Moodle 3.3.8 release notes: Difference between revisions
From MoodleDocs
No edit summary |
|||
Line 21: | Line 21: | ||
===Security issues=== | ===Security issues=== | ||
* [https://moodle.org/mod/forum/discuss.php?d=376023 MSA-18-0017] Moodle XML import of ddwtos could lead to intentional remote code execution | |||
* [https://moodle.org/mod/forum/discuss.php?d=376024 MSA-18-0018] QuickForm library remote code vulnerability (upstream) | |||
* [https://moodle.org/mod/forum/discuss.php?d=376025 MSA-18-0019] Boost theme - blog search GET parameter insufficiently filtered | |||
==See also== | ==See also== | ||
*[[Moodle 3.3.7 release notes]] | *[[Moodle 3.3.7 release notes]] |
Revision as of 04:26, 17 September 2018
This version of Moodle is no longer supported for general bug fixes. You are encouraged to upgrade to a supported version of Moodle.
Releases > Moodle 3.3.8 release notes
Release date: 10 September 2018
Here is the full list of fixed issues in 3.3.8.
Highlights
- MDL-62799 - tool_dataprivacy plugin merged into 3.3 core
- MDL-62800 - tool_policy plugin merged into 3.3 core
- MDL-62660 - Option to set a data request expiry time
Fixes and improvements
- MDL-62600 - Admin is misinformed that there are no data requests
- MDL-62989 - Data requests are listed by date requested for users
- MDL-62896 - Some non-core plugins are missing their Additional label on the Plugin data registry page
Security issues
- MSA-18-0017 Moodle XML import of ddwtos could lead to intentional remote code execution
- MSA-18-0018 QuickForm library remote code vulnerability (upstream)
- MSA-18-0019 Boost theme - blog search GET parameter insufficiently filtered