Moodle 2.7.13
Unsupported Moodle Version
This version of Moodle is no longer supported and will not receive fixes for security risks.
You are encouraged to upgrade to a supported version of Moodle.
You are encouraged to upgrade to a supported version of Moodle.
Release date: 14 March 2016
Here is the full list of fixed issues in 2.7.13.
Security issues
- MSA-16-0003 Incorrect capability check when displaying users emails in Participants list
- MSA-16-0004 XSS from profile fields from external db
- MSA-16-0005 Reflected XSS in mod_data advanced search
- MSA-16-0008 External function get_calendar_events return events that pertains to hidden activities
- MSA-16-0009 CSRF in Assignment plugin management page
- MSA-16-0010 Enumeration of category details possible without authentication
- MSA-16-0011 Add no referrer to links with
_blank
target attribute - MSA-16-0012 External function mod_assign_save_submission does not check due dates