Links within assignment submission comments would open directly (in the same window). Although links themselves may be valid, opening within the same window and without the no-referrer header policy made them more susceptible to exploits.
|Versions affected:||3.6 to 3.6.2, 3.5 to 3.5.4, 3.4 to 3.4.7, 3.1 to 3.1.16 and earlier unsupported versions|
|Versions fixed:||3.6.3, 3.5.5, 3.4.8 and 3.1.17|
|Reported by:||Steeven George|
|Tracker issue:||MDL-64651 Stored HTML in assignment submission comments allowed links to be opened directly|