Forums | Mahara Community

Forums /
Security Announcements


Subscribe to this forum to be notified about security fixes.

Topic Posts Last post

Closed Security issue relating to third party library security upgrade <18.10.4 <19.04.3 <19.10.1 by Cecilia Vela

The minor point releases 19.10.1, 19.04.3 and 1...
1 12 November 2019, 3:55 PM

by Cecilia Vela

Closed Security issue relating to third party libraries security upgrades <18.04.6 <18.10.3 <19.04.2 by Cecilia Vela

The minor point releases 19.04.2, 18.10.3 and 1...
1 01 November 2019, 2:23 PM

by Cecilia Vela

Closed Security issue relating to Cross Site Scripting (XSS) <17.10.8; <18.04.4: <18.10.1 by Robert Lyon



1 30 April 2019, 7:26 PM

by Robert Lyon

Closed Security issue relating to insecure permissions <17.10.8; <18.04.4: <18.10.1 by Robert Lyon

Disable logins for everyone when root user is s...
1 30 April 2019, 7:24 PM

by Robert Lyon

Closed Security issue relating to disclosing information <17.04.8; <17.10.5: <18.04.1 by Cecilia Vela

Prevent disclosing usernames that are taken exp...
1 30 May 2018, 5:36 PM

by Cecilia Vela

Closed Security issue relating to the upload of a virus-infected file <17.04.8; <17.10.5: <18.04.1 by Cecilia Vela

Virus scanner does not check Leap2A zip files
1 30 May 2018, 5:35 PM

by Cecilia Vela

Closed Security issue relating to disclosing information <17.04.8; <17.10.5: <18.04.1 by Cecilia Vela

Prevent a back and refresh attack through the w...
1 30 May 2018, 5:31 PM

by Cecilia Vela

Closed Security issue relating to cross-site scripting <16.10.9; <17.04.7; <17.10.4 by Robert Lyon

Avoid relying on TinyMCE code stripping alone
1 06 April 2018, 11:32 AM

by Robert Lyon

Closed Security issue relating to disclosing information <16.10.7; <17.04.5; <17.10.2 by Robert Lyon

Have page forgotpass.php use captcha field (if ...
1 17 January 2018, 5:23 PM

by Robert Lyon

Closed Security issue relating to incorrect redirect <16.10.7; <17.04.5; <17.10.2 by Robert Lyon

Needing the HTTP Strict Transport Security (HST...
1 17 January 2018, 5:14 PM

by Robert Lyon

Closed Security issue relating to cross-site scripting <16.10.7; <17.04.5; <17.10.2 by Robert Lyon

Fix user input from direct POST / GET usage
1 17 January 2018, 5:09 PM

by Robert Lyon

Closed Security issue relating to XSS and saving of display name <15.04.15, <16.04.9, <16.10.6, <17.04.4 by Robert Lyon

Don't allow saving of firstname, lastname, and ...
1 30 October 2017, 2:35 PM

by Robert Lyon

Closed Security issue relating to Access control and session cookies <15.04.15, <16.04.9, <16.10.6, <17.04.4 by Robert Lyon

Old session cookies can be used to access an ac...
1 30 October 2017, 2:34 PM

by Robert Lyon

Closed Security issue relating to cross-site scripting <15.04.15; <16.04.9; <16.10.6; <17.04.4 by Robert Lyon

User's displayed title is not escaped for inter...
1 30 October 2017, 2:27 PM

by Robert Lyon

Security issue relating to cross-site scripting <15.04.14; <16.04.8; <16.10.5; <17.04.3 by Kristina Hoeppner

Mahara 15.04 before 15.04.14 and 16.04 before 1...
1 11 September 2017, 12:02 PM

by Kristina Hoeppner

Security issue logging passwords during full event logging <17.04.2, <16.10.4, <16.04.7, <15.04.13 by Robert Lyon

Recording plain text passwords in event_log tab...
1 25 May 2017, 7:11 PM

by Robert Lyon

Security issue relating to logging of passwords from Mahara Mobile by Kristina Hoeppner

Hello,
2 12 February 2017, 4:55 PM

by Kristina Hoeppner

Security issue relating to a remote code execution vulnerability in PHPMailer <15.04.11, <15.10.7, <16.04.5, <16.10.2 by Kristina Hoeppner

From PHPMailer: All addresses used by PHPMailer...
1 29 December 2016, 11:39 PM

by Kristina Hoeppner

Closed Security issue relating to Access control and password reset link <15.04.10, <15.10.6, <16.04.4 by Robert Lyon

After the password reset link is sent via email...
1 25 October 2016, 8:39 PM

by Robert Lyon

Security issue relating to access control in Mahara groups <15.04.9, <15.10.5, <16.04.3 by Aaron Wells

Access to a group's configuration page is meant...
1 08 August 2016, 5:44 PM

by Aaron Wells

Security issue relating to passwords <15.04.9, <15.10.5, <16.04.3 by Aaron Wells

Under some error logging settings, Mahara print...
1 08 August 2016, 5:40 PM

by Aaron Wells

Security issue relating to Access control and profile pictures <15.04.8, <15.10.4, <16.04.2 by Aaron Wells

When a profile picture is accessed directly by ...
1 11 July 2016, 5:13 PM

by Aaron Wells

Security issue relating to PHP injection <15.04.8, <15.10.4, <16.04.2 by Aaron Wells

When importing a Skin from an XML file, Mahara ...
1 11 July 2016, 5:10 PM

by Aaron Wells

Security issue relating to Access control and Leap2a export <15.04.8, <15.10.4, <16.04.2 by Aaron Wells

A user could in some circumstances cause anothe...
1 11 July 2016, 5:02 PM

by Aaron Wells

Security issue relating to User Authorization and expired institutions <15.04.8, <15.10.4, <16.04.2 by Aaron Wells

Some authentication methods that do not use Mah...
1 11 July 2016, 4:57 PM

by Aaron Wells

95 topics