Totara Social Release Notes

Totara Social 2.18 and 1.0.20 Released 9th June 2017

 
Yuliya Bozhko
Totara Social 2.18 and 1.0.20 Released 9th June 2017
by Yuliya Bozhko - Friday, 9 June 2017, 1:46 PM
 

Hi everyone!

We have just published security releases: Totara Social 2.18 and 1.0.20! The security issue is a backported fix from the Mahara project related to the way event logs are stored in the database. In some cases (like new user creation, password reset), user passwords were stored in the database as a part of the event log data. The fix makes sure password data will not be stored in the future, updates existing event logs to remove sensitive data, and forces password reset on every affected user.

Here are the changelogs for today's Totara Social releases:

Release 2.18 (9th June 2017)
==================================================
Backported security fix from Mahara:
    Stop event log having plain text passwords (Bug #1692749)

Bug fixes:
    TS-1335    Fixed "Comments" block not working when the page has tags
    TS-1330    Added validation for maximum supported version of PHP
    TS-1330    Fixed MySQL 5.7 backwards compatibility issue


Release 1.0.20 (9th June 2017)
==================================================
Backported security fix from Mahara:
    Stop event log having plain text passwords (Bug #1692749)

 
Permalink | Reply