Skip to main content

Moodle 2.7.1

Unsupported Moodle Version
This version of Moodle is no longer supported and will not receive fixes for security risks.
You are encouraged to upgrade to a supported version of Moodle.

Release date: 14 July, 2014

Here is the full list of fixed issues in 2.7.1.


  • MDL-41383 - File picker works when zooming in and out of browser
  • MDL-45580 - PDF Annotations working with multiple attempts

Functional changes

  • MDL-43274 - Course logs can no longer be deleted when course is reset

API changes

  • MDL-44871 - Behat tests written for Atto functionalities
  • MDL-43669 - Configuration option added so that mail can be sent from noreply address exclusively

UI changes

  • MDL-45599 - The term 'add-on' is changed to 'plugin'

Security issues

  • MSA-14-0021 Code injection in Repositories
  • MSA-14-0022 XML External Entity vulnerability in LTI module
  • MSA-14-0023 XML External Entity vulnerability in IMSCC and IMSCP
  • MSA-14-0024 Cross-site scripting vulnerability in profile field
  • MSA-14-0025 Remote code execution in Quiz
  • MSA-14-0026 Information leak in profile and notes pages
  • MSA-14-0027 Forum group posting issue
  • MSA-14-0028 Cross-site scripting possible in external badges
  • MSA-14-0029 Cross-site scripting vulnerability in exception dialogues
  • MSA-14-0030 Cross-site scripting through logs of failed logins
  • MSA-14-0031 Cross-site scripting though scheduled task error messages
  • MSA-14-0032 Cross-site scripting in advanced grading methods

Fixes and improvements

  • MDL-44124 - iCal import recurrence rules working consistently
  • MDL-45579 - Duplicate group enrolment keys for the same course are no longer allowed
  • MDL-45682 - Can now insert images using Chrome
  • MDL-43848 - New message popup no longer shows sender or contents of message