From 15725d63f1a88a35ac563ed0261a283afce68682 Mon Sep 17 00:00:00 2001
From: Michael Hawkins <michaelh@moodle.com>
Date: Thu, 21 Dec 2023 02:51:27 +0800
Subject: [PATCH] [docs] Add security announcements to 4.3.1 and friends

---
 general/releases/3.11/3.11.18.md | 11 +++++++++--
 general/releases/3.9/3.9.25.md   | 11 +++++++++--
 general/releases/4.0/4.0.12.md   | 11 +++++++++--
 general/releases/4.1/4.1.7.md    | 11 +++++++++--
 general/releases/4.2/4.2.4.md    | 14 ++++++++++++--
 general/releases/4.3/4.3.1.md    | 14 ++++++++++++--
 6 files changed, 60 insertions(+), 12 deletions(-)

diff --git a/general/releases/3.11/3.11.18.md b/general/releases/3.11/3.11.18.md
index 819ebe6e2f..0344a39fc5 100644
--- a/general/releases/3.11/3.11.18.md
+++ b/general/releases/3.11/3.11.18.md
@@ -13,5 +13,12 @@ import { ReleaseNoteIntro } from '@site/src/components/ReleaseInformation';
 <ReleaseNoteIntro releaseName={frontMatter.moodleVersion} />
 
 ## Security fixes
-
-A number of security related issues were resolved. Details of these issues will be released after a period of approximately one week to allow system administrators to safely update to the latest version.
+<!-- cspell:disable -->
+- [MSA-23-0044](https://moodle.org/mod/forum/discuss.php?d=453758) - Authenticated remote code execution risk in logstore as manager
+- [MSA-23-0045](https://moodle.org/mod/forum/discuss.php?d=453759) - DOS risk in URL downloader
+- [MSA-23-0046](https://moodle.org/mod/forum/discuss.php?d=453760) - Authenticated remote code execution risk in course blocks
+- [MSA-23-0047](https://moodle.org/mod/forum/discuss.php?d=453761) - Logs and Live logs course reports did not respect activity group settings
+- [MSA-23-0050](https://moodle.org/mod/forum/discuss.php?d=453764) - Survey responses did not respect group settings
+- [MSA-23-0051](https://moodle.org/mod/forum/discuss.php?d=453765) - Badge recipients are available to all users
+- [MSA-23-0052](https://moodle.org/mod/forum/discuss.php?d=453766) - XSS risk when manually running a task in the admin UI
+<!-- cspell:enable -->
diff --git a/general/releases/3.9/3.9.25.md b/general/releases/3.9/3.9.25.md
index 735cadf7d2..4fc709c5bc 100644
--- a/general/releases/3.9/3.9.25.md
+++ b/general/releases/3.9/3.9.25.md
@@ -13,5 +13,12 @@ import { ReleaseNoteIntro } from '@site/src/components/ReleaseInformation';
 <ReleaseNoteIntro releaseName={frontMatter.moodleVersion} />
 
 ## Security fixes
-
-A number of security related issues were resolved. Details of these issues will be released after a period of approximately one week to allow system administrators to safely update to the latest version.
+<!-- cspell:disable -->
+- [MSA-23-0044](https://moodle.org/mod/forum/discuss.php?d=453758) - Authenticated remote code execution risk in logstore as manager
+- [MSA-23-0045](https://moodle.org/mod/forum/discuss.php?d=453759) - DOS risk in URL downloader
+- [MSA-23-0046](https://moodle.org/mod/forum/discuss.php?d=453760) - Authenticated remote code execution risk in course blocks
+- [MSA-23-0047](https://moodle.org/mod/forum/discuss.php?d=453761) - Logs and Live logs course reports did not respect activity group settings
+- [MSA-23-0050](https://moodle.org/mod/forum/discuss.php?d=453764) - Survey responses did not respect group settings
+- [MSA-23-0051](https://moodle.org/mod/forum/discuss.php?d=453765) - Badge recipients are available to all users
+- [MSA-23-0052](https://moodle.org/mod/forum/discuss.php?d=453766) - XSS risk when manually running a task in the admin UI
+<!-- cspell:enable -->
diff --git a/general/releases/4.0/4.0.12.md b/general/releases/4.0/4.0.12.md
index b81838b4ab..edd1ecdfe0 100644
--- a/general/releases/4.0/4.0.12.md
+++ b/general/releases/4.0/4.0.12.md
@@ -13,5 +13,12 @@ import { ReleaseNoteIntro } from '@site/src/components/ReleaseInformation';
 <ReleaseNoteIntro releaseName={frontMatter.moodleVersion} />
 
 ## Security fixes
-
-A number of security related issues were resolved. Details of these issues will be released after a period of approximately one week to allow system administrators to safely update to the latest version.
+<!-- cspell:disable -->
+- [MSA-23-0044](https://moodle.org/mod/forum/discuss.php?d=453758) - Authenticated remote code execution risk in logstore as manager
+- [MSA-23-0045](https://moodle.org/mod/forum/discuss.php?d=453759) - DOS risk in URL downloader
+- [MSA-23-0046](https://moodle.org/mod/forum/discuss.php?d=453760) - Authenticated remote code execution risk in course blocks
+- [MSA-23-0047](https://moodle.org/mod/forum/discuss.php?d=453761) - Logs and Live logs course reports did not respect activity group settings
+- [MSA-23-0050](https://moodle.org/mod/forum/discuss.php?d=453764) - Survey responses did not respect group settings
+- [MSA-23-0051](https://moodle.org/mod/forum/discuss.php?d=453765) - Badge recipients are available to all users
+- [MSA-23-0052](https://moodle.org/mod/forum/discuss.php?d=453766) - XSS risk when manually running a task in the admin UI
+<!-- cspell:enable -->
diff --git a/general/releases/4.1/4.1.7.md b/general/releases/4.1/4.1.7.md
index 222408b83a..12e5750b7f 100644
--- a/general/releases/4.1/4.1.7.md
+++ b/general/releases/4.1/4.1.7.md
@@ -94,5 +94,12 @@ import { ReleaseNoteIntro } from '@site/src/components/ReleaseInformation';
 <!-- cspell:enable -->
 
 ## Security fixes
-
-A number of security related issues were resolved. Details of these issues will be released after a period of approximately one week to allow system administrators to safely update to the latest version.
+<!-- cspell:disable -->
+- [MSA-23-0044](https://moodle.org/mod/forum/discuss.php?d=453758) - Authenticated remote code execution risk in logstore as manager
+- [MSA-23-0045](https://moodle.org/mod/forum/discuss.php?d=453759) - DOS risk in URL downloader
+- [MSA-23-0046](https://moodle.org/mod/forum/discuss.php?d=453760) - Authenticated remote code execution risk in course blocks
+- [MSA-23-0047](https://moodle.org/mod/forum/discuss.php?d=453761) - Logs and Live logs course reports did not respect activity group settings
+- [MSA-23-0050](https://moodle.org/mod/forum/discuss.php?d=453764) - Survey responses did not respect group settings
+- [MSA-23-0051](https://moodle.org/mod/forum/discuss.php?d=453765) - Badge recipients are available to all users
+- [MSA-23-0052](https://moodle.org/mod/forum/discuss.php?d=453766) - XSS risk when manually running a task in the admin UI
+<!-- cspell:enable -->
diff --git a/general/releases/4.2/4.2.4.md b/general/releases/4.2/4.2.4.md
index 1a4661b405..228b11cf21 100644
--- a/general/releases/4.2/4.2.4.md
+++ b/general/releases/4.2/4.2.4.md
@@ -101,5 +101,15 @@ import { ReleaseNoteIntro } from '@site/src/components/ReleaseInformation';
 <!-- cspell:enable -->
 
 ## Security fixes
-
-A number of security related issues were resolved. Details of these issues will be released after a period of approximately one week to allow system administrators to safely update to the latest version.
+<!-- cspell:disable -->
+- [MSA-23-0044](https://moodle.org/mod/forum/discuss.php?d=453758) - Authenticated remote code execution risk in logstore as manager
+- [MSA-23-0045](https://moodle.org/mod/forum/discuss.php?d=453759) - DOS risk in URL downloader
+- [MSA-23-0046](https://moodle.org/mod/forum/discuss.php?d=453760) - Authenticated remote code execution risk in course blocks
+- [MSA-23-0047](https://moodle.org/mod/forum/discuss.php?d=453761) - Logs and Live logs course reports did not respect activity group settings
+- [MSA-23-0048](https://moodle.org/mod/forum/discuss.php?d=453762) - Stored XSS in grader report via user ID number
+- [MSA-23-0049](https://moodle.org/mod/forum/discuss.php?d=453763) - Reflected XSS risk in grader report search
+- [MSA-23-0050](https://moodle.org/mod/forum/discuss.php?d=453764) - Survey responses did not respect group settings
+- [MSA-23-0051](https://moodle.org/mod/forum/discuss.php?d=453765) - Badge recipients are available to all users
+- [MSA-23-0052](https://moodle.org/mod/forum/discuss.php?d=453766) - XSS risk when manually running a task in the admin UI
+- [MSA-23-0053](https://moodle.org/mod/forum/discuss.php?d=453767) - Reflected XSS risk on ad-hoc tasks page
+<!-- cspell:enable -->
diff --git a/general/releases/4.3/4.3.1.md b/general/releases/4.3/4.3.1.md
index ec4c23e923..245f162920 100644
--- a/general/releases/4.3/4.3.1.md
+++ b/general/releases/4.3/4.3.1.md
@@ -119,5 +119,15 @@ import { ReleaseNoteIntro } from '@site/src/components/ReleaseInformation';
 <!-- cspell:enable -->
 
 ## Security fixes
-
-A number of security related issues were resolved. Details of these issues will be released after a period of approximately one week to allow system administrators to safely update to the latest version.
+<!-- cspell:disable -->
+- [MSA-23-0044](https://moodle.org/mod/forum/discuss.php?d=453758) - Authenticated remote code execution risk in logstore as manager
+- [MSA-23-0045](https://moodle.org/mod/forum/discuss.php?d=453759) - DOS risk in URL downloader
+- [MSA-23-0046](https://moodle.org/mod/forum/discuss.php?d=453760) - Authenticated remote code execution risk in course blocks
+- [MSA-23-0047](https://moodle.org/mod/forum/discuss.php?d=453761) - Logs and Live logs course reports did not respect activity group settings
+- [MSA-23-0048](https://moodle.org/mod/forum/discuss.php?d=453762) - Stored XSS in grader report via user ID number
+- [MSA-23-0049](https://moodle.org/mod/forum/discuss.php?d=453763) - Reflected XSS risk in grader report search
+- [MSA-23-0050](https://moodle.org/mod/forum/discuss.php?d=453764) - Survey responses did not respect group settings
+- [MSA-23-0051](https://moodle.org/mod/forum/discuss.php?d=453765) - Badge recipients are available to all users
+- [MSA-23-0052](https://moodle.org/mod/forum/discuss.php?d=453766) - XSS risk when manually running a task in the admin UI
+- [MSA-23-0053](https://moodle.org/mod/forum/discuss.php?d=453767) - Reflected XSS risk on ad-hoc tasks page
+<!-- cspell:enable -->