Skip to main content

Moodle 2.6.4

Unsupported Moodle Version
This version of Moodle is no longer supported and will not receive fixes for security risks.
You are encouraged to upgrade to a supported version of Moodle.

Release date: 14 July, 2014

Here is the full list of fixed issues in 2.6.4.


  • MDL-41383 - File picker works when zooming in and out of browser
  • MDL-45580 - PDF Annotations working with multiple attempts

API changes

  • MDL-43669 - Configuration option added so that mail can be sent from noreply address exclusively

Security issues

  • MSA-14-0021 Code injection in Repositories
  • MSA-14-0022 XML External Entity vulnerability in LTI module
  • MSA-14-0023 XML External Entity vulnerability in IMSCC and IMSCP
  • MSA-14-0024 Cross-site scripting vulnerability in profile field
  • MSA-14-0025 Remote code execution in Quiz
  • MSA-14-0026 Information leak in profile and notes pages
  • MSA-14-0027 Forum group posting issue
  • MSA-14-0028 Cross-site scripting possible in external badges
  • MSA-14-0029 Cross-site scripting vulnerability in exception dialogues
  • MSA-14-0032 Cross-site scripting in advanced grading methods

Fixes and improvements

  • MDL-45579 - Duplicate group enrolment keys for the same course are no longer allowed
  • MDL-43848 - New message popup no longer shows sender or contents of message