Forums | Mahara Community
Security Announcements
/
XSS exploit in Mahara before 24.04.4, 23.04.8
10 July 2024, 16:55
Hello,
These latest releases contain an additional fix for the XSS exploit that we fixed a couple of days ago. Please work with these latest releases that current subscribers can access:
The changes are also available on the 'Releases' page as downloadable packages under the heading 'Mahara download files...' in each respective release. If you use the download files, make sure not to download a file called 'source code'. You want to download the files that have the compiled code.
If you use a download package for Mahara 23.04.8, please make sure you select the correct one. There are different files for use on PHP 7.4 and PHP 8.1, and if you use Redis as session handler.
As subscriber, we recommend you update your instance of Mahara to the latest maintenance release of the series of Mahara you are using, or if you are on an unsupported version of Mahara, upgrade to a supported one.
Mahara releases are available via a subscription.
Thank you
The Mahara team at Catalyst