If you want to create a new page for developers, you should create it on the Moodle Developer Resource site.

Moodle 3.5.17 release notes

From MoodleDocs
Revision as of 09:09, 25 May 2022 by Dev Docs Bot (talk | contribs) (Protected "Moodle 3.5.17 release notes": Developer Docs Migration ([Edit=Allow only administrators] (indefinite)))
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

This content of this page has been updated and migrated to the new Moodle Developer Resources. The information contained on the page should no longer be seen up-to-date.

Why not view this page on the new site and help us to migrate more content to the new site!

This version of Moodle is no longer supported for general bug fixes. You are encouraged to upgrade to a supported version of Moodle.

Releases > Moodle 3.5.17 release notes

Release date: 8 March 2021

Here is the full list of fixed issues in 3.5.17.

Security fixes

  • MSA-21-0006 Stored XSS via ID number user profile field
  • MSA-21-0007 Stored XSS and blind SSRF possible via feedback answer text
  • MSA-21-0008 User full name disclosure within online users block
  • MSA-21-0009 Bypass email verification secret when confirming account registration
  • MSA-21-0010 Fetching a user's enrolled courses via web services did not check profile access in each course
  • MSA-21-0011 JQuery versions below 3.5.0 contain some potential vulnerabilities (upstream)

See also