If you want to create a new page for developers, you should create it on the Moodle Developer Resource site.

Moodle 1.9.4 release notes

From MoodleDocs

This content of this page has been updated and migrated to the new Moodle Developer Resources. The information contained on the page should no longer be seen up-to-date.

Why not view this page on the new site and help us to migrate more content to the new site!

Release date: 28th January 2009

Here is the full list of fixed issues in 1.9.4.


Security issues

  • MSA-09-0001 No way easy to remove pictures of deleted users
  • MSA-09-0002 User pix disclosure
  • MSA-09-0003 Vulnerability in Snoopy 1.2.3
  • MSA-09-0004 XSS vulnerabilities in HTML blocks if "Login as" used
  • MSA-09-0005 Moodle 'spell-check-logic.cgi' Insecure Temporary File Creation Vulnerability
  • MSA-09-0006 Calendar export may allow brute force attacks
  • MSA-09-0007 Missing input validation in logs allows potential XSS attacks
  • MSA-09-0008 CSRF vulnerability in forum code

New language strings file

  • report_security.php

New language pack

  • Kazakh - Калима Туенбаева

(See Translation credits for additional details.)

Known problems and regressions

  • New Security overview report on large sites extremely slow and overloading database server MDL-18040 - update to latest weekly or copy /admin/report/security/* files from latest weekly

See also