Forums | Mahara Community
Security issue relating to access control in Mahara groups <15.04.9, <15.10.5, <16.04.3
08 August 2016, 5:44 PM
Access to a group's configuration page is meant to be limited to users with the "admin" role in the group. However, any user with any level of membership in the group could access the configuration page and make changes to the group's configuration.
We strongly recommend that all Mahara administrators upgrade to the latest version: 15.04.9, 15.10.5, or 16.04.3.
Edits to this post:
- Kristina Hoeppner - 07 November 2017, 12:46 PM