Mahara Community

Forums | Mahara Community

News /
Mahara security release: 1.9.2, 1.8.4, 1.7.7

This topic is closed. Only moderators and the group administrators can post new replies.
Robert Lyon's profile picture
Robert Lyon
Posts: 773

01 August 2014, 12:20

Hello Mahara users!

Mahara version 1.9.2 has just been released: https://launchpad.net/mahara/+milestone/1.9.2

This release includes 3 security fixes that relate to user's passwords.

There are also updates for the Mahara 1.8, and 1.7 series:

    1.8.4: https://launchpad.net/mahara/+milestone/1.8.4
    1.7.7: https://launchpad.net/mahara/+milestone/1.7.7


The main issues fixed in these releases are:

- Stopping user passwords getting logged in error logs when LDAP mis-configured and backtrace is on. If your sure uses LDAP for authentication then you will need to upgrade immediately and notify your users to change their LDAP password.

- Making sure reset password link should expire after certain amount of time.

- Other active sessions get destroyed of user changes internal password.

Special thanks for everyone who helped by reporting bugs, submitting fixes, and testing the changes!

1 result