Skip to main content

Moodle 1.9.2

Unsupported Moodle Version
This version of Moodle is no longer supported and will not receive fixes for security risks.
You are encouraged to upgrade to a supported version of Moodle.

Release date: 11th July 2008

Here is the full list of fixed issues in 1.9.2.


  • Compatibility fixes for MSSQL, Oracle and PostgreSQL
  • Improved triggering of core events (though contributed code needs to be updated - see MDL-9983)
  • Email change confirmation and other improvements relating to reducing the risk of spam
  • Forum subscription improvements
  • Setting for deleting not-fully-set-up accounts
  • Quiz report enhancements and bug fixes (see Quiz report enhancements for full list, though most are planned for Moodle 2.0)

Security issues

  • MSA-08-0010: sql injection in HotPot module
  • MSA-08-0012: Potential non-persistent XSS when searching for group members (MSSQL and Oracle only)
  • MSA-08-0014: potential sql injection in events handling code
  • MSA-08-0015: accessible profiles of deleted users
  • MSA-08-0016: Email could be changed in profile without confirmation