Moodle 1.8.12 release notes: Difference between revisions
From MoodleDocs
Helen Foster (talk | contribs) m (spacing) |
Helen Foster (talk | contribs) (→Security issues: MSA 10-0001 to 0003 and 0006 to 0008) |
||
| Line 9: | Line 9: | ||
===Security issues=== | ===Security issues=== | ||
* [http://moodle.org/mod/forum/discuss.php?d=147093 MSA-10-0001] Vulnerability in KSES text cleaning | |||
* [http://moodle.org/mod/forum/discuss.php?d=147095 MSA-10-0002] XSS vulnerabilty in the phpcas module | |||
* [http://moodle.org/mod/forum/discuss.php?d=147096 MSA-10-0003] Disclosure of full user names* [http://moodle.org/mod/forum/discuss.php?d=147099 MSA-10-0005] Incorrect validation of forms data | |||
* [http://moodle.org/mod/forum/discuss.php?d=147102 MSA-10-0006] SQL injection in Wiki module | |||
* [http://moodle.org/mod/forum/discuss.php?d=147103 MSA-10-0007] Reflective Cross Site Scripting (XSS) in the Moodle Global Search Engine | |||
* [http://moodle.org/mod/forum/discuss.php?d=147106 MSA-10-0008] Persistent XSS when using Login-as feature | |||
* [http://moodle.org/mod/forum/discuss.php?d=147107 MSA-10-0009] Session fixation prevention now turned on by default | |||
<noinclude>==See also== | <noinclude>==See also== | ||
Revision as of 13:41, 31 March 2010
Release date: 27th March 2010
Here is the full list of fixed issues in 1.8.12.
Functional changes
None, just bug fixes
Security issues
- MSA-10-0001 Vulnerability in KSES text cleaning
- MSA-10-0002 XSS vulnerabilty in the phpcas module
- MSA-10-0003 Disclosure of full user names* MSA-10-0005 Incorrect validation of forms data
- MSA-10-0006 SQL injection in Wiki module
- MSA-10-0007 Reflective Cross Site Scripting (XSS) in the Moodle Global Search Engine
- MSA-10-0008 Persistent XSS when using Login-as feature
- MSA-10-0009 Session fixation prevention now turned on by default
