Merge pull request #775 from mickhawkins/main

[docs] Added 4.2.3 minor release security announcements

general/releases/3.11/3.11.17.md

@@ -28,5 +28,15 @@ import { ReleaseNoteIntro } from '@site/src/components/ReleaseInformation';
 <!-- cspell:enable -->
 
 ## Security fixes
-
-A number of security related issues were resolved. Details of these issues will be released after a period of approximately one week to allow system administrators to safely update to the latest version.
+<!-- cspell:disable -->
+- [MSA-23-0031](https://moodle.org/mod/forum/discuss.php?d=451580) - Authenticated remote code execution risk in Lesson
+- [MSA-23-0032](https://moodle.org/mod/forum/discuss.php?d=451581) - Authenticated remote code execution risk in IMSCP
+- [MSA-23-0033](https://moodle.org/mod/forum/discuss.php?d=451582) - XSS risk when using CSV grade import method
+- [MSA-23-0036](https://moodle.org/mod/forum/discuss.php?d=451585) - Stored XSS and potential IDOR risk in Wiki comments
+- [MSA-23-0037](https://moodle.org/mod/forum/discuss.php?d=451586) - Auto-populated H5P author name causes a potential information leak
+- [MSA-23-0039](https://moodle.org/mod/forum/discuss.php?d=451588) - XSS risk when previewing data in course upload tool
+- [MSA-23-0040](https://moodle.org/mod/forum/discuss.php?d=451589) - Make file serving endpoints revision control stricter
+- [MSA-23-0041](https://moodle.org/mod/forum/discuss.php?d=451590) - Insufficient capability checks when updating the parent of a course category
+- [MSA-23-0042](https://moodle.org/mod/forum/discuss.php?d=451591) - RCE due to LFI risk in some misconfigured shared hosting environments
+- [MSA-23-0043](https://moodle.org/mod/forum/discuss.php?d=451592) - Forum summary report shows students from other groups when in Separate Groups mode
+<!-- cspell:enable -->

general/releases/3.9/3.9.24.md

@@ -28,5 +28,15 @@ import { ReleaseNoteIntro } from '@site/src/components/ReleaseInformation';
 <!-- cspell:enable -->
 
 ## Security fixes
-
-A number of security related issues were resolved. Details of these issues will be released after a period of approximately one week to allow system administrators to safely update to the latest version.
+<!-- cspell:disable -->
+- [MSA-23-0031](https://moodle.org/mod/forum/discuss.php?d=451580) - Authenticated remote code execution risk in Lesson
+- [MSA-23-0032](https://moodle.org/mod/forum/discuss.php?d=451581) - Authenticated remote code execution risk in IMSCP
+- [MSA-23-0033](https://moodle.org/mod/forum/discuss.php?d=451582) - XSS risk when using CSV grade import method
+- [MSA-23-0036](https://moodle.org/mod/forum/discuss.php?d=451585) - Stored XSS and potential IDOR risk in Wiki comments
+- [MSA-23-0037](https://moodle.org/mod/forum/discuss.php?d=451586) - Auto-populated H5P author name causes a potential information leak
+- [MSA-23-0039](https://moodle.org/mod/forum/discuss.php?d=451588) - XSS risk when previewing data in course upload tool
+- [MSA-23-0040](https://moodle.org/mod/forum/discuss.php?d=451589) - Make file serving endpoints revision control stricter
+- [MSA-23-0041](https://moodle.org/mod/forum/discuss.php?d=451590) - Insufficient capability checks when updating the parent of a course category
+- [MSA-23-0042](https://moodle.org/mod/forum/discuss.php?d=451591) - RCE due to LFI risk in some misconfigured shared hosting environments
+- [MSA-23-0043](https://moodle.org/mod/forum/discuss.php?d=451592) - Forum summary report shows students from other groups when in Separate Groups mode
+<!-- cspell:enable -->

general/releases/4.0/4.0.11.md

@@ -29,5 +29,17 @@ import { ReleaseNoteIntro } from '@site/src/components/ReleaseInformation';
 <!-- cspell:enable -->
 
 ## Security fixes
-
-A number of security related issues were resolved. Details of these issues will be released after a period of approximately one week to allow system administrators to safely update to the latest version.
+<!-- cspell:disable -->
+- [MSA-23-0031](https://moodle.org/mod/forum/discuss.php?d=451580) - Authenticated remote code execution risk in Lesson
+- [MSA-23-0032](https://moodle.org/mod/forum/discuss.php?d=451581) - Authenticated remote code execution risk in IMSCP
+- [MSA-23-0033](https://moodle.org/mod/forum/discuss.php?d=451582) - XSS risk when using CSV grade import method
+- [MSA-23-0035](https://moodle.org/mod/forum/discuss.php?d=451584) - Duplicating a BigBlueButton activity assigns the same meeting ID
+- [MSA-23-0036](https://moodle.org/mod/forum/discuss.php?d=451585) - Stored XSS and potential IDOR risk in Wiki comments
+- [MSA-23-0037](https://moodle.org/mod/forum/discuss.php?d=451586) - Auto-populated H5P author name causes a potential information leak
+- [MSA-23-0038](https://moodle.org/mod/forum/discuss.php?d=451587) - Stored XSS in quiz grading report via user ID number
+- [MSA-23-0039](https://moodle.org/mod/forum/discuss.php?d=451588) - XSS risk when previewing data in course upload tool
+- [MSA-23-0040](https://moodle.org/mod/forum/discuss.php?d=451589) - Make file serving endpoints revision control stricter
+- [MSA-23-0041](https://moodle.org/mod/forum/discuss.php?d=451590) - Insufficient capability checks when updating the parent of a course category
+- [MSA-23-0042](https://moodle.org/mod/forum/discuss.php?d=451591) - RCE due to LFI risk in some misconfigured shared hosting environments
+- [MSA-23-0043](https://moodle.org/mod/forum/discuss.php?d=451592) - Forum summary report shows students from other groups when in Separate Groups mode
+<!-- cspell:enable -->

general/releases/4.1/4.1.6.md

@@ -94,5 +94,17 @@ import { ReleaseNoteIntro } from '@site/src/components/ReleaseInformation';
 <!-- cspell:enable -->
 
 ## Security fixes
-
-A number of security related issues were resolved. Details of these issues will be released after a period of approximately one week to allow system administrators to safely update to the latest version.
+<!-- cspell:disable -->
+- [MSA-23-0031](https://moodle.org/mod/forum/discuss.php?d=451580) - Authenticated remote code execution risk in Lesson
+- [MSA-23-0032](https://moodle.org/mod/forum/discuss.php?d=451581) - Authenticated remote code execution risk in IMSCP
+- [MSA-23-0033](https://moodle.org/mod/forum/discuss.php?d=451582) - XSS risk when using CSV grade import method
+- [MSA-23-0035](https://moodle.org/mod/forum/discuss.php?d=451584) - Duplicating a BigBlueButton activity assigns the same meeting ID
+- [MSA-23-0036](https://moodle.org/mod/forum/discuss.php?d=451585) - Stored XSS and potential IDOR risk in Wiki comments
+- [MSA-23-0037](https://moodle.org/mod/forum/discuss.php?d=451586) - Auto-populated H5P author name causes a potential information leak
+- [MSA-23-0038](https://moodle.org/mod/forum/discuss.php?d=451587) - Stored XSS in quiz grading report via user ID number
+- [MSA-23-0039](https://moodle.org/mod/forum/discuss.php?d=451588) - XSS risk when previewing data in course upload tool
+- [MSA-23-0040](https://moodle.org/mod/forum/discuss.php?d=451589) - Make file serving endpoints revision control stricter
+- [MSA-23-0041](https://moodle.org/mod/forum/discuss.php?d=451590) - Insufficient capability checks when updating the parent of a course category
+- [MSA-23-0042](https://moodle.org/mod/forum/discuss.php?d=451591) - RCE due to LFI risk in some misconfigured shared hosting environments
+- [MSA-23-0043](https://moodle.org/mod/forum/discuss.php?d=451592) - Forum summary report shows students from other groups when in Separate Groups mode
+<!-- cspell:enable -->

general/releases/4.2/4.2.3.md

@@ -100,5 +100,18 @@ import { ReleaseNoteIntro } from '@site/src/components/ReleaseInformation';
 <!-- cspell:enable -->
 
 ## Security fixes
-
-A number of security related issues were resolved. Details of these issues will be released after a period of approximately one week to allow system administrators to safely update to the latest version.
+<!-- cspell:disable -->
+- [MSA-23-0031](https://moodle.org/mod/forum/discuss.php?d=451580) - Authenticated remote code execution risk in Lesson
+- [MSA-23-0032](https://moodle.org/mod/forum/discuss.php?d=451581) - Authenticated remote code execution risk in IMSCP
+- [MSA-23-0033](https://moodle.org/mod/forum/discuss.php?d=451582) - XSS risk when using CSV grade import method
+- [MSA-23-0034](https://moodle.org/mod/forum/discuss.php?d=451583) - Students could see other students in "Only see own membership" groups
+- [MSA-23-0035](https://moodle.org/mod/forum/discuss.php?d=451584) - Duplicating a BigBlueButton activity assigns the same meeting ID
+- [MSA-23-0036](https://moodle.org/mod/forum/discuss.php?d=451585) - Stored XSS and potential IDOR risk in Wiki comments
+- [MSA-23-0037](https://moodle.org/mod/forum/discuss.php?d=451586) - Auto-populated H5P author name causes a potential information leak
+- [MSA-23-0038](https://moodle.org/mod/forum/discuss.php?d=451587) - Stored XSS in quiz grading report via user ID number
+- [MSA-23-0039](https://moodle.org/mod/forum/discuss.php?d=451588) - XSS risk when previewing data in course upload tool
+- [MSA-23-0040](https://moodle.org/mod/forum/discuss.php?d=451589) - Make file serving endpoints revision control stricter
+- [MSA-23-0041](https://moodle.org/mod/forum/discuss.php?d=451590) - Insufficient capability checks when updating the parent of a course category
+- [MSA-23-0042](https://moodle.org/mod/forum/discuss.php?d=451591) - RCE due to LFI risk in some misconfigured shared hosting environments
+- [MSA-23-0043](https://moodle.org/mod/forum/discuss.php?d=451592) - Forum summary report shows students from other groups when in Separate Groups mode
+<!-- cspell:enable -->