Moodle 3.8.8 release notes
This content of this page has been updated and migrated to the new Moodle Developer Resources. The information contained on the page should no longer be seen up-to-date.
This version of Moodle is no longer supported for general bug fixes. You are encouraged to upgrade to a supported version of Moodle.
Releases > Moodle 3.8.8 release notes
Release date: 8 March 2021
- MSA-21-0006 Stored XSS via ID number user profile field
- MSA-21-0007 Stored XSS and blind SSRF possible via feedback answer text
- MSA-21-0008 User full name disclosure within online users block
- MSA-21-0009 Bypass email verification secret when confirming account registration
- MSA-21-0010 Fetching a user's enrolled courses via web services did not check profile access in each course
- MSA-21-0011 JQuery versions below 3.5.0 contain some potential vulnerabilities (upstream)