06 October 2025, 15:20

Hello,

This latest release contains two security fixes that are of high importance, depending on the functionality you have enabled on your site. We would like to thank the people who made responsible disclosures of these security issues to us.

A list of fixes is available on the 'Releases' page, accessible to subscribers. We provide fixes for Mahara 24.04 and Mahara 25.04.

This is the last security release for Mahara 24.04. We recommend you upgrade to Mahara 25.04 to continue receiving security updates. Alternatively, you can purchase the Extended Security Support.

Access updates

Subscribers have two options for accessing the latest code.

Via Git

• 25.04 Git branch
• 24.04 Git branch

As downloadable package

The changes are also available on the 'Releases' page as downloadable packages under the heading 'Mahara download files...' in each respective release, which also includes a list of issues linked to their descriptions that have been fixed:

• 25.04.2
• 24.04.11

If you use the download files, make sure not to download a file called 'source code'. You want to download the files that have the compiled code as only that will come with all necessary libraries and stylesheet information.

Update information

Please see the wiki for information on updating Mahara, based on the method you use, either via the code repository (Git) or the downloadable package.

As subscriber, we recommend you update your instance of Mahara to the latest maintenance release of the series of Mahara you are using, or if you are on an unsupported version of Mahara, upgrade to a supported one.

Thank you

The Mahara team at Catalyst