Category Archives: Moodle

Make Sure Your Moodle Websites are Up to Date
With our Up to Date? Chrome app you can keep track of the Moodle versions (as well other web apps) on all of the websites you manage in one place, so you can easily check if they are in need of an upgrade.

Need Moodle Upgraded?
We can upgrade your Moodle website for you.

Moodle 2.6.10, 2.7.7, and 2.8.5 Released

Moodle 2.6.10, 2.7.7, and 2.8.5 were released today. The new versions include “small improvements”, bug fixes, and security fixes. Details of the security vulnerabilities fixed will be released later. Moodle 2.6.9, 2.7.6, and 2.8.4 were pulled shortly after release due to a regression introduced in those versions.

Update (March 16, 2015): Moodle has now released information on the security issue fixed in the releases. Among the vulnerabilities fixed is a serious denial of service (DOS) vulnerability and a minor cross-site scripting (XSS) vulnerability.

More information is available in the release notes for 2.6.10, 2.7.7, and 2.8.5.

 

Posted in Moodle, Security Update | Leave a comment

Moodle 2.6.8, 2.7.5, and 2.8.3 Released

Moodle 2.6.8, 2.7.5, and 2.8.3 were released today.  The new versions include “small improvements”, bug fixes, and a fix for a “a very serious security vulnerability”. Details of the security vulnerabilities fixed will be released later.

Update (February 9, 2015): Moodle has now released information on the security issue fixed in the releases. The vulnerability fixed could have allowed viewing the content of “files located outside of moodle directory” due to incomplete filtering of directory traversal attempts.

More information is available in the release notes for 2.6.8, 2.7.5, and 2.8.3.

 

Posted in Moodle, Security Update | Leave a comment

Moodle 2.6.7, 2.7.4, and 2.8.2 Released

Moodle 2.6.7, 2.7.4, and 2.8.2 were released today. The new versions include “small improvements”, bug fixes, and security fixes. Details of the security vulnerabilities fixed will be released later.

Update (January 20, 2015): Moodle has now released information on the security issues fixed in the releases. . Among the vulnerabilities fixed is a serious cross-scripting (XSS) vulnerability in all three versions and a serious regular expression denial of service (ReDoS) vulnerability in all three versions.

More information is available in the release notes for 2.6.7, 2.7.4, and 2.8.2.

 

Posted in Moodle, Security Update | Leave a comment

Moodle 2.8.1 Released

Moodle 2.8.1 was released today. The new fixes a serious regression introduced in Moodle 2.8 and also includes several other fixes.

More information is available in the release notes for 2.8.1.

Posted in Moodle | Leave a comment

Moodle 2.5.9, 2.6.6, 2.7.3, and 2.8 Released; Support Ends For Moodle 2.5

Moodle 2.5.9, 2.6.6, 2.7.3, and 2.8 were released yesterday. Version 2.8 introduces “significant improvements to the gradebook, forums, analytics and usability in many areas to empower teachers and improve functionality for everyone across all devices”. Versions 2.6.6 and 2.7.3 include “small improvements”, bug fixes, and security fixes. Version 2.5.9 includes security fixes. Details of the security vulnerabilities fixed will be released later.

Update (November 17, 2014): Moodle has now released information on the security issues fixed in the releases. Among the vulnerabilities fixed is a serious cross-scripting (XSS) vulnerability in all three versions and a serious cross-site request forgery (CSRF) vulnerability in the LTI module in all three versions.

Moodle 2.5.9 is the last release for the 2.5 branch and anyone running it should upgrade to a newer, supported, version.

More information is available in the release notes for 2.5.92.6.62.7.3, and 2.8.

Posted in End of Support, Moodle, Security Update | Leave a comment

Moodle 2.5.8, 2.6.5, and 2.7.2 Released

Moodle 2.5.8, 2.6.5, and 2.7.2 were released today. All of the releases include security fixes and 2.6.5 and 2.7.2 also include bug fixes. Details of the security vulnerabilities fixed will be released later.

Update (September 15, 2014): Moodle has now released information on the security issues fixed in the releases. All three versions fix a minor vulnerability that exposes the name of the last person to post in a Q&A forum. Moodle 2.6.5 and 2.7.2 fix a vulnerability that “could potentially allow unauthorised access and privilege escalation” when using   Central Authentication Service (CAS). This vulnerability was not fixed in 2.5.8 and CAS users “are encouraged to upgrade to a more recent release”.

More information is available in the release notes for 2.5.82.6.5, and 2.7.2.

 

Posted in Moodle, Security Update | Leave a comment

Moodle 2.4.11, 2.5.7, 2.6.4, and 2.7.1 Released; Support Ends For Moodle 2.4

Moodle 2.4.11, 2.5.7, 2.6.4, and 2.7.1 were released today. All of the releases include security fixes and all but 2.4.11 also include bug fixes. Details of the security vulnerabilities fixed will be released later.

Update (July 21, 2014): Moodle has now released information on the security issues fixed in the releases. Among the vulnerabilities fixed is a vulnerability that could lead to remote code execution, several that could allow access to server-side files, and several cross-site script (XSS) vulnerabilities.

Moodle 2.4.11 is the last release for the 2.4 branch and anyone running it should upgrade to a newer, supported, version.

More information is available in the release notes for 2.4.112.5.72.6.4, and 2.7.1.

 

Posted in End of Support, Moodle, Security Update | Leave a comment

Moodle 2.4.10, 2.5.6, and 2.6.3 Released

Moodle 2.4.10, 2.5.5, and 2.6.3 were released today. Moodle 2.5.5 and 2.6.3 include bug fixes and all three releases include security fixes. Details of the security vulnerabilities fixed will be released later.

Update (May 19, 2014): Moodle has now released information on the security issues fixed in the releases. Among the vulnerabilities fixed are a cross-site script (XSS) vulnerability in the URL downloader repository and cross-site request forgery (CSRF) vulnerability in the quick-grading feature of the Assignment module.

More information is available in the release notes for 2.4.102.5.6, and 2.6.3.

Posted in Moodle, Security Update | Leave a comment

Moodle 2.7 Released

Moodle 2.7 was released today. The new version includes a new editor, a new mathematical equation editor, and more.

The new version increases the required PHP version to at least 5.4.4. The required database versions increased to at least MySQL version 5.5.31, MariaDB 5.5.31, Postgres version 9.1, MSSQL version 2008, or Oracle version 10.2.

 

More information is available in the release notes.

Posted in Moodle | Leave a comment

Moodle 2.4.9, 2.5.5, and 2.6.2 Released

Moodle 2.4.9, 2.5.6, and 2.6.2 were released today. The new versions include “small improvements”, bug fixes, and security fixes. Details of the security vulnerabilities fixed will be released later.

Update (March 17, 2014): Moodle has now released information on the security issues fixed in the releases.The new versions fix three serious vulnerabilities, two that could lead improper access and one that could allow “students to see pages of other students’ individual wikis”.

More information is available in the release notes for 2.4.9, 2.5.5, and 2.6.2.

Posted in Moodle, Security Update | Leave a comment