|Topic:||potential sql injection in events handling code|
|Versions affected:||1.9.0 and 1.9.1 only|
|Solution:||upgrade to 1.9.2 or any recent nightly; upgrade needed only if custom code uses Events API|
Description:During internal review it was discovered that the new Events framework might be vulnerable to sql attacks. This code is not currently used within Moodle core, but sites 3rd party modifications could be vulnerable. If you have any code using Events API please read the details in http://tracker.moodle.org/browse/MDL-9983 on how to update your code to comply with this change. Please note that the changes in 1.9.2 are not backwards compatible.