experiment 3

CLE-4438
add irubric integration
CLE-4759
 Implement the Full Screen editor AND the preview button in FCK in Sakai
CLE-6025
Security: Students can delete syllabus attachments (file, link, and Resource types) by directly accessing the corresponding syllabus edit interfaces
CLE-6026
Security: Title of citation list is open to XSS attack
CLE-6027
merge fro XSS attack possible in Site Information Display
CLE-6028
merge Security: Insure that the /portal/tool url checks functions.require before allowing access to the Tool
CLE-6029
 merge for Security: editing a file using webDAV silently changes group access to a file
CLE-6030
Security: XSS attack possible via blogs
CLE-6031
Security: XSS attack via folder names in messages
CLE-6032
Security: Announcements/MOTD RSS Alias trusts input
CLE-6033
Security: HTTP response splitting found by static code review
CLE-6034
Security: XSS attack in rwiki
CLE-6035
Security: Anon user can create a new user with a specific id
CLE-6039
Security: Possible to find admin user ids
CLE-6040
Security: A student can upload attachments to the site via the Syllabus, Assignments, and Announcements sections
CLE-6041
Security: student can view the grades of other students in Gradebook via the studentView bean
CLE-6024
Security: UserdirectoryService allows any user to edit their Eid, merge from sakai
CLE-6043
Security: SQL Injection possible in user membership search
CLE-6044
Security: loading unreasonably large spreadsheet hangs sakai
CLE-6045
Security: XSS attack possible in Assignments
CLE-6046
Security: A student can view the submissions, submission attachments, and grades (when released) of other students if the submission ID is known.
CLE-6047
Security: Students can change options for announcement view globally for all users
CLE-6049
Security: Importing a gradebook, exposes gradebook to an XSS attack via the import text files text title.
CLE-6050
Security: email attachments are publicly accessible
CLE-6051
Security: A student can view statistics for the Forums
CLE-6052
Security; XSS through Forums title and description when deleting
CLE-6063
 import gradebook2 1.3.0-rc1

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Â