Hello,

This latest release contains three security fixes that are of high or critical nature, depending on the functionality you have enabled on your site. We would like to thank the people who made responsible disclosures of these security issues to us.

A list of fixes is available on the 'Releases' page, accessible to subscribers.

Subscribers have two options for accessing the latest code.

Via Git

• 24.04.5 Git branch
• 23.04.9 Git branch - final release for Mahara 23.04

As downloadable package

The changes are also available on the 'Releases' page as downloadable packages under the heading 'Mahara download files...' in each respective release, which also includes a list of issues linked to their descriptions that have been fixed:

• 24.04.5
• 23.04.9 - final release for Mahara 23.04

If you use the download files, make sure not to download a file called 'source code'. You want to download the files that have the compiled code as only that will come with all necessary libraries and stylesheet information.

If you use a download package for Mahara 23.04.9, please make sure you select the correct one. There are different files for use on PHP 7.4 and PHP 8.1, and if you use Redis as session handler.

Update information

Please see the wiki for information on updating Mahara, based on the method you use, either via the code repository (Git) or the downloadable package.

As subscriber, we recommend you update your instance of Mahara to the latest maintenance release of the series of Mahara you are using, or if you are on an unsupported version of Mahara, upgrade to a supported one. This is the final release for Mahara 23.04.

Thank you

The Mahara team at Catalyst