Moodle 1.8.12 release notes: Difference between revisions
From MoodleDocs
Helen Foster (talk | contribs) (→Security issues: MSA 10-0001 to 0003 and 0006 to 0008) |
Helen Foster (talk | contribs) (→Security issues: MSA-10-0005) |
||
Line 11: | Line 11: | ||
* [http://moodle.org/mod/forum/discuss.php?d=147093 MSA-10-0001] Vulnerability in KSES text cleaning | * [http://moodle.org/mod/forum/discuss.php?d=147093 MSA-10-0001] Vulnerability in KSES text cleaning | ||
* [http://moodle.org/mod/forum/discuss.php?d=147095 MSA-10-0002] XSS vulnerabilty in the phpcas module | * [http://moodle.org/mod/forum/discuss.php?d=147095 MSA-10-0002] XSS vulnerabilty in the phpcas module | ||
* [http://moodle.org/mod/forum/discuss.php?d=147096 MSA-10-0003] Disclosure of full user names* [http://moodle.org/mod/forum/discuss.php?d=147099 MSA-10-0005] Incorrect validation of forms data | * [http://moodle.org/mod/forum/discuss.php?d=147096 MSA-10-0003] Disclosure of full user names | ||
* [http://moodle.org/mod/forum/discuss.php?d=147099 MSA-10-0005] Incorrect validation of forms data | |||
* [http://moodle.org/mod/forum/discuss.php?d=147102 MSA-10-0006] SQL injection in Wiki module | * [http://moodle.org/mod/forum/discuss.php?d=147102 MSA-10-0006] SQL injection in Wiki module | ||
* [http://moodle.org/mod/forum/discuss.php?d=147103 MSA-10-0007] Reflective Cross Site Scripting (XSS) in the Moodle Global Search Engine | * [http://moodle.org/mod/forum/discuss.php?d=147103 MSA-10-0007] Reflective Cross Site Scripting (XSS) in the Moodle Global Search Engine |
Latest revision as of 13:42, 31 March 2010
Release date: 27th March 2010
Here is the full list of fixed issues in 1.8.12.
Functional changes
None, just bug fixes
Security issues
- MSA-10-0001 Vulnerability in KSES text cleaning
- MSA-10-0002 XSS vulnerabilty in the phpcas module
- MSA-10-0003 Disclosure of full user names
- MSA-10-0005 Incorrect validation of forms data
- MSA-10-0006 SQL injection in Wiki module
- MSA-10-0007 Reflective Cross Site Scripting (XSS) in the Moodle Global Search Engine
- MSA-10-0008 Persistent XSS when using Login-as feature
- MSA-10-0009 Session fixation prevention now turned on by default