Moodle 2.7.11 release notes: Difference between revisions
From MoodleDocs
No edit summary |
|||
Line 9: | Line 9: | ||
===Security issues=== | ===Security issues=== | ||
* [https://moodle.org/mod/forum/discuss.php?d=323230 MSA-15-0039] CSRF in site registration form | |||
* [https://moodle.org/mod/forum/discuss.php?d=323231 MSA-15-0040] Student XSS in survey | |||
* [https://moodle.org/mod/forum/discuss.php?d=323232 MSA-15-0041] XSS in flash video player | |||
* [https://moodle.org/mod/forum/discuss.php?d=323233 MSA-15-0042] CSRF in lesson login form | |||
* [https://moodle.org/mod/forum/discuss.php?d=323234 MSA-15-0043] Web service core_enrol_get_enrolled_users does not respect course group mode | |||
* [https://moodle.org/mod/forum/discuss.php?d=323235 MSA-15-0044] Capability to view available badges is not respected | |||
* [https://moodle.org/mod/forum/discuss.php?d=323236 MSA-15-0045] SCORM module allows to bypass access restrictions based on date | |||
* [https://moodle.org/mod/forum/discuss.php?d=323237 MSA-15-0046] Choice module closing date can be bypassed | |||
===Fixes and improvements=== | ===Fixes and improvements=== |
Revision as of 04:35, 16 November 2015
This version of Moodle is no longer supported for general bug fixes. You are encouraged to upgrade to a supported version of Moodle.
Releases > Moodle 2.7.11 release notes
Release date: 9 November 2015
Here is the full list of fixed issues in 2.7.11.
Security issues
- MSA-15-0039 CSRF in site registration form
- MSA-15-0040 Student XSS in survey
- MSA-15-0041 XSS in flash video player
- MSA-15-0042 CSRF in lesson login form
- MSA-15-0043 Web service core_enrol_get_enrolled_users does not respect course group mode
- MSA-15-0044 Capability to view available badges is not respected
- MSA-15-0045 SCORM module allows to bypass access restrictions based on date
- MSA-15-0046 Choice module closing date can be bypassed
Fixes and improvements
- MDL-51083 - Fixed undesired browser password autofilling in several forms (majority of forms were fixed in MDL-45772 in previous release)
- MDL-51190 - Fixed MS Edge locking up when viewing embedded PDF