Moodle 2.7.13 release notes

Jump to: navigation, search

This version of Moodle is no longer supported for general bug fixes. You are encouraged to upgrade to a supported version of Moodle.

Releases > Moodle 2.7.13 release notes

Release date: 14 March 2016

Here is the full list of fixed issues in 2.7.13.

Security issues

  • MSA-16-0003 Incorrect capability check when displaying users emails in Participants list
  • MSA-16-0004 XSS from profile fields from external db
  • MSA-16-0005 Reflected XSS in mod_data advanced search
  • MSA-16-0008 External function get_calendar_events return events that pertains to hidden activities
  • MSA-16-0009 CSRF in Assignment plugin management page
  • MSA-16-0010 Enumeration of category details possible without authentication
  • MSA-16-0011 Add no referrer to links with _blank target attribute
  • MSA-16-0012 External function mod_assign_save_submission does not check due dates

See also