Moodle 2.6.6
Unsupported Moodle Version
This version of Moodle is no longer supported and will not receive fixes for security risks.
You are encouraged to upgrade to a supported version of Moodle.
You are encouraged to upgrade to a supported version of Moodle.
Release date: 10 November, 2014
Here is the full list of fixed issues in 2.6.6.
Highlights
- MDL-38732 - Grading a course activity, while editing Gradebook, no longer causes unintentional overrides
- MDL-48008, MDL-46546 - Grade import gives useful information when an error occurs
- MDL-47316 - Course overview block performance has been improved
Functional changes
- MDL-46818 - Form-change checking added to Gradebook setup page
- MDL-40343 - Deeply nested Forum posts display clearly
Security issues
- MSA-14-0035 Headers not added to some AJAX scripts
- MSA-14-0036 XSS in mapcourse script in Feedback module
- MSA-14-0037 Weak temporary password generation
- MSA-14-0039 Insufficient access check in LTI module
- MSA-14-0040 Information leak in Database activity module
- MSA-14-0041 Lack of capability check in tags list access
- MSA-14-0042 Lack of access check in IP lookup functionality
- MSA-14-0043 Lack of group check in web service for Forum
- MSA-14-0044 Hardware path disclosed in the error message
- MSA-14-0045 XSS file upload possible through web service
- MSA-14-0046 CSRF in LTI module
- MSA-14-0047 Possible data loss in Wiki activity
- MSA-14-0048 CSRF in forum tracking toggle
- MSA-14-0049 Possible to print arbitrary message to user by modifying URL
Fixes and improvements
- MDL-44536 - Workshop completion report no longer produces errors
- MDL-48010 - XML grade import from URL is fixed
- MDL-46151 - String filter caching no longer resulting in bad string values