Moodle 2.7.13 release notes
This content of this page has been updated and migrated to the new Moodle Developer Resources. The information contained on the page should no longer be seen up-to-date.
This version of Moodle is no longer supported for general bug fixes. You are encouraged to upgrade to a supported version of Moodle.
Releases > Moodle 2.7.13 release notes
Release date: 14 March 2016
- MSA-16-0003 Incorrect capability check when displaying users emails in Participants list
- MSA-16-0004 XSS from profile fields from external db
- MSA-16-0005 Reflected XSS in mod_data advanced search
- MSA-16-0008 External function get_calendar_events return events that pertains to hidden activities
- MSA-16-0009 CSRF in Assignment plugin management page
- MSA-16-0010 Enumeration of category details possible without authentication
- MSA-16-0011 Add no referrer to links with _blank target attribute
- MSA-16-0012 External function mod_assign_save_submission does not check due dates