Note:

If you want to create a new page for developers, you should create it on the Moodle Developer Resource site.

Moodle 3.9.8 release notes

From MoodleDocs

This version of Moodle is no longer supported for general bug fixes. You are encouraged to upgrade to a supported version of Moodle.

Releases > Moodle 3.9.8 release notes


Release date: 12 July 2021

Here is the full list of fixed issues in 3.9.8.

Backported bug fixes

  • MDL-68747 - ChartJS quiz overview report should display numerical ranges LTR also for RTL languages
  • MDL-71060 - Duplicates 'Current category' text in edit question form

Security fixes

  • MSA-21-0020 SQL injection risk in code fetching enrolled courses
  • MSA-21-0021 SQL injection risk in code fetching recent courses
  • MSA-21-0022 Remote code execution risk when Shibboleth authentication is enabled
  • MSA-21-0023 Recursion denial of service possible due to recursive cURL in file repository
  • MSA-21-0024 Blind SSRF possible against cURL blocked hosts via redirect
  • MSA-21-0025 Messaging web service allows deletion of other users' messages
  • MSA-21-0028 IDOR allows removal of other users' calendar URL subscriptions
  • MSA-21-0029 Stored XSS when exporting to data formats supporting HTML via user ID number
  • MSA-21-0030 Insufficient escaping of users' names in account confirmation email
  • MSA-21-0031 Messaging email notifications containing HTML may hide the final line of the email

See also