Moodle 3.9.13 release notes: Difference between revisions
From MoodleDocs
Helen Foster (talk | contribs) (version released) |
|||
Line 14: | Line 14: | ||
==Security fixes== | ==Security fixes== | ||
* [https://moodle.org/mod/forum/discuss.php?d=432947 MSA-22-0005] SQL injection risk in Badges criteria code | |||
* [https://moodle.org/mod/forum/discuss.php?d=432948 MSA-22-0006] Users with moodle/site:uploadusers but without moodle/user:delete could delete users | |||
* [https://moodle.org/mod/forum/discuss.php?d=432949 MSA-22-0007] Possible to reach the profile field badge criteria on a course page | |||
* [https://moodle.org/mod/forum/discuss.php?d=432950 MSA-22-0008] Upgrade PHPMailer to latest version (upstream) | |||
* [https://moodle.org/mod/forum/discuss.php?d=432951 MSA-22-0009] Upgrade CKEditor included in h5p-editor-php-library to latest version (upstream) | |||
==See also== | ==See also== |
Revision as of 06:59, 21 March 2022
This version of Moodle is no longer supported for general bug fixes. You are encouraged to upgrade to a supported version of Moodle.
Releases > Moodle 3.9.13 release notes
Release date: 14 March 2022
Here is the full list of fixed issues in 3.9.13.
Backported bug fixes
- MDL-73915 - Bump NodeJS version, dependencies, and update JS build process, drop IE support
- MDL-73588 - Unexpected content in the CURLOPT_FILE output stream on redirects
Security fixes
- MSA-22-0005 SQL injection risk in Badges criteria code
- MSA-22-0006 Users with moodle/site:uploadusers but without moodle/user:delete could delete users
- MSA-22-0007 Possible to reach the profile field badge criteria on a course page
- MSA-22-0008 Upgrade PHPMailer to latest version (upstream)
- MSA-22-0009 Upgrade CKEditor included in h5p-editor-php-library to latest version (upstream)