Moodle 1.9.14 release notes: Difference between revisions
From MoodleDocs
(Adding security issues) |
(Correcting security notes) |
||
Line 7: | Line 7: | ||
===Security issues=== | ===Security issues=== | ||
* | * [http://moodle.org/mod/forum/discuss.php?d=188313 MSA-11-0031] - Forms API constant issue | ||
* | * [http://moodle.org/mod/forum/discuss.php?d=188314 MSA-11-0032] - MNET SSL validation issue | ||
* | * [http://moodle.org/mod/forum/discuss.php?d=188318 MSA-11-0036] - Messaging refresh vulnerability | ||
* | * [http://moodle.org/mod/forum/discuss.php?d=188319 MSA-11-0037] - Course section editing injection vulnerability | ||
* | * [http://moodle.org/mod/forum/discuss.php?d=188320 MSA-11-0038] - Database injection protection strengthened | ||
* [http://moodle.org/mod/forum/discuss.php?d=188322 MSA-11-0040] - Potential personal information leak | |||
===Fixes and improvements=== | ===Fixes and improvements=== |
Revision as of 06:49, 18 October 2011
Release date: 10th October, 2011
Bug-fixing for general core bugs in 1.9.x has ended. Support continues for serious security issues, which is reflected in this release.
Here is the full list of fixed issues in 1.9.14.
Security issues
- MSA-11-0031 - Forms API constant issue
- MSA-11-0032 - MNET SSL validation issue
- MSA-11-0036 - Messaging refresh vulnerability
- MSA-11-0037 - Course section editing injection vulnerability
- MSA-11-0038 - Database injection protection strengthened
- MSA-11-0040 - Potential personal information leak
Fixes and improvements
- MDL-27174 - Automated backups succeed when assignment has instance of zero
- MDL-4561 - Metacourses allow guest access with an enrolment key