10 March 2009, 5:08

These releases fix multiple XSS vulnerabilities in user profile data and blogs (CVE-2009-0660, Mahara Security Announcement). Upgrading is strongly advised.

In addition, the 1.1.2 release has several minor fixes to portfolio import, html validation, default theme and the upgrade path from 1.0. Support for embedding slideshare widgets was added.

You may have noticed recently that we gained a new security forum, to which Francois Marier has posted a security bulliten for the recently discovered and fixed vulnerabilities. Francois has been drafted into the team as Security Officer, which means he's responsible for our security policy and for posting announcements about security vulnerabilities in Mahara. Previously we didn't really have a policy, which Francois was foolish enough to point out, thus his drafting . Hopefully, and I don't mean this in a bad way, we won't see too many postings from him in future!

ps: replying to this thread is fine, if you're asking a question about the release that you think others would like to know the answer to, please keep support questions to the support forum thanks