Security announcements

MSA-08-0011: Potential webroot disclosures warning

Picture of Petr Skoda
MSA-08-0011: Potential webroot disclosures warning
Topic: Potential webroot disclosures warning
Severity: Minor
Versions affected: all version
Reported by: Richard Brain of ProCheckUp Ltd. (
Issue no.: MDL-15413
Solution: make sure display_errors is disabled in PHP configuration; 1.8.6 and 1.9.2 contains new warning for administrators


ProCheckup discovered that several scripts display errors if display_errors enabled in PHP configuration. This problem will be fully fixed in later Moodle versions because it requires modification of many files and review of all code from upstream, in the meantime please make sure you server is configured properly - see

We would like to thank them for informing us in a responsible manner and coordinating the disclosure of security advisories.