Note:

If you want to create a new page for developers, you should create it on the Moodle Developer Resource site.

Moodle 2.6.7 release notes

From MoodleDocs
Important:

This content of this page has been updated and migrated to the new Moodle Developer Resources. The information contained on the page should no longer be seen up-to-date.

Why not view this page on the new site and help us to migrate more content to the new site!

This version of Moodle is no longer supported. You are encouraged to upgrade to a supported version of Moodle.

Releases > Moodle 2.6.7 release notes

Release date: January 12, 2015

Here is the full list of fixed issues in 2.6.7.

Security issues

  • MSA-15-0001 Insufficient access check in LTI module
  • MSA-15-0002 XSS vulnerability in course request pending approval page
  • MSA-15-0003 CSRF possible in Glossary module
  • MSA-15-0004 Information leak through messaging functions in web-services
  • MSA-15-0005 Insufficient access check in calendar functions in web-services
  • MSA-15-0007 ReDoS possible in the multimedia filter
  • MSA-15-0008 Forced logout through Shibboleth authentication plugin

See also