Moodle 2.8.11 release notes

From MoodleDocs
Important:

This content of this page has been updated and migrated to the new Moodle Developer Resources. The information contained on the page should no longer be seen up-to-date.

Why not view this page on the new site and help us to migrate more content to the new site!

This version of Moodle is no longer supported for general bug fixes. You are encouraged to upgrade to a supported version of Moodle.

Releases > Moodle 2.8.11 release notes

Release date: 14 March 2016

Here is the full list of fixed issues in 2.8.11.

Security issues

  • MSA-16-0003 Incorrect capability check when displaying users emails in Participants list
  • MSA-16-0004 XSS from profile fields from external db
  • MSA-16-0005 Reflected XSS in mod_data advanced search
  • MSA-16-0006 Hidden courses are shown to students in Event Monitor
  • MSA-16-0007 Non-Editing Instructor role can edit exclude checkbox in Single View
  • MSA-16-0008 External function get_calendar_events return events that pertains to hidden activities
  • MSA-16-0009 CSRF in Assignment plugin management page
  • MSA-16-0010 Enumeration of category details possible without authentication
  • MSA-16-0011 Add no referrer to links with _blank target attribute
  • MSA-16-0012 External function mod_assign_save_submission does not check due dates

See also