| Topic: | New detection of insecure flash player plugins |
| Severity/Risk: | Major |
| Versions affected: | <1.9.7 |
| Reported by: | internal code review |
| Issue no.: | MDL-20841 |
| Solution: | upgrade to 1.9.7 |
| Workaround: | none |
Description:
Older Flash versions that do not respect the download http header may be used to gain unauthorised access. Moodle is now able to detect obsolete and vulnerable Flash plugin versions. Moodle will actually refuse to send uploaded files to older Flash plugins and will instead send an alternative Flash file that asks users to upgrade. All administrators and teachers should upgrade their computers as soon as possible.