Moodle 3.9.10 release notes: Difference between revisions

Revision as of 10:46, 20 September 2021

This version of Moodle is no longer supported for general bug fixes. You are encouraged to upgrade to a supported version of Moodle.

Releases > Moodle 3.9.10 release notes

Release date: 13 September 2021

MDL-72494 - Cannot change course format with Chrome 93.0
MDL-72312 - PHP 7.2 tests failing in 3.10 & 3.9, caused by buggy php-igbinary extension
MDL-72265 - Backup code added in MDL-56310 incorrectly checks moodle/role:safeoverride for users who already have moodle/role:override

MSA-21-0032 Session Hijack risk when Shibboleth authentication is enabled
MSA-21-0033 Course participants download did not restrict which users could be exported
MSA-21-0034 Authentication bypass risk when using external database authentication
MSA-21-0035 Arbitrary file read by site administrators via LaTeX preamble
MSA-21-0036 Quiz unreleased grade disclosure via web service

@@ Line 14: / Line 14: @@
 * MDL-72014 - Update grunt and some components to avoid some security reports
 * MDL-72187 - Log visibility change of log stores
+==Security fixes==
+* [https://moodle.org/mod/forum/discuss.php?d=427103 MSA-21-0032] Session Hijack risk when Shibboleth authentication is enabled
+* [https://moodle.org/mod/forum/discuss.php?d=427104 MSA-21-0033] Course participants download did not restrict which users could be exported
+* [https://moodle.org/mod/forum/discuss.php?d=427105 MSA-21-0034] Authentication bypass risk when using external database authentication
+* [https://moodle.org/mod/forum/discuss.php?d=427106 MSA-21-0035] Arbitrary file read by site administrators via LaTeX preamble
+* [https://moodle.org/mod/forum/discuss.php?d=427107 MSA-21-0036] Quiz unreleased grade disclosure via web service
 ==See also==
 *[[Moodle 3.9.9 release notes]]