Skip to main content

Forums
Documentation
Downloads
Demo
Tracker
Development
Translation

What are you looking for?

Learn about Moodle's products, like Moodle LMS or Moodle Worplace, or find a Moodle Certified Service Provider.

Moodle.com

Our social network to share and curate open educational resources.

MoodleNet

Courses and programs to develop your skills as a Moodle educator, administrator, designer or developer.

Moodle Academy

Moodle.com
Learn about Moodle's products, like Moodle LMS or Moodle Worplace, or find a Moodle Certified Service Provider.

MoodleNet
Our social network to share and curate open educational resources.

Moodle Academy
Courses and programs to develop your skills as a Moodle educator, administrator, designer or developer.

Moodle 2.6.10

2.6.10 release date: Tuesday, 10 March 2015

This page also covers issues resolved in 2.6.9, released on Monday, 9 March 2015

Here is the full list of fixed issues in 2.6.9 and 2.6.10.

Security issues

MSA-15-0010 Personal contacts and number of unread messages can be revealed
MSA-15-0011 Authentication in mdeploy can be bypassed
MSA-15-0012 ReDoS Possible with Convert links to URLs filter
MSA-15-0013 Block title not properly escaped and may cause HTML injection
MSA-15-0014 Potential information disclosure for the inaccessible courses
MSA-15-0015 User without proper permission is able to mark the tag as inappropriate
MSA-15-0016 Web services token can be created for user with temporary password
MSA-15-0017 XSS in quiz statistics report

Fixes and improvements

MDL-49167 - Fixed regression with $CFG->yuislasharguments introduced by previous minor release

Translations

Security issues
Fixes and improvements
Translations