Moodle 1.8.12 release notes: Difference between revisions
From MoodleDocs
Helen Foster (talk | contribs) (→Security issues: MSA 10-0001 to 0003 and 0006 to 0008) |
Dev Docs Bot (talk | contribs) m (Protected "Moodle 1.8.12 release notes": Developer Docs Migration ([Edit=Allow only administrators] (indefinite))) |
||
| (2 intermediate revisions by 2 users not shown) | |||
| Line 1: | Line 1: | ||
{{Template:Migrated|newDocId=/general/releases/1.8/1.8.12}} | |||
Release date: 27th March 2010 | Release date: 27th March 2010 | ||
| Line 11: | Line 12: | ||
* [http://moodle.org/mod/forum/discuss.php?d=147093 MSA-10-0001] Vulnerability in KSES text cleaning | * [http://moodle.org/mod/forum/discuss.php?d=147093 MSA-10-0001] Vulnerability in KSES text cleaning | ||
* [http://moodle.org/mod/forum/discuss.php?d=147095 MSA-10-0002] XSS vulnerabilty in the phpcas module | * [http://moodle.org/mod/forum/discuss.php?d=147095 MSA-10-0002] XSS vulnerabilty in the phpcas module | ||
* [http://moodle.org/mod/forum/discuss.php?d=147096 MSA-10-0003] Disclosure of full user names* [http://moodle.org/mod/forum/discuss.php?d=147099 MSA-10-0005] Incorrect validation of forms data | * [http://moodle.org/mod/forum/discuss.php?d=147096 MSA-10-0003] Disclosure of full user names | ||
* [http://moodle.org/mod/forum/discuss.php?d=147099 MSA-10-0005] Incorrect validation of forms data | |||
* [http://moodle.org/mod/forum/discuss.php?d=147102 MSA-10-0006] SQL injection in Wiki module | * [http://moodle.org/mod/forum/discuss.php?d=147102 MSA-10-0006] SQL injection in Wiki module | ||
* [http://moodle.org/mod/forum/discuss.php?d=147103 MSA-10-0007] Reflective Cross Site Scripting (XSS) in the Moodle Global Search Engine | * [http://moodle.org/mod/forum/discuss.php?d=147103 MSA-10-0007] Reflective Cross Site Scripting (XSS) in the Moodle Global Search Engine | ||
Latest revision as of 09:06, 25 May 2022
| Important:
This content of this page has been updated and migrated to the new Moodle Developer Resources. The information contained on the page should no longer be seen up-to-date. Why not view this page on the new site and help us to migrate more content to the new site! |
Release date: 27th March 2010
Here is the full list of fixed issues in 1.8.12.
Functional changes
None, just bug fixes
Security issues
- MSA-10-0001 Vulnerability in KSES text cleaning
- MSA-10-0002 XSS vulnerabilty in the phpcas module
- MSA-10-0003 Disclosure of full user names
- MSA-10-0005 Incorrect validation of forms data
- MSA-10-0006 SQL injection in Wiki module
- MSA-10-0007 Reflective Cross Site Scripting (XSS) in the Moodle Global Search Engine
- MSA-10-0008 Persistent XSS when using Login-as feature
- MSA-10-0009 Session fixation prevention now turned on by default
