Moodle 1.9.4 release notes

From MoodleDocs

Release date: 28th January 2009

Here is the full list of fixed issues in 1.9.4.


Security issues

  • MSA-09-0001 No way easy to remove pictures of deleted users
  • MSA-09-0002 User pix disclosure
  • MSA-09-0003 Vulnerability in Snoopy 1.2.3
  • MSA-09-0004 XSS vulnerabilities in HTML blocks if "Login as" used
  • MSA-09-0005 Moodle 'spell-check-logic.cgi' Insecure Temporary File Creation Vulnerability
  • MSA-09-0006 Calendar export may allow brute force attacks
  • MSA-09-0007 Missing input validation in logs allows potential XSS attacks
  • MSA-09-0008 CSRF vulnerability in forum code

New language strings file

  • report_security.php

New language pack

  • Kazakh - Калима Туенбаева

(See Translation credits for additional details.)

Known problems and regressions

  • New Security overview report on large sites extremely slow and overloading database server MDL-18040 - update to latest weekly or copy /admin/report/security/* files from latest weekly

See also