Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
22 changes: 21 additions & 1 deletion general/releases/4.5/4.5.12.md
Original file line number Diff line number Diff line change
Expand Up @@ -36,4 +36,24 @@ import { ReleaseNoteIntro } from '@site/src/components/ReleaseInformation';

## Security fixes {/* #security-fixes */}

A number of security related issues were resolved. Details of these issues will be released after a period of approximately one week to allow system administrators to safely update to the latest version.
{/* <!-- cspell:disable --> */}

- [MSA-26-0012](https://moodle.org/mod/forum/discuss.php?d=481810) - Arbitrary file read risk in Database activity module
- [MSA-26-0013](https://moodle.org/mod/forum/discuss.php?d=481811) - Email-based MFA bypass
- [MSA-26-0014](https://moodle.org/mod/forum/discuss.php?d=481812) - Arbitrary file read risk in backup restore
- [MSA-26-0015](https://moodle.org/mod/forum/discuss.php?d=481813) - RCE risk via admin presets import
- [MSA-26-0016](https://moodle.org/mod/forum/discuss.php?d=481814) - Missing group access checks in grade web services
- [MSA-26-0017](https://moodle.org/mod/forum/discuss.php?d=481817) - IDOR allows arbitrary comment deletion
- [MSA-26-0018](https://moodle.org/mod/forum/discuss.php?d=481818) - CSRF risk in user homepage preference setting
- [MSA-26-0019](https://moodle.org/mod/forum/discuss.php?d=481819) - CSRF risk in user profile page reset
- [MSA-26-0020](https://moodle.org/mod/forum/discuss.php?d=481820) - Reflected XSS via Feedback import error message
- [MSA-26-0021](https://moodle.org/mod/forum/discuss.php?d=481821) - CSRF and XSS in grade item idnumber editing
- [MSA-26-0022](https://moodle.org/mod/forum/discuss.php?d=481823) - CSRF risk in group messaging state toggle
- [MSA-26-0023](https://moodle.org/mod/forum/discuss.php?d=481824) - CSRF risk when adding quiz section headings
- [MSA-26-0024](https://moodle.org/mod/forum/discuss.php?d=481825) - Missing capability checks in AI placement web services
- [MSA-26-0025](https://moodle.org/mod/forum/discuss.php?d=481826) - CSRF risk in quiz attempt regrading
- [MSA-26-0026](https://moodle.org/mod/forum/discuss.php?d=481827) - Missing capability check in Assignment marker allocation
- [MSA-26-0027](https://moodle.org/mod/forum/discuss.php?d=481829) - Blind SSRF risk in MNet peers function
- [MSA-26-0028](https://moodle.org/mod/forum/discuss.php?d=481830) - DoS risk via user profile description
- [MSA-26-0029](https://moodle.org/mod/forum/discuss.php?d=481831) - Missing capability checks in report builder fragment callbacks
{/* <!-- cspell:enable --> */}
22 changes: 21 additions & 1 deletion general/releases/5.0/5.0.8.md
Original file line number Diff line number Diff line change
Expand Up @@ -29,4 +29,24 @@ import { ReleaseNoteIntro } from '@site/src/components/ReleaseInformation';

## Security fixes {/* #security-fixes */}

A number of security related issues were resolved. Details of these issues will be released after a period of approximately one week to allow system administrators to safely update to the latest version.
{/* <!-- cspell:disable --> */}

- [MSA-26-0012](https://moodle.org/mod/forum/discuss.php?d=481810) - Arbitrary file read risk in Database activity module
- [MSA-26-0013](https://moodle.org/mod/forum/discuss.php?d=481811) - Email-based MFA bypass
- [MSA-26-0014](https://moodle.org/mod/forum/discuss.php?d=481812) - Arbitrary file read risk in backup restore
- [MSA-26-0015](https://moodle.org/mod/forum/discuss.php?d=481813) - RCE risk via admin presets import
- [MSA-26-0016](https://moodle.org/mod/forum/discuss.php?d=481814) - Missing group access checks in grade web services
- [MSA-26-0017](https://moodle.org/mod/forum/discuss.php?d=481817) - IDOR allows arbitrary comment deletion
- [MSA-26-0018](https://moodle.org/mod/forum/discuss.php?d=481818) - CSRF risk in user homepage preference setting
- [MSA-26-0019](https://moodle.org/mod/forum/discuss.php?d=481819) - CSRF risk in user profile page reset
- [MSA-26-0020](https://moodle.org/mod/forum/discuss.php?d=481820) - Reflected XSS via Feedback import error message
- [MSA-26-0021](https://moodle.org/mod/forum/discuss.php?d=481821) - CSRF and XSS in grade item idnumber editing
- [MSA-26-0022](https://moodle.org/mod/forum/discuss.php?d=481823) - CSRF risk in group messaging state toggle
- [MSA-26-0023](https://moodle.org/mod/forum/discuss.php?d=481824) - CSRF risk when adding quiz section headings
- [MSA-26-0024](https://moodle.org/mod/forum/discuss.php?d=481825) - Missing capability checks in AI placement web services
- [MSA-26-0025](https://moodle.org/mod/forum/discuss.php?d=481826) - CSRF risk in quiz attempt regrading
- [MSA-26-0026](https://moodle.org/mod/forum/discuss.php?d=481827) - Missing capability check in Assignment marker allocation
- [MSA-26-0027](https://moodle.org/mod/forum/discuss.php?d=481829) - Blind SSRF risk in MNet peers function
- [MSA-26-0028](https://moodle.org/mod/forum/discuss.php?d=481830) - DoS risk via user profile description
- [MSA-26-0029](https://moodle.org/mod/forum/discuss.php?d=481831) - Missing capability checks in report builder fragment callbacks
{/* <!-- cspell:enable --> */}
22 changes: 21 additions & 1 deletion general/releases/5.1/5.1.5.md
Original file line number Diff line number Diff line change
Expand Up @@ -77,4 +77,24 @@ import { ReleaseNoteIntro } from '@site/src/components/ReleaseInformation';

## Security fixes {/* #security-fixes */}

A number of security related issues were resolved. Details of these issues will be released after a period of approximately one week to allow system administrators to safely update to the latest version.
{/* <!-- cspell:disable --> */}

- [MSA-26-0012](https://moodle.org/mod/forum/discuss.php?d=481810) - Arbitrary file read risk in Database activity module
- [MSA-26-0013](https://moodle.org/mod/forum/discuss.php?d=481811) - Email-based MFA bypass
- [MSA-26-0014](https://moodle.org/mod/forum/discuss.php?d=481812) - Arbitrary file read risk in backup restore
- [MSA-26-0015](https://moodle.org/mod/forum/discuss.php?d=481813) - RCE risk via admin presets import
- [MSA-26-0016](https://moodle.org/mod/forum/discuss.php?d=481814) - Missing group access checks in grade web services
- [MSA-26-0017](https://moodle.org/mod/forum/discuss.php?d=481817) - IDOR allows arbitrary comment deletion
- [MSA-26-0018](https://moodle.org/mod/forum/discuss.php?d=481818) - CSRF risk in user homepage preference setting
- [MSA-26-0019](https://moodle.org/mod/forum/discuss.php?d=481819) - CSRF risk in user profile page reset
- [MSA-26-0020](https://moodle.org/mod/forum/discuss.php?d=481820) - Reflected XSS via Feedback import error message
- [MSA-26-0021](https://moodle.org/mod/forum/discuss.php?d=481821) - CSRF and XSS in grade item idnumber editing
- [MSA-26-0022](https://moodle.org/mod/forum/discuss.php?d=481823) - CSRF risk in group messaging state toggle
- [MSA-26-0023](https://moodle.org/mod/forum/discuss.php?d=481824) - CSRF risk when adding quiz section headings
- [MSA-26-0024](https://moodle.org/mod/forum/discuss.php?d=481825) - Missing capability checks in AI placement web services
- [MSA-26-0025](https://moodle.org/mod/forum/discuss.php?d=481826) - CSRF risk in quiz attempt regrading
- [MSA-26-0026](https://moodle.org/mod/forum/discuss.php?d=481827) - Missing capability check in Assignment marker allocation
- [MSA-26-0027](https://moodle.org/mod/forum/discuss.php?d=481829) - Blind SSRF risk in MNet peers function
- [MSA-26-0028](https://moodle.org/mod/forum/discuss.php?d=481830) - DoS risk via user profile description
- [MSA-26-0029](https://moodle.org/mod/forum/discuss.php?d=481831) - Missing capability checks in report builder fragment callbacks
{/* <!-- cspell:enable --> */}
22 changes: 21 additions & 1 deletion general/releases/5.2/5.2.1.md
Original file line number Diff line number Diff line change
Expand Up @@ -78,4 +78,24 @@ import { ReleaseNoteIntro } from '@site/src/components/ReleaseInformation';

## Security fixes {/* #security-fixes */}

A number of security related issues were resolved. Details of these issues will be released after a period of approximately one week to allow system administrators to safely update to the latest version.
{/* <!-- cspell:disable --> */}

- [MSA-26-0012](https://moodle.org/mod/forum/discuss.php?d=481810) - Arbitrary file read risk in Database activity module
- [MSA-26-0013](https://moodle.org/mod/forum/discuss.php?d=481811) - Email-based MFA bypass
- [MSA-26-0014](https://moodle.org/mod/forum/discuss.php?d=481812) - Arbitrary file read risk in backup restore
- [MSA-26-0015](https://moodle.org/mod/forum/discuss.php?d=481813) - RCE risk via admin presets import
- [MSA-26-0016](https://moodle.org/mod/forum/discuss.php?d=481814) - Missing group access checks in grade web services
- [MSA-26-0017](https://moodle.org/mod/forum/discuss.php?d=481817) - IDOR allows arbitrary comment deletion
- [MSA-26-0018](https://moodle.org/mod/forum/discuss.php?d=481818) - CSRF risk in user homepage preference setting
- [MSA-26-0019](https://moodle.org/mod/forum/discuss.php?d=481819) - CSRF risk in user profile page reset
- [MSA-26-0020](https://moodle.org/mod/forum/discuss.php?d=481820) - Reflected XSS via Feedback import error message
- [MSA-26-0021](https://moodle.org/mod/forum/discuss.php?d=481821) - CSRF and XSS in grade item idnumber editing
- [MSA-26-0022](https://moodle.org/mod/forum/discuss.php?d=481823) - CSRF risk in group messaging state toggle
- [MSA-26-0023](https://moodle.org/mod/forum/discuss.php?d=481824) - CSRF risk when adding quiz section headings
- [MSA-26-0024](https://moodle.org/mod/forum/discuss.php?d=481825) - Missing capability checks in AI placement web services
- [MSA-26-0025](https://moodle.org/mod/forum/discuss.php?d=481826) - CSRF risk in quiz attempt regrading
- [MSA-26-0026](https://moodle.org/mod/forum/discuss.php?d=481827) - Missing capability check in Assignment marker allocation
- [MSA-26-0027](https://moodle.org/mod/forum/discuss.php?d=481829) - Blind SSRF risk in MNet peers function
- [MSA-26-0028](https://moodle.org/mod/forum/discuss.php?d=481830) - DoS risk via user profile description
- [MSA-26-0029](https://moodle.org/mod/forum/discuss.php?d=481831) - Missing capability checks in report builder fragment callbacks
{/* <!-- cspell:enable --> */}
Loading