Using Mahara, students and staff create their personal learning stories by uploading evidence of activities they have participated in, and embedding publicly accessible content they have previously put online. They can write reflections on their experiences that frame this evidence, map it to competencies or registration requirements, and provide necessary context.
Mahara can be used for many different portfolio purposes, such as study, professional development, work-integrated learning, assessment, showcase and presentation, and employability.
Mahara makes it easy to comment and give feedback. Portfolios can also be submitted to learning management systems via LTI (Learning Tools Interoperability) for marking.
Groups in Mahara allow people to create portfolios collaboratively and engage in forum discussions.
In our podcast 'Create. Share. Engage.' portfolio practitioners, researchers, learning designers, and portfolio authors share their journey. Learn how they navigate the many different facets of portfolios in general, and Mahara specifically.
Mahara is open source. Install it on your own server infrastructure or engage a support company to have your site maintained professionally and receive support around your portfolio project.
You can join the Mahara community to ask your questions about the software and answer other people's questions. There are many ways of contributing to the Mahara project, for example, through translations, graphic design, business analysis and usability, reporting and fixing issues, creating new features, and developing plugins.
Related to CVE 2021-29349 but is specifically looking at the random token generator
Vulnerability type: CSRF
Attack type: Physical
Impact: Information disclosure, other
Affected components: Non-cryptographically random generated tokens are too easily guessable. They should be rendered in a cryptographical way. The current function to generate random keys is not random enough.
Suggested description: Mahara before 20.10.5, 21.04.4, 21.10.2, and 22.04.0 is vulnerable to Cross Site Request Forgery (CSRF) because randomly generated tokens are too easily guessable.
Reported by: Catalyst IT
Bug report
CVE reference: CVE-2022-28892