Note:

If you want to create a new page for developers, you should create it on the Moodle Developer Resource site.

Moodle 2.6.10 release notes

From MoodleDocs
Important:

This content of this page has been updated and migrated to the new Moodle Developer Resources. The information contained on the page should no longer be seen up-to-date.

Why not view this page on the new site and help us to migrate more content to the new site!

This version of Moodle is no longer supported. You are encouraged to upgrade to a supported version of Moodle.

Releases > Moodle 2.6.10 release notes

2.6.10 release date: Tuesday, 10 March 2015

This page also covers issues resolved in 2.6.9, released on Monday, 9 March 2015

Here is the full list of fixed issues in 2.6.9 and 2.6.10.

Security issues

  • MSA-15-0010 Personal contacts and number of unread messages can be revealed
  • MSA-15-0011 Authentication in mdeploy can be bypassed
  • MSA-15-0012 ReDoS Possible with Convert links to URLs filter
  • MSA-15-0013 Block title not properly escaped and may cause HTML injection
  • MSA-15-0014 Potential information disclosure for the inaccessible courses
  • MSA-15-0015 User without proper permission is able to mark the tag as inappropriate
  • MSA-15-0016 Web services token can be created for user with temporary password
  • MSA-15-0017 XSS in quiz statistics report

Fixes and improvements

  • MDL-49167 - Fixed regression with $CFG->yuislasharguments introduced by previous minor release

See also