Note:

If you want to create a new page for developers, you should create it on the Moodle Developer Resource site.

Moodle 3.9.11 release notes: Difference between revisions

From MoodleDocs
m (released)
m (Protected "Moodle 3.9.11 release notes": Developer Docs Migration ([Edit=Allow only administrators] (indefinite)))
 
(2 intermediate revisions by 2 users not shown)
Line 1: Line 1:
{{Template:Migrated|newDocId=/general/releases/3.9/3.9.11}}
<p class="note">'''This version of Moodle is no longer supported for general bug fixes.''' You are encouraged to [[:en:Upgrading|upgrade]] to a supported version of Moodle.</p>
<p class="note">'''This version of Moodle is no longer supported for general bug fixes.''' You are encouraged to [[:en:Upgrading|upgrade]] to a supported version of Moodle.</p>


Line 15: Line 16:
==Security fixes==
==Security fixes==
 
 
Details of any security issues will be released after a period of approximately one week to allow system administrators to safely update to the latest version.
* [https://moodle.org/mod/forum/discuss.php?d=429095 MSA-21-0038] Remote code execution risk when restoring malformed backup file
* [https://moodle.org/mod/forum/discuss.php?d=429096 MSA-21-0039] Upgrade moodle-mlbackend-python and update its reference in /lib/mlbackend/python/classes/processor.php (upstream). '''Please note:''' If you are using Moodle Analytics, an upgrade to mlbackend version 2.6.4 is required. See the [https://docs.moodle.org/en/Analytics_settings#Versions Analytics settings documentation] for more information about how to upgrade.
* [https://moodle.org/mod/forum/discuss.php?d=429097 MSA-21-0040] Reflected XSS in filetype admin tool
* [https://moodle.org/mod/forum/discuss.php?d=429099 MSA-21-0041] CSRF risk on delete related badge feature
* [https://moodle.org/mod/forum/discuss.php?d=429100 MSA-21-0042] IDOR in a calendar web service allows fetching of other users' action events


==See also==
==See also==

Latest revision as of 09:09, 25 May 2022

Important:

This content of this page has been updated and migrated to the new Moodle Developer Resources. The information contained on the page should no longer be seen up-to-date.

Why not view this page on the new site and help us to migrate more content to the new site!

This version of Moodle is no longer supported for general bug fixes. You are encouraged to upgrade to a supported version of Moodle.

Releases > Moodle 3.9.11 release notes


Release date: 8 November 2021

Here is the full list of fixed issues in 3.9.11.

Backported bug fixes

  • MDL-72621 - Drop support for $CFG->admin
  • MDL-72515 - Plugins overview page calls curl unnecessarily

Security fixes

  • MSA-21-0038 Remote code execution risk when restoring malformed backup file
  • MSA-21-0039 Upgrade moodle-mlbackend-python and update its reference in /lib/mlbackend/python/classes/processor.php (upstream). Please note: If you are using Moodle Analytics, an upgrade to mlbackend version 2.6.4 is required. See the Analytics settings documentation for more information about how to upgrade.
  • MSA-21-0040 Reflected XSS in filetype admin tool
  • MSA-21-0041 CSRF risk on delete related badge feature
  • MSA-21-0042 IDOR in a calendar web service allows fetching of other users' action events

See also

Retrieved from "https://docs.moodle.org/dev/index.php?title=Moodle_3.9.11_release_notes&oldid=63084"
Powered by MediaWiki