Note:

If you want to create a new page for developers, you should create it on the Moodle Developer Resource site.

Moodle 2.2.8 release notes: Difference between revisions

From MoodleDocs
(Adding note about emergency release)
(Adding security release notes)
Line 11: Line 11:
===Security issues===
===Security issues===
   
   
A number of security related issues were resolved. The release of details of these issues has been delayed until Monday 25 March to allow people to update to the 2.2.9 emergency release.
* [https://moodle.org/mod/forum/discuss.php?d=225341 MSA-13-0012] Information leak in course profiles
* [https://moodle.org/mod/forum/discuss.php?d=225342 MSA-13-0013] Server information revealed through exception messages
* [https://moodle.org/mod/forum/discuss.php?d=225343 MSA-13-0014] Password revealed in WebDav repository
* [https://moodle.org/mod/forum/discuss.php?d=225344 MSA-13-0015] Cross-site scripting issue in Filepicker
* [https://moodle.org/mod/forum/discuss.php?d=225345 MSA-13-0016] External Entity Injection through Zend library
* [https://moodle.org/mod/forum/discuss.php?d=225346 MSA-13-0017] Form manipulation issue in notes
* [https://moodle.org/mod/forum/discuss.php?d=225347 MSA-13-0018] Personal information leak through repositories
* [https://moodle.org/mod/forum/discuss.php?d=225348 MSA-13-0019] Unauthorised settings editing through WebDav repository
 
===Fixes and improvements===
===Fixes and improvements===
   
   

Revision as of 05:59, 25 March 2013

Because of a serious regression in the 2.2.8 release, Moodle 2.2.9 was release on Mon 18 March, 2013.

This version of Moodle is no longer fully supported. Generally, only fixes to serious security issues have been applied to this version. You are encouraged to upgrade to a fully supported version of Moodle.

Releases > Moodle 2.2.8 release notes

Release date: 11 March 2013

Here is the full list of fixed issues in 2.2.8.

Security issues

  • MSA-13-0012 Information leak in course profiles
  • MSA-13-0013 Server information revealed through exception messages
  • MSA-13-0014 Password revealed in WebDav repository
  • MSA-13-0015 Cross-site scripting issue in Filepicker
  • MSA-13-0016 External Entity Injection through Zend library
  • MSA-13-0017 Form manipulation issue in notes
  • MSA-13-0018 Personal information leak through repositories
  • MSA-13-0019 Unauthorised settings editing through WebDav repository

Fixes and improvements

  • MDL-37774 - Moodle 1.9 to 2.x course restore now works with directory resources

See also

Retrieved from "https://docs.moodle.org/dev/index.php?title=Moodle_2.2.8_release_notes&oldid=38551"
Powered by MediaWiki