Skip to main content

Moodle 1.9.4

Unsupported Moodle Version
This version of Moodle is no longer supported and will not receive fixes for security risks.
You are encouraged to upgrade to a supported version of Moodle.

Release date: 28th January 2009

Here is the full list of fixed issues in 1.9.4.


Security issues

  • MSA-09-0001 No way easy to remove pictures of deleted users
  • MSA-09-0002 User pix disclosure
  • MSA-09-0003 Vulnerability in Snoopy 1.2.3
  • MSA-09-0004 XSS vulnerabilities in HTML blocks if "Login as" used
  • MSA-09-0005 Moodle 'spell-check-logic.cgi' Insecure Temporary File Creation Vulnerability
  • MSA-09-0006 Calendar export may allow brute force attacks
  • MSA-09-0007 Missing input validation in logs allows potential XSS attacks
  • MSA-09-0008 CSRF vulnerability in forum code

New language strings file

  • report_security.php

New language pack

  • Kazakh - Калима Туенбаева

(See Translation credits for additional details.)

Known problems and regressions

  • New Security overview report on large sites extremely slow and overloading database server MDL-18040 - update to latest weekly or copy /admin/report/security/* files from latest weekly