Activity log for bug #1384481

Date Who What changed Old value New value Message
2014-10-22 22:32:49 Aaron Wells bug added bug
2014-10-22 22:33:03 Aaron Wells nominated for series mahara/1.9
2014-10-22 22:33:03 Aaron Wells bug task added mahara/1.9
2014-10-22 22:33:03 Aaron Wells nominated for series mahara/1.10
2014-10-22 22:33:03 Aaron Wells bug task added mahara/1.10
2014-10-22 22:33:03 Aaron Wells nominated for series mahara/1.11
2014-10-22 22:33:03 Aaron Wells bug task added mahara/1.11
2014-10-22 22:33:03 Aaron Wells nominated for series mahara/1.8
2014-10-22 22:33:03 Aaron Wells bug task added mahara/1.8
2014-10-22 22:33:13 Aaron Wells mahara/1.10: milestone 1.10.1
2014-10-22 22:33:16 Aaron Wells mahara/1.8: milestone 1.9.4
2014-10-22 22:33:19 Aaron Wells mahara/1.9: milestone 1.9.4
2014-10-22 22:33:24 Aaron Wells mahara/1.8: milestone 1.9.4 1.8.6
2014-10-22 22:33:28 Aaron Wells mahara/1.10: importance Undecided Medium
2014-10-22 22:33:30 Aaron Wells mahara/1.8: importance Undecided Medium
2014-10-22 22:33:32 Aaron Wells mahara/1.9: importance Undecided Medium
2014-10-22 22:33:37 Aaron Wells mahara/1.8: status New Confirmed
2014-10-22 22:33:39 Aaron Wells mahara/1.9: status New Confirmed
2014-10-22 22:33:42 Aaron Wells mahara/1.10: status New Confirmed
2014-10-23 00:46:42 Aaron Wells mahara/1.10: importance Medium Low
2014-10-23 00:46:46 Aaron Wells mahara/1.8: importance Medium Low
2014-10-23 00:46:49 Aaron Wells mahara/1.11: importance Medium Low
2014-10-23 00:46:51 Aaron Wells mahara/1.9: importance Medium Low
2014-10-23 00:47:09 Aaron Wells description We made a conscious decision not to display the Mahara minor version number on the footer of every page, except to Mahara admins. However, in bug 1214124 we then added the minor version number to every stylesheet and Javascript URL, which makes it trivially easy to find. You just look at the source code, and look for style.css: <link rel="stylesheet" type="text/css" href="https://mahara.org/theme/raw/static/style/style.css?v=1.9.3"> We should replace this with an arbitrary integer stored in a config variable, which gets incremented whenever we upgrade the site. This would have the added (minor) benefit that you could then force a reloading of all the assets without incrementing the major version number, by simplying increasing this integer. Only medium importance, because a dedicated hacker could probably infer the Mahara version number anyway, by looking at changes in the site's behavior. We made a conscious decision not to display the Mahara minor version number on the footer of every page, except to Mahara admins. However, in bug 1214124 we then added the minor version number to every stylesheet and Javascript URL, which makes it trivially easy to find. You just look at the source code, and look for style.css:     <link rel="stylesheet" type="text/css" href="https://mahara.org/theme/raw/static/style/style.css?v=1.9.3"> We should replace this with an arbitrary integer stored in a config variable, which gets incremented whenever we upgrade the site. This would have the added (minor) benefit that you could then force a reloading of all the assets without incrementing the major version number, by simplying increasing this integer. Only low importance, because a hacker could probably infer the Mahara version number anyway, by looking at changes in the site's behavior.
2014-10-23 00:47:16 Aaron Wells information type Private Security Public Security
2014-10-23 00:47:48 Aaron Wells description We made a conscious decision not to display the Mahara minor version number on the footer of every page, except to Mahara admins. However, in bug 1214124 we then added the minor version number to every stylesheet and Javascript URL, which makes it trivially easy to find. You just look at the source code, and look for style.css:     <link rel="stylesheet" type="text/css" href="https://mahara.org/theme/raw/static/style/style.css?v=1.9.3"> We should replace this with an arbitrary integer stored in a config variable, which gets incremented whenever we upgrade the site. This would have the added (minor) benefit that you could then force a reloading of all the assets without incrementing the major version number, by simplying increasing this integer. Only low importance, because a hacker could probably infer the Mahara version number anyway, by looking at changes in the site's behavior. We made a conscious decision, for security reasons, not to display the Mahara minor version number on the footer of every page, except to Mahara admins. However, in bug 1214124 we then added the minor version number to every stylesheet and Javascript URL, which makes it trivially easy to find. You just look at the source code, and look for style.css:     <link rel="stylesheet" type="text/css" href="https://mahara.org/theme/raw/static/style/style.css?v=1.9.3"> We should replace this with an arbitrary integer stored in a config variable, which gets incremented whenever we upgrade the site. This would have the added (minor) benefit that you could then force a reloading of all the assets without incrementing the major version number, by simplying increasing this integer. Only low importance, because a hacker could probably infer the Mahara version number anyway, by looking at changes in the site's behavior.
2014-11-05 01:19:53 Robert Lyon mahara/15.04: status In Progress Fix Committed
2014-11-05 01:37:57 Aaron Wells information type Public Security Private Security
2014-11-05 02:02:44 Aaron Wells mahara/1.10: status Confirmed Fix Committed
2014-11-05 20:21:58 Robert Lyon mahara/1.10: status Fix Committed In Progress
2014-11-05 21:46:53 Robert Lyon mahara/1.8: status Confirmed In Progress
2014-11-05 21:46:59 Robert Lyon mahara/1.9: status Confirmed In Progress
2014-11-05 22:20:52 Robert Lyon mahara/1.10: status In Progress Fix Committed
2014-11-05 22:20:54 Robert Lyon mahara/1.9: status In Progress Fix Committed
2014-11-05 22:20:57 Robert Lyon mahara/1.8: status In Progress Fix Committed
2014-11-05 23:07:24 Aaron Wells mahara/1.8: status Fix Committed In Progress
2014-11-05 23:07:28 Aaron Wells mahara/1.8: status In Progress Fix Committed
2014-11-05 23:07:30 Aaron Wells mahara/1.9: status Fix Committed In Progress
2014-11-05 23:07:32 Aaron Wells mahara/1.10: status Fix Committed In Progress
2014-11-05 23:07:34 Aaron Wells mahara/15.04: status Fix Committed In Progress
2014-11-06 03:54:53 Aaron Wells information type Private Security Public Security
2014-11-06 05:26:33 Robert Lyon mahara/1.9: status In Progress Fix Committed
2014-11-06 05:26:34 Robert Lyon mahara/15.04: status In Progress Fix Committed
2014-11-06 05:26:39 Robert Lyon mahara/1.10: status In Progress Fix Committed
2014-11-24 00:14:20 Kristina Hoeppner cve linked 2014-8692
2014-11-25 20:39:01 Robert Lyon mahara/1.8: milestone 1.8.6
2014-11-25 22:04:13 Son Nguyen mahara/1.10: status Fix Committed Fix Released
2014-11-25 22:09:41 Robert Lyon mahara/1.8: status Fix Committed Fix Released
2014-11-25 22:58:46 Robert Lyon mahara/1.9: status Fix Committed Fix Released
2015-04-17 02:03:20 Robert Lyon mahara: status Fix Committed Fix Released