Skip to main content

Moodle 2.5.7

Unsupported Moodle Version
This version of Moodle is no longer supported and will not receive fixes for security risks.
You are encouraged to upgrade to a supported version of Moodle.

Release date: 14 July, 2014

Here is the full list of fixed issues in 2.5.7.

Highlights

  • MDL-41383 - File picker works when zooming in and out of browser

Security issues

  • MSA-14-0020 Identity confusion in Shibboleth authentication
  • MSA-14-0021 Code injection in Repositories
  • MSA-14-0022 XML External Entity vulnerability in LTI module
  • MSA-14-0023 XML External Entity vulnerability in IMSCC and IMSCP
  • MSA-14-0024 Cross-site scripting vulnerability in profile field
  • MSA-14-0025 Remote code execution in Quiz
  • MSA-14-0026 Information leak in profile and notes pages
  • MSA-14-0027 Forum group posting issue
  • MSA-14-0028 Cross-site scripting possible in external badges
  • MSA-14-0029 Cross-site scripting vulnerability in exception dialogues
  • MSA-14-0032 Cross-site scripting in advanced grading methods

Translations