Moodle 2.8.11

Unsupported Moodle Version

This version of Moodle is no longer supported and will not receive fixes for security risks.
You are encouraged to upgrade to a supported version of Moodle.

Release date: 14 March 2016

Here is the full list of fixed issues in 2.8.11.

Security issues

• MSA-16-0003 Incorrect capability check when displaying users emails in Participants list
• MSA-16-0004 XSS from profile fields from external db
• MSA-16-0005 Reflected XSS in mod_data advanced search
• MSA-16-0006 Hidden courses are shown to students in Event Monitor
• MSA-16-0007 Non-Editing Instructor role can edit exclude checkbox in Single View
• MSA-16-0008 External function get_calendar_events return events that pertains to hidden activities
• MSA-16-0009 CSRF in Assignment plugin management page
• MSA-16-0010 Enumeration of category details possible without authentication
• MSA-16-0011 Add no referrer to links with _blank target attribute
• MSA-16-0012 External function mod_assign_save_submission does not check due dates

Translations

• Notes de mise à jour de Moodle 2.8.11
• Notas de Moodle 2.8.11