-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathChangeLog
941 lines (892 loc) · 52.8 KB
/
ChangeLog
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
1.9.1 (2014-05-13)
- Bugs:
- Bug #1250302: A site admin who belongs to an institution with skins disabled, gets an error trying to edit site skins
- Bug #1305451: Content editor sidebar doesn't work on Chrome
- Bug #1307760: Problems saving view layout - no option selected by default
- Bug #1310761: public group and allow submissions problem
- Bug #1311876: textbox attachment chooser tabs cause the config form to shrink
- Bug #1311940: Error shown when changing your profile icon to default "Standard or external avatar"
- Bug #1315226: Can't expand "Share with other users and groups" for sharing institution pages
- Bug #1317295: Problem with pagination and plan blocks
- Bug #1318430: php max execution time needs to be increased for install
- Bug #1308479: License help not found for blocks
1.9.0 (2014-04-15)
- New Features:
- Accessibility! W3C WCAG 2.0 level AA (except for some admin pages)
- Profile completion progress bar
- Institutions can customise static pages (Dashboard, Terms & Conditions, etc)
- Institutions can customise their default language
- Support for reCAPTCHA on self-registration page
- "New user probation" system to discourage spam
- "Cookie Consent" system for compliance with the EU cookie law
- "Post now" option for forum posts, to bypass post delay
- Support for Creative Commons 4.0 licenses
- New "Feedback" block, allows placing feedback as a block intead of at the bottom of the page
- Can now show image descriptions in "Image Gallery" block
- Can specify the sort order of files in a "Folder" block
- "Folder" block can now have "Download all as zip" link
- Improvements to watchlist notifications
- Notification sent to admins when an institution reaches its allowed member limit
- "New group page" notification
- Elasticsearch shows forum post dates in search results
- Elasticsearch plugin now works with MySQL
- API: Blocks can provide a custom stylesheet
- API: Themes can disable Page Skins
-
- Security bugs:
- Security Bug #1266976: Update to HTMLPurifier 4.6.0
- Security Bug #1284876: Suspended users can log in via password reset email
-
- Other bugs:
- Bug #778254: Split multiple user activity notifications into chunks
- Bug #1058416: Copying page in a collection only gives "untitled" title for clean URLs
- Bug #1081947: Use of CAST() causes extreme slowdown in large MySQL sites
- Bug #1237198: Make Elasticsearch plugin work with MySQL
- Bug #1239271: Skin description is not displayed
- Bug #1247715: Upgrade to 1.8.0 fails - can't connect to mysql
- Bug #1248307: Content chooser panel doesn't work on tablet
- Bug #1249123: Users who are in "No Institution" can't use skins
- Bug #1249858: Mahara can't figure out mime types because of a finfo() bug
- Bug #1252497: editing a skin deletes the creation time from db
- Bug #1254394: Can't change auth method on /admin/users/edit.php
- Bug #1256118: elasticsearch install hangs if ElasticSearch Server not running
- Bug #1257953: public group forum info do not show up in elasticsearch
- Bug #1259359: Use of tabindex is confusing for screen readers
- Bug #1259378: Profile pictures have inconsistent alt text
- Bug #1259393: Required form fields are not obvious to screen readers
- Bug #1259397: Dropdown navigation is not accessible
- Bug #1259408: The status of notifications in "Recent Activity" is not accessible to screen readers
- Bug #1262867: Site search box does not have a label
- Bug #1262870: Textarea for posting to a user's wall does not have a label
- Bug #1262933: Drag-and-drop page editor is not keyboard-accessible
- Bug #1264105: Problem with deleting skins that are attached to a portfolio page
- Bug #1265049: forum post notifications have escaped <br> in message in inbox
- Bug #1265629: elasticsearch setup by mahara causes Elasticsearch Server status to go from green to yellow
- Bug #1266317: Institution/group ownership of custom flexible layouts
- Bug #1267668: Add a "Cookie Consent" link to the Admin Home page.
- Bug #1268788: mobile_api_json_reply sends extra stuff at the top, making it invalid json
- Bug #1270752: "shared with me" pagination fails with IE 9
- Bug #1270846: no message when incorrect username entered
- Bug #1270987: Modal dialogs are not accessible
- Bug #1271301: Search and filter forms need labels
- Bug #1273492: Group members list cannot be sorted when using elasticsearch
- Bug #1275995: Navigation and tabs are broken in IE11
- Bug #1278013: LDAP sync enter list of groups
- Bug #1278428: No groups and group files visible although there must be many in 1.8.1
- Bug #1279468: Error with saving extensions - > artefact -> file configuration
- Bug #1279523: "Use content from another text box" stops working if pagination is used
- Bug #1279530: Attachments section for Text box blocks is not accessible
- Bug #1281787: Artefacts not locked in in submitted view
- Bug #1283869: page editor adds blank block and screen goes black
- Bug #1284878: external feed rss not updating
- Bug #1287350: New Google Drive URL
- Bug #1287922: error when deleting a journal entry
- Bug #1288490: upgrade from 1.8 error
- Bug #1288542: Can't open feedback form when HTML editor is turned off
- Bug #1290156: spelling mistake in view/index.php 'offest'
- Bug #1290649: fonts not working under https
- Bug #1292303: Clicking 'All' and 'None' does not work in 'User search' page
- Bug #1293803: Adding an profile picture as a background image for a skin causes errors
- Bug #1296915: settings page error Undefined index: licensedefault
- Bug #1297510: Deleting fonts causes 'Invalid Parameter' error:
- Bug #1298717: Saving a customised color in a skin does not work
- Bug #1300741: installation doesn't save email address
- Bug #1302251: MS Office files being seen as zip archives
- Bug #1305275: custom theme goes white on save:
- Bug #1305308: Site admin should not add background images to site skins
- Bug #1305361: Pages are not displayed in many themes except 'default'
- Bug #1305451: Content editor sidebar doesn't work on Chrome
- Bug #1305481: Adding content to page buggy on Firefox
- Bug #1306365: when copy page the originators profile picture carries over
- Bug #661602: Dates on external feed entries are not shown
- Bug #974855: "Generate sitemap" option has empty help file
- Bug #993676: Members did not show up in second search if the first search found no results
- Bug #1013022: Wishlist : enabling to download an entire folder
- Bug #1051500: Warning message before deleting journal
- Bug #1053708: A full list of Pages don't show up
- Bug #1058850: Warning when editing note that all instances are changed
- Bug #1064780: Default journal of a Persona auth account doesn't have user's name
- Bug #1070046: select query uses more than MAX_JOIN_SIZE on mysql:
- Bug #1085744: Could not remove tags with special characters
- Bug #1086569: Lang string misleading when inst. staff doesn't have stats access
- Bug #1089136: "Add me as friend" results in error message
- Bug #1099811: group files error after upgrade
- Bug #1145156: Improve resume usability
- Bug #1174623: Correct schema drift during 1.0 -> 1.8 upgrades
- Bug #1187212: Handle timezone mismatch between webserver and DB (MySQL) server
- Bug #1224750: Site files located in a subfolder cannot be accessed by normal users
- Bug #1237177: Elastic Search does not find media in a group
- Bug #1239928: Prezi doesn't load
- Bug #1240244: Deleting an image used for a skin should give a popup warning
- Bug #1242220: Show file description on Leap2a import screen
- Bug #1245638: elasticsearch 'textbox' results should be under text rather than media
- Bug #1246576: Upgrade MobileDetect library to 2.7.1
- Bug #1246580: Upgrade PHPMailer to 5.2.7
- Bug #1247722: Update PEAR libraries for 1.9.0
- Bug #1252885: Hide suspended users' pages from the "Latest Pages" block
- Bug #1254396: Skins description textbox should be expandable
- Bug #1255361: Error adding files to Institution pages
- Bug #1255378: Fill in the missing "key_exists()" method in ddl.php
- Bug #1255780: copying collection needs to sort table by collection
- Bug #1258970: "Menu" is hardcoded when viewed on small device
- Bug #1259372: "Edit Access" image has missing string for alt text
- Bug #1259373: HTML editor is not disabled when leaving feedback
- Bug #1259377: Explanation when there are no tasks in a plan is unclear
- Bug #1259379: Delete buttons need a descriptive (and consistent) value
- Bug #1259387: Tabs should include textual information to show their state
- Bug #1259388: Input help text should be linked using ARIA
- Bug #1259394: Help links in forms are not keyboard-accessible
- Bug #1259395: HTML lang attribute is not specified
- Bug #1259405: Screen readers are confused by Unsubscribe button in forums
- Bug #1259409: "Delete" and "Mark Read" checkboxes in Inbox need labels
- Bug #1259411: Table headers in Inbox are not read properly by screen readers
- Bug #1259685: Datepicker is not accessible to screen readers
- Bug #1259746: Username links are not always read out when using a screen reader
- Bug #1259764: Feedback form should use focus management
- Bug #1261239: Expanders in forms should use focus management
- Bug #1261610: JSDetector adds output to command-line scripts
- Bug #1261694: remember the limit parameter on view pages
- Bug #1262483: Forms should consistently have errors above the top-level heading
- Bug #1262903: The alt text of icons in the file browser should be changed
- Bug #1262904: Files cannot be moved from one folder to another without using the mouse
- Bug #1262918: Add/Edit buttons in Resume should use focus management
- Bug #1262932: Bad data in the DB can cause the schema correction SQL to throw a fatal error
- Bug #1263440: Improve lang strings for Cookie Consent
- Bug #1264014: Collection Navigation should be a list not a table
- Bug #1264429: Set up an institution_config table for configuring institutions
- Bug #1265086: "Completed" column for tasks is unclear for screen reader users
- Bug #1265102: Focus is not visually apparent when tabbing through the page
- Bug #1265104: spelling mistake in additionalhtmlfooter config variable
- Bug #1265696: Can't edit access to profile after "Logged-in profile access" turned on
- Bug #1265982: Add Creative Commons 4.0 as licence types to CC block
- Bug #1266923: Focus should be set to search results if they are loaded with AJAX
- Bug #1266934: Institution option for dropdown menus should take precedence over site option
- Bug #1267311: Elasticsearch page doesn't have textual description of tab state
- Bug #1267861: Page shared to group: notification to page owner
- Bug #1268746: Squelch PHP 5.4+ strict standards errors
- Bug #1271779: Resume layout on mobile devices
- Bug #1272297: Authentication plugin up/down and delete links should be buttons
- Bug #1273448: "Attachments" icon in Resume needs alt text
- Bug #1273841: Specific form errors should be linked with ARIA
- Bug #1273937: Skins form needs to use label elements
- Bug #1274083: View an artefact with related skin or theme
- Bug #1275481: Dwoo doesn't support Smarty's nl2br syntax
- Bug #1276397: Edit and delete buttons need descriptive alt text
- Bug #1277276: Results per page combobox needs a label
- Bug #1277290: Resume attachments form element should be made accessible
- Bug #1277297: Radio buttons in email selector need labels
- Bug #1278198: Close button in homepage information should be made accessible
- Bug #1278202: Skin previews need descriptive alt text
- Bug #1278216: Checkboxes when editing permissions for a page need labels
- Bug #1278238: Radio buttons used when importing need labels
- Bug #1278667: Two error messages when uploading files without accepting upload agreement
- Bug #1279943: Textbox attachments not showing on htdocs/view/artefact.php page
- Bug #1280009: Skin edit form should use responsive tabs
- Bug #1281877: Colour contrast needs to be improved for accessibility (default theme)
- Bug #1282214: Move "Edit site pages" under institution menu
- Bug #1282219: Rename "Edit site pages" to "General pages" to "Static pages"
- Bug #1283839: institution general pages not set as site default on upgrade
- Bug #1284869: Suspended user login attempts show up in "Online Users" list
- Bug #1286941: double call of language_select_form()
- Bug #1287262: unable to create group home page
- Bug #1300289: commentlist shows logged in user's icon for anonymous comments
- Bug #1307240: on delete of font alert if being used
- Bug #1307294: Disable self-registration by default
- Bug #609167: Add group categories default action is page submit, not add
- Bug #620161: Distinction between Name and Profile not clear
- Bug #633658: Shouldn't viewing and downloading files have the same process?
- Bug #646691: Blog account settings still available when blog disabled
- Bug #707161: opensslcnf not set (on rhel at least)
- Bug #731062: Feedback ratings are not exportable
- Bug #731647: Ignore duplicates in CSV upload
- Bug #746418: Institution authentication plugin option doesn't exist when creating new institution
- Bug #852304: Sending a friend request should return you to the page you were previously on
- Bug #892684: Remove the Contact Info block
- Bug #898470: Inconsistent "required field" behavior on institution membership page
- Bug #995761: Use the same paginator throughout
- Bug #996337: Forum post delay setting only sticks after you clicked "Save"
- Bug #1034213: When editing the group editablity times with a end date before the start date both dates are greyed out after validation
- Bug #1047481: Groups menu 'I want to join' - improvement
- Bug #1053223: Publish/Unpublish a journal's entry should change the background
- Bug #1064219: "Add page to watchlist" not clear on artefact page
- Bug #1067550: /admin/users/bulk.php shows submit button for changing auth method even if only 1 auth method
- Bug #1067724: Unable to read language directory
- Bug #1075760: reporting objectional material with no message doesn't get sent to admin with digest emails
- Bug #1115638: Empty masquerading report needs "none found" type string
- Bug #1195120: Delete superflous fullstop on /admin/groups/uploadcsv.php
- Bug #1196213: Linking of tags in tag search
- Bug #1203082: Change password warning contains escaped html
- Bug #1212541: GoogleSpell has been discontinued -- remove it from TinyMCE spellchecker
- Bug #1220410: MNet with port number requires port to be in wwwroot
- Bug #1220943: Warning when creating a new auth instance in 1.8dev
- Bug #1231920: Duplicate tags in page creation gives error message
- Bug #1240306: Styling error on add user page if there's a very long institution name
- Bug #1246024: error message disappears too fast
- Bug #1246573: Upgrade htmlpurifier to 4.5.0
- Bug #1246933: image slider display error
- Bug #1247729: Elastic Search: Set the second column to sort by to score
- Bug #1247729: Elastic Search: Set the second column to sort by to score
- Bug #1250235: View gives error if user could make skins then had option revoked
- Bug #1250239: Saving 'no institution' institution gives errors
- Bug #1250256: Support for changing the session directory
- Bug #1251089: Invalid value for licensedefault
- Bug #1253462: Undefined property: stdClass::$urlid after doing feedback
- Bug #1253835: Make profile page tabs design responsive
- Bug #1259366: Title of 'Tasks' page should be capitalised
- Bug #1259401: Dashboard info (Create and Collect, ...) is hard to understand when using a screen reader
- Bug #1259402: "Learn more" link when posting on a Wall is not descriptive
- Bug #1259689: Skin metadata lightbox is not keyboard-accessible
- Bug #1259757: Gender radio buttons need descriptive labels
- Bug #1261231: Allow a VERP "bounceprefix" that's not exactly 4 characters
- Bug #1261233: Allow a VERP "bounces_ratio" of 0
- Bug #1262487: Row headers in "Edit Access" table are confusing for screen reader users
- Bug #1262490: Add buttons in "Edit Access" should have more descriptive text
- Bug #1262899: Add buttons in "Edit Access" should move focus to the inserted row
- Bug #1262911: In-page tabs should use focus management
- Bug #1265061: Add support for regional languages to TinyMCE language detection
- Bug #1265088: Description of dual listbox (in Admin) is unclear to screen reader users
- Bug #1265091: Pieforms date elements should have "Not specified" before the date picker
- Bug #1265098: Register site page title should be more descriptive
- Bug #1265099: Some form elements in Administration area need labels
- Bug #1265101: License icons need alt text
- Bug #1266300: hover over unselected tabs in admin -> users ->reports not showing pointer cursor
- Bug #1266624: When using small headers, action buttons break the logical ordering of the page
- Bug #1267240: Clicking on new change layout icon needs to warn if navigating away without saving
- Bug #1267296: Focus should be set to search results if loaded with AJAX (Administration)
- Bug #1267633: It's confusing to hide the "copy for new users" site page access option
- Bug #1271391: focus on help box close button in chromium has gap
- Bug #1275617: Allow CLI api to specify exit code
- Bug #1279529: All attachments tables should be collapsable
- Bug #1281121: Method view_has_token uses uninitialized variable
- Bug #1282872: Top right "Settings" image should not have alt text
- Bug #1285414: User search column headers should include text to explain sort order
- Bug #1285890: Set focus to new row when adding a group category
- Bug #1285892: Title of "Group categories" page should be made more descriptive
- Bug #1290672: PluginArtefactResume should extend PluginArtefact
- Bug #1297516: Font preview page did NOT display properly
- Bug #1298129: Multicolumntable pieform help is broken
- Bug #1298671: The link in the skin thumbnail header should be not displayed in Chromium
- Bug #1301096: Eliminate redundant &obsolete get_mime_type() function
- Bug #817372: Override forum post delay for individual groups and/or forums
- Bug #817373: Add ability to 'send now' on a forum post
- Bug #833867: Add "Show Description" to Image Gallery
- Bug #1027260: Warning when deleting a page that is used in a collection
- Bug #1041228: Improve watchlist notifications
- Bug #1204699: Mahara does not notify administrators if institutional membership is full
- Bug #1223069: Site files accessible in "Links and resources" sidebar
- Bug #1233896: Sort files in the "Folder" block
- Bug #1237013: Allow theme to turn off skins
- Bug #1245679: Place feedback for a view in a block rather at base of page
- Bug #1246547: Give a different error message for an expired registration key than for an invalid registration key
- Bug #1248318: Allow $SESSION messages to be displayed in alternative places
- Bug #1252098: Wishlist: reCAPTCHA support
- Bug #1252101: Wishlist: Prevent new users from taking spammy actions
- Bug #1254299: Institutional Specific Dashboard
- Bug #1258130: Directive on Privacy and Electronic Communications
- Bug #1259538: "Progress bar" based on Institution selected preferences
- Bug #1259741: "Jump to Content" link should be included for screen reader users
- Bug #1259773: Having group links as a bulleted list in sidebar is confusing for screen reader users
- Bug #1262477: First column in Inbox should have a hidden header
- Bug #1266320: Feature request: Institution-specific default languages
- Bug #1266907: Edit/Add License page titles should be more descriptive
- Bug #1272240: New group page notification
- Bug #1273542: Add Creative Commons 4.0 as licence types to the admin-controlled licenses
- Bug #1273931: It is impossible to add custom CSS for blocks
- Bug #1281364: Let users from controlled-registration institutions delete their accounts
- Bug #1281847: Elasticsearch: Show forum post dates in search results
1.8.2 (2014-04-03)
- Bug 1239461: External feed has duplicate rows causing problems
- Bug 1249858: Mahara can't figure out mime types because of a finfo() bug
- Bug 1256118: elasticsearch install hangs if ElasticSearch Server not running
- Bug 1257953: public group forum info do not show up in elasticsearch
- Bug 1262050: Same profile picture used on "Shared with me"
- Bug 1264105: Problem with deleting skins that are attached to a portfolio page
- Bug 1265049: forum post notifications have escaped <br> in message in inbox
- Bug 1266317: Institution/group ownership of custom flexible layouts
- Bug 1266976: Update to HTMLPurifier 4.6.0
- Bug 1268788: mobile_api_json_reply sends extra stuff at the top, making it invalid json
- Bug 1270752: "shared with me" pagination fails with IE 9
- Bug 1284876: Suspended users can log in via password reset email
- Bug 1284878: external feed rss not updating
- Bug 1287350: New Google Drive URL
- Bug 1290649: fonts not working under https
- Bug 1064780: Default journal of a Persona auth account doesn't have user's name
- Bug 1070046: select query uses more than MAX_JOIN_SIZE on mysql
- Bug 1086569: Lang string misleading when inst. staff doesn't have stats access
- Bug 1099811: group files error after upgrade
- Bug 1239928: Prezi doesn't load
- Bug 1259377: Explanation when there are no tasks in a plan is unclear
- Bug 1262932: Bad data in the DB can cause the schema correction SQL to throw a fatal error
- Bug 1278667: Two error messages when uploading files without accepting upload agreement
- Bug 1284869: Suspended user login attempts show up in "Online Users" list
- Bug 1287262: unable to create group home page
- Bug 1064219: "Add page to watchlist" not clear on artefact page
- Bug 1067724: Unable to read language directory
- Bug 1195120: Delete superflous fullstop on /admin/groups/uploadcsv.php
- Bug 1203082: Change password warning contains escaped html
- Bug 1231920: Duplicate tags in page creation gives error message
- Bug 1253462: Undefined property: stdClass::$urlid after doing feedback
- Bug 1267240: Clicking on new change layout icon needs to warn if navigating away without saving
1.8.1 (2013-12-18)
- Bug 1247715: MySQLi driver errors out with non-default port number
- Bug 1246024: Error message fading too fast to read
- Bug 1053708: Problems when changing the page size in the paginator
- Bug 1058416: Properly setting the clean URL for copied pages
- Bug 1255361: Error when a site admin tries to attach a file to an institution page
- Bug 1250239: Errors while changing settings for "No Institution"
- Bug 996337: Forum post delay not properly displayed
- Bug 974855: Missing help file for "generate sitemap" option
- Bug 1248307: When device detection is on, show radio button
- Bug 1254394: User auth method can't be changed
- Bug 1255378: Fill in missing "find_key-name()" method implementation
- Bug 1081947: Removing usage of CAST() for MySQL optimization
- Bug 1174623: Sites upgraded from 1.0 missing some keys and indexes
- Bug 1067550: On bulk user edit page, don't show "change auth" if there's only 1 auth
- Bug 1075760: Empty objectionable material reports not included in digest emails
- Bug 1196213: On "my tags" page, tags not linked for most users
- Bug 1237177: Elasticsearch: not including group content
- Bug 1245638: Elasticsearch: Textboxes should be indexed as text rather than media
- Bug 1247729: Elasticsearch: Set 2nd column to sort by score/relevance
- Bug 1252497: Skins: creation date overwritten on edit
- Bug 1249123: Skins: Allow to specify where "No Institution" should allow skins
- Bug 1239271: Skins: description not displayed
-
1.8.0 (2013-10-24)
- New features:
-- Turned the block chooser vertical and scrolling, to accomodate longer Pages
-- The Image block and Text Box block are now conveniently at the top of the block chooser
-- Page layouts can now have rows as well as columns
-- Users can import leap2a files into their existing Mahara account
-- PDF block allows PDFs to be viewed inline in a Page
-- Resume elements can have attachments
-- Notes (and text box blocks) can have attachments
-- Users are notified when they try to navigate away from a page with unsaved changes
-- Many more types of user content can have tags
-- Resume entries for electronic publications can now be hotlinks
-- Drag-and-drop to upload files
-- Page skins, which give individual users the ability to change the CSS of their Pages
-- Admins can search for users with duplicate email addresses
-- Admins can filter user search by auth method
-- Elasticsearch search plugin
-- "Additional HTML" config option for things such as Google Analytics
-- A cron job in the LDAP auth plugin to synchronize Mahara accounts with LDAP
- Security Bug #1034180: A group member with no access rights to folder can still view it
- Security Bug #1236636: Can attach other users' Folders to your Image Gallery block
- Bug #1180625: Update ADOdb library to version 5.18
- Bug #1187964: Use adodb "mysqli" instead of "mysql"
- Bug #1180624: Add support for SQL temp tables
- Bug #1184450: Add mysql collation mode to pre-install sanity check
- Bug #1235305: Image slideshow fails first time when selecting 'Style: Slideshow'
- Bug #1045563: Email address in the 'Required profile fields' form must be validated
- Bug #1097565: Automatic account expiry doesn't happen
- Bug #1140836: 'Max. items per page' doesn't work for group pages
- Bug #1160093: Don't display a remote username on /admin/users/edit.php if no remote username exists
- Bug #1187963: Updating group members by CSV caused existing group admins removed
- Bug #1211621: Centralized license and copyright info from file headers into README
- Bug #1214124: Improve stylesheet cacheing
- Bug #1239539: Registration: Force Terms and Conditions - error text
- Bug #993676: Members did not show up in second search if the first search found no results
- Bug #1046114: Errors when adding new institution members
- Bug #1127801: consecutive deleted forum posts for same user should be grouped
- Bug #1158086: Forum: error after deleting a post that is the child of another deleted post
- Bug #1187571: Updating groups by CSV caused 'Not found' page
- Bug #1193757: Institution admin needs tob e able to change auth method "No institution" to one of their own
- Bug #1203965: Increase number of characters in collection tabs
- Bug #1204309: Edit forum post error if parent is deleted
- Bug #1220639: mp4 file has wrong icon
- Bug #1223063: Deleting display name does not remove it
- Bug #1234487: Put the system requirements for each Mahara release into README
- Bug #1238407: Mahara 1.0 upgrade path depends on no-longer-supported "ENGINE=INNODB"
- Bug #1240746: Plans page displaying 1 block of text when I used 3 paragraphs
- Bug #1242263: Switch suspension reason and "Suspend" button around
- Bug #703980: personal information pulled into add resume even if there is nothing in it
- Bug #959926: No warning when deleting a profile picture that is used in a portfolio page
- Bug #1017281: The pagination drop down shows when less than 10 entries on the page.
- Bug #1078591: ClamAV path missing/not detected. No option to provide path to Clamav
- Bug #1114790: masqueradingreasonrequireddescription string is misleading about settings
- Bug #1165300: Year not shown for post dates on "Topics"
- Bug #1166578: auth/session.php incorrectly multiplies $cfg->session_timeout by 60
- Bug #1168422: clamdscan permission issues
- Bug #1182649: uploading multiple files - only last one gets marked complete
- Bug #1191605: blocktype/externalfeed/lib.php throws array_chunk errors
- Bug #1201052: Notification to anonymous user when comment was submitted
- Bug #1201055: Change lang string for updated comments when moderation is turned on
- Bug #1208287: Clarify error message in Mahara syntax checker about table names with {}
- Bug #1211161: Creating a new group with cleanurls active, throws a warning
- Bug #1220108: 'usersuniquebyusername' config option not in lib/config-defaults.php
- Bug #1222200: Make the masquerade "Log in anyway" link more noticeable to admins
- Bug #1230044: Wording in password reset phrase in English
- Bug #547386: Linking to electronic publications
- Bug #680710: Revive the Solr plugin using elasticsearch
- Bug #1036556: Embed PDF
- Bug #1046750: Show more of the file name
- Bug #1050297: drag & drop content from desktop
- Bug #1073625: Add additional html interface
- Bug #1083263: Filter by auth method in "User search"
- Bug #1103942: Allow uploading attachments to Resume composites
- Bug #1117237: Allow uploading attachments to Textboxes/Notes
- Bug #1166499: Filter out accounts with duplicate email address
- Bug #1168213: Wishlist/Feature Request: Customise page themes (skins)
- Bug #1180622: Integrate Patrick Pollet's ldap sync plugin into the core auth/ldap plugin
- Bug #1180997: Add tagging feature for all user's content
- Bug #1182739: Display a warning message when navigating away without saving
- Bug #1183612: Make it easier to change a user's profile picture
- Bug #1185209: Allow existing users to import LEAP2A content into their portfolio
- Bug #1190720: Edit access page needs default share with text
- Bug #1194672: Drop-down navigation option be overridden at institutional level
- Bug #1197154: Hide or move the "Retractable" and "Automatically retract" controls for blocks
- Bug #1201258: artefact chooser panel
- Bug #1193936: License info is NOT updated when using content from other text boxes
- Bug #1235813: "Your entire resume" should be "My entire resume"
- Bug #959926: No warning when deleting a profile picture that is used in a portfolio page
1.7.3 (2013-10-03)
- Bug #1211758 Security bug: Arbitrary image download
- Bug #1175446 Security bug: user supplied $_SERVER['HTTP_HOST'] can be used for injections
- Bug #1233500 Security bug: Not checking ownership of blocks before editing them
- Bug #1158625 Make profile information not avaialble for public when not shared
- Bug #1207140 The embedded iframe filter doesn't support scheme-relative URLs such as "//youtube.com" (now used in the YouTube and Vi$
- Bug #1218091 Pager in search in a block doesn't work
- Bug #1195489 After installation, make the installer "jump" to the "Continue" link at the bottom of the page
- Bug #1214647 When an auth instance is deleted, disable it as a parent authority
- Bug #1215190 LDAP support for non-standard port LDAP Urls
- Bug #1215702 Reduce false positives in syntax checker for unbracketed SQL tables
- Bug #1218684 Alt tag in the artefact chooser panel only says "Preview"
- Bug #1219499 Some RSS feed channel images are rendered too large in External feeds block
- Bug #1222368 Missing lang string for group page with clean URL
- Bug #1227372 Missing lang string for existing URL on allowed iframes
- Bug #1095208 uploading a file - "Loading" message remains
- Bug #1165592 "Cron is not running" not displayed in red anymous
- Bug #1188001 Page view throws headdata warning, if group submissions enabled
- Bug #1213908 Undefined variable $id in group/report.php
- Bug #1072972 Internal search ignores 'KATAKANA-HIRAGANA PROLONGED SOUND MARK'
1.7.2 (2013-07-25)
- Bug #1177187: program code error when create new rss feed in mahara 1.7.1
- Bug #1130990: creating a journal with licence requirements on causes errors
- Bug #1132660: "invite user to group" form on user profile page throws headdata error
- Bug #1166879: Multiple blogs parameter uncheck when profile is updated
- Bug #1171310: Can bypass comment moderation by editing a comment
- Bug #1180194: Changing the auth method requires info about remoteuser getting lost
- Bug #1180243: Installation hangs with "Mahara requires InnoDB tables" on mysql 5.6
- Bug #1190186: Masquerading sessions report fails if database tables have prefix
- Bug #1191453: Don't show password in cleartext
- Bug #1171365: Resume: Let user set gender to "unspecified"
- Bug #1179299: "Other (enter URL" not translatable for license
- Bug #1180263: Help not shown in edit note/text box form
- Bug #1185661: HTML export doesn't list Pages on the index page
- Bug #1195269: Resume "birthdate" field, if empty auto-fills to 1 Jan 1970
- Bug #1150831: Trailing slash missing in directory URL
1.7.1 (2013-05-02)
- Bug #1171714: Bug that can cause RSS feeds to be randomly copied between users
- Bug #1016253: Don't include RSS block passwords in Leap2A archives
- Bug #1016253: Fix terminal error when there's a mistake in an authenticated RSS feed
- Bug #1016253: Don't send RSS block passwords to the browser in plain text
- Bug #1172096: If the URL of an RSS feed block is changed, force password re-entry
- Bug #1088609: Fix moderation of anonymous comments
- Bug #1170587: Potential artefacts installation issue
- Bug #1171641: Correct license code's support for $cfg->dbprefix
- Bug #1168617: Add missing tooltip text to group admin page
- Bug #1165587: Updating YouTube favicon for externalmedia block
- Bug #788882: Fix decompression of ZIP files containing subdirectories
- Bug #1173440: Address bug in group edit form when cleanurls toggled on & off
- Bug #1051792: Fix a warning when uploading users via CSV
- Bug #1101984: Make filebrowser error messages have a red background
- Bug #1174540: Fix warnings when licenses are disabled
- Bug #1039865: Remove explicit CAST to improve MySQL performance during upgrade
-
1.7.1 (2013-05-02)
- Bug #1171714: Bug that can cause RSS feeds to be randomly copied between users
- Bug #1016253: Don't include RSS block passwords in Leap2A archives
- Bug #1016253: Fix terminal error when there's a mistake in an authenticated RSS feed
- Bug #1016253: Don't send RSS block passwords to the browser in plain text
- Bug #1172096: If the URL of an RSS feed block is changed, force password re-entry
- Bug #1088609: Fix moderation of anonymous comments
- Bug #1170587: Potential artefacts installation issue
- Bug #1171641: Correct license code's support for $cfg->dbprefix
- Bug #1168617: Add missing tooltip text to group admin page
- Bug #1165587: Updating YouTube favicon for externalmedia block
- Bug #788882: Fix decompression of ZIP files containing subdirectories
- Bug #1173440: Address bug in group edit form when cleanurls toggled on & off
- Bug #1051792: Fix a warning when uploading users via CSV
- Bug #1101984: Make filebrowser error messages have a red background
- Bug #1174540: Fix warnings when licenses are disabled
-
1.7.0 (2013-04-19)
- Bug 1100187: First option under "manage institutions", institution is not capitalised
- Bug 1100024: Relocate "Shared pages" menu item
- Bug 1095499: License metadata for every artefact
- Bug 1085566: Add logged in filter to admin search
- Bug 1081194: Add 'groups I can join' to groups search condition and make it default
- Bug 1051868: Add support for "retractable" blocks
- Bug 1040337: Upgraded TinyMCE to 3.5.8
- Bug 1033070: Increase limit on group members block
- Bug 1027574: Improve logging of what admins do while masqueraded
- Bug 939299: Display more collections on the overview page
- Bug 1100030: Take out word-break in the CSS
- Bug 1057259: Add year to forum post dates
- Bug 1051497: Correct word spacing between posts and entries on journal page
- Bug 1050655: forum post notification subject should be the post subject not the topic subject
- Bug 1021653: Ensure length of input fields is sufficient for required data
- Bug 1006706: Missing lang strings in view/urls.php
- Bug 952625: Pending registrations have an unreasonable expiry time
- Bug 920263: Make "Institution expiry date" column not be in italics
- Bug 913320: Separate "Suspend / delete user" on /admin/users/edit.php
- Bug 1100104: Account deleted notice to include contact information
- Bug 1100066: dwoo function str doesn't take extra arguments that are "0"
- Bug 1073136: Fix ordering of forums when there are more than 10 forums
- Bug 1072850: Facebook doesn't pick up Mahara's Facebook logo
- Bug 1069811: Quota exceeded message for groups
- Bug 1069664: "Text on background" does not change for top right-hand corner in configurable theme
- Bug 1068962: "Delete users" button should be red on /admin/users/suspended.php
- Bug 1051529: Activating spellchecker brings up warning
- Bug 1046617: hard-coded plural logic on /group/find.php
- Bug 1023834: Refactor login form elements code duplication
- Bug 1154928: Warning when adding a new user or add users via CSV
- Bug 1145178: Warning after installing other language packs
- Bug 1095834: Wrong result when searching for the special string: '0'
- Bug 1089730: Plain editor not available in Resume area instead of WYSIWYG editor
- Bug 1081309: export fails if files missing from dataroot
- Bug 1079451: split function is deprecated but still used
- Bug 1074974: WMV files are not recognized by Internal Media block when uploaded directly in the block
- Bug 1072967: Add user-unique message IDs to forum emails
- Bug 1069274: "Allow copying" is not shown on the institution and site access list
- Bug 1068952: Update of user information brings warnings
- Bug 1056544: The number of topics on /interaction/forum/view.php doesn't count the sticky topics
- Bug 1111066: define('CLI') should bypass auth_setup() in init.php
- Bug 1091506: Allowed iframe sources page doesn't allow sideblocks
- Bug 1091504: Suspended and expired users page is not displayed as selected in menu
- Bug 1031560: json_headers change to use application/json
- Bug 1046647: Warnings when access "Group files" tab
- Bug 1046641: "Group files" tab does not show up until the user re-login.
- Bug 900983: Notification after user has been masqueraded
1.6.4 (2013-04-15)
- Bug #1153423 Stored XSS in TinyMCE editor
- Bug #1141446 Google presentation embed code doesn't work
1.6.3 (2013-02-15)
- Bug #1082416 XMLRPC with Firefox 17.0 not possible
- Bug #1091764 Cross site Scripting(XSS) Vulnerability in notes page
- Bug #1103748 included flowplayer 3.2.7 is vulnerable
- Bug #1113180 Delete Wall Post Throws 404 Error
- Bug #1115832 collection navigation links break after "show more" with cleanurls
- Bug #1089282 Pagination links are broken due to encoding of encoded ampersands
- Bug #1090203 Double encoding of & in 'url' for pagination causes pagination links to be broken
- Bug #1085569 Link to user profile takes on comment ID
- Bug #1097788 forum next page link
-
1.6.2 (2012-11-23)
- Bug #1079498: Fix XSS in pagination URL
- Fix the rss image exceptions preventing updating (Bug #1081431)
- Check originals directory before iterator in upgrade (Bug #1080498)
- Fix mnet jump-back link regression (Bug #1079260)
- Escape table names in profile image query (Bug #1077013)
-
1.6.1 (2012-10-24)
- Fix regression with mobile upload token (Bug #1057878)
-
1.6.0 (2012-10-19)
- A new "responsive theme", designed to work fluidly on many screen sizes; especially mobile devices
- Members of multiple institutions can decide which theme to use
- Basic support for theming logged-out users
- Option for images to be resized at upload time
- Ability to add journal entries directly from a page
- Tagged journal entries block can show full entries
- Collections can be submitted to groups
- Mobile uploads support multiple devices
- Mobile API support for journal entries and attaching files to journal entries
- Mobile API support for syncing messages, tags, files, and journals
- Breadcrumbs in small headers are visible at all times
- New "Unpublish" button for journal entries
- Optional "Clean URLs" for user profiles, portfolio page, groups and group pages with support for subdomains
- More sorting options on member's listing in a group
- Collections are available for groups, institutions and on the site level
- Group information expanded to include number of forums, topics and posts
- Group admins can enable and view participation reports within groups
- Editability of group content can be limited with a start and end time
- Pagination for forum topics
- Statistics for institutions and more statistics at the site level
- Cron error message appears red for visibility
- Option to add institution staff rights during registration approval
- Configurable SafeIframe site list
- Option to allow self registration process for users authenticating via Persona
- Cron can poll an imap inbox for mail bounces
- Option to allow local customisation of "Edit site pages" list
- "User search" in the admin area links to profile pages
-
1.6rc1 (2012-09-17)
-
- First Release Candidate for 1.6.0
1.5.2 (2012-07-31)
- Logged-in user's name unescaped in top right header
- BrowserID changed login URL
- Textbox upgrade inserts too many rows per query in MySQL
- sprintf function problems with pluralrule
- "Copy page" button on group homepage to always copy page into personal portfolio
1.5.1 (2012-05-04)
- Use MySQL database collation for string literals (bug #985608)
- Make download.php publicly accessible (bug #979538)
1.5.0 (2012-04-17)
- A new theme for younger students called "Primary School"
- Optional drop-down menus for the site navigation
- Support for institution logos to replace the site header logo
- New institution theme with configurable colours
- Reusable text boxes, a.k.a. "Notes"
- Block to display journal entries with a particular tag
- Block to display a user's watchlist
- Improvements to online users sideblock (e.g. limit on number of users to display)
- Image gallery displays external galleries (flickr, Panoramio, Photobucket, Picasa, Windows Live)
- Support for embedding content from Glogster, Prezi, Slideshare, Vimeo, Voki and WikiEducator
- Add an option to include feedback in HTML export
- Implementation of the SafeIFrame feature of HTML Purifier to facilitate the use of specified iFrames
- Copying of collections
- Pages and collections can be shared with institutions
- Allow original author of a copyable page to retain permission to see copies of the page
- More search options on "Shared pages"
- Added and updated many help texts and descriptions
- Improvements to search usability
- WYSIWYG fullscreen option
- Profile pictures are available in the files area
- Multiple file uploads
- Institution landing page listing institution admins and staff
- Users can suggest and invite others to groups
- Group admins can hide members
- Group and group member CSV uploads
- Group file quotas
- Admins can suspend, delete, and change the authentication method for multiple users in one action
- Admin report on user pages access lists
- Support for custom links in the footer menu
- User file quotas are configurable by institution and visible on the user accounts page
- Set general account preferences when adding users for internal authentication
- Allow institutions more control over access to user profiles
- Allow site admin to specify a default notification method for new users
- MNet key regeneration button and functions to export dashboard info to Moodle
- User CSV upload can make updates to existing users
- Sitemap generation
- CLI install and upgrade abilities for unattended installations
- BrowserID authentication method
- More user-friendly password policy with password salts, bcrypt storage and brute force prevention
- Student ID and display name can be set from LDAP
- Confirmation of new user registrations via self-registration method prior to account creation
1.4.2 (2012-03-06)
- Fix PHP Fatal Error in user/view.php (Bug #885588)
- Fixes to Selenium tests
- Blog block pagination bug prevents images from being displayed (Bug #886581)
- Fixed youtube filter Bug #884438
- Ensure that default SAML behaviour is to match user to remote user name (Bug #932909)
- Update the registration URL to support SSL (Bug #943772)
1.4.1 (2011-11-01)
- XSS in unvalidated URI attributes (CVE-2011-2771)
- Information disclosure exposing private messages (CVE-2011-2774)
- DoS via invalid or excessively large images (CVE-2011-2773)
- CSRF to trick admins into adding a user to an institution (CVE-2011-2773)
- Fix broken links on export page
- Fix problems with blog, plan and comment pagination, and comment deletion
- Fix embedding issues with google docs and multimedia content
- Fix issues preventing tinymce and pieforms javascript loading for text areas
- Fix fatal errors for collections and image galleries
- Fix issues with settings for search plugin and mail preferences
- Ensure that bulk imported users are forced to change passwords
1.4.0 (2011-06-14)
- new Google Apps and Image Gallery blocks
- star ratings with comments
- easier page for sharing content with others
- ability to add comments on file artefacts
- support for SSL-based SMTP and LDAP servers
- administration interace for mail server configuration
- remote avatar (Gravatar) support for HTTPS sites
- "views" are now "pages" and "blogs" are now "journals"
- lots of small changes to make the interface more consistent
- pages can now display more than one embedded video at a time
- added a fullscreen button to the internal video player
- added spellchecker and undo button to the WYSIWYG editor
- spam checks now also performed on forum posts
- support for new Youtube Iframe embed code
- optional site-wide maximum quota
- working start/stop overrides on pages
- removal of the obsolete and broken Solr search plugin
- removal of the httpswwwroot setting
- removal of the .htaccess file
1.3.6 (2011-05-10)
- Privilege escalations (CVE-2011-1402)
- Fixes to session key validation (CVE-2011-1403)
- Information disclosure in AJAX calls (CVE-2011-1404)
- Sanitisation of HTML emails (CVE-2011-1405)
- https to http downgrade (CVE-2011-1406)
1.3.5 (2011-03-29)
- Upgrade to HTML Purifier 4.3.0 (includes security fixes)
1.3.4 (2011-03-24)
- Blogs get deleted without sesskey check (CVE 2011-0440)
- XSS in select box validation (CVE 2011-0439)
- Leap2A fixes
- Fix for out of memory errors
1.3.3 (2010-11-07)
- Fix for XSS vulnerability (CVE-2010-3871)
- Fixes to category namespaces and encoding in Leap2a import/export
- Updates to selenium tests
- Fixes to permissions in secret URL views and feedback attachments
- Fixes in view creation wizard, embedded media block, js calendar
1.3.2 (2010-10-08)
- Bug fixes to group homepage, blogs, LDAP authentication, view themes, and embedded video.
1.3.1 (2010-09-17)
- Bug fixes in upgrade from 1.2.x
- Browse user files while in group views
- Reporting of max file size errors on upload
- Fix missing logged out language selector
- Minor fixes in UI workflow, themes & default language pack
1.3.0 (2010-09-10)
- User-configurable home page (Dashboard View)
- Simpler main navigation
- Basic Mahara information & help on home page
- View/artefact feedback enhancements:
- Collections (sets of Views that are linked to one another)
- Plans (task lists)
- Users can change the theme for individual views
- Support for Gravatar profile icons
- Configurable number of items in external feed, blog blocks
- New block types: notifications, recently modified views, recent forum posts
- More user-friendly notifications & help text
- Show entire thread when replying to personal messages
- External objects that have <embed> or <object> tags can be embedded into blog posts, text boxes or uploaded within an HTML file
- Locking of blogposts and files in submitted views
- Atom feeds for public blogs and forums
- new flash-based video player with support for .mp4 files (H.264)
- Moodle Repository plugin support (allows a user's Mahara files to be accessed from their Moodle account)
- Portfolio API to allow import of artefacts from Moodle over MNET.
- Configurable group home page (Group Homepage View)
- Improved ways to add/invite users to invite only and "course membership" groups:
- View submission from group page and from the view itself
- Group categories for use in group searches
- Admin group management page for group deletion/assignment of group admins
- Groups can disable new view access notifictions
- View access to group only notified when the view owner also belongs to the group
- Bulk user import & export (experimental)
- CAPTCHAs replaced with new anti-spam features to make form-filling difficult for bots & check urls in content against known spam blacklists
- Site statistics & graphs in admin area
- Admin page shows link to latest Mahara release & status of cron
- Admin site options grouped into sections
- Record number of page hits on views & display these to the owner
- Facility to disable email addresses after receiving multiple bounces.
- Footer links can be disabled/enabled
- Online users can be disabled
- Indenting of threads can be disabled per-forum
- Active user sessions revoked on suspension
- Full security review of all db queries & templates; automatic template escaping enabled
- New version of HTMLPurifier allows safe <embed> and <object> tags in user html content
- Search options to make users always searchable by their real names & usernames
- Leap2a support updated to version 2010-07
1.2.6 (2010-09-01)
- Better mimetype detection
- New flash-based video player
- Bug fixes including upgrade from 1.0.x, blogpost image button
-
1.2.5 (2010-07-02)
- Multiple XSS vulnerabilities (CVE-2010-1667)
- Multiple CSRF vulnerabilities (CVE-2010-1668)
- SQL Injection (CVE-2010-1669)
- Removal of dangerous auth plugin configuration options (CVE-2010-1670)
- New version of HTML Purifier fixing an IE-only XSS (CVE-2010-2479)
- Better handling of cron events to avoid sending duplicate emails
- Fix problems when mime_content_type() is missing
- Improved detection of https on Windows
- Set the correct envolope sender for emails sent on cron
- Set the locale in Mahara instead of in language packs
1.2.4 (2010-04-06)
- Bug fixes
1.2.3 (2010-02-08)
- New authentication plugin: SAML
- Various Internet Explorer Fixes
- Blog post deletion fixes
1.2.2 (2009-12-08)
- Fix for broken upgrade in 1.2.1
1.2.1 (2009-12-08)
- Bug fixes
1.2.0 (2009-11-16)
- Mahara now ships with six themes: Aqua, Default, Fresh, Raw, Sunset, Ultima
- Site admins can now disable artefact and blocktype plugins
- Files section rewritten: works without javascript, uploading is easier
- Can extract .zip, .tar.gz and .tar.bz2 files in the files area
- Full Import/Export system with LEAP2A suport, and static HTML export
- Support for submitting views to MNET Peers for assessment (e.g. Moodle)
- View interface sped up, files can be uploaded on the View screen
- UTF8 database now required for new installs (old installs will continue to work)
- Allow more group type/join type combinations, and more control over group creation
- Simplifications to the blog (all users get one blog to start with)
- Added a new blocktype for specifying a license for a View
- RTL language pack support
- Upgraded tinyMCE to version 3.2.5
- Replaced Smarty with Dwoo
1.1.7 (2009-10-29)
- Upgraded HTMLPurifier to 4.0.0
- Fix creation of duplicate user accounts when using LDAP and XMLRPC authentication
- HTTPS logins supported
- Improvements to MNET: windows profile icon importing & links in emails
- Implemented "update user info on login" flag for LDAP
- CVE-2009-3298: Privelege escalation vulnerability
- CVE-2009-3299: Cross site scripting in resume
- Several bug fixes and minor translation updates across Mahara
1.1.6 (2009-08-04)
- Forum e-mail notifications now have a cleaner format, and allow users to unsubscribe immediately.
- Enforce UTF8 database upon installation.
- Upgraded bundled XML feed reader to 1.0.3, multiple bug fixes to RSS handling.
- Wall posts now have a configurable character limit.
- Fixed a very slow query affecting My Groups and user profile pages.
- Many bug fixes across all areas of Mahara.
1.1.5 (2009-06-22)
- Czech strings for Pieforms library
- Bug fixes for embedded media block, multibyte character string handling,
- public forums, email notifications
- Security fixes: multiple xss bugs and information disclosure bug for user files.
1.1.4 (2009-06-11)
- Dutch and Slovenian translations of pieform strings.
- Spanish translation of TinyMCE.
- Increase number of users shown on the admin/staff pages, and sort listing.
- List user institutions on profile page and search results.
- Bugfixes to view feedback, embedded media mimetypes, SSO, and more.
1.1.3 (2009-04-22)
- Fixed XSS vulnerabilities in user views (CVE-2009-0664)
- Prevent arbitrary code execution in html2text library (CVE-2008-5619)
- Allow course groups with membership by request
- Many minor improvements and bug fixes
1.1.2 (2009-03-10)
- Fixed multiple XSS vulnerabilities in user profile data and blogs
(CVE-2009-0660)
- minor fixes to portfolio import, html validation, default theme and upgrade
path from 1.0
- added support for embedding slideshare widgets
1.1.1 (2009-02-27)
- a few fixes to the upgrade path from 1.0
1.1.0 (2009-02-26)
- raft of new features over the 1.0 series of Mahara
- ability to copy Views
- many improvements to Groups
- ability to import content from other systems (such as Moodle 2.0)
- user profile pages such as Views
- many other smaller improvements and bugfixes have been made.
1.0.9 (2009-01-29)
- small bugfixes and minor layout improvements
- fixes the blank screens some people were seeing upon installation
- filters HTML that is used in the forums
1.0.8 (2009-01-07)
- fixes a bug that prevented email from being sent
- makes it much easier to install new language packs
1.0.7 (2008-12-23)
- increases the memory limit available to Mahara
- adds a 'powered by mahara' icon and link to the footer
- a few bugfixes
1.0.6 (2008-11-04)
- security fixes for vulnerabilities in 3rd party libraries
1.0.5 (2008-09-25)
- bug and stability fixes around user authentication and MNET
1.0.4 (2008-06-25)
- bug and stability fixes around the administration section
1.0.3 (2008-06-13)
- HTTP level performance improvements
- some MySQL fixes
- improvement to "login as" functionality
- some other bugfixes
1.0.2 (2007-04-28)
- more usability work for the Views interface
- bugfixes for videos in Views
- RSS blocktype is greatly improved, with the ability to show the
feed icon and a full view of the feed
- bugfixes for SSO, authentication, and search.
1.0.1 (2008-04-09)
- minor bugfixes to the Resume, SSO, and MySQL support