Moodle 2.6.11 release notes: Difference between revisions
From MoodleDocs
mNo edit summary |
|||
| Line 9: | Line 9: | ||
===Security issues=== | ===Security issues=== | ||
* [https://moodle.org/mod/forum/discuss.php?d=313681 MSA-15-0018] Quiz manual-grading is an XSS risk, but does not declare that | |||
* [https://moodle.org/mod/forum/discuss.php?d=313682 MSA-15-0019] Possible phishing when redirecting to external site using referer header | |||
* [https://moodle.org/mod/forum/discuss.php?d=313683 MSA-15-0020] User fullname disclosure through account confirmation link | |||
* [https://moodle.org/mod/forum/discuss.php?d=313685 MSA-15-0022] Potential XSS risk when returning text entered by student from Web Services | |||
* [https://moodle.org/mod/forum/discuss.php?d=313686 MSA-15-0023] Suspended user is able to login when confirming email | |||
* [https://moodle.org/mod/forum/discuss.php?d=313687 MSA-15-0024] User with suspended enrolment can see sections in the navigation tree | |||
* [https://moodle.org/mod/forum/discuss.php?d=313688 MSA-15-0025] Capability to manage own files is not respected in Web Services | |||
==See also== | ==See also== | ||
Revision as of 01:08, 18 May 2015
This version of Moodle is no longer supported. You are encouraged to upgrade to a supported version of Moodle.
Releases > Moodle 2.6.11 release notes
Release date: Monday, 11th May 2015
Here is the full list of fixed issues in 2.6.11.
Security issues
- MSA-15-0018 Quiz manual-grading is an XSS risk, but does not declare that
- MSA-15-0019 Possible phishing when redirecting to external site using referer header
- MSA-15-0020 User fullname disclosure through account confirmation link
- MSA-15-0022 Potential XSS risk when returning text entered by student from Web Services
- MSA-15-0023 Suspended user is able to login when confirming email
- MSA-15-0024 User with suspended enrolment can see sections in the navigation tree
- MSA-15-0025 Capability to manage own files is not respected in Web Services
