Multiple security issues were fixed in the latest moodle release. MSA-17-0005: SQL injection via user preferences MSA-17-0007: Global search displays user names for unauthenticated users MSA-17-0008: XSS in evidence of prior learning MSA-17-0009: XSS in attachments to evidence of prior learning References: https://moodle.org/mod/forum/discuss.php?d=349027#p1408104
Created moodle tracking bugs for this issue: Affects: epel-7 [bug 1434721] Affects: fedora-all [bug 1434720]