Note:

If you want to create a new page for developers, you should create it on the Moodle Developer Resource site.

Moodle 2.7.13 release notes: Difference between revisions

From MoodleDocs
No edit summary
Line 9: Line 9:
===Security issues===
===Security issues===
   
   
A number of security related issues were resolved. Details of these issues will be released after a period of approximately one week to allow system administrators to safely update to the latest version.
* [https://moodle.org/mod/forum/discuss.php?d=330173 MSA-16-0003] Incorrect capability check when displaying users emails in Participants list
* [https://moodle.org/mod/forum/discuss.php?d=330174 MSA-16-0004] XSS from profile fields from external db
* [https://moodle.org/mod/forum/discuss.php?d=330175 MSA-16-0005] Reflected XSS in mod_data advanced search
* [https://moodle.org/mod/forum/discuss.php?d=330178 MSA-16-0008] External function get_calendar_events return events that pertains to hidden activities
* [https://moodle.org/mod/forum/discuss.php?d=330179 MSA-16-0009] CSRF in Assignment plugin management page
* [https://moodle.org/mod/forum/discuss.php?d=330180 MSA-16-0010] Enumeration of category details possible without authentication
* [https://moodle.org/mod/forum/discuss.php?d=330181 MSA-16-0011] Add no referrer to links with _blank target attribute
* [https://moodle.org/mod/forum/discuss.php?d=330182 MSA-16-0012] External function mod_assign_save_submission does not check due dates


==See also==
==See also==

Revision as of 06:15, 21 March 2016

This version of Moodle is no longer supported for general bug fixes. You are encouraged to upgrade to a supported version of Moodle.

Releases > Moodle 2.7.13 release notes

Release date: 14 March 2016

Here is the full list of fixed issues in 2.7.13.

Security issues

  • MSA-16-0003 Incorrect capability check when displaying users emails in Participants list
  • MSA-16-0004 XSS from profile fields from external db
  • MSA-16-0005 Reflected XSS in mod_data advanced search
  • MSA-16-0008 External function get_calendar_events return events that pertains to hidden activities
  • MSA-16-0009 CSRF in Assignment plugin management page
  • MSA-16-0010 Enumeration of category details possible without authentication
  • MSA-16-0011 Add no referrer to links with _blank target attribute
  • MSA-16-0012 External function mod_assign_save_submission does not check due dates

See also

Retrieved from "https://docs.moodle.org/dev/index.php?title=Moodle_2.7.13_release_notes&oldid=49711"
Powered by MediaWiki