Skip to main content

Moodle 2.6.10

Unsupported Moodle Version
This version of Moodle is no longer supported and will not receive fixes for security risks.
You are encouraged to upgrade to a supported version of Moodle.

2.6.10 release date: Tuesday, 10 March 2015

This page also covers issues resolved in 2.6.9, released on Monday, 9 March 2015

Here is the full list of fixed issues in 2.6.9 and 2.6.10.

Security issues

  • MSA-15-0010 Personal contacts and number of unread messages can be revealed
  • MSA-15-0011 Authentication in mdeploy can be bypassed
  • MSA-15-0012 ReDoS Possible with Convert links to URLs filter
  • MSA-15-0013 Block title not properly escaped and may cause HTML injection
  • MSA-15-0014 Potential information disclosure for the inaccessible courses
  • MSA-15-0015 User without proper permission is able to mark the tag as inappropriate
  • MSA-15-0016 Web services token can be created for user with temporary password
  • MSA-15-0017 XSS in quiz statistics report

Fixes and improvements

  • MDL-49167 - Fixed regression with $CFG->yuislasharguments introduced by previous minor release

Translations