And here's the fix to issue #2 mention in my previous comment, "Don't send the plaintext passwords (and/or usernames and/or URLs) to the user's browser:
https://reviews.mahara.org/2096
I think we should push this with the security release early this week, and we can work on encrypting them in the database for the next release.
And here's the fix to issue #2 mention in my previous comment, "Don't send the plaintext passwords (and/or usernames and/or URLs) to the user's browser:
https:/ /reviews. mahara. org/2096
I think we should push this with the security release early this week, and we can work on encrypting them in the database for the next release.