![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
Entry tags:
Bug in Moodle security mail
The Moodle security advisory mail just came out. It give registered Moodle admins a week advance notice of the patches coming out next week. That's nice of them. Some excerpts follow, emphasis mine:
2) SECURITY FIXES IN 1.9.5 and 1.8.9
Four serious security vulnerabilities (1 critical, 3 major) have been
discovered and fixed recently. (Thanks as usual to the reporters and to Petr
Skoda for his tireless and excellent work defending all our Moodle sites).
There are no reported exploits yet, and they do not affect all sites, but we
still recommend that you upgrade your sites to these latest versions as soon as
possible (or otherwise ensure that these issues are not active in your site).
Attached below is full information about the four security issues.
PLEASE DO NOT PUBLISH INFORMATION OF THESE ISSUES ON THE INTERNET!
Give your fellow Moodle admins some time to upgrade first. As usual, we'll
publish full details in the security news section next week:
http://moodle.org/security
Also, please do not reply to me via emai! This mailing list goes out to nearly
50,000 people - I usually get about 1000 direct replies I can't deal with :)
If you need help with upgrading or anything else please see
http://moodle.org/support
Cheers and thank you for using Moodle! (We are working hard on 2.0!)
2) SECURITY FIXES IN 1.9.5 and 1.8.9
Four serious security vulnerabilities (1 critical, 3 major) have been
discovered and fixed recently. (Thanks as usual to the reporters and to Petr
Skoda for his tireless and excellent work defending all our Moodle sites).
There are no reported exploits yet, and they do not affect all sites, but we
still recommend that you upgrade your sites to these latest versions as soon as
possible (or otherwise ensure that these issues are not active in your site).
Attached below is full information about the four security issues.
PLEASE DO NOT PUBLISH INFORMATION OF THESE ISSUES ON THE INTERNET!
Give your fellow Moodle admins some time to upgrade first. As usual, we'll
publish full details in the security news section next week:
http://moodle.org/security
Also, please do not reply to me via emai! This mailing list goes out to nearly
50,000 people - I usually get about 1000 direct replies I can't deal with :)
If you need help with upgrading or anything else please see
http://moodle.org/support
Cheers and thank you for using Moodle! (We are working hard on 2.0!)