Mahara 1.7.3
3 October 2013
Mahara version 1.7.3 is now available (security release).
Upgrading to Mahara 1.7.3
Mahara 1.7.3 can be upgraded to (or installed) using any of Installatron's products. Use Installatron's optional Automatic Update feature to automatically apply Mahara updates as new versions are released, or use Installatron's Clone feature to duplicate an existing Mahara install to test the 1.7.3 upgrade prior to applying it live. Get started managing your Mahara installations with Installatron
What's New in Mahara 1.7.3
Security issues:
- Bug #1211758 Arbitrary image download
- Bug #1175446 user supplied $_SERVER['HTTP_HOST'] can be used for injections
- Bug #1233500 Not checking ownership of blocks before editing them
Other issues:
- Bug #1158625 Make profile information not avaialble for public when not shared
- Bug #1207140 The embedded iframe filter doesn't support scheme-relative URLs such as "//youtube.com" (now used in the YouTube and Vi$
- Bug #1218091 Pager in search in a block doesn't work
- Bug #1195489 After installation, make the installer "jump" to the "Continue" link at the bottom of the page
- Bug #1214647 When an auth instance is deleted, disable it as a parent authority
- Bug #1215190 LDAP support for non-standard port LDAP Urls
- Bug #1215702 Reduce false positives in syntax checker for unbracketed SQL tables
- Bug #1218684 Alt tag in the artefact chooser panel only says "Preview"
- Bug #1219499 Some RSS feed channel images are rendered too large in External feeds block
- Bug #1222368 Missing lang string for group page with clean URL
- Bug #1227372 Missing lang string for existing URL on allowed iframes
- Bug #1095208 uploading a file - "Loading" message remains
- Bug #1165592 "Cron is not running" not displayed in red anymous
- Bug #1188001 Page view throws headdata warning, if group submissions enabled
- Bug #1213908 Undefined variable $id in group/report.php
- Bug #1072972 Internal search ignores 'KATAKANA-HIRAGANA PROLONGED SOUND MARK'