02 July 2010, 0:36

A major security release of Mahara has just been released. It includes fixes for the following issues:

• Multiple XSS issues
• Multiple CSRF issues
• SQL injection
• Unsafe auth plugin options
• XSS in HTML Purifier

In addition to these important security fixes, Mahara 1.2.5 includes a few bug fixes:

• Better handling of cron events to avoid sending duplicate emails
• Fix problems when mime_content_type() is missing
• Improved detection of https on Windows
• Set the correct envelope sender for emails sent on cron

We strongly recommend you upgrade to Mahara 1.0.15, 1.1.9 or 1.2.5 as soon as possible.

If you find encounter any problems, please feel free to discuss this release on the forums or file a bug on the tracker.

Please note that this is the final release of the 1.0 series. No further updates will be made available after Mahara 1.0.15 and so if you are still running that version of Mahara, we recommend you upgrade to 1.2.5.