Note:

If you want to create a new page for developers, you should create it on the Moodle Developer Resource site.

Moodle 3.7.8 release notes: Difference between revisions

From MoodleDocs
(release date)
Line 14: Line 14:
==Security fixes==
==Security fixes==
 
 
Details of any security issues will be released after a period of approximately one week to allow system administrators to safely update to the latest version.
* [https://moodle.org/mod/forum/discuss.php?d=410840 MSA-20-0012] Reflected XSS in tag manager
* [https://moodle.org/mod/forum/discuss.php?d=410841 MSA-20-0013] "Log in as" capability in a course context may lead to some privilege escalation
* [https://moodle.org/mod/forum/discuss.php?d=410842 MSA-20-0014] Denial of service risk in file picker unzip functionality
* [https://moodle.org/mod/forum/discuss.php?d=410843 MSA-20-0015] Chapter name in book not always escaped with forceclean enabled


==See also==
==See also==

Revision as of 07:40, 21 September 2020

This version of Moodle is no longer supported for general bug fixes. You are encouraged to upgrade to a supported version of Moodle.

Releases > Moodle 3.7.8 release notes


Release date: 14 September 2020

Here is the full list of fixed issues in 3.7.8.

For developers

  • MDL-69068 - Allow behat generators to be pivoted

Security fixes

  • MSA-20-0012 Reflected XSS in tag manager
  • MSA-20-0013 "Log in as" capability in a course context may lead to some privilege escalation
  • MSA-20-0014 Denial of service risk in file picker unzip functionality
  • MSA-20-0015 Chapter name in book not always escaped with forceclean enabled

See also

Retrieved from "https://docs.moodle.org/dev/index.php?title=Moodle_3.7.8_release_notes&oldid=57880"
Powered by MediaWiki