1.10.9 (2016-03-24)

1.10.8 (2015-11-27)
- Bug 1340151: Consider a different approach to libxml_disable_entity_loader(true) in init.php
- Bug 1509874: Incorrectly truncated message in "inbox" block
- Bug 1514608: MySQL deadlock issues with simultaneous users
- Bug 1514299: MNet method "get_views_for_user()" returns full urls for collections when it should return partial
- Bug 1512542: Missing langstring "mobileuploadnotenabled" in MaharaDroid API
- Bug 1517228: Undefined index: ticks
- Bug 1517658: Upgrade to 1.10+ fails on Postgres <9.1

1.10.7 (2015-10-27)
- Bug 1486813 Prompt for new stat data after upgrade needs a 'no thanks' option
- Bug 1488697 Users may not receive the registration email after approval
- Bug 1486699 Username character limit preventing login via SAML
- Bug 1487464 SAML Update user details on login option creating new email artefact on every login
- Bug 1492919 Deadlock issues when 20-30 users copying collections & pages at the same time
- Bug 1500774 remove old session files doesn't work with adapted sessionpath
- Bug 1496681 Login box lang strings don't change when language is switched
- Bug 1495200 White screen when session times out
- Bug 1506188 Link in "Create" box in Dashboard is not correct
- Bug 1417828 Malformed lang string in email digest notification emails
- Bug 1437083 Download zip file of home folder, can't be extracted in Windows
- Bug 1444905 Elasticsearch doesn't search achievements
- Bug 1360977 Error when import a blog via self-Leap2A import
- Bug 1201174 allow and moderate comments not saving correctly for groups
- Bug 1389446 Elasticsearch: Searching for a particular term breaks when logged in to mahara.org
- Bug 1494152 Fatal error upgrading from 1.4 or earlier to 1.10 or later, with objectionable content reports
- Bug 1496910 Problem with scaling in flowplayer
- Bug 1495676 The setting 'maxuploadsize' did not count
- Bug 1500215 descending folders - setting does not carry to subfolders
- Bug 1416147 MySQL error in ORDER BY clause in get_artefactchooser_artefacts()
- Bug 1486262 Problem with isset() in a template file
- Bug 1497341 Pieforms "select" rule validation with optgroups fails
- Bug 1496616 CLI script help output is incorrect

1.10.6 (2015-08-19)
- Bug #1361005 "Ignore/Append/Add" settings are not being respected during interactive Leap2a import
- Bug #1447865 Include PHP version in mahara.org stats
- Bug #1450334 Prompt registered Mahara sites to re-register because we want to change the data registration policy
- Bug #1464477 Leap2a import of "Just some of my collections" doesn't put the pages into the imported collection
- Bug #1479543 Upgrading from 1.9 to 15.04 in mysql can timeout on big sites
- Bug #1480038 Account delete button showing when register allowed is off
- Bug #1480329 Session key is not checked during file upload
- Bug #1483077 Problem with mysql upgrade - not escaping table name
- Bug #1483084 Problem with upgrading to 15.04 - postgres and upgrade/limit
- Bug #1333424 Navigation block broken after Leap2a import
- Bug #1388664 Add focus for social media profile creation
- Bug #1397562 Error display on the admin menus (tabs) of theme 'primaryschool'
- Bug #1479178 Update of quota not working correctly
- Bug #1482010 Leap2a collection pages are in the wrong order
- Bug #1383543 The js script 'artefact/multirecipientnotification/js/sendmessage.js' is not neccessary
- Bug #1464052 Set a default record limit for the elasticsearch cron job
- Bug #1474136 Better warning message for cron when site is closed
- Bug #1479434 missing SESSION global ref in progressbarform_validate

1.10.5 (2015-07-10)
- Bug 1460368: Even if you disallow anonymous comments at the site level, you can still place anonymous comments on artefacts
- Bug 1472439: XSS in "add to watchlist" link on artefact detail screen
- Bug 1434927: Objectionable content inbox notification doesn't name reporter
- Bug 1444925: Admin can't see objectionable content in forums if not admin in the group
- Bug 1471604: Terms and conditions not showing on register page for multi institutions
- Bug 1463629: Prevent HTTP iframes on HTTPS sites
- Bug 1470281: Use "nosniff" header to prevent potential XSS via untrusted files in IE

1.10.4 (2015-05-29)
- Bug 1447377: Stored XSS in user reports access lists, and shared tabs for user/group/institution
- Bug 1361450: Preview a collection in 'Copy a collection' page causes a dark screen
- Bug 1400595: PDFs not displaying in IE
- Bug 1420590: access denied error when editing group as group admin
- Bug 1432988: Clean up the "Required profile fields" for social media
- Bug 1448948: Social media buttons are not visible to others
- Bug 1450705: TinyMCE disappears from feedback form after validation fails
- Bug 1417120: English lang strings distributed with Themes & Plugins aren't loaded.
- Bug 1454458: Navigation group pages
- Bug 1193177: Dwoo loader error
- Bug 1458703: ADDITIONALHTMLTOPOFBODY and ADDITIONALHTMLFOOTER are missing from the microheader/microfooter templates

1.10.3 (2015-04-20)
- 

1.10.2 (2015-01-13)
- 
- Bug 1396565: Error when adding a Group pages block onto a group home page
- Bug 1405427: Group forums posts email don't show user name of who posted
- Bug 1380203: Giving access to 2 pages only generates 1 access notification
- Bug 1384467: CSS is not stripping out bad css attributes anymore
- Bug 1387858: Draft journal entries are visible to others
- Bug 1394738: Text descriptions of image links on Edit Page need to be modified
- Bug 1395627: Visits counter not showing with "small headers"
- Bug 1399246: PDF embeds fail in sites with subdomains for user pages
- Bug 1400524: Upgrading from 1.7 to 1.10 failed in big databases
- Bug 1401313: Command-line updater not detecting core & local upgrades
- Bug 1408542: TinyMCE emoticons are not displayed in TinyMCE 4
- Bug 1385818: Font size in "Feedback" block pop-up is too small
- Bug 1392700: Images not displayed - blog post by tag
- Bug 1394758: cli not returning the 'nothing to upgrade' message when nothing to upgrade anymore
- Bug 1397068: Flickr API now requires use of https for endpoint
- Bug 1399311: SQL syntax error in cron_event_log_expire on key word SECONDS
- Bug 1400511: Cannot cancel comment form after validation fails

1.10.1 (2014-11-26)
- 

1.10.0 (2014-10-21)
- New Features:
- - Streamlined easier-to-use "Text" block
- - The new "Note" block retains all the removed features of the Text block
- - Streamlined rich text editor, with a toggle button to access advanced features
- - "Messaging" profile tab replaced with "Social media" tab with newer options
- - User messages can be sent to multiple recipients
- - Added a "sent" box alongside the inbox for user messages
- - Groups: "Objectionable content" button for forum posts
- - Groups: Forum moderators can relocate forum posts between forums
- - Groups: Option to auto-create a LEAP2a archive of submitted pages
- - Groups: More control over which group members receive feedback & shared page notifications
- - Admins can customize the templates used for group homepages and new user dashboards and profile pages
- - Site option to send users a notification when they're near their file storage quota
- - Site option to allow users to hide author name on Pages
- - Site admins can disable new user self-registration for all institutions
- 
- API changes:
- - Support for generic "module" plugins
- - Plugins can include a pre-install "sanity check" method
- - New /local/lib.php method for adding sideblocks
- - Plugins can add top-level menu items to the main nav menu and the top-right nav menu
- 
- Theme API changes:
- - Plugin theme files can be located under /theme
- - Themes can have their own lang files
- - Support for /local override of theme files
- - See https://wiki.mahara.org/index.php/Customising/Themes/1.10 for more info
- 
- Other bugs/changes:
- 
- Bug #548021: Option to not have a display name on Views
- Bug #605749: Improvements for "Edit Profile": other messaging services
- Bug #681210: Clicking on blog post in tag result list goes to edit mode of blog post
- Bug #723225: Collections shared with groups not identified as such
- Bug #738263: faulty contact us form with noreplyaddress configdirective
- Bug #897586: Searching by user in Shared Pages
- Bug #1009262: User passwords logged when LDAP misconfigured
- Bug #1024872: Objectionable content button for forum posts and topics
- Bug #1036556: Embed PDF
- Bug #1070019: Make it more obvious when adding a page to a collection that same access rules apply
- Bug #1080518: ID numbers are not aligned with their institution in /admin/users/suspended.php
- Bug #1191576: Decrease the text and make it clearer in fewer words who has access to a page by default
- Bug #1206306: uninstalled plugins should be listed at top of extensions page
- Bug #1208328: Document everything that can go in the /local directory
- Bug #1231316: Move posts between forums within groups
- Bug #1231755: Allow /local and custom theme override of Plugin templates
- Bug #1246702: Notification to more than one recipient
- Bug #1250302: A site admin who belongs to an institution with skins disabled, gets an error trying to edit site skins
- Bug #1254841: Embedded media files overlap block configuration pop-up
- Bug #1259762: Wall posts should use semantic elements
- Bug #1259768: Sending a message with a friend request should be more obviously optional
- Bug #1261240: Form legends should be made into headings
- Bug #1262040: Problems with group artefact permissions due to misuse of $USER->can_view_artefact and $USER->can_edit_artefact
- Bug #1262928: Add users by CSV - enforce browse for file button only accepts csv files
- Bug #1265097: Navigation links in Administration should be more distinct
- Bug #1266586: Thumbnails style image galleries display incorrect
- Bug #1266913: "Export users in CSV format" link should have more descriptive text
- Bug #1266920: Initials when searching for users should have descriptive hidden text
- Bug #1266924: Column headers in User search should have descriptive text added
- Bug #1267239: Replace jscalendar with JQuery UI calendar
- Bug #1268746: Squelch PHP 5.4+ strict standards errors
- Bug #1271778: Orphaned labels should be removed (changed to non-label tags)
- Bug #1275581: Update jQuery and jQuery UI to latest compatible versions
- Bug #1279996: Separators between items in user menu should be in CSS, not HTML
- Bug #1282341: TinyMCE should be upgraded to 4.X
- Bug #1285896: "Hide" links in Plugin administration should be made more descriptive
- Bug #1287922: error when deleting a journal entry
- Bug #1292301: Cannot delete a Google web font
- Bug #1295422: Windows 8.1 Touch, drag and drop not working
- Bug #1296472: The reset password link should expire
- Bug #1297079: When you delete a blog entry, count of blog entries doesn't update
- Bug #1297510: Deleting fonts causes 'Invalid Parameter' error
- Bug #1297516: Font preview page did NOT display properly
- Bug #1298855: Sanity check for plugin installation
- Bug #1299993: Improvements to notification system
- Bug #1300289: commentlist shows logged in user's icon for anonymous comments
- Bug #1300544: retracted blocks shouldn't load content until expanded
- Bug #1300741: installation doesn't save email address
- Bug #1300997: Add id field to institution table
- Bug #1301109: Remove pre-1.1.0 sections of the core plugins' update scripts.
- Bug #1302251: MS Office files being seen as zip archives
- Bug #1302297: Sort portfolio pages on portfolio page overview
- Bug #1303491: Update the Mahara-Moodle assignment plugin to work with the Moodle 2.3+ assignment module
- Bug #1303551: Allow new user default view templates to be edited
- Bug #1304053: Sort / limit size of mygroups displayed in profile page
- Bug #1305275: custom theme goes white on save
- Bug #1305308: Site admin should not add background images to site skins
- Bug #1305361: Pages are not displayed in many themes except 'default'
- Bug #1305451: Content editor sidebar doesn't work on Chrome
- Bug #1305481: Adding content to page buggy on Firefox
- Bug #1306365: when copy page the originators profile picture carries over
- Bug #1307240: on delete of font alert if being used
- Bug #1307247: No notifications on pages/artefacts for groups/institutions
- Bug #1307294: Disable self-registration by default
- Bug #1307760: Problems saving view layout - no option selected by default
- Bug #1307777: Improvements to phpunit testing suite
- Bug #1307935: notification when a user is about to reach his quota
- Bug #1308294: Error in profile_icon_url call
- Bug #1308305: Remove IE6 related code
- Bug #1308479: License help not found for blocks
- Bug #1308792: institution data daily cron failing
- Bug #1310761: public group and allow submissions problem
- Bug #1310861: marking page objectionable now allows feedback
- Bug #1311428: admin homepage alert to new plugins
- Bug #1311454: Update lang string for shared page notification
- Bug #1311458: Error message when admin adds user to institution and quota is full
- Bug #1311860: textbox block config form attachment chooser closed by default
- Bug #1311876: textbox attachment chooser tabs cause the config form to shrink
- Bug #1311940: Error shown when changing your profile icon to default "Standard or external avatar"
- Bug #1311963: Undefined index
- Bug #1313963: Pagination in Groups/Topics does not work
- Bug #1314012: Document local/lib.php functions
- Bug #1314020: wishlist: usability: When listing collections to copy list once
- Bug #1314397: Forum "no indent" style sorts posts incorrectly
- Bug #1314416: admin account settings page needs success messages
- Bug #1314440: Deleting an institution which has user's registrations causes error
- Bug #1314460: Progress completion bar giving errors
- Bug #1314465: Local hook for adding custom sideblocks
- Bug #1314890: Button to reliably copy secret URLs
- Bug #1315226: Can't expand "Share with other users and groups" for sharing institution pages
- Bug #1315956: Members of a group should be listed based on their role
- Bug #1315960: get_default_category() not robust enough
- Bug #1316372: Upgrade flowplayer.audio to version 3.2.11
- Bug #1316375: Merge flowplayer 3.2.18 into mahara-flashplayer
- Bug #1316407: Update pdf.js to version 1.0.21
- Bug #1316421: Update csstidy to 1.5.2
- Bug #1316425: Update slimbox to 2.05
- Bug #1316912: Update mobiledetect to 2.8.0
- Bug #1317265: Move the setting for "Confirm registration" into institution settings
- Bug #1317295: Problem with pagination and plan blocks
- Bug #1318290: "Set spam probation:" has a colon too many
- Bug #1318430: php max execution time needs to be increased for install
- Bug #1318959: add page title to new-page-access notification
- Bug #1318995: File import of zipped PDF does not detect filetype correctly
- Bug #1319226: The static pages not greying out tinymce when the 'Use site default' option is ticked
- Bug #1319243: Translations for the new TinyMCE "toggle toolbar" button
- Bug #1319302: Mahara not detecting Tinymce lang packs correctly
- Bug #1319601: Error when moving users into instution
- Bug #1319634: deleting users via bulk delete causes error
- Bug #1320006: Show shared collections on the group homepage
- Bug #1320027: Editing a group home page can cause warnings
- Bug #1320716: allow collection's page list to be drag/drop sortable
- Bug #1321053: Better way to fetch template for some json files
- Bug #1321444: Leap2A self-import throws warnings
- Bug #1321499: Can't stop masquerading as user if they have a profile field required
- Bug #1321941: Include the pagination for submissions in group homepage
- Bug #1321972: When placing multiple feedbacks, previous feedback text shows up in text field
- Bug #1322387: Allow user csv upload to ignore non-essential mandatory fields
- Bug #1323163: Don't let locked views be added to collections
- Bug #1323495: Google Maps URLs not working in Google Apps block
- Bug #1323911: institution.id column breaks "auth_get_auth_instances_for_wwwroot()" function
- Bug #1323921: Provide autocomplete pieforms elements
- Bug #1324347: Links for hiding/showing more content need accessibility info
- Bug #1324748: Tests broken by changes to set_quota_triggers
- Bug #1326160: Artefact file plugin config getting crowded
- Bug #1326174: Creating a new group causes warnings using MySQL
- Bug #1326205: Error installing triggers for new mahara site in MySQL with dbprefix
- Bug #1326593: Group pages paginator and display different for group members compared to group admins
- Bug #1326597: Warning of undefined setlimit in blogs
- Bug #1327738: Rearrange user quota info
- Bug #1327920: Editing a page can be frozen if its content has ".row" element
- Bug #1327921: Plugin config params in config.php throw a strict standards notice: "Creating default obect from empty value"
- Bug #1328310: Let /local theme files override core theme files
- Bug #1328319: Why don't plugin theme directories have a "template" subdirectory?
- Bug #1328388: Remove most of the "reply" buttons when a forum is set to "no indent"
- Bug #1328705: Other active sessions should be destroyed after changing password
- Bug #1328739: Wishlist: Journal's list of entries should show the tags for each entry
- Bug #1328740: Table properties cannot be edited in IE10
- Bug #1328768: Wishlist: Generic plugin type
- Bug #1329136: Add deletion confirmation message for all files
- Bug #1330277: Make add_key() and drop_key() consistent with other DDL functions
- Bug #1331319: Using Persona login at the transient login page, does not return you to the page you requested
- Bug #1331863: Warning when adding an authentication plugin to an institution
- Bug #1333071: htmlpurifier sets different permissions in dataroot
- Bug #1334127: Error upgrading from vanilla 1.7 to master
- Bug #1334501: Cannot edit HTML code of text box in the block configuration
- Bug #1334870: Obsolete js calls need removing
- Bug #1335670: Allow submitted work to be archived as a leap2a file
- Bug #1335888: Typo in string 1274
- Bug #1336111: Error: class 'ArtefactTypeComment' does not have a method 'validate_config_options'
- Bug #1336514: Progress bar sideblock missing 'weight' attribute
- Bug #1336529: Buttons don't respond when editing content on 1.9.2
- Bug #1337013: Make block title retract/expand collapsible blocks
- Bug #1337547: Static function 'X' should not be abstract
- Bug #1337614: Deleting a forum topic works but reports an error
- Bug #1337626: Generate page content before initialising smarty
- Bug #1337664: Remove warning about ActiveDirectory on LDAP auth "Update user info on login"
- Bug #1338394: Tinymce editor can incorrectly appear in profile edit page
- Bug #1338410: Duplicate primary key upgrading from Mahara 1.1
- Bug #1339113: simple non-copyable textbox
- Bug #1341413: can't add textbox to page in IE10
- Bug #1341427: textbox on advanced tab in skin/design.php overlaps footer in 1.10
- Bug #1343930: Usability improvement: Add 'Edit dashboard' button to home page
- Bug #1346926: blockquote displays vertical line
- Bug #1347362: bug: Profile progress bar disappears
- Bug #1348428: Profile completion: make a friend bug
- Bug #1348476: Multirecipientnotification artefact should not be a progressbar option
- Bug #1348485: Date fields
- Bug #1348595: IE Error in Content/ File management
- Bug #1349311: Select All
- Bug #1350254: upgrade complains of duplicate cron row
- Bug #1350595: bug in error lib file
- Bug #1352027: Uploadcsvusers broken fields - maildisabled and authinstance
- Bug #1353153: upgrade to 1.9 error when logged in and belonging to an institution
- Bug #1353759: Google maps embed not working in Google Apps block
- Bug #1353802: Upload users from CSV performance improvements.
- Bug #1354266: No need for extra search box on copy page/collection page
- Bug #1354286: Allow image map to be rendered by htmlpurifier
- Bug #1355572: Blocktype JS includes not loaded correctly on https sites using subdirectory for wwwroot
- Bug #1356563: Example plugin issue
- Bug #1356672: Main navigation hides behind text box
- Bug #1358481: admin account settings page success message broken for self on institution join
- Bug #1358582: Group edit and delete buttons should only have the group name in the alt tag but not on the button itself
- Bug #1358912: Syntax error when using a logo by id for theme logo
- Bug #1359531: Artefact path is not being calculated correctly on file rename
- Bug #1360050: IMAP language string for 'Port' is missing
- Bug #1360943: In admin extensions the save_config_options function lacks the $form attribute
- Bug #1362410: Skins fetching of default 'no thumb' thumb image problem
- Bug #1362832: The list of group pages in the group homepage should be paginated
- Bug #1362871: Allow a theme lang file
- Bug #1364164: Remove IE6 check in help icon function
- Bug #1364690: Fix the missing argument in print_export_footer
- Bug #1365224: resume pages with tinymce break responsive design on mobile
- Bug #1366664: admin page not showing site information block when upgrades available
- Bug #1367539: When quota notification threshold is changed, send notifications to users who are now over threshold
- Bug #1367998: Errors installing/upgrading 1.10dev via CLI
- Bug #1368091: Broken html-tags in report.tpl
- Bug #1369315: Can't edit group homepage template on upgraded site
- Bug #1369830: Comments in CSS disappear in page skins Custom CSS
- Bug #1370830: download checkbox shown as already ticked on folder block when first enabled
- Bug #1371460: Missing translations in js/customlayout.js
- Bug #1372188: upgrade problem with having the settings array
- Bug #1372322: CLI upgrader can't handle plugin forced-installs
- Bug #1372536: PluginModule-menu items appear in two menus
- Bug #1373170: Description of a skin should be html escaped
- Bug #1373917: Inconsistent line break layout in notifications
- Bug #1374184: My groups block pagination fails when clean urls are in play
- Bug #1374879: Missing language string in user Settings
- Bug #1375092: XSS in page content editor
- Bug #1375515: new version of jquery not rendering the inline js on pieform elements correctly
- Bug #1375521: Pieform form maharatable renderer doesn't respect the isescaped flag
- Bug #1376503: Loading groups via csv throwing error Undefined index: allowarchives
- Bug #1376997: Date picker not working for certain languages
- Bug #1377371: Help text doesn't match functionality for "My groups" sidebar list
- Bug #1377377: Make $cfg->renamecopies = false; the default config value
- Bug #1377542: The calendar picker is visible directly when adding someone to page access
- Bug #1377543: There shouldn't be a notification for gaining access to a group homepage
- Bug #1377544: Group member receives page access notification for page they created
- Bug #1377556: Shared with
- Bug #1377736: XSS Vulnerability adding pages into a collection
- Bug #1377764: No visual indicator for where you can drop the first page into a collection
- Bug #1378543: Profile picture not showing in forum posts when remote avatar is on
- Bug #1378645: Google Maps "my maps" URLs breaking
- Bug #1379060: error message shows span tag escaped
- Bug #1379086: Change the "Access permissions have changed" notification from a JS popup to an inline CSS thing
- Bug #1380003: Forum moderators should be able to move forum topics
- Bug #1380201: Access to a collection is sent as page access
- Bug #1380433: error with profile icon and gravitar
- Bug #1380434: An error appears when importing an extracted portfolio
- Bug #1380829: Default notification setting not kept from Mahara 1.9 to 1.10
- Bug #1381715: adjust width in configure block
- Bug #1381719: Help icon hard to find
- Bug #1381729: Scoial profile and Social Profiles
- Bug #1381738: Journal entry TinyMCE missing row toggle button
- Bug #1381811: Error when copying collection or editing collection title/description
- Bug #1381868: XSS with institution full name on user profile page
- Bug #1382159: Profile -> contact information -> address textarea not displaying correctly
- Bug #1382890: Message window too large on upgraded site
- Bug #1382896: Cannot go to page that has been reported as objectionable
- Bug #1382899: Regular user can't see "Objectionable content in forum" as notification type
- Bug #1382902: Hard-coded lang strings in multirecipient messages
- Bug #1383029: Page not accessible after reporting it as objectionable
- 

1.10.0 (2014-10-21)

New Features:
- Streamlined easier-to-use "Text" block
- The new "Note" block retains all the removed features of the Text block
- Streamlined rich text editor, with a toggle button to access advanced features
- "Messaging" profile tab replaced with "Social media" tab with newer options
- User messages can be sent to multiple recipients
- Added a "sent" box alongside the inbox for user messages
- Groups: "Objectionable content" button for forum posts
- Groups: Forum moderators can relocate forum posts between forums
- Groups: Option to auto-create a LEAP2a archive of submitted pages
- Groups: More control over which group members receive feedback & shared page notifications
- Admins can customize the templates used for group homepages and new user dashboards and profile pages
- Site option to send users a notification when they're near their file storage quota
- Site option to allow users to hide author name on Pages
- Site admins can disable new user self-registration for all institutions

API changes:
- Support for generic "module" plugins
- Plugins can include a pre-install "sanity check" method
- New /local/lib.php method for adding sideblocks
- Plugins can add top-level menu items to the main nav menu and the top-right nav menu

Theme API changes:
- Plugin theme files can be located under /theme
- Themes can have their own lang files
- Support for /local override of theme files
- See https://wiki.mahara.org/index.php/Customising/Themes/1.10 for more info

Other bugs/changes:
Bug #548021: Option to not have a display name on Views
Bug #605749: Improvements for "Edit Profile": other messaging services
Bug #681210: Clicking on blog post in tag result list goes to edit mode of blog post
Bug #723225: Collections shared with groups not identified as such
Bug #738263: faulty contact us form with noreplyaddress configdirective
Bug #897586: Searching by user in Shared Pages
Bug #1009262: User passwords logged when LDAP misconfigured
Bug #1024872: Objectionable content button for forum posts and topics
Bug #1036556: Embed PDF
Bug #1070019: Make it more obvious when adding a page to a collection that same access rules apply
Bug #1080518: ID numbers are not aligned with their institution in /admin/users/suspended.php
Bug #1191576: Decrease the text and make it clearer in fewer words who has access to a page by default
Bug #1206306: uninstalled plugins should be listed at top of extensions page
Bug #1208328: Document everything that can go in the /local directory
Bug #1231316: Move posts between forums within groups
Bug #1231755: Allow /local and custom theme override of Plugin templates
Bug #1246702: Notification to more than one recipient
Bug #1250302: A site admin who belongs to an institution with skins disabled, gets an error trying to edit site skins
Bug #1254841: Embedded media files overlap block configuration pop-up
Bug #1259762: Wall posts should use semantic elements
Bug #1259768: Sending a message with a friend request should be more obviously optional
Bug #1261240: Form legends should be made into headings
Bug #1262040: Problems with group artefact permissions due to misuse of $USER->can_view_artefact and $USER->can_edit_artefact
Bug #1262928: Add users by CSV - enforce browse for file button only accepts csv files
Bug #1265097: Navigation links in Administration should be more distinct
Bug #1266586: Thumbnails style image galleries display incorrect
Bug #1266913: "Export users in CSV format" link should have more descriptive text
Bug #1266920: Initials when searching for users should have descriptive hidden text
Bug #1266924: Column headers in User search should have descriptive text added
Bug #1267239: Replace jscalendar with JQuery UI calendar
Bug #1268746: Squelch PHP 5.4+ strict standards errors
Bug #1271778: Orphaned labels should be removed (changed to non-label tags)
Bug #1275581: Update jQuery and jQuery UI to latest compatible versions
Bug #1279996: Separators between items in user menu should be in CSS, not HTML
Bug #1282341: TinyMCE should be upgraded to 4.X
Bug #1285896: "Hide" links in Plugin administration should be made more descriptive
Bug #1287922: error when deleting a journal entry
Bug #1292301: Cannot delete a Google web font
Bug #1295422: Windows 8.1 Touch, drag and drop not working
Bug #1296472: The reset password link should expire
Bug #1297079: When you delete a blog entry, count of blog entries doesn't update
Bug #1297510: Deleting fonts causes 'Invalid Parameter' error
Bug #1297516: Font preview page did NOT display properly
Bug #1298855: Sanity check for plugin installation
Bug #1299993: Improvements to notification system
Bug #1300289: commentlist shows logged in user's icon for anonymous comments
Bug #1300544: retracted blocks shouldn't load content until expanded
Bug #1300741: installation doesn't save email address
Bug #1300997: Add id field to institution table
Bug #1301109: Remove pre-1.1.0 sections of the core plugins' update scripts.
Bug #1302251: MS Office files being seen as zip archives
Bug #1302297: Sort portfolio pages on portfolio page overview
Bug #1303491: Update the Mahara-Moodle assignment plugin to work with the Moodle 2.3+ assignment module
Bug #1303551: Allow new user default view templates to be edited
Bug #1304053: Sort / limit size of mygroups displayed in profile page
Bug #1305275: custom theme goes white on save
Bug #1305308: Site admin should not add background images to site skins
Bug #1305361: Pages are not displayed in many themes except 'default'
Bug #1305451: Content editor sidebar doesn't work on Chrome
Bug #1305481: Adding content to page buggy on Firefox
Bug #1306365: when copy page the originators profile picture carries over
Bug #1307240: on delete of font alert if being used
Bug #1307247: No notifications on pages/artefacts for groups/institutions
Bug #1307294: Disable self-registration by default
Bug #1307760: Problems saving view layout - no option selected by default
Bug #1307777: Improvements to phpunit testing suite
Bug #1307935: notification when a user is about to reach his quota
Bug #1308294: Error in profile_icon_url call
Bug #1308305: Remove IE6 related code
Bug #1308479: License help not found for blocks
Bug #1308792: institution data daily cron failing
Bug #1310761: public group and allow submissions problem
Bug #1310861: marking page objectionable now allows feedback
Bug #1311428: admin homepage alert to new plugins
Bug #1311454: Update lang string for shared page notification
Bug #1311458: Error message when admin adds user to institution and quota is full
Bug #1311860: textbox block config form attachment chooser closed by default
Bug #1311876: textbox attachment chooser tabs cause the config form to shrink
Bug #1311940: Error shown when changing your profile icon to default "Standard or external avatar"
Bug #1311963: Undefined index
Bug #1313963: Pagination in Groups/Topics does not work
Bug #1314012: Document local/lib.php functions
Bug #1314020: wishlist: usability: When listing collections to copy list once
Bug #1314397: Forum "no indent" style sorts posts incorrectly
Bug #1314416: admin account settings page needs success messages
Bug #1314440: Deleting an institution which has user's registrations causes error
Bug #1314460: Progress completion bar giving errors
Bug #1314465: Local hook for adding custom sideblocks
Bug #1314890: Button to reliably copy secret URLs
Bug #1315226: Can't expand "Share with other users and groups" for sharing institution pages
Bug #1315956: Members of a group should be listed based on their role
Bug #1315960: get_default_category() not robust enough
Bug #1316372: Upgrade flowplayer.audio to version 3.2.11
Bug #1316375: Merge flowplayer 3.2.18 into mahara-flashplayer
Bug #1316407: Update pdf.js to version 1.0.21
Bug #1316421: Update csstidy to 1.5.2
Bug #1316425: Update slimbox to 2.05
Bug #1316912: Update mobiledetect to 2.8.0
Bug #1317265: Move the setting for "Confirm registration" into institution settings
Bug #1317295: Problem with pagination and plan blocks
Bug #1318290: "Set spam probation:" has a colon too many
Bug #1318430: php max execution time needs to be increased for install
Bug #1318959: add page title to new-page-access notification
Bug #1318995: File import of zipped PDF does not detect filetype correctly
Bug #1319226: The static pages not greying out tinymce when the 'Use site default' option is ticked
Bug #1319243: Translations for the new TinyMCE "toggle toolbar" button
Bug #1319302: Mahara not detecting Tinymce lang packs correctly
Bug #1319601: Error when moving users into instution
Bug #1319634: deleting users via bulk delete causes error
Bug #1320006: Show shared collections on the group homepage
Bug #1320027: Editing a group home page can cause warnings
Bug #1320716: allow collection's page list to be drag/drop sortable
Bug #1321053: Better way to fetch template for some json files
Bug #1321444: Leap2A self-import throws warnings
Bug #1321499: Can't stop masquerading as user if they have a profile field required
Bug #1321941: Include the pagination for submissions in group homepage
Bug #1321972: When placing multiple feedbacks, previous feedback text shows up in text field
Bug #1322387: Allow user csv upload to ignore non-essential mandatory fields
Bug #1323163: Don't let locked views be added to collections
Bug #1323495: Google Maps URLs not working in Google Apps block
Bug #1323911: institution.id column breaks "auth_get_auth_instances_for_wwwroot()" function
Bug #1323921: Provide autocomplete pieforms elements
Bug #1324347: Links for hiding/showing more content need accessibility info
Bug #1324748: Tests broken by changes to set_quota_triggers
Bug #1326160: Artefact file plugin config getting crowded
Bug #1326174: Creating a new group causes warnings using MySQL
Bug #1326205: Error installing triggers for new mahara site in MySQL with dbprefix
Bug #1326593: Group pages paginator and display different for group members compared to group admins
Bug #1326597: Warning of undefined setlimit in blogs
Bug #1327738: Rearrange user quota info
Bug #1327920: Editing a page can be frozen if its content has ".row" element
Bug #1327921: Plugin config params in config.php throw a strict standards notice: "Creating default obect from empty value"
Bug #1328310: Let /local theme files override core theme files
Bug #1328319: Why don't plugin theme directories have a "template" subdirectory?
Bug #1328388: Remove most of the "reply" buttons when a forum is set to "no indent"
Bug #1328705: Other active sessions should be destroyed after changing password
Bug #1328739: Wishlist: Journal's list of entries should show the tags for each entry
Bug #1328740: Table properties cannot be edited in IE10
Bug #1328768: Wishlist: Generic plugin type
Bug #1329136: Add deletion confirmation message for all files
Bug #1330277: Make add_key() and drop_key() consistent with other DDL functions
Bug #1331319: Using Persona login at the transient login page, does not return you to the page you requested
Bug #1331863: Warning when adding an authentication plugin to an institution
Bug #1333071: htmlpurifier sets different permissions in dataroot
Bug #1334127: Error upgrading from vanilla 1.7 to master
Bug #1334501: Cannot edit HTML code of text box in the block configuration
Bug #1334870: Obsolete js calls need removing
Bug #1335670: Allow submitted work to be archived as a leap2a file
Bug #1335888: Typo in string 1274
Bug #1336111: Error: class 'ArtefactTypeComment' does not have a method 'validate_config_options'
Bug #1336514: Progress bar sideblock missing 'weight' attribute
Bug #1336529: Buttons don't respond when editing content on 1.9.2
Bug #1337013: Make block title retract/expand collapsible blocks
Bug #1337547: Static function 'X' should not be abstract
Bug #1337614: Deleting a forum topic works but reports an error
Bug #1337626: Generate page content before initialising smarty
Bug #1337664: Remove warning about ActiveDirectory on LDAP auth "Update user info on login"
Bug #1338394: Tinymce editor can incorrectly appear in profile edit page
Bug #1338410: Duplicate primary key upgrading from Mahara 1.1
Bug #1339113: simple non-copyable textbox
Bug #1341413: can't add textbox to page in IE10
Bug #1341427: textbox on advanced tab in skin/design.php overlaps footer in 1.10
Bug #1343930: Usability improvement: Add 'Edit dashboard' button to home page
Bug #1346926: blockquote displays vertical line
Bug #1347362: bug: Profile progress bar disappears
Bug #1348428: Profile completion: make a friend bug
Bug #1348476: Multirecipientnotification artefact should not be a progressbar option
Bug #1348485: Date fields
Bug #1348595: IE Error in Content/ File management
Bug #1349311: Select All
Bug #1350254: upgrade complains of duplicate cron row
Bug #1350595: bug in error lib file
Bug #1352027: Uploadcsvusers broken fields - maildisabled and authinstance
Bug #1353153: upgrade to 1.9 error when logged in and belonging to an institution
Bug #1353759: Google maps embed not working in Google Apps block
Bug #1353802: Upload users from CSV performance improvements.
Bug #1354266: No need for extra search box on copy page/collection page
Bug #1354286: Allow image map to be rendered by htmlpurifier
Bug #1355572: Blocktype JS includes not loaded correctly on https sites using subdirectory for wwwroot
Bug #1356563: Example plugin issue
Bug #1356672: Main navigation hides behind text box
Bug #1358481: admin account settings page success message broken for self on institution join
Bug #1358582: Group edit and delete buttons should only have the group name in the alt tag but not on the button itself
Bug #1358912: Syntax error when using a logo by id for theme logo
Bug #1359531: Artefact path is not being calculated correctly on file rename
Bug #1360050: IMAP language string for 'Port' is missing
Bug #1360943: In admin extensions the save_config_options function lacks the $form attribute
Bug #1362410: Skins fetching of default 'no thumb' thumb image problem
Bug #1362832: The list of group pages in the group homepage should be paginated
Bug #1362871: Allow a theme lang file
Bug #1364164: Remove IE6 check in help icon function
Bug #1364690: Fix the missing argument in print_export_footer
Bug #1365224: resume pages with tinymce break responsive design on mobile
Bug #1366664: admin page not showing site information block when upgrades available
Bug #1367539: When quota notification threshold is changed, send notifications to users who are now over threshold
Bug #1367998: Errors installing/upgrading 1.10dev via CLI
Bug #1368091: Broken html-tags in report.tpl
Bug #1369315: Can't edit group homepage template on upgraded site
Bug #1369830: Comments in CSS disappear in page skins Custom CSS
Bug #1370830: download checkbox shown as already ticked on folder block when first enabled
Bug #1371460: Missing translations in js/customlayout.js
Bug #1372188: upgrade problem with having the settings array
Bug #1372322: CLI upgrader can't handle plugin forced-installs
Bug #1372536: PluginModule-menu items appear in two menus
Bug #1373170: Description of a skin should be html escaped
Bug #1373917: Inconsistent line break layout in notifications
Bug #1374184: My groups block pagination fails when clean urls are in play
Bug #1374879: Missing language string in user Settings
Bug #1375092: XSS in page content editor
Bug #1375515: new version of jquery not rendering the inline js on pieform elements correctly
Bug #1375521: Pieform form maharatable renderer doesn't respect the isescaped flag
Bug #1376503: Loading groups via csv throwing error Undefined index: allowarchives
Bug #1376997: Date picker not working for certain languages
Bug #1377371: Help text doesn't match functionality for "My groups" sidebar list
Bug #1377377: Make $cfg->renamecopies = false; the default config value
Bug #1377542: The calendar picker is visible directly when adding someone to page access
Bug #1377543: There shouldn't be a notification for gaining access to a group homepage
Bug #1377544: Group member receives page access notification for page they created
Bug #1377556: Shared with
Bug #1377736: XSS Vulnerability adding pages into a collection
Bug #1377764: No visual indicator for where you can drop the first page into a collection
Bug #1378543: Profile picture not showing in forum posts when remote avatar is on
Bug #1378645: Google Maps "my maps" URLs breaking
Bug #1379060: error message shows span tag escaped
Bug #1379086: Change the "Access permissions have changed" notification from a JS popup to an inline CSS thing
Bug #1380003: Forum moderators should be able to move forum topics
Bug #1380201: Access to a collection is sent as page access
Bug #1380433: error with profile icon and gravitar
Bug #1380434: An error appears when importing an extracted portfolio
Bug #1380829: Default notification setting not kept from Mahara 1.9 to 1.10
Bug #1381715: adjust width in configure block
Bug #1381719: Help icon hard to find
Bug #1381729: Scoial profile and Social Profiles
Bug #1381738: Journal entry TinyMCE missing row toggle button
Bug #1381811: Error when copying collection or editing collection title/description
Bug #1381868: XSS with institution full name on user profile page
Bug #1382159: Profile -> contact information -> address textarea not displaying correctly
Bug #1382890: Message window too large on upgraded site
Bug #1382896: Cannot go to page that has been reported as objectionable
Bug #1382899: Regular user can't see "Objectionable content in forum" as notification type
Bug #1382902: Hard-coded lang strings in multirecipient messages
Bug #1383029: Page not accessible after reporting it as objectionable

1.9.0 (2014-04-15)
- New Features:
- Accessibility! W3C WCAG 2.0 level AA (except for some admin pages)
- Profile completion progress bar
- Institutions can customise static pages (Dashboard, Terms & Conditions, etc)
- Institutions can customise their default language
- Support for reCAPTCHA on self-registration page
- "New user probation" system to discourage spam
- "Cookie Consent" system for compliance with the EU cookie law
- "Post now" option for forum posts, to bypass post delay
- Support for Creative Commons 4.0 licenses
- New "Feedback" block, allows placing feedback as a block intead of at the bottom of the page
- Can now show image descriptions in "Image Gallery" block
- Can specify the sort order of files in a "Folder" block
- "Folder" block can now have "Download all as zip" link
- Improvements to watchlist notifications
- Notification sent to admins when an institution reaches its allowed member limit
- "New group page" notification
- Elasticsearch shows forum post dates in search results
- Elasticsearch plugin now works with MySQL
- API: Blocks can provide a custom stylesheet
- API: Themes can disable Page Skins
- 
- Security bugs:
- Security Bug #1266976: Update to HTMLPurifier 4.6.0
- Security Bug #1284876: Suspended users can log in via password reset email
- 
- Other bugs:
- Bug #778254: Split multiple user activity notifications into chunks
- Bug #1058416: Copying page in a collection only gives "untitled" title for clean URLs
- Bug #1081947: Use of CAST() causes extreme slowdown in large MySQL sites 
- Bug #1237198: Make Elasticsearch plugin work with MySQL 
- Bug #1239271: Skin description is not displayed
- Bug #1247715: Upgrade to 1.8.0 fails - can't connect to mysql
- Bug #1248307: Content chooser panel doesn't work on tablet 
- Bug #1249123: Users who are in "No Institution" can't use skins 
- Bug #1249858: Mahara can't figure out mime types because of a finfo() bug
- Bug #1252497: editing a skin deletes the creation time from db
- Bug #1254394: Can't change auth method on /admin/users/edit.php 
- Bug #1256118: elasticsearch install hangs if ElasticSearch Server not running
- Bug #1257953: public group forum info do not show up in elasticsearch
- Bug #1259359: Use of tabindex is confusing for screen readers
- Bug #1259378: Profile pictures have inconsistent alt text
- Bug #1259393: Required form fields are not obvious to screen readers
- Bug #1259397: Dropdown navigation is not accessible
- Bug #1259408: The status of notifications in "Recent Activity" is not accessible to screen readers
- Bug #1262867: Site search box does not have a label
- Bug #1262870: Textarea for posting to a user's wall does not have a label
- Bug #1262933: Drag-and-drop page editor is not keyboard-accessible
- Bug #1264105: Problem with deleting skins that are attached to a portfolio page 
- Bug #1265049: forum post notifications have escaped <br> in message in inbox
- Bug #1265629: elasticsearch setup by mahara causes Elasticsearch Server status to go from green to yellow
- Bug #1266317: Institution/group ownership of custom flexible layouts
- Bug #1267668: Add a "Cookie Consent" link to the Admin Home page. 
- Bug #1268788: mobile_api_json_reply sends extra stuff at the top, making it invalid json
- Bug #1270752: "shared with me" pagination fails with IE 9
- Bug #1270846: no message when incorrect username entered
- Bug #1270987: Modal dialogs are not accessible
- Bug #1271301: Search and filter forms need labels
- Bug #1273492: Group members list cannot be sorted when using elasticsearch
- Bug #1275995: Navigation and tabs are broken in IE11
- Bug #1278013: LDAP sync enter list of groups 
- Bug #1278428: No groups and group files visible although there must be many in 1.8.1 
- Bug #1279468: Error with saving extensions - > artefact -> file configuration
- Bug #1279523: "Use content from another text box" stops working if pagination is used 
- Bug #1279530: Attachments section for Text box blocks is not accessible
- Bug #1281787: Artefacts not locked in in submitted view
- Bug #1283869: page editor adds blank block and screen goes black
- Bug #1284878: external feed rss not updating
- Bug #1287350: New Google Drive URL 
- Bug #1287922: error when deleting a journal entry
- Bug #1288490: upgrade from 1.8 error
- Bug #1288542: Can't open feedback form when HTML editor is turned off
- Bug #1290156: spelling mistake in view/index.php 'offest'
- Bug #1290649: fonts not working under https
- Bug #1292303: Clicking 'All' and 'None' does not work in 'User search' page 
- Bug #1293803: Adding an profile picture as a background image for a skin causes errors 
- Bug #1296915: settings page error Undefined index: licensedefault
- Bug #1297510: Deleting fonts causes 'Invalid Parameter' error:  
- Bug #1298717: Saving a customised color in a skin does not work
- Bug #1300741: installation doesn't save email address
- Bug #1302251: MS Office files being seen as zip archives
- Bug #1305275: custom theme goes white on save:  
- Bug #1305308: Site admin should not add background images to site skins
- Bug #1305361: Pages are not displayed in many themes except 'default'
- Bug #1305451: Content editor sidebar doesn't work on Chrome 
- Bug #1305481: Adding content to page buggy on Firefox
- Bug #1306365: when copy page the originators profile picture carries over
- Bug #661602: Dates on external feed entries are not shown
- Bug #974855: "Generate sitemap" option has empty help file
- Bug #993676: Members did not show up in second search if the first search found no results
- Bug #1013022: Wishlist : enabling to download an entire folder
- Bug #1051500: Warning message before deleting journal
- Bug #1053708: A full list of Pages don't show up
- Bug #1058850: Warning when editing note that all instances are changed
- Bug #1064780: Default journal of a Persona auth account doesn't have user's name
- Bug #1070046: select query uses more than MAX_JOIN_SIZE on mysql:  
- Bug #1085744: Could not remove tags with special characters
- Bug #1086569: Lang string misleading when inst. staff doesn't have stats access
- Bug #1089136: "Add me as friend" results in error message
- Bug #1099811: group files error after upgrade
- Bug #1145156: Improve resume usability
- Bug #1174623: Correct schema drift during 1.0 -> 1.8 upgrades
- Bug #1187212: Handle timezone mismatch between webserver and DB (MySQL) server
- Bug #1224750: Site files located in a subfolder cannot be accessed by normal users
- Bug #1237177: Elastic Search does not find media in a group
- Bug #1239928: Prezi doesn't load
- Bug #1240244: Deleting an image used for a skin should give a popup warning
- Bug #1242220: Show file description on Leap2a import screen
- Bug #1245638: elasticsearch 'textbox' results should be under text rather than media
- Bug #1246576: Upgrade MobileDetect library to 2.7.1
- Bug #1246580: Upgrade PHPMailer to 5.2.7
- Bug #1247722: Update PEAR libraries for 1.9.0
- Bug #1252885: Hide suspended users' pages from the "Latest Pages" block
- Bug #1254396: Skins description textbox should be expandable
- Bug #1255361: Error adding files to Institution pages
- Bug #1255378: Fill in the missing "key_exists()" method in ddl.php
- Bug #1255780: copying collection needs to sort table by collection
- Bug #1258970: "Menu" is hardcoded when viewed on small device
- Bug #1259372: "Edit Access" image has missing string for alt text
- Bug #1259373: HTML editor is not disabled when leaving feedback
- Bug #1259377: Explanation when there are no tasks in a plan is unclear
- Bug #1259379: Delete buttons need a descriptive (and consistent) value
- Bug #1259387: Tabs should include textual information to show their state
- Bug #1259388: Input help text should be linked using ARIA
- Bug #1259394: Help links in forms are not keyboard-accessible
- Bug #1259395: HTML lang attribute is not specified
- Bug #1259405: Screen readers are confused by Unsubscribe button in forums
- Bug #1259409: "Delete" and "Mark Read" checkboxes in Inbox need labels
- Bug #1259411: Table headers in Inbox are not read properly by screen readers
- Bug #1259685: Datepicker is not accessible to screen readers
- Bug #1259746: Username links are not always read out when using a screen reader
- Bug #1259764: Feedback form should use focus management
- Bug #1261239: Expanders in forms should use focus management
- Bug #1261610: JSDetector adds output to command-line scripts
- Bug #1261694: remember the limit parameter on view pages
- Bug #1262483: Forms should consistently have errors above the top-level heading
- Bug #1262903: The alt text of icons in the file browser should be changed
- Bug #1262904: Files cannot be moved from one folder to another without using the mouse
- Bug #1262918: Add/Edit buttons in Resume should use focus management
- Bug #1262932: Bad data in the DB can cause the schema correction SQL to throw a fatal error
- Bug #1263440: Improve lang strings for Cookie Consent
- Bug #1264014: Collection Navigation should be a list not a table
- Bug #1264429: Set up an institution_config table for configuring institutions
- Bug #1265086: "Completed" column for tasks is unclear for screen reader users
- Bug #1265102: Focus is not visually apparent when tabbing through the page
- Bug #1265104: spelling mistake in additionalhtmlfooter config variable
- Bug #1265696: Can't edit access to profile after "Logged-in profile access" turned on
- Bug #1265982: Add Creative Commons 4.0 as licence types to CC block
- Bug #1266923: Focus should be set to search results if they are loaded with AJAX
- Bug #1266934: Institution option for dropdown menus should take precedence over site option
- Bug #1267311: Elasticsearch page doesn't have textual description of tab state
- Bug #1267861: Page shared to group: notification to page owner
- Bug #1268746: Squelch PHP 5.4+ strict standards errors
- Bug #1271779: Resume layout on mobile devices
- Bug #1272297: Authentication plugin up/down and delete links should be buttons
- Bug #1273448: "Attachments" icon in Resume needs alt text
- Bug #1273841: Specific form errors should be linked with ARIA
- Bug #1273937: Skins form needs to use label elements
- Bug #1274083: View an artefact with related skin or theme
- Bug #1275481: Dwoo doesn't support Smarty's nl2br syntax
- Bug #1276397: Edit and delete buttons need descriptive alt text
- Bug #1277276: Results per page combobox needs a label
- Bug #1277290: Resume attachments form element should be made accessible
- Bug #1277297: Radio buttons in email selector need labels
- Bug #1278198: Close button in homepage information should be made accessible
- Bug #1278202: Skin previews need descriptive alt text
- Bug #1278216: Checkboxes when editing permissions for a page need labels
- Bug #1278238: Radio buttons used when importing need labels
- Bug #1278667: Two error messages when uploading files without accepting upload agreement
- Bug #1279943: Textbox attachments not showing on htdocs/view/artefact.php page
- Bug #1280009: Skin edit form should use responsive tabs
- Bug #1281877: Colour contrast needs to be improved for accessibility (default theme)
- Bug #1282214: Move "Edit site pages" under institution menu
- Bug #1282219: Rename "Edit site pages" to "General pages" to "Static pages"
- Bug #1283839: institution general pages not set as site default on upgrade
- Bug #1284869: Suspended user login attempts show up in "Online Users" list
- Bug #1286941: double call of language_select_form()
- Bug #1287262: unable to create group home page
- Bug #1300289: commentlist shows logged in user's icon for anonymous comments
- Bug #1307240: on delete of font alert if being used  
- Bug #1307294: Disable self-registration by default
- Bug #609167: Add group categories default action is page submit, not add
- Bug #620161: Distinction between Name and Profile not clear
- Bug #633658: Shouldn't viewing and downloading files have the same process?
- Bug #646691: Blog account settings still available when blog disabled
- Bug #707161: opensslcnf not set (on rhel at least)
- Bug #731062: Feedback ratings are not exportable
- Bug #731647: Ignore duplicates in CSV upload
- Bug #746418: Institution authentication plugin option doesn't exist when creating new institution
- Bug #852304: Sending a friend request should return you to the page you were previously on
- Bug #892684: Remove the Contact Info block
- Bug #898470: Inconsistent "required field" behavior on institution membership page
- Bug #995761: Use the same paginator throughout
- Bug #996337: Forum post delay setting only sticks after you clicked "Save"
- Bug #1034213: When editing the group editablity times with a end date before the start date both dates are greyed out after validation 
- Bug #1047481: Groups menu 'I want to join' - improvement
- Bug #1053223: Publish/Unpublish a journal's entry should change the background
- Bug #1064219: "Add page to watchlist" not clear on artefact page
- Bug #1067550: /admin/users/bulk.php shows submit button for changing auth method even if only 1 auth method
- Bug #1067724: Unable to read language directory
- Bug #1075760: reporting objectional material with no message doesn't get sent to admin with digest emails
- Bug #1115638: Empty masquerading report needs "none found" type string
- Bug #1195120: Delete superflous fullstop on /admin/groups/uploadcsv.php
- Bug #1196213: Linking of tags in tag search
- Bug #1203082: Change password warning contains escaped html
- Bug #1212541: GoogleSpell has been discontinued -- remove it from TinyMCE spellchecker
- Bug #1220410: MNet with port number requires port to be in wwwroot
- Bug #1220943: Warning when creating a new auth instance in 1.8dev
- Bug #1231920: Duplicate tags in page creation gives error message
- Bug #1240306: Styling error on add user page if there's a very long institution name
- Bug #1246024: error message disappears too fast
- Bug #1246573: Upgrade htmlpurifier to 4.5.0
- Bug #1246933: image slider display error
- Bug #1247729: Elastic Search: Set the second column to sort by to score
- Bug #1247729: Elastic Search: Set the second column to sort by to score
- Bug #1250235: View gives error if user could make skins then had option revoked
- Bug #1250239: Saving 'no institution' institution gives errors
- Bug #1250256: Support for changing the session directory
- Bug #1251089: Invalid value for licensedefault
- Bug #1253462: Undefined property: stdClass::$urlid after doing feedback
- Bug #1253835: Make profile page tabs design responsive
- Bug #1259366: Title of 'Tasks' page should be capitalised
- Bug #1259401: Dashboard info (Create and Collect, ...) is hard to understand when using a screen reader
- Bug #1259402: "Learn more" link when posting on a Wall is not descriptive
- Bug #1259689: Skin metadata lightbox is not keyboard-accessible
- Bug #1259757: Gender radio buttons need descriptive labels
- Bug #1261231: Allow a VERP "bounceprefix" that's not exactly 4 characters
- Bug #1261233: Allow a VERP "bounces_ratio" of 0
- Bug #1262487: Row headers in "Edit Access" table are confusing for screen reader users
- Bug #1262490: Add buttons in "Edit Access" should have more descriptive text
- Bug #1262899: Add buttons in "Edit Access" should move focus to the inserted row
- Bug #1262911: In-page tabs should use focus management
- Bug #1265061: Add support for regional languages to TinyMCE language detection
- Bug #1265088: Description of dual listbox (in Admin) is unclear to screen reader users
- Bug #1265091: Pieforms date elements should have "Not specified" before the date picker
- Bug #1265098: Register site page title should be more descriptive
- Bug #1265099: Some form elements in Administration area need labels
- Bug #1265101: License icons need alt text
- Bug #1266300: hover over unselected tabs in admin -> users ->reports not showing pointer cursor
- Bug #1266624: When using small headers, action buttons break the logical ordering of the page
- Bug #1267240: Clicking on new change layout icon needs to warn if navigating away without saving
- Bug #1267296: Focus should be set to search results if loaded with AJAX (Administration)
- Bug #1267633: It's confusing to hide the "copy for new users" site page access option
- Bug #1271391: focus on help box close button in chromium has gap
- Bug #1275617: Allow CLI api to specify exit code
- Bug #1279529: All attachments tables should be collapsable
- Bug #1281121: Method view_has_token uses uninitialized variable
- Bug #1282872: Top right "Settings" image should not have alt text
- Bug #1285414: User search column headers should include text to explain sort order
- Bug #1285890: Set focus to new row when adding a group category
- Bug #1285892: Title of "Group categories" page should be made more descriptive
- Bug #1290672: PluginArtefactResume should extend PluginArtefact
- Bug #1297516: Font preview page did NOT display properly
- Bug #1298129: Multicolumntable pieform help is broken
- Bug #1298671: The link in the skin thumbnail header should be not displayed in Chromium
- Bug #1301096: Eliminate redundant &obsolete get_mime_type() function
- Bug #817372: Override forum post delay for individual groups and/or forums
- Bug #817373: Add ability to 'send now' on a forum post
- Bug #833867: Add "Show Description" to Image Gallery
- Bug #1027260: Warning when deleting a page that is used in a collection
- Bug #1041228: Improve watchlist notifications
- Bug #1204699: Mahara does not notify administrators if institutional membership is full
- Bug #1223069: Site files accessible in "Links and resources" sidebar
- Bug #1233896: Sort files in the "Folder" block
- Bug #1237013: Allow theme to turn off skins
- Bug #1245679: Place feedback for a view in a block rather at base of page
- Bug #1246547: Give a different error message for an expired registration key than for an invalid registration key
- Bug #1248318: Allow $SESSION messages to be displayed in alternative places
- Bug #1252098: Wishlist: reCAPTCHA support
- Bug #1252101: Wishlist: Prevent new users from taking spammy actions
- Bug #1254299: Institutional Specific Dashboard
- Bug #1258130: Directive on Privacy and Electronic Communications
- Bug #1259538: "Progress bar" based on Institution selected preferences
- Bug #1259741: "Jump to Content" link should be included for screen reader users
- Bug #1259773: Having group links as a bulleted list in sidebar is confusing for screen reader users
- Bug #1262477: First column in Inbox should have a hidden header
- Bug #1266320: Feature request: Institution-specific default languages
- Bug #1266907: Edit/Add License page titles should be more descriptive
- Bug #1272240: New group page notification
- Bug #1273542: Add Creative Commons 4.0 as licence types to the admin-controlled licenses
- Bug #1273931: It is impossible to add custom CSS for blocks
- Bug #1281364: Let users from controlled-registration institutions delete their accounts
- Bug #1281847: Elasticsearch: Show forum post dates in search results

1.8.2 (2014-04-03)
- Bug 1239461: External feed has duplicate rows causing problems
- Bug 1249858: Mahara can't figure out mime types because of a finfo() bug
- Bug 1256118: elasticsearch install hangs if ElasticSearch Server not running
- Bug 1257953: public group forum info do not show up in elasticsearch
- Bug 1262050: Same profile picture used on "Shared with me"
- Bug 1264105: Problem with deleting skins that are attached to a portfolio page
- Bug 1265049: forum post notifications have escaped <br> in message in inbox
- Bug 1266317: Institution/group ownership of custom flexible layouts
- Bug 1266976: Update to HTMLPurifier 4.6.0
- Bug 1268788: mobile_api_json_reply sends extra stuff at the top, making it invalid json
- Bug 1270752: "shared with me" pagination fails with IE 9
- Bug 1284876: Suspended users can log in via password reset email
- Bug 1284878: external feed rss not updating
- Bug 1287350: New Google Drive URL
- Bug 1290649: fonts not working under https
- Bug 1064780: Default journal of a Persona auth account doesn't have user's name
- Bug 1070046: select query uses more than MAX_JOIN_SIZE on mysql
- Bug 1086569: Lang string misleading when inst. staff doesn't have stats access
- Bug 1099811: group files error after upgrade
- Bug 1239928: Prezi doesn't load
- Bug 1259377: Explanation when there are no tasks in a plan is unclear
- Bug 1262932: Bad data in the DB can cause the schema correction SQL to throw a fatal error
- Bug 1278667: Two error messages when uploading files without accepting upload agreement
- Bug 1284869: Suspended user login attempts show up in "Online Users" list
- Bug 1287262: unable to create group home page
- Bug 1064219: "Add page to watchlist" not clear on artefact page
- Bug 1067724: Unable to read language directory
- Bug 1195120: Delete superflous fullstop on /admin/groups/uploadcsv.php
- Bug 1203082: Change password warning contains escaped html
- Bug 1231920: Duplicate tags in page creation gives error message
- Bug 1253462: Undefined property: stdClass::$urlid after doing feedback
- Bug 1267240: Clicking on new change layout icon needs to warn if navigating away without saving

1.8.1 (2013-12-18)
- Bug 1247715: MySQLi driver errors out with non-default port number
- Bug 1246024: Error message fading too fast to read
- Bug 1053708: Problems when changing the page size in the paginator
- Bug 1058416: Properly setting the clean URL for copied pages
- Bug 1255361: Error when a site admin tries to attach a file to an institution page
- Bug 1250239: Errors while changing settings for "No Institution"
- Bug 996337: Forum post delay not properly displayed
- Bug 974855: Missing help file for "generate sitemap" option
- Bug 1248307: When device detection is on, show radio button
- Bug 1254394: User auth method can't be changed
- Bug 1255378: Fill in missing "find_key-name()" method implementation
- Bug 1081947: Removing usage of CAST() for MySQL optimization
- Bug 1174623: Sites upgraded from 1.0 missing some keys and indexes
- Bug 1067550: On bulk user edit page, don't show "change auth" if there's only 1 auth
- Bug 1075760: Empty objectionable material reports not included in digest emails
- Bug 1196213: On "my tags" page, tags not linked for most users
- Bug 1237177: Elasticsearch: not including group content
- Bug 1245638: Elasticsearch: Textboxes should be indexed as text rather than media
- Bug 1247729: Elasticsearch: Set 2nd column to sort by score/relevance
- Bug 1252497: Skins: creation date overwritten on edit
- Bug 1249123: Skins: Allow to specify where "No Institution" should allow skins
- Bug 1239271: Skins: description not displayed
- 

1.8.0 (2013-10-24)
- New features: 
-- Turned the block chooser vertical and scrolling, to accomodate longer Pages
-- The Image block and Text Box block are now conveniently at the top of the block chooser
-- Page layouts can now have rows as well as columns
-- Users can import leap2a files into their existing Mahara account
-- PDF block allows PDFs to be viewed inline in a Page
-- Resume elements can have attachments
-- Notes (and text box blocks) can have attachments
-- Users are notified when they try to navigate away from a page with unsaved changes
-- Many more types of user content can have tags
-- Resume entries for electronic publications can now be hotlinks
-- Drag-and-drop to upload files
-- Page skins, which give individual users the ability to change the CSS of their Pages
-- Admins can search for users with duplicate email addresses
-- Admins can filter user search by auth method
-- Elasticsearch search plugin
-- "Additional HTML" config option for things such as Google Analytics
-- A cron job in the LDAP auth plugin to synchronize Mahara accounts with LDAP
- Security Bug #1034180: A group member with no access rights to folder can still view it
- Security Bug #1236636: Can attach other users' Folders to your Image Gallery block 
- Bug #1180625: Update ADOdb library to version 5.18 
- Bug #1187964: Use adodb "mysqli" instead of "mysql" 
- Bug #1180624: Add support for SQL temp tables 
- Bug #1184450: Add mysql collation mode to pre-install sanity check 
- Bug #1235305: Image slideshow fails first time when selecting 'Style:  Slideshow' 
- Bug #1045563: Email address in the 'Required profile fields' form must be validated 
- Bug #1097565: Automatic account expiry doesn't happen 
- Bug #1140836: 'Max. items per page' doesn't work for group pages 
- Bug #1160093: Don't display a remote username on /admin/users/edit.php if no remote username exists 
- Bug #1187963: Updating group members by CSV caused existing group admins removed 
- Bug #1211621: Centralized license and copyright info from file headers into README
- Bug #1214124: Improve stylesheet cacheing 
- Bug #1239539: Registration:  Force Terms and Conditions - error text 
- Bug #993676: Members did not show up in second search if the first search found no results 
- Bug #1046114: Errors when adding new institution members 
- Bug #1127801: consecutive deleted forum posts for same user should be grouped 
- Bug #1158086: Forum:  error after deleting a post that is the child of another deleted post 
- Bug #1187571: Updating groups by CSV caused 'Not found' page 
- Bug #1193757: Institution admin needs tob e able to change auth method "No institution" to one of their own 
- Bug #1203965: Increase number of characters in collection tabs 
- Bug #1204309: Edit forum post error if parent is deleted 
- Bug #1220639: mp4 file has wrong icon 
- Bug #1223063: Deleting display name does not remove it 
- Bug #1234487: Put the system requirements for each Mahara release into README 
- Bug #1238407: Mahara 1.0 upgrade path depends on no-longer-supported "ENGINE=INNODB" 
- Bug #1240746: Plans page displaying 1 block of text when I used 3 paragraphs  
- Bug #1242263: Switch suspension reason and "Suspend" button around 
- Bug #703980: personal information pulled into add resume even if there is nothing in it 
- Bug #959926: No warning when deleting a profile picture that is used in a portfolio page 
- Bug #1017281: The pagination drop down shows when less than 10 entries on the page. 
- Bug #1078591: ClamAV path missing/not detected. No option to provide path to Clamav 
- Bug #1114790: masqueradingreasonrequireddescription string is misleading about settings 
- Bug #1165300: Year not shown for post dates on "Topics" 
- Bug #1166578: auth/session.php incorrectly multiplies $cfg->session_timeout by 60 
- Bug #1168422: clamdscan permission issues 
- Bug #1182649: uploading multiple files - only last one gets marked complete 
- Bug #1191605: blocktype/externalfeed/lib.php throws array_chunk errors 
- Bug #1201052: Notification to anonymous user when comment was submitted 
- Bug #1201055: Change lang string for updated comments when moderation is turned on 
- Bug #1208287: Clarify error message in Mahara syntax checker about table names with {} 
- Bug #1211161: Creating a new group with cleanurls active, throws a warning 
- Bug #1220108: 'usersuniquebyusername' config option not in lib/config-defaults.php 
- Bug #1222200: Make the masquerade "Log in anyway" link more noticeable to admins
- Bug #1230044: Wording in password reset phrase in English 
- Bug #547386: Linking to electronic publications 
- Bug #680710: Revive the Solr plugin using elasticsearch 
- Bug #1036556: Embed PDF 
- Bug #1046750: Show more of the file name 
- Bug #1050297: drag & drop content from desktop 
- Bug #1073625: Add additional html interface 
- Bug #1083263: Filter by auth method in "User search" 
- Bug #1103942: Allow uploading attachments to Resume composites 
- Bug #1117237: Allow uploading attachments to Textboxes/Notes 
- Bug #1166499: Filter out accounts with duplicate email address 
- Bug #1168213: Wishlist/Feature Request:  Customise page themes (skins) 
- Bug #1180622: Integrate Patrick Pollet's ldap sync plugin into the core auth/ldap plugin 
- Bug #1180997: Add tagging feature for all user's content 
- Bug #1182739: Display a warning message when navigating away without saving 
- Bug #1183612: Make it easier to change a user's profile picture 
- Bug #1185209: Allow existing users to import LEAP2A content into their portfolio 
- Bug #1190720: Edit access page needs default share with text 
- Bug #1194672: Drop-down navigation option be overridden at institutional level 
- Bug #1197154: Hide or move the "Retractable" and "Automatically retract" controls for blocks 
- Bug #1201258: artefact chooser panel 
- Bug #1193936: License info is NOT updated when using content from other text boxes 
- Bug #1235813: "Your entire resume" should be "My entire resume" 
- Bug #959926: No warning when deleting a profile picture that is used in a portfolio page

1.7.3 (2013-10-03)
- Bug #1211758 Security bug: Arbitrary image download
- Bug #1175446 Security bug: user supplied $_SERVER['HTTP_HOST'] can be used for injections
- Bug #1233500 Security bug: Not checking ownership of blocks before editing them
- Bug #1158625 Make profile information not avaialble for public when not shared
- Bug #1207140 The embedded iframe filter doesn't support scheme-relative URLs such as "//youtube.com" (now used in the YouTube and Vi$
- Bug #1218091 Pager in search in a block doesn't work
- Bug #1195489 After installation, make the installer "jump" to the "Continue" link at the bottom of the page
- Bug #1214647 When an auth instance is deleted, disable it as a parent authority
- Bug #1215190 LDAP support for non-standard port LDAP Urls
- Bug #1215702 Reduce false positives in syntax checker for unbracketed SQL tables
- Bug #1218684 Alt tag in the artefact chooser panel only says "Preview"
- Bug #1219499 Some RSS feed channel images are rendered too large in External feeds block
- Bug #1222368 Missing lang string for group page with clean URL
- Bug #1227372 Missing lang string for existing URL on allowed iframes
- Bug #1095208 uploading a file - "Loading" message remains
- Bug #1165592 "Cron is not running" not displayed in red anymous
- Bug #1188001 Page view throws headdata warning, if group submissions enabled
- Bug #1213908 Undefined variable $id in group/report.php
- Bug #1072972 Internal search ignores 'KATAKANA-HIRAGANA PROLONGED SOUND MARK'

1.7.2 (2013-07-25)
- Bug #1177187: program code error when create new rss feed in mahara 1.7.1
- Bug #1130990: creating a journal with licence requirements on causes errors
- Bug #1132660: "invite user to group" form on user profile page throws headdata error
- Bug #1166879: Multiple blogs parameter uncheck when profile is updated
- Bug #1171310: Can bypass comment moderation by editing a comment
- Bug #1180194: Changing the auth method requires info about remoteuser getting lost
- Bug #1180243: Installation hangs with "Mahara requires InnoDB tables" on mysql 5.6
- Bug #1190186: Masquerading sessions report fails if database tables have prefix
- Bug #1191453: Don't show password in cleartext
- Bug #1171365: Resume: Let user set gender to "unspecified"
- Bug #1179299: "Other (enter URL" not translatable for license
- Bug #1180263: Help not shown in edit note/text box form
- Bug #1185661: HTML export doesn't list Pages on the index page
- Bug #1195269: Resume "birthdate" field, if empty auto-fills to 1 Jan 1970
- Bug #1150831: Trailing slash missing in directory URL

1.7.1 (2013-05-02)
- Bug #1171714: Bug that can cause RSS feeds to be randomly copied between users
- Bug #1016253: Don't include RSS block passwords in Leap2A archives
- Bug #1016253: Fix terminal error when there's a mistake in an authenticated RSS feed
- Bug #1016253: Don't send RSS block passwords to the browser in plain text
- Bug #1172096: If the URL of an RSS feed block is changed, force password re-entry
- Bug #1088609: Fix moderation of anonymous comments
- Bug #1170587: Potential artefacts installation issue
- Bug #1171641: Correct license code's support for $cfg->dbprefix
- Bug #1168617: Add missing tooltip text to group admin page
- Bug #1165587: Updating YouTube favicon for externalmedia block
- Bug #788882: Fix decompression of ZIP files containing subdirectories
- Bug #1173440: Address bug in group edit form when cleanurls toggled on & off
- Bug #1051792: Fix a warning when uploading users via CSV
- Bug #1101984: Make filebrowser error messages have a red background
- Bug #1174540: Fix warnings when licenses are disabled
- Bug #1039865: Remove explicit CAST to improve MySQL performance during upgrade
- 

1.7.1 (2013-05-02)
- Bug #1171714: Bug that can cause RSS feeds to be randomly copied between users
- Bug #1016253: Don't include RSS block passwords in Leap2A archives
- Bug #1016253: Fix terminal error when there's a mistake in an authenticated RSS feed
- Bug #1016253: Don't send RSS block passwords to the browser in plain text
- Bug #1172096: If the URL of an RSS feed block is changed, force password re-entry
- Bug #1088609: Fix moderation of anonymous comments
- Bug #1170587: Potential artefacts installation issue
- Bug #1171641: Correct license code's support for $cfg->dbprefix
- Bug #1168617: Add missing tooltip text to group admin page
- Bug #1165587: Updating YouTube favicon for externalmedia block
- Bug #788882: Fix decompression of ZIP files containing subdirectories
- Bug #1173440: Address bug in group edit form when cleanurls toggled on & off
- Bug #1051792: Fix a warning when uploading users via CSV
- Bug #1101984: Make filebrowser error messages have a red background
- Bug #1174540: Fix warnings when licenses are disabled
- 

1.7.0 (2013-04-19)
- Bug 1100187: First option under "manage institutions", institution is not capitalised
- Bug 1100024: Relocate "Shared pages" menu item
- Bug 1095499: License metadata for every artefact
- Bug 1085566: Add logged in filter to admin search
- Bug 1081194: Add 'groups I can join' to groups search condition and make it default
- Bug 1051868: Add support for "retractable" blocks
- Bug 1040337: Upgraded TinyMCE to 3.5.8
- Bug 1033070: Increase limit on group members block
- Bug 1027574: Improve logging of what admins do while masqueraded
- Bug 939299: Display more collections on the overview page
- Bug 1100030: Take out word-break in the CSS
- Bug 1057259: Add year to forum post dates
- Bug 1051497: Correct word spacing between posts and entries on journal page
- Bug 1050655: forum post notification subject should be the post subject not the topic subject
- Bug 1021653: Ensure length of input fields is sufficient for required data
- Bug 1006706: Missing lang strings in view/urls.php
- Bug 952625: Pending registrations have an unreasonable expiry time
- Bug 920263: Make "Institution expiry date" column not be in italics
- Bug 913320: Separate "Suspend / delete user" on /admin/users/edit.php
- Bug 1100104: Account deleted notice to include contact information
- Bug 1100066: dwoo function str doesn't take extra arguments that are "0"
- Bug 1073136: Fix ordering of forums when there are more than 10 forums
- Bug 1072850: Facebook doesn't pick up Mahara's Facebook logo
- Bug 1069811: Quota exceeded message for groups
- Bug 1069664: "Text on background" does not change for top right-hand corner in configurable theme
- Bug 1068962: "Delete users" button should be red on /admin/users/suspended.php
- Bug 1051529: Activating spellchecker brings up warning
- Bug 1046617: hard-coded plural logic on /group/find.php
- Bug 1023834: Refactor login form elements code duplication
- Bug 1154928: Warning when adding a new user or add users via CSV
- Bug 1145178: Warning after installing other language packs
- Bug 1095834: Wrong result when searching for the special string: '0'
- Bug 1089730: Plain editor not available in Resume area instead of WYSIWYG editor
- Bug 1081309: export fails if files missing from dataroot
- Bug 1079451: split function is deprecated but still used
- Bug 1074974: WMV files are not recognized by Internal Media block when uploaded directly in the block
- Bug 1072967: Add user-unique message IDs to forum emails
- Bug 1069274: "Allow copying" is not shown on the institution and site access list
- Bug 1068952: Update of user information brings warnings
- Bug 1056544: The number of topics on /interaction/forum/view.php doesn't count the sticky topics
- Bug 1111066: define('CLI') should bypass auth_setup() in init.php
- Bug 1091506: Allowed iframe sources page doesn't allow sideblocks
- Bug 1091504: Suspended and expired users page is not displayed as selected in menu
- Bug 1031560: json_headers change to use application/json
- Bug 1046647: Warnings when access "Group files" tab
- Bug 1046641: "Group files" tab does not show up until the user re-login.
- Bug 900983: Notification after user has been masqueraded

1.6.4 (2013-04-15)
- Bug #1153423 Stored XSS in TinyMCE editor
- Bug #1141446 Google presentation embed code doesn't work

1.6.3 (2013-02-15)
- Bug #1082416 XMLRPC with Firefox 17.0 not possible
- Bug #1091764 Cross site Scripting(XSS) Vulnerability in notes page
- Bug #1103748 included flowplayer 3.2.7 is vulnerable
- Bug #1113180 Delete Wall Post Throws 404 Error
- Bug #1115832 collection navigation links break after "show more" with cleanurls
- Bug #1089282 Pagination links are broken due to encoding of encoded ampersands
- Bug #1090203 Double encoding of &amp; in 'url' for pagination causes pagination links to be broken
- Bug #1085569 Link to user profile takes on comment ID
- Bug #1097788 forum next page link
- 

1.6.2 (2012-11-23)
- Bug #1079498: Fix XSS in pagination URL
- Fix the rss image exceptions preventing updating (Bug #1081431)
- Check originals directory before iterator in upgrade (Bug #1080498)
- Fix mnet jump-back link regression (Bug #1079260)
- Escape table names in profile image query (Bug #1077013)
- 

1.6.1 (2012-10-24)
- Fix regression with mobile upload token (Bug #1057878)
- 

1.6.0 (2012-10-19)
- A new "responsive theme", designed to work fluidly on many screen sizes; especially mobile devices
- Members of multiple institutions can decide which theme to use
- Basic support for theming logged-out users
- Option for images to be resized at upload time
- Ability to add journal entries directly from a page
- Tagged journal entries block can show full entries
- Collections can be submitted to groups
- Mobile uploads support multiple devices
- Mobile API support for journal entries and attaching files to journal entries
- Mobile API support for syncing messages, tags, files, and journals
- Breadcrumbs in small headers are visible at all times
- New "Unpublish" button for journal entries
- Optional "Clean URLs" for user profiles, portfolio page, groups and group pages with support for subdomains
- More sorting options on member's listing in a group
- Collections are available for groups, institutions and on the site level
- Group information expanded to include number of forums, topics and posts
- Group admins can enable and view participation reports within groups
- Editability of group content can be limited with a start and end time
- Pagination for forum topics
- Statistics for institutions and more statistics at the site level
- Cron error message appears red for visibility
- Option to add institution staff rights during registration approval
- Configurable SafeIframe site list
- Option to allow self registration process for users authenticating via Persona
- Cron can poll an imap inbox for mail bounces
- Option to allow local customisation of "Edit site pages" list
- "User search" in the admin area links to profile pages
- 

1.6rc1 (2012-09-17)
- 
- First Release Candidate for 1.6.0

1.5.2 (2012-07-31)
- Logged-in user's name unescaped in top right header
- BrowserID changed login URL
- Textbox upgrade inserts too many rows per query in MySQL
- sprintf function problems with pluralrule
- "Copy page" button on group homepage to always copy page into personal portfolio

1.5.1 (2012-05-04)
- Use MySQL database collation for string literals (bug #985608)
- Make download.php publicly accessible (bug #979538)

1.5.0 (2012-04-17)
- A new theme for younger students called "Primary School"
- Optional drop-down menus for the site navigation
- Support for institution logos to replace the site header logo
- New institution theme with configurable colours
- Reusable text boxes, a.k.a. "Notes"
- Block to display journal entries with a particular tag
- Block to display a user's watchlist
- Improvements to online users sideblock (e.g. limit on number of users to display)
- Image gallery displays external galleries (flickr, Panoramio, Photobucket, Picasa, Windows Live)
- Support for embedding content from Glogster, Prezi, Slideshare, Vimeo, Voki and WikiEducator
- Add an option to include feedback in HTML export
- Implementation of the SafeIFrame feature of HTML Purifier to facilitate the use of specified iFrames
- Copying of collections
- Pages and collections can be shared with institutions
- Allow original author of a copyable page to retain permission to see copies of the page
- More search options on "Shared pages"
- Added and updated many help texts and descriptions
- Improvements to search usability
- WYSIWYG fullscreen option
- Profile pictures are available in the files area
- Multiple file uploads
- Institution landing page listing institution admins and staff
- Users can suggest and invite others to groups
- Group admins can hide members
- Group and group member CSV uploads
- Group file quotas
- Admins can suspend, delete, and change the authentication method for multiple users in one action
- Admin report on user pages access lists
- Support for custom links in the footer menu
- User file quotas are configurable by institution and visible on the user accounts page
- Set general account preferences when adding users for internal authentication
- Allow institutions more control over access to user profiles
- Allow site admin to specify a default notification method for new users
- MNet key regeneration button and functions to export dashboard info to Moodle
- User CSV upload can make updates to existing users
- Sitemap generation
- CLI install and upgrade abilities for unattended installations
- BrowserID authentication method
- More user-friendly password policy with password salts, bcrypt storage and brute force prevention
- Student ID and display name can be set from LDAP
- Confirmation of new user registrations via self-registration method prior to account creation

1.4.2 (2012-03-06)
- Fix PHP Fatal Error in user/view.php (Bug #885588)
- Fixes to Selenium tests
- Blog block pagination bug prevents images from being displayed (Bug #886581)
- Fixed youtube filter Bug #884438
- Ensure that default SAML behaviour is to match user to remote user name (Bug #932909)
- Update the registration URL to support SSL (Bug #943772)

1.4.1 (2011-11-01)
- XSS in unvalidated URI attributes (CVE-2011-2771)
- Information disclosure exposing private messages (CVE-2011-2774)
- DoS via invalid or excessively large images (CVE-2011-2773)
- CSRF to trick admins into adding a user to an institution (CVE-2011-2773)
- Fix broken links on export page
- Fix problems with blog, plan and comment pagination, and comment deletion
- Fix embedding issues with google docs and multimedia content
- Fix issues preventing tinymce and pieforms javascript loading for text areas
- Fix fatal errors for collections and image galleries
- Fix issues with settings for search plugin and mail preferences
- Ensure that bulk imported users are forced to change passwords

1.4.0 (2011-06-14)
- new Google Apps and Image Gallery blocks
- star ratings with comments
- easier page for sharing content with others
- ability to add comments on file artefacts
- support for SSL-based SMTP and LDAP servers
- administration interace for mail server configuration
- remote avatar (Gravatar) support for HTTPS sites
- "views" are now "pages" and "blogs" are now "journals"
- lots of small changes to make the interface more consistent
- pages can now display more than one embedded video at a time
- added a fullscreen button to the internal video player
- added spellchecker and undo button to the WYSIWYG editor
- spam checks now also performed on forum posts
- support for new Youtube Iframe embed code
- optional site-wide maximum quota
- working start/stop overrides on pages
- removal of the obsolete and broken Solr search plugin
- removal of the httpswwwroot setting
- removal of the .htaccess file

1.3.6 (2011-05-10)
- Privilege escalations (CVE-2011-1402)
- Fixes to session key validation (CVE-2011-1403)
- Information disclosure in AJAX calls (CVE-2011-1404)
- Sanitisation of HTML emails (CVE-2011-1405)
- https to http downgrade (CVE-2011-1406)

1.3.5 (2011-03-29)
- Upgrade to HTML Purifier 4.3.0 (includes security fixes)

1.3.4 (2011-03-24)
- Blogs get deleted without sesskey check (CVE 2011-0440)
- XSS in select box validation (CVE 2011-0439)
- Leap2A fixes
- Fix for out of memory errors

1.3.3 (2010-11-07)
- Fix for XSS vulnerability (CVE-2010-3871)
- Fixes to category namespaces and encoding in Leap2a import/export
- Updates to selenium tests
- Fixes to permissions in secret URL views and feedback attachments
- Fixes in view creation wizard, embedded media block, js calendar

1.3.2 (2010-10-08)
- Bug fixes to group homepage, blogs, LDAP authentication, view themes, and embedded video.

1.3.1 (2010-09-17)
- Bug fixes in upgrade from 1.2.x
- Browse user files while in group views
- Reporting of max file size errors on upload
- Fix missing logged out language selector
- Minor fixes in UI workflow, themes & default language pack

1.3.0 (2010-09-10)
- User-configurable home page (Dashboard View)
- Simpler main navigation
- Basic Mahara information & help on home page
- View/artefact feedback enhancements:
- Collections (sets of Views that are linked to one another)
- Plans (task lists)
- Users can change the theme for individual views
- Support for Gravatar profile icons
- Configurable number of items in external feed, blog blocks
- New block types: notifications, recently modified views, recent forum posts
- More user-friendly notifications & help text
- Show entire thread when replying to personal messages
- External objects that have <embed> or <object> tags can be embedded into blog posts, text boxes or uploaded within an HTML file
- Locking of blogposts and files in submitted views
- Atom feeds for public blogs and forums
- new flash-based video player with support for .mp4 files (H.264)
- Moodle Repository plugin support (allows a user's Mahara files to be accessed from their Moodle account)
- Portfolio API to allow import of artefacts from Moodle over MNET.
- Configurable group home page (Group Homepage View)
- Improved ways to add/invite users to invite only and "course membership" groups:
- View submission from group page and from the view itself
- Group categories for use in group searches
- Admin group management page for group deletion/assignment of group admins
- Groups can disable new view access notifictions
- View access to group only notified when the view owner also belongs to the group
- Bulk user import & export (experimental)
- CAPTCHAs replaced with new anti-spam features to make form-filling difficult for bots & check urls in content against known spam blacklists
- Site statistics & graphs in admin area
- Admin page shows link to latest Mahara release & status of cron
- Admin site options grouped into sections
- Record number of page hits on views & display these to the owner
- Facility to disable email addresses after receiving multiple bounces.
- Footer links can be disabled/enabled
- Online users can be disabled
- Indenting of threads can be disabled per-forum
- Active user sessions revoked on suspension
- Full security review of all db queries & templates; automatic template escaping enabled
- New version of HTMLPurifier allows safe <embed> and <object> tags in user html content
- Search options to make users always searchable by their real names & usernames
- Leap2a support updated to version 2010-07

1.2.6 (2010-09-01)
- Better mimetype detection
- New flash-based video player
- Bug fixes including upgrade from 1.0.x, blogpost image button
- 

1.2.5 (2010-07-02)
- Multiple XSS vulnerabilities (CVE-2010-1667)
- Multiple CSRF vulnerabilities (CVE-2010-1668)
- SQL Injection (CVE-2010-1669)
- Removal of dangerous auth plugin configuration options (CVE-2010-1670)
- New version of HTML Purifier fixing an IE-only XSS (CVE-2010-2479)
- Better handling of cron events to avoid sending duplicate emails
- Fix problems when mime_content_type() is missing
- Improved detection of https on Windows
- Set the correct envolope sender for emails sent on cron
- Set the locale in Mahara instead of in language packs

1.2.4 (2010-04-06)
- Bug fixes

1.2.3 (2010-02-08)
- New authentication plugin: SAML
- Various Internet Explorer Fixes
- Blog post deletion fixes

1.2.2 (2009-12-08)
- Fix for broken upgrade in 1.2.1

1.2.1 (2009-12-08)
- Bug fixes

1.2.0 (2009-11-16)
- Mahara now ships with six themes: Aqua, Default, Fresh, Raw, Sunset, Ultima
- Site admins can now disable artefact and blocktype plugins
- Files section rewritten: works without javascript, uploading is easier
- Can extract .zip, .tar.gz and .tar.bz2 files in the files area
- Full Import/Export system with LEAP2A suport, and static HTML export
- Support for submitting views to MNET Peers for assessment (e.g. Moodle)
- View interface sped up, files can be uploaded on the View screen
- UTF8 database now required for new installs (old installs will continue to work)
- Allow more group type/join type combinations, and more control over group creation
- Simplifications to the blog (all users get one blog to start with)
- Added a new blocktype for specifying a license for a View
- RTL language pack support
- Upgraded tinyMCE to version 3.2.5
- Replaced Smarty with Dwoo

1.1.7 (2009-10-29)
- Upgraded HTMLPurifier to 4.0.0
- Fix creation of duplicate user accounts when using LDAP and XMLRPC authentication
- HTTPS logins supported
- Improvements to MNET: windows profile icon importing & links in emails
- Implemented "update user info on login" flag for LDAP
- CVE-2009-3298: Privelege escalation vulnerability
- CVE-2009-3299: Cross site scripting in resume
- Several bug fixes and minor translation updates across Mahara

1.1.6 (2009-08-04)
- Forum e-mail notifications now have a cleaner format, and allow users to unsubscribe immediately.
- Enforce UTF8 database upon installation.
- Upgraded bundled XML feed reader to 1.0.3, multiple bug fixes to RSS handling.
- Wall posts now have a configurable character limit.
- Fixed a very slow query affecting My Groups and user profile pages.
- Many bug fixes across all areas of Mahara.

1.1.5 (2009-06-22)
- Czech strings for Pieforms library
- Bug fixes for embedded media block, multibyte character string handling,
- public forums, email notifications
- Security fixes: multiple xss bugs and information disclosure bug for user files.

1.1.4 (2009-06-11)
- Dutch and Slovenian translations of pieform strings.
- Spanish translation of TinyMCE.
- Increase number of users shown on the admin/staff pages, and sort listing.
- List user institutions on profile page and search results.
- Bugfixes to view feedback, embedded media mimetypes, SSO, and more.

1.1.3 (2009-04-22)
- Fixed XSS vulnerabilities in user views (CVE-2009-0664)
- Prevent arbitrary code execution in html2text library (CVE-2008-5619)
- Allow course groups with membership by request
- Many minor improvements and bug fixes
1.1.2 (2009-03-10)
- Fixed multiple XSS vulnerabilities in user profile data and blogs
  (CVE-2009-0660)
- minor fixes to portfolio import, html validation, default theme and upgrade
  path from 1.0
- added support for embedding slideshare widgets
1.1.1 (2009-02-27)
- a few fixes to the upgrade path from 1.0
1.1.0 (2009-02-26)
- raft of new features over the 1.0 series of Mahara
- ability to copy Views
- many improvements to Groups
- ability to import content from other systems (such as Moodle 2.0)
- user profile pages such as Views
- many other smaller improvements and bugfixes have been made.

1.0.9 (2009-01-29)
- small bugfixes and minor layout improvements
- fixes the blank screens some people were seeing upon installation
- filters HTML that is used in the forums

1.0.8 (2009-01-07)
- fixes a bug that prevented email from being sent
- makes it much easier to install new language packs

1.0.7 (2008-12-23)
- increases the memory limit available to Mahara
- adds a 'powered by mahara' icon and link to the footer
- a few bugfixes

1.0.6 (2008-11-04)
- security fixes for vulnerabilities in 3rd party libraries

1.0.5 (2008-09-25)
- bug and stability fixes around user authentication and MNET

1.0.4 (2008-06-25)
- bug and stability fixes around the administration section

1.0.3 (2008-06-13)
- HTTP level performance improvements
- some MySQL fixes
- improvement to "login as" functionality
- some other bugfixes

1.0.2 (2007-04-28)
- more usability work for the Views interface
- bugfixes for videos in Views
- RSS blocktype is greatly improved, with the ability to show the
  feed icon and a full view of the feed
- bugfixes for SSO, authentication, and search.

1.0.1 (2008-04-09)
- minor bugfixes to the Resume, SSO, and MySQL support