Moodle 3.8.7 release notes: Difference between revisions
From MoodleDocs
| Line 20: | Line 20: | ||
==Security fixes== | ==Security fixes== | ||
* [https://moodle.org/mod/forum/discuss.php?d=417167 MSA-21-0002] Grade information disclosure in grade's external fetch functions | |||
* [https://moodle.org/mod/forum/discuss.php?d=417168 MSA-21-0003] Client side denial of service via personal message | * [https://moodle.org/mod/forum/discuss.php?d=417168 MSA-21-0003] Client side denial of service via personal message | ||
* [https://moodle.org/mod/forum/discuss.php?d=417170 MSA-21-0004] Stored XSS possible via TeX notation filter | * [https://moodle.org/mod/forum/discuss.php?d=417170 MSA-21-0004] Stored XSS possible via TeX notation filter | ||
Revision as of 07:35, 25 January 2021
This version of Moodle is no longer supported for general bug fixes. You are encouraged to upgrade to a supported version of Moodle.
Releases > Moodle 3.8.7 release notes
Release date: 18 January 2021
Here is the full list of fixed issues in 3.8.7.
For developers
- MDL-70265 - Reduce the number of phpunit runs in core's .travis.yml
- MDL-70276 - Add support for github actions to moodle.git
- MDL-70148 - Write new keyboard steps for Behat
Backported bug fixes
- MDL-68896 - SCORM error in Chrome because of "XHR in page dismissal" policy change
- MDL-70285 - The MDL-69687 upgrade step kills large databases
Security fixes
- MSA-21-0002 Grade information disclosure in grade's external fetch functions
- MSA-21-0003 Client side denial of service via personal message
- MSA-21-0004 Stored XSS possible via TeX notation filter
- MSA-21-0005 Arbitrary PHP code execution by site admins via Shibboleth configuration
