The Claroline development team is happy to announce the release of Claroline open source LMS version 1.11.9. This release fixes some major issues and vulnerabilities in Claroline 1.11.8. It is strongly adviced to upgrade your platform to this new release.
You can download Claroline 1.11.9 from sourceforge.net : https://sourceforge.net/projects/claroline/files/Claroline/Claroline_1.11.9/
Major changes in this release :
* fix some Cross Site Scripting vulnerabilities detected in Claroline version 1.11.8 (see https://www.htbridge.com/advisory/HTB23179 and http://packetstormsecurity.com/files/12 ... 18-xss.txt for the detailed advisories)
* fix access control issues in the kernel
* complete rewriting of the registration and enrolment libraries
* many improvements in the platform translations and localization
* fix the upgrade process to avoid issues when upgrading between minor releases or from 1.10 to 1.11
You can get the complete changelog on Sourceforge.net.
Thanks: The Claroline team wishes to thanks all the contributors and people who reported issues on the forum and especialy dmartin, High-Tech Bridge Security Research Lab, adudu and Packet Storm Security, jrm and ldumorti.