Moodle 3.9.10 release notes: Difference between revisions
From MoodleDocs
m (Add MDL-72494, being critical for the recent regression in M93 (Fixed in M94)) |
No edit summary |
||
Line 14: | Line 14: | ||
* MDL-72014 - Update grunt and some components to avoid some security reports | * MDL-72014 - Update grunt and some components to avoid some security reports | ||
* MDL-72187 - Log visibility change of log stores | * MDL-72187 - Log visibility change of log stores | ||
==Security fixes== | |||
* [https://moodle.org/mod/forum/discuss.php?d=427103 MSA-21-0032] Session Hijack risk when Shibboleth authentication is enabled | |||
* [https://moodle.org/mod/forum/discuss.php?d=427104 MSA-21-0033] Course participants download did not restrict which users could be exported | |||
* [https://moodle.org/mod/forum/discuss.php?d=427105 MSA-21-0034] Authentication bypass risk when using external database authentication | |||
* [https://moodle.org/mod/forum/discuss.php?d=427106 MSA-21-0035] Arbitrary file read by site administrators via LaTeX preamble | |||
* [https://moodle.org/mod/forum/discuss.php?d=427107 MSA-21-0036] Quiz unreleased grade disclosure via web service | |||
==See also== | ==See also== | ||
*[[Moodle 3.9.9 release notes]] | *[[Moodle 3.9.9 release notes]] |
Revision as of 10:46, 20 September 2021
This version of Moodle is no longer supported for general bug fixes. You are encouraged to upgrade to a supported version of Moodle.
Releases > Moodle 3.9.10 release notes
Release date: 13 September 2021
Here is the full list of fixed issues in 3.9.10.
Backported bug fixes
- MDL-72494 - Cannot change course format with Chrome 93.0
- MDL-72312 - PHP 7.2 tests failing in 3.10 & 3.9, caused by buggy php-igbinary extension
- MDL-72265 - Backup code added in MDL-56310 incorrectly checks moodle/role:safeoverride for users who already have moodle/role:override
Backported security improvements
- MDL-72014 - Update grunt and some components to avoid some security reports
- MDL-72187 - Log visibility change of log stores
Security fixes
- MSA-21-0032 Session Hijack risk when Shibboleth authentication is enabled
- MSA-21-0033 Course participants download did not restrict which users could be exported
- MSA-21-0034 Authentication bypass risk when using external database authentication
- MSA-21-0035 Arbitrary file read by site administrators via LaTeX preamble
- MSA-21-0036 Quiz unreleased grade disclosure via web service