Note:

If you want to create a new page for developers, you should create it on the Moodle Developer Resource site.

Moodle 1.9.14 release notes: Difference between revisions

From MoodleDocs
m (French link)
(Adding security issues)
Line 7: Line 7:
===Security issues===
===Security issues===


A number of security vulnerabilities have been resolved by this release. Details of these vulnerabilities will be exposed approximately one week after this version release. This period is intended to allow sites to be upgraded.
* MDL-29311 - Message refreshing system may cause unlimited queries and DDos attack
* MDL-29148 - Incorrect handling of openssl_verify() return code
* MDL-23872 - $mform->setConstant() does not work as expected
* MDL-28722 - Potential XSS: editsection.html print values directly from data_submitted()
* MDL-29033 - Magic quotes hardening of 1.9


===Fixes and improvements===
===Fixes and improvements===

Revision as of 05:08, 18 October 2011

Release date: 10th October, 2011

Bug-fixing for general core bugs in 1.9.x has ended. Support continues for serious security issues, which is reflected in this release.

Here is the full list of fixed issues in 1.9.14.

Security issues

  • MDL-29311 - Message refreshing system may cause unlimited queries and DDos attack
  • MDL-29148 - Incorrect handling of openssl_verify() return code
  • MDL-23872 - $mform->setConstant() does not work as expected
  • MDL-28722 - Potential XSS: editsection.html print values directly from data_submitted()
  • MDL-29033 - Magic quotes hardening of 1.9

Fixes and improvements

  • MDL-27174 - Automated backups succeed when assignment has instance of zero
  • MDL-4561 - Metacourses allow guest access with an enrolment key

See also

Retrieved from "https://docs.moodle.org/dev/index.php?title=Moodle_1.9.14_release_notes&oldid=30028"
Powered by MediaWiki