Moodle 1.8.7 release notes: Difference between revisions
From MoodleDocs
Helen Foster (talk | contribs) (security issues, noinclude tags) |
|||
| Line 4: | Line 4: | ||
===Security issues=== | ===Security issues=== | ||
* | * [http://moodle.org/mod/forum/discuss.php?d=108588 MSA-08-0020]: quiz/questions capabilities lack some risk flags in access.php files | ||
* [http://moodle.org/mod/forum/discuss.php?d=108589 MSA-08-0021]: design deficiency combined with incorrect use of format_string() allowing XSS | |||
* [http://moodle.org/mod/forum/discuss.php?d=108590 MSA-08-0022]: XSS through Wiki page titles | |||
* [http://moodle.org/mod/forum/discuss.php?d=108591 MSA-08-0023]: CSRF in messaging setting | |||
* [http://moodle.org/mod/forum/discuss.php?d=108592 MSA-08-0024]: Overriding of frozen values in Moodle forms | |||
<noinclude> | |||
[[Category:Release notes]] | [[Category:Release notes]] | ||
[[Category:Moodle 1.8]] | [[Category:Moodle 1.8]] | ||
</noinclude> | |||
Revision as of 15:24, 3 December 2008
Release date: 15th October 2008
Here is the full list of fixed issues in 1.8.7.
Security issues
- MSA-08-0020: quiz/questions capabilities lack some risk flags in access.php files
- MSA-08-0021: design deficiency combined with incorrect use of format_string() allowing XSS
- MSA-08-0022: XSS through Wiki page titles
- MSA-08-0023: CSRF in messaging setting
- MSA-08-0024: Overriding of frozen values in Moodle forms
