Multiple security issues were fixed in the latest moodle release. MSA-17-0010 External blog editing takeover MSA-17-0011 Searching of blogs possible without capability to do it MSA-17-0012 CSRF in number of courses displayed in the course overview block MSA-17-0013 Missing permission check when adding forum post attachments in Web Services References: https://moodle.org/mod/forum/discuss.php?d=351987
Created moodle tracking bugs for this issue: Affects: epel-6 [bug 1451670] Affects: epel-7 [bug 1451672] Affects: fedora-all [bug 1451671]