Forums | Mahara Community
Security Announcements
/
XSS exploits and escalation of privileges in Mahara before 24.04.2 and 23.04.7
09 July 2024, 7:16
Kia ora Mahara community,
We have security updates available that fix potential cross-site scripting issues and potential escalation of privileges in Mahara before 24.04.2 and 23.04.7.
Current subscribers can access the code updates and details on the issues that were fixed (see the 'Releases' page):
The changes are also available on the 'Releases' page as downloadable packages under the heading 'Mahara download files...' in each respective release. If you use the download files, make sure not to download a file called 'source code'. You want to download the files that have the compiled code.
If you use a download package for Mahara 23.04.7, please make sure you select the correct one. There are different files for use on PHP 7.4 and PHP 8.1, and if you use Redis as session handler.
As subscriber, we recommend you update your instance of Mahara to the latest maintenance release of the series of Mahara you are using, or if you are on an unsupported version of Mahara, upgrade to a supported one.
Mahara releases are available via a subscription.
Thank you
The Mahara team at Catalyst