Moodle 1.9.8 Tackles Security Vulnerabilities

Moodle has released an update to its open source learning management system for Mac OS X, Windows, and Linux. Moodle 1.9.8 includes a number of small improvements and bug fixes but also addresses nine security vulnerabilities, including two that Moodle developers have labeled as "critical" and five as "major." Moodle has also released a parallel update to the 1.8 branch, version 1.8.12, which includes comparable changes.

Moodle is the most widely adopted learning management system available, with nearly 1.2 million teachers using it and more than 33.5 million users participating in more than 3.3 million courses at more than 46,000 validated sites worldwide. Moodle supports both small and large deployments (with several sites well beyond 100,000 users) and includes course management tools, various Web 2.0 technologies, online assessments, and other features common to learning management systems.

In the latest release, the two critical security issues that were addressed include a SQL injection vulnerability in the Wiki module and a forms validation problem. It also fixed problems with cross-site scripting affecting implementations where global search is enabled and a problem that would allow regular users to find the user names of others enrolled in a course. A complete list of security vulnerabilities addressed in the latest releases can be found here.)

In the category of other enhancements, version 1.9.8 improves restoration of student data in course backups and also improves SCORM module restore. Several minor fixes are also included, such as a Firefox issue with the Chameleon theme, a problem with viewing LDAP authentication settings, and an issue with statistics generation.

Moodle developers are recommending the 1.9.8 and 1.8.12 update for all current users. Further information, including a full list of bug fixes and improvements, can be found here.

About the Author

David Nagel is the former editorial director of 1105 Media's Education Group and editor-in-chief of THE Journal, STEAM Universe, and Spaces4Learning. A 30-year publishing veteran, Nagel has led or contributed to dozens of technology, art, marketing, media, and business publications.

He can be reached at [email protected]. You can also connect with him on LinkedIn at https://www.linkedin.com/in/davidrnagel/ .


Featured

  • two large brackets facing each other with various arrows, circles, and rectangles flowing between them

    1EdTech Partners with DXtera to Support Ed Tech Interoperability

    1EdTech Consortium and DXtera Institute have announced a partnership aimed at improving access to learning data in postsecondary and higher education.

  • Abstract geometric shapes including hexagons, circles, and triangles in blue, silver, and white

    Google Launches Its Most Advanced AI Model Yet

    Google has introduced Gemini 2.5 Pro Experimental, a new artificial intelligence model designed to reason through problems before delivering answers, a shift that marks a major leap in AI capability, according to the company.

  •  laptop on a clean desk with digital padlock icon on the screen

    Study: Data Privacy a Top Concern as Orgs Scale Up AI Agents

    As organizations race to integrate AI agents into their cloud operations and business workflows, they face a crucial reality: while enthusiasm is high, major adoption barriers remain, according to a new Cloudera report. Chief among them is the challenge of safeguarding sensitive data.

  • stylized AI code and a neural network symbol, paired with glitching code and a red warning triangle

    New Anthropic AI Models Demonstrate Coding Prowess, Behavior Risks

    Anthropic has released Claude Opus 4 and Claude Sonnet 4, its most advanced artificial intelligence models to date, boasting a significant leap in autonomous coding capabilities while simultaneously revealing troubling tendencies toward self-preservation that include attempted blackmail.