Moodle 3.8.9 release notes

From MoodleDocs
Important:

This content of this page has been updated and migrated to the new Moodle Developer Resources. The information contained on the page should no longer be seen up-to-date.

Why not view this page on the new site and help us to migrate more content to the new site!

This version of Moodle is no longer supported for general bug fixes. You are encouraged to upgrade to a supported version of Moodle.

Releases > Moodle 3.8.9 release notes


Release date: 10 May 2021

Here is the full list of fixed issues in 3.8.9.

Privacy improvement

  • MDL-71460 - Change site registration notifications and newsletter subscriptions to opt-in checkbox

Security fixes

  • MSA-21-0012 Forum CSV export could result in posts from all courses being exported
  • MSA-21-0013 Quiz unreleased grade disclosure via web service
  • MSA-21-0014 Blind SQL injection possible via MNet authentication
  • MSA-21-0015 Stored XSS in quiz grading report via user ID number
  • MSA-21-0016 Files API should mitigate denial-of-service risk when adding to the draft file area
  • MSA-21-0018 Reflected XSS and open redirect in LTI authorization endpoint
  • MSA-21-0019 Upgrade H5P PHP library to latest minor version (upstream)

See also