Forums | Mahara Community
Mahara security release: 1.9.2, 1.8.4, 1.7.7
01 August 2014, 12:20 PM
Hello Mahara users!
Mahara version 1.9.2 has just been released: https://launchpad.net/mahara/+milestone/1.9.2
This release includes 3 security fixes that relate to user's passwords.
There are also updates for the Mahara 1.8, and 1.7 series:
The main issues fixed in these releases are:
- Stopping user passwords getting logged in error logs when LDAP mis-configured and backtrace is on. If your sure uses LDAP for authentication then you will need to upgrade immediately and notify your users to change their LDAP password.
- Making sure reset password link should expire after certain amount of time.
- Other active sessions get destroyed of user changes internal password.
Special thanks for everyone who helped by reporting bugs, submitting fixes, and testing the changes!