Note:

If you want to create a new page for developers, you should create it on the Moodle Developer Resource site.

Moodle 1.9.13 release notes: Difference between revisions

From MoodleDocs
(Releasing security issues)
(French link)
(3 intermediate revisions by 3 users not shown)
Line 12: Line 12:
===Security issues===
===Security issues===


See [http://moodle.org/security/ http://moodle.org/security/] for security issue details.
* [http://moodle.org/mod/forum/discuss.php?d=182737 MSA-11-0020] Continue links in error messages can lead offsite
 
* [http://moodle.org/mod/forum/discuss.php?d=182741 MSA-11-0024] Recaptcha images were being authenticated from an older server
* MDL-27889 - Recptcha is still authenticating to old servers on Moodle 1.9
* [http://moodle.org/mod/forum/discuss.php?d=182742 MSA-11-0025] Group names in user upload CSV not being escaped
* MDL-28197 - SQL injection vulnerability in user upload
* [http://moodle.org/mod/forum/discuss.php?d=182743 MSA-11-0026] Fields in user upload CSV not being escaped
* MDL-28360 - Flat file enrollments has various sql injection vulnerabilities
* MDL-27464 - Continuation link can sometimes link offsite


==See also==
==See also==


*[[Moodle 1.9.12 release notes]]
*[[Moodle 1.9.12 release notes]]
* [https://docs.moodle.org/19/fr/Notes_de_mise_à_jour_de_Moodle_1.9.13 French version of this page]
 
[[Category:Release notes]]
[[Category:Release notes]]
[[Category:Moodle 1.9]]
[[Category:Moodle 1.9]]
[[es:Notas de Moodle 1.9.13]]

Revision as of 11:31, 11 May 2012

Release date: 1st August, 2011

Here is the full list of fixed issues in 1.9.13.

Fixes

  • MDL-27717 - Problem with language packs causing incorrect amounts to be sent to Authorize.net - fixed
  • MDL-27695 - Moodle Docs links fixed to point to correct version of docs
  • MDL-27638 - Assignment Module Submissions SQL avoid overflow
  • MDL-27577 - Timestamp and timezone fixes

Security issues

  • MSA-11-0020 Continue links in error messages can lead offsite
  • MSA-11-0024 Recaptcha images were being authenticated from an older server
  • MSA-11-0025 Group names in user upload CSV not being escaped
  • MSA-11-0026 Fields in user upload CSV not being escaped

See also