Note:

If you want to create a new page for developers, you should create it on the Moodle Developer Resource site.

Moodle 3.5.18 release notes: Difference between revisions

From MoodleDocs
mNo edit summary
Line 13: Line 13:
==Security fixes==
==Security fixes==
   
   
Details of any security fixes will be released after a period of approximately one week to allow system administrators to safely update to the latest version.
* [https://moodle.org/mod/forum/discuss.php?d=422307 MSA-21-0013] Quiz unreleased grade disclosure via web service
* [https://moodle.org/mod/forum/discuss.php?d=422308 MSA-21-0014] Blind SQL injection possible via MNet authentication
* [https://moodle.org/mod/forum/discuss.php?d=422309 MSA-21-0015] Stored XSS in quiz grading report via user ID number
* [https://moodle.org/mod/forum/discuss.php?d=422310 MSA-21-0016] Files API should mitigate denial-of-service risk when adding to the draft file area


==See also==
==See also==

Revision as of 07:45, 17 May 2021

This version of Moodle is no longer supported for general bug fixes. You are encouraged to upgrade to a supported version of Moodle.

Releases > Moodle 3.5.18 release notes


Release date: 10 May 2021

Here is the full list of fixed issues in 3.5.18.

Privacy improvement

  • MDL-71460 - Change site registration notifications and newsletter subscriptions to opt-in checkbox

Security fixes

  • MSA-21-0013 Quiz unreleased grade disclosure via web service
  • MSA-21-0014 Blind SQL injection possible via MNet authentication
  • MSA-21-0015 Stored XSS in quiz grading report via user ID number
  • MSA-21-0016 Files API should mitigate denial-of-service risk when adding to the draft file area

See also

Retrieved from "https://docs.moodle.org/dev/index.php?title=Moodle_3.5.18_release_notes&oldid=58824"
Powered by MediaWiki