • PDF block allows PDFs to be viewed inline in a Page
  • Resume elements can have attachments
  • Notes (and text box blocks) can have attachments
  • Users are notified when they try to navigate away from a page with unsaved changes
  • Many more types of user content can have tags
  • Resume entries for electronic publications can now be hotlinks
  • Drag-and-drop to upload files
  • Page skins, which give individual users the ability to change the CSS of their Pages
  • Admins can search for users with duplicate email addresses
  • Admins can filter user search by auth method
  • Elasticsearch search plugin
  • "Additional HTML" config option for things such as Google Analytics
  • A cron job in the LDAP auth plugin to synchronize Mahara accounts with LDAP
  • Security bugs:
  • Security Bug #1034180: A group member with no access rights to folder can still view it
  • Security Bug #1236636: Can attach other users' Folders to your Image Gallery block

New in Mahara 1.5.4 (Oct 13, 2012)

  • Escape pieform errors displayed to users (Bug #1055232)
  • Escape user uploaded SVG files (Bug #1061980)
  • Fix Click-Jacking attack on account deletion page (Bug #1057240)
  • Fix up old file permissions to remove executable (Bug #1057238)
  • Escape user uploaded XHTML files (Bug #1055232)
  • Fix saved file permissions (Bug #1057238)
  • Remove clamav from site admin options (Bug #1057238)

New in Mahara 1.5.2 (Aug 2, 2012)

  • This version has fixes for multiple Cross-site Scripting vulnerabilities, has a fix for a MySQL upgrade issue, and migrates the BrowserID URL to persona.

New in Mahara 1.5.1 (May 5, 2012)

  • This version fixes a bug which prevented some MySQL users from upgrading.

New in Mahara 1.5.0 (Apr 18, 2012)

  • This version includes ten months of development on new features and bugfixes, including more embedded content support, a new theme option for younger people, a WYSIWYG fullscreen option, new watchlist and tagged journal entries blocks, bulk administrative actions, and many usability fixes.

New in Mahara 1.4.1 (Nov 6, 2011)

  • XSS in unvalidated URI attributes (CVE-2011-2771)
  • Information disclosure exposing private messages (CVE-2011-2774)
  • DoS via invalid or excessively large images (CVE-2011-2773)
  • CSRF to trick admins into adding a user to an institution (CVE-2011-2773)
  • Fix broken links on export page
  • Fix problems with blog, plan and comment pagination, and comment deletion
  • Fix embedding issues with google docs and multimedia content
  • Fix issues preventing tinymce and pieforms javascript loading for text areas
  • Fix fatal errors for collections and image galleries
  • Fix issues with settings for search plugin and mail preferences
  • Ensure that bulk imported users are forced to change passwords

New in Mahara 1.4.0 (Jun 14, 2011)

  • new Google Apps and Image Gallery blocks
  • star ratings with comments
  • easier page for sharing content with others
  • ability to add comments on file artefacts
  • support for SSL-based SMTP and LDAP servers
  • administration interace for mail server configuration
  • remote avatar (Gravatar) support for HTTPS sites
  • "views" are now "pages" and "blogs" are now "journals"
  • lots of small changes to make the interface more consistent
  • pages can now display more than one embedded video at a time
  • added a fullscreen button to the internal video player
  • added spellchecker and undo button to the WYSIWYG editor
  • spam checks now also performed on forum posts
  • support for new Youtube Iframe embed code
  • optional site-wide maximum quota
  • working start/stop overrides on pages
  • removal of the obsolete and broken Solr search plugin
  • removal of the httpswwwroot setting
  • removal of the .htaccess file

New in Mahara 1.3.6 (May 10, 2011)

  • Critical security fixes for information disclosure, privilege escalation, cross-site scripting, cross-site request forgery and HTTPS downgrade bugs.

New in Mahara 1.2.9 (May 10, 2011)

  • Critical security fixes for information disclosure, privilege escalation, cross-site scripting, cross-site request forgery, and HTTPS downgrade bugs.

New in Mahara 1.3.5 (Mar 29, 2011)

  • The bundled version of HTML Purifier was updated, fixing several security vulnerabilities.

New in Mahara 1.3.4 (Mar 25, 2011)

  • This release fixes two security bugs (an XSS and a CSRF).
  • It also includes fixes for PHP 5.3 and Leap2A, as well as an out-of-memory error in long running cron jobs.

New in Mahara 1.2.7 (Mar 25, 2011)

  • This release fixes two security bugs (an XSS and a CSRF).
  • It also has fixes for PHP 5.3 and Leap2A 2010-07 compatibility.

New in Mahara 1.3.3 (Nov 8, 2010)

  • It fixes a cross-site scripting vulnerability in the new group homepage views as well a bug with the Javascript calendar on non-English sites.

New in Mahara 1.2.5 (Jul 2, 2010)

  • A major security release of Mahara has just been released. It includes fixes for the following issues:
  • Multiple XSS issues
  • Multiple CSRF issues
  • SQL injection
  • Unsafe auth plugin options
  • XSS in HTML Purifier
  • In addition to these important security fixes, Mahara 1.2.5 includes a few bug fixes:
  • Better handling of cron events to avoid sending duplicate emails
  • Fix problems when mime_content_type() is missing
  • Improved detection of https on Windows
  • Set the correct envelope sender for emails sent on cron

New in Mahara 1.2.3 (Feb 9, 2010)

  • IE fixes
  • New authentication plugin (SAML)
  • Fixes to blog post deletion

New in Mahara 1.1.7 (Oct 29, 2009)

  • This release contains many bugfixes across areas of Mahara, in particular MNET and account login.
  • It also addresses two security vulnerabilities: one cross site scripting and one privilege escalation vulnerability.
  • Upgrading is highly recommended.

New in Mahara 1.2.0 Beta 4 (Oct 15, 2009)

  • This release includes full LEAP2A support, many theme updates and fixes, support for RTL languages, AJAX pagination on the find friends page, the ability to extract .zip, .tar.gz, and .tar.bz2 archives in the files section, and some other features.

New in Mahara 1.1.6 (Aug 4, 2009)

  • Forum e-mail notifications now have a cleaner format, and allow users to unsubscribe immediately.
  • Enforce UTF8 database upon installation.
  • Upgraded bundled XML feed reader to 1.0.3, multiple bug fixes to RSS handling.
  • Wall posts now have a configurable character limit.
  • Fixed a very slow query affecting My Groups and user profile pages.
  • Many bug fixes across all areas of Mahara.

New in Mahara 1.1.3 (Apr 22, 2009)

  • The 1.1.3 release also contains multiple minor improvements and bug fixes, course groups with membership by request, and a further security fix to the html2text library (CVE-2008-5619).

New in Mahara 1.1.2 (Mar 10, 2009)

  • This release fixes multiple XSS vulnerabilities in user profile data and blogs (CVE-2009-0660).
  • Upgrading is strongly advised. In addition, there are several minor fixes to portfolio import, HTML validation, the default theme, and the upgrade path from 1.0.
  • Support for embedding slideshare widgets was added.

New in Mahara 1.1.0 (Feb 26, 2009)

  • This release contains a raft of new features over the 1.0 series of Mahara.
  • The major ones are the ability to copy Views, many improvements to Groups, the ability to import content from other systems (such as Moodle 2.0), and user profile pages such as Views.
  • Many other smaller improvements and bugfixes have been made.

New in Mahara 1.1.0 RC2 (Feb 23, 2009)

  • This release contains a few fixes to the upgrade path found since rc1, and enables the "Register your Mahara" feature.

New in Mahara 1.1.0 RC1 (Feb 20, 2009)

  • This release contains many minor bugfixes and a "register your Mahara" feature.

New in Mahara 1.0.9 (Jan 29, 2009)

  • This release contains several small bugfixes and minor layout improvements.
  • In particular, it fixes the blank screens some people were seeing upon installation, and filters HTML that is used in the forums.
  • Upgrading is recommended.

New in Mahara 1.0.8 (Jan 7, 2009)

  • This release fixes a bug that prevented email from being sent in 1.0.7, and makes it much easier to install new language packs.

New in Mahara 1.0.7 (Dec 23, 2008)

  • This release increases the memory limit available to Mahara, adds a 'powered by mahara' icon and link to the footer, and fixes a few bugs.

New in Mahara 1.1.0 Beta 2 (Nov 11, 2008)

  • A number of bugfixes and minor features, including support for internally authenticated users to change their usernames, making Views accessible to logged-out users at a cryptic URL, embedding flash videos and Javascript from selected trusted sites, and support for public groups with forums that are visible to logged out users.

New in Mahara 1.0.6 (Nov 4, 2008)

  • This release contains two security fixes for vulnerabilities in third party libraries shipped with Mahara.
  • Upgrading is highly recommended.

New in Mahara 1.0.5 (Sep 25, 2008)

  • This release contains several bug and stability fixes over the last release, generally focused around the user authentication and MNET.