Security announcements

MSA-16-0026: When debugging is enabled, error exceptions returned from webservices could contain private data.

 
Picture of Marina Glancy
MSA-16-0026: When debugging is enabled, error exceptions returned from webservices could contain private data.
 
Description: Hopefully production sites never have debugging mode enabled and this is more of an improvement limiting the information returned in web services error messages.
Issue summary: When debugging is enabled, error exceptions returned from webservices could contain private data.
Severity/Risk: Serious
Versions affected: 3.1 to 3.1.2, 3.0 to 3.0.6 and 2.9 to 2.9.8
Versions fixed: 3.1.3, 3.0.7 and 2.9.9
Reported by: Damyon Wiese
Issue no.: MDL-56268
CVE identifier: none (this issue does not qualify for CVE)
Changes (master): http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-56268