Forums | Mahara Community
Security Announcements
/
Security issues in HTML Purifier external library in <1.6.9, <1.7.5, <1.8.2
This topic is closed. Only moderators and the group administrators can post new replies.
03 April 2014, 15:42
Mahara uses the external HTML Purifier library to protect against HTML injection attacks. HTML Purifier has released a new version, 4.6.0, which patches vulnerabilities in previous versions of the library.
Category: Injection
Severity: Medium
Versions Affected: <1.6.9, <1.7.5, <1.8.2
Reported by: Aaron Wells
Bug report: https://bugs.launchpad.net/mahara/+bug/1266976
CVE reference: CVE-2013-7414
We strongly recommend that all Mahara administrators upgrade to the latest version: 1.6.9, 1.7.5, or 1.8.2
Download links for fixed version:
- https://launchpad.net/mahara/+milestone/1.6.9
- https://launchpad.net/mahara/+milestone/1.7.5
- https://launchpad.net/mahara/+milestone/1.8.2
[Update by Kristina for adding CVE reference]
Edits to this post:
-
Kristina Hoeppner - 24 November 2014, 13:30
1 result