Note:

If you want to create a new page for developers, you should create it on the Moodle Developer Resource site.

Moodle 3.9.15 release notes: Difference between revisions

From MoodleDocs
No edit summary
Line 15: Line 15:
==Security fixes==
==Security fixes==


A number of security related issues were resolved. Details of these issues will be released after a period of approximately one week to allow system administrators to safely update to the latest version.
* [https://moodle.org/mod/forum/discuss.php?d=436456 MSA-22-0015] PostScript Code Injection / Remote code execution risk
* [https://moodle.org/mod/forum/discuss.php?d=436457 MSA-22-0016] Arbitrary file read when importing lesson questions
* [https://moodle.org/mod/forum/discuss.php?d=436458 MSA-22-0017] Stored XSS and blind SSRF possible via SCORM track details
* [https://moodle.org/mod/forum/discuss.php?d=436459 MSA-22-0018] Open redirect risk in mobile auto-login feature
* [https://moodle.org/mod/forum/discuss.php?d=436460 MSA-22-0019] LTI module reflected XSS risk - affecting unauthenticated users only
* [https://moodle.org/mod/forum/discuss.php?d=436461 MSA-22-0020] Upgrade moodle-mlbackend-python and update its reference in /lib/mlbackend/python/classes/processor.php (upstream)


==See also==
==See also==

Revision as of 10:30, 18 July 2022

Important:

This content of this page has been updated and migrated to the new Moodle Developer Resources. The information contained on the page should no longer be seen up-to-date.

Why not view this page on the new site and help us to migrate more content to the new site!

Releases > Moodle 3.9.15 release notes

Release date: Not yet released

Here is the full list of fixed issues in 3.9.15.

For developers

  • MDL-75084 - Add behat generators for blog entries
  • MDL-74613 - Add behat generators for grades grade
  • MDL-74674 - Add behat generator to create notification
  • MDL-74864 - Allow specifying forum discussion group in behat generators
  • MDL-74816 - Allow specifying default file's name in mod_resource generator

Security fixes

  • MSA-22-0015 PostScript Code Injection / Remote code execution risk
  • MSA-22-0016 Arbitrary file read when importing lesson questions
  • MSA-22-0017 Stored XSS and blind SSRF possible via SCORM track details
  • MSA-22-0018 Open redirect risk in mobile auto-login feature
  • MSA-22-0019 LTI module reflected XSS risk - affecting unauthenticated users only
  • MSA-22-0020 Upgrade moodle-mlbackend-python and update its reference in /lib/mlbackend/python/classes/processor.php (upstream)

See also

Retrieved from "https://docs.moodle.org/dev/index.php?title=Moodle_3.9.15_release_notes&oldid=63559"
Powered by MediaWiki