It was reported to us that previous versions of Mahara did not check user credentials before displaying private conversations between users on the reply page.
As this vulnerability affects the privacy of all Mahara users, we strongly recommend that all Mahara administrators upgrade to the latest version.
]]>