Moodle 1.8.7 release notes: Difference between revisions
From MoodleDocs
Helen Foster (talk | contribs) (content moved from Release notes) |
No edit summary |
||
| (7 intermediate revisions by 4 users not shown) | |||
| Line 3: | Line 3: | ||
Here is [http://tracker.moodle.org/browse/MDL/fixforversion/10291 the full list of fixed issues in 1.8.7]. | Here is [http://tracker.moodle.org/browse/MDL/fixforversion/10291 the full list of fixed issues in 1.8.7]. | ||
==Security issues== | ===Security issues=== | ||
* | * [http://moodle.org/mod/forum/discuss.php?d=108588 MSA-08-0020]: quiz/questions capabilities lack some risk flags in access.php files | ||
* [http://moodle.org/mod/forum/discuss.php?d=108589 MSA-08-0021]: design deficiency combined with incorrect use of format_string() allowing XSS | |||
* [http://moodle.org/mod/forum/discuss.php?d=108590 MSA-08-0022]: XSS through Wiki page titles | |||
* [http://moodle.org/mod/forum/discuss.php?d=108591 MSA-08-0023]: CSRF in messaging setting | |||
* [http://moodle.org/mod/forum/discuss.php?d=108592 MSA-08-0024]: Overriding of frozen values in Moodle forms | |||
<noinclude> | |||
[[Category:Release notes]] | [[Category:Release notes]] | ||
[[Category:Moodle 1.8]] | [[Category:Moodle 1.8]] | ||
[[de:Moodle 1.8.7 Versionsinformationen]] | |||
[[fr:Notes de mise à jour de Moodle 1.8.7]] | |||
</noinclude> | |||
Latest revision as of 13:53, 2 November 2009
Release date: 15th October 2008
Here is the full list of fixed issues in 1.8.7.
Security issues
- MSA-08-0020: quiz/questions capabilities lack some risk flags in access.php files
- MSA-08-0021: design deficiency combined with incorrect use of format_string() allowing XSS
- MSA-08-0022: XSS through Wiki page titles
- MSA-08-0023: CSRF in messaging setting
- MSA-08-0024: Overriding of frozen values in Moodle forms
