Note:

If you want to create a new page for developers, you should create it on the Moodle Developer Resource site.

Moodle 3.9.13 release notes

From MoodleDocs
Important:

This content of this page has been updated and migrated to the new Moodle Developer Resources. The information contained on the page should no longer be seen up-to-date.

Why not view this page on the new site and help us to migrate more content to the new site!

This version of Moodle is no longer supported for general bug fixes. You are encouraged to upgrade to a supported version of Moodle.

Releases > Moodle 3.9.13 release notes


Release date: 14 March 2022

Here is the full list of fixed issues in 3.9.13.

Backported bug fixes

  • MDL-73915 - Bump NodeJS version, dependencies, and update JS build process, drop IE support
  • MDL-73588 - Unexpected content in the CURLOPT_FILE output stream on redirects

Security fixes

  • MSA-22-0005 SQL injection risk in Badges criteria code
  • MSA-22-0006 Users with moodle/site:uploadusers but without moodle/user:delete could delete users
  • MSA-22-0007 Possible to reach the profile field badge criteria on a course page
  • MSA-22-0008 Upgrade PHPMailer to latest version (upstream)
  • MSA-22-0009 Upgrade CKEditor included in h5p-editor-php-library to latest version (upstream)

See also