Totara Release Notes

Totara 2.2.30 (security release) 5th August 2014

 
David Curry (Core Developer)
Totara 2.2.30 (security release) 5th August 2014
von David Curry (Core Developer) – Monday, 4 August 2014, 9:00 PM
Gruppe Totara

Totara 2.2.30 has been released. It includes bug fixes, security fixes and the latest security patches from Moodle. We recommend upgrading to this version.


Release 2.2.30 (5th August 2014):
==================================================

Security issues:
    MDL-45616      Switched to json encoding instead of serialization in Repositories
    MDL-46148      Fixed potential remote code execution in Quiz
    MDL-45485      Fixed potential to take over another user's session in Shibboleth Authentication
    MDL-45760      Fixed the permissions check to occur before setting header in Course Notes
    MDL-45417      Fixed potential entity injections from package content in the imscp Module
    MDL-45463      Fixed potential XML entity injections from provider in the lti Module
    MDL-46223      Improved the rubric output of Grading
    T-12619        Improved sesskey checks throughout the system
    T-12745        Improved capability checks around Reportbuilder scheduled reports

Bug Fixes:
    T-12763        Fixed an undefined variable warning showing on the main page after install
    T-12568        Fixed blank password fields causing failures in Totara Sync