Note:

If you want to create a new page for developers, you should create it on the Moodle Developer Resource site.

Moodle 3.8.9 release notes: Difference between revisions

From MoodleDocs
mNo edit summary
Line 13: Line 13:
==Security fixes==
==Security fixes==
 
 
Details of any security issues will be released after a period of approximately one week to allow system administrators to safely update to the latest version.
* [https://moodle.org/mod/forum/discuss.php?d=422305 MSA-21-0012] Forum CSV export could result in posts from all courses being exported
* [https://moodle.org/mod/forum/discuss.php?d=422307 MSA-21-0013] Quiz unreleased grade disclosure via web service
* [https://moodle.org/mod/forum/discuss.php?d=422308 MSA-21-0014] Blind SQL injection possible via MNet authentication
* [https://moodle.org/mod/forum/discuss.php?d=422309 MSA-21-0015] Stored XSS in quiz grading report via user ID number
* [https://moodle.org/mod/forum/discuss.php?d=422310 MSA-21-0016] Files API should mitigate denial-of-service risk when adding to the draft file area
* [https://moodle.org/mod/forum/discuss.php?d=422314 MSA-21-0018] Reflected XSS and open redirect in LTI authorization endpoint
* [https://moodle.org/mod/forum/discuss.php?d=422315 MSA-21-0019] Upgrade H5P PHP library to latest minor version (upstream)
 
==See also==
==See also==
*[[Moodle 3.8.8 release notes]]
*[[Moodle 3.8.8 release notes]]

Revision as of 07:45, 17 May 2021

This version of Moodle is no longer supported for general bug fixes. You are encouraged to upgrade to a supported version of Moodle.

Releases > Moodle 3.8.9 release notes


Release date: 10 May 2021

Here is the full list of fixed issues in 3.8.9.

Privacy improvement

  • MDL-71460 - Change site registration notifications and newsletter subscriptions to opt-in checkbox

Security fixes

  • MSA-21-0012 Forum CSV export could result in posts from all courses being exported
  • MSA-21-0013 Quiz unreleased grade disclosure via web service
  • MSA-21-0014 Blind SQL injection possible via MNet authentication
  • MSA-21-0015 Stored XSS in quiz grading report via user ID number
  • MSA-21-0016 Files API should mitigate denial-of-service risk when adding to the draft file area
  • MSA-21-0018 Reflected XSS and open redirect in LTI authorization endpoint
  • MSA-21-0019 Upgrade H5P PHP library to latest minor version (upstream)

See also

Retrieved from "https://docs.moodle.org/dev/index.php?title=Moodle_3.8.9_release_notes&oldid=58823"
Powered by MediaWiki