22.10.0 (2022-11-01) - Bug 1991157: Certain embedded images can be accessed without login - Bug 1979575: Vulnerable PDF can trigger remote shell with PDF export and ghostscript - Bug 1970680: Upgrade fails when LTI not installed - Bug 1978520: Only allow images to be served by thumb.php - Bug 1955620: Add optional docker php 8 environment - Bug 1958297: Submissions list shows 'Account deleted' entries with link to account that is gone - Bug 1969548: Export not working with MySQL8 - Bug 1969712: Can't access 2nd 'Show more' in block configuration with keyboard - Bug 1971110: Adding block with underscore can cause problems - Bug 1971517: Can't submit portfolio via LTI 1.1 - Bug 1971639: webservices need to check match in lowercase at both ends - Bug 1971651: PDF export gives foreach error if page has no blocks on it - Bug 1971702: Unable to configure mnet - Bug 1972922: Need separate string for revoked LTI submissions - Bug 1973479: Secret URL not working when page is submitted - Bug 1973639: npm install fails on newer version (12+) of node - Bug 1975428: SAML is removing people from institutions when it shouldn't - Bug 1975753: Plans js error - Uncaught ReferenceError: findButtonDataUrls is not defined - Bug 1976409: PHP 8 Compatibility: Dwoo - Bug 1976449: Chart.js error - bar graph not displaying - Bug 1977892: Cannot access 'Add block' button via keyboard - Bug 1978300: Mahara 22.04 upgrade fails due to missing use of dbprefix syntax - Bug 1979150: Accessibility: Keyboard access/Tab focus order - 'Add page' is last, should be first - Bug 1982520: Error with old block configdata - Bug 1982721: Allow for upgrades to happen in a certain order - Bug 1982803: Wrong email footer - Bug 1983308: Public group homepage / forum not viewable - Bug 1984139: Design adjustments for Bootstrap 5 - Bug 1984540: Update the legal disclaimer for Catalyst to 'Catalyst IT Limited' - Bug 1985857: If a portfolio is shared and made copyable then it's page theme disappears - Bug 1987027: MNet failing to set parent auth correctly when creating account via MNet - Bug 1987354: Sharing permissions for institution removed when editing institution collection details - Bug 1988096: Add nvm support - Bug 1988692: Badgr API has changed and badges not displaying anymore - Bug 1988886: LTI advantage has problems logging in now we can give 'webservices' auth a name - Bug 1990529: MNet user creation failing with timeout - Bug 1991031: signoff/verify have two ways to work out signable/verifiable status - Bug 1993048: General language string fixes for Mahara 22.10 - Bug 1993361: "Site registration" lang string ID in admin/index.tpl needs to be modified. - Bug 1993481: MNET pkey failure in PHP 8.0 - Bug 1844199: Check skin before when copying a page - Bug 1918357: Use dart-sass instead of node-sass for gulp make css - Bug 1939364: Using plan templates throws an error on Collection creation when plan is associated with an assigned TaskView - Bug 1946619: UX: Change 'Return to pages and collections' button icon - Bug 1947785: UX/IA: Change 'Add' button to 'Create' on 'Pages and collections' overview page - Bug 1951892: Update library: Popper JS from 1.16 to 2.X (needed for BS5) - Bug 1962219: Upgrade JSON Editor from 1.3.5 to 2.6.1 - Bug 1964826: Unreliable results in user_content/placeholder.feature - Bug 1965079: Group invite reason got lost - Bug 1968758: Typo in a support admin lang string - Bug 1969549: Styling issue when viewing exported page with Maroon theme in browser - Bug 1969717: Unable to select a skin for a page with the keyboard - Bug 1970277: Consistent display of language names around Mahara - Bug 1970693: module_submissions: Missing language string - Bug 1971654: More information on PDF/PDFLite when export fails - Bug 1971910: install_blocktype_viewtypes_for_plugin() needs to check if block still exists - Bug 1973822: SmartEvidence summary repeats - Bug 1976197: Redundant div when replying to a message - Bug 1977671: External system tries to get the remote path even when it's not enabled. - Bug 1977800: Replace h3 tags with h1 tags in htdocs/lang/en.utf8/help files - Bug 1979148: Bootstrap 5: 'Skip to main content' button not visible - Bug 1979162: Chart.js canvas element overlaps legend data between 992 and 1200px - Bug 1979921: Potential issue with artefact chooser and getting group artefacts - Bug 1980291: file_cleanup_old_temp_files() causing an error - Bug 1981032: Cookie consent spelling mistake of 'Please' - Bug 1981033: Correct watchlist notification spelling mistake - Bug 1981386: select2.full.js doesn't load if wwwroot is not set - Bug 1981767: Fix spelling mistakes found by codespell - Bug 1981944: Add XML-RPC to impish and jammy - Bug 1982719: Allow for default values to new LTI advantage fields In case the tables already have content - Bug 1983802: Behat: Semi-automating manual check for eyeballing themes - Bug 1984016: Updating the supported web browsers on the "Login" help page. - Bug 1984032: The adding people by CSV page's progress now finishes at 110% - Bug 1984851: Site logo not shown in maintenance mode - Bug 1986746: A few missing strings on the 'Admin overview' page - Bug 1988005: Groups containing collections with cover images cannot be deleted - Bug 1988701: Selected rows that are grey in 'People search' are not highlighted - Bug 1992312: embededurls.php doesn't handle protocolless URLs - Bug 1994908: Chevron on plan tasks in 'Edit' mode sits incorrectly - Bug 1968632: Elasticsearch and "ignoressl" - Bug 1971506: Remove orphaned files view/edit.tpl and view/layout.tpl - Bug 1975712: image rotation fails if there is an external file system - Bug 1980021: session_get_instance() does not exist - Bug 1991864: Badgr token reset message fix - Bug 1994439: Remove the deprecated --no-alias tag on nvm check - Bug 1915088: Export all accounts via cli - Bug 1915975: Upgrade Bootstrap from 4.3.1 to 5.0.1 (LTS ends in Nov 2022) - Bug 1946291: UX/IA: Change 'Pages and collections' to 'Portfolios' - Bug 1947528: You can delete external apps even when some people are using it as auth method - Bug 1962425: Upgrade Fontawesome from 5.8.1 to 6.1.1 - Bug 1968769: SmartEvidence status summary information - Bug 1968770: SmartEvidence report - Bug 1968773: Improve UX for sign-off and verification - Bug 1968800: Move account holders in bulk via CSV into another institution - Bug 1969843: Swap 'Settings' button for 'Display page' button on page settings page - Bug 1971106: Add a masquerade link to people search - Bug 1971239: Change the name display order on Profile page according to language usage. - Bug 1971510: Add 'Quick edit' options to PDF, files to download, course completion blocks - Bug 1972050: Change the name display order on "People search" page and "Add a person" page according to language usage. - Bug 1976408: PHP 8 Compatibility: root dir / misc - Bug 1976410: PHP 8 Compatibility: auth - Bug 1976411: PHP 8 Compatibility: Blocktype - Bug 1976414: PHP 8 Compatibility: admin - Bug 1976416: PHP 8 Compatibility: api - Bug 1976417: PHP 8 Compatibility: artefact - Bug 1976418: PHP 8 Compatibility: export - Bug 1976419: PHP 8 Compatibility: grouptype - Bug 1976420: PHP 8 Compatibility: import - Bug 1976421: PHP 8 Compatibility: interaction - Bug 1976422: PHP 8 Compatibility: json - Bug 1976423: PHP 8 Compatibility: lib - Bug 1976424: PHP 8 Compatibility: module - Bug 1976426: PHP 8 Compatibility: search - Bug 1976428: PHP 8 Compatibility: skin - Bug 1976429: PHP 8 Compatibility: testing - Bug 1976430: PHP 8 Compatibility: theme - Bug 1976431: PHP 8 Compatibility: user - Bug 1976432: PHP 8 Compatibility: webservice - Bug 1978022: Update get_affiliation_map() to check for a local class method - Bug 1978425: Change site registration to opt-out - Bug 1979151: Use the theme-color option for a Mahara theme - Bug 1979372: The 'show more' pagination needs to be a bit more flexible - Bug 1982294: Accessibility: ability to write alt text that is different to file description text for images - Bug 1982298: UX: Make the 'Return to pages and collections' button also available in 'Display' mode. - Bug 1983430: Make changes to LTI Advantage to work with Moodle - Bug 1984140: PHP 8 Compatibility: phan - Bug 1986994: Display institution support administrators on the institution overview page - Bug 1987718: Add customisations.md file to capture customisations - Bug 1989388: Allow the LTI/LTI_Advantage to process the 'lis_person_sourcedid' as a remoteusername - Bug 1989397: Allow partial institution mapping in SAML for affiliate email - Bug 1992702: Allow a certain style attribute in HTMLPurifier (for Canva iframe and others) 22.04.3 (2022-11-01) - Bug 1991157: Certain embedded images can be accessed without login - Bug 1979575: Vulnerable PDF can trigger remote shell with PDF export and ghostscript - Bug 1958297: Submissions list shows 'Account deleted' entries with link to account that is gone - Bug 1969548: Export not working with MySQL8 - Bug 1969712: Can't access 2nd 'Show more' in block configuration with keyboard - Bug 1971702: Unable to configure mnet - Bug 1972922: Need separate string for revoked LTI submissions - Bug 1973479: Secret URL not working when page is submitted - Bug 1975428: SAML is removing people from institutions when it shouldn't - Bug 1975753: Plans js error - Uncaught ReferenceError: findButtonDataUrls is not defined - Bug 1977892: Cannot access 'Add block' button via keyboard - Bug 1978300: Mahara 22.04 upgrade fails due to missing use of dbprefix syntax - Bug 1978425: Change site registration to opt-out - Bug 1982520: Error with old block configdata - Bug 1982803: Wrong email footer - Bug 1983308: Public group homepage / forum not viewable - Bug 1985857: If a portfolio is shared and made copyable then it's page theme disappears - Bug 1987027: MNet failing to set parent auth correctly when creating account via MNet - Bug 1987354: Sharing permissions for institution removed when editing institution collection details - Bug 1988096: Add nvm support - Bug 1988692: Badgr API has changed and badges not displaying anymore - Bug 1969717: Unable to select a skin for a page with the keyboard - Bug 1973639: npm install fails on newer version (12+) of node - Bug 1979921: Potential issue with artefact chooser and getting group artefacts - Bug 1980291: file_cleanup_old_temp_files() causing an error - Bug 1988005: Groups containing collections with cover images cannot be deleted - Bug 1992312: embededurls.php doesn't handle protocolless URLs - Bug 1991864: Badgr token reset message fix - Bug 1994439: Remove the deprecated --no-alias tag on nvm check - Bug 1964847: Resume section: second file dropzone not visible due to repeated ids 22.04.2 (2022-06-16) - Bug 1978520: Files are accessible publicly through thumb.php - Bug 1971517: Can't submit portfolio via LTI 1.1 - Bug 1971639: webservices need to check match in lowecase at both ends - Bug 1971651: PDF export gives foreach error if page has no blocks on it - Bug 1968758: Typo in a support admin lang string - Bug 1970693: module_submissions: Missing language string 22.04.1 (2022-05-02) - Bug 1970680: Upgrade fails when LTI not installed - Bug 1971110: Adding block with underscore can cause problems