13 March 2025, 13:49

Hello,

This is a pre-announcement of a high-risk security vulnerability identified in SimpleSAMLPHP, which is used for single sign-on via SAML. We have a fix available for Mahara 24.04 for current subscribers who update their sites via Git. The issue and the merge request have information on what needs to be run once you've added the patch to your code base.

The full security maintenance release Mahara 24.04.9 will be published latest on Monday, 17 March 2025, which will also include download packages for those that don't use Git. Some more testing is necessary for the full security release that will also include a fix for a second security vulnerability.

Please keep an eye on this forum thread as we'll make the announcement about the release as quickly as we can.

Thank you

Kristina