diff --git a/general/releases/3.11/3.11.17.md b/general/releases/3.11/3.11.17.md index e68c1bb739..385cab5c56 100644 --- a/general/releases/3.11/3.11.17.md +++ b/general/releases/3.11/3.11.17.md @@ -28,5 +28,15 @@ import { ReleaseNoteIntro } from '@site/src/components/ReleaseInformation'; ## Security fixes - -A number of security related issues were resolved. Details of these issues will be released after a period of approximately one week to allow system administrators to safely update to the latest version. + +- [MSA-23-0031](https://moodle.org/mod/forum/discuss.php?d=451580) - Authenticated remote code execution risk in Lesson +- [MSA-23-0032](https://moodle.org/mod/forum/discuss.php?d=451581) - Authenticated remote code execution risk in IMSCP +- [MSA-23-0033](https://moodle.org/mod/forum/discuss.php?d=451582) - XSS risk when using CSV grade import method +- [MSA-23-0036](https://moodle.org/mod/forum/discuss.php?d=451585) - Stored XSS and potential IDOR risk in Wiki comments +- [MSA-23-0037](https://moodle.org/mod/forum/discuss.php?d=451586) - Auto-populated H5P author name causes a potential information leak +- [MSA-23-0039](https://moodle.org/mod/forum/discuss.php?d=451588) - XSS risk when previewing data in course upload tool +- [MSA-23-0040](https://moodle.org/mod/forum/discuss.php?d=451589) - Make file serving endpoints revision control stricter +- [MSA-23-0041](https://moodle.org/mod/forum/discuss.php?d=451590) - Insufficient capability checks when updating the parent of a course category +- [MSA-23-0042](https://moodle.org/mod/forum/discuss.php?d=451591) - RCE due to LFI risk in some misconfigured shared hosting environments +- [MSA-23-0043](https://moodle.org/mod/forum/discuss.php?d=451592) - Forum summary report shows students from other groups when in Separate Groups mode + diff --git a/general/releases/3.9/3.9.24.md b/general/releases/3.9/3.9.24.md index a99447706d..906366e88d 100644 --- a/general/releases/3.9/3.9.24.md +++ b/general/releases/3.9/3.9.24.md @@ -28,5 +28,15 @@ import { ReleaseNoteIntro } from '@site/src/components/ReleaseInformation'; ## Security fixes - -A number of security related issues were resolved. Details of these issues will be released after a period of approximately one week to allow system administrators to safely update to the latest version. + +- [MSA-23-0031](https://moodle.org/mod/forum/discuss.php?d=451580) - Authenticated remote code execution risk in Lesson +- [MSA-23-0032](https://moodle.org/mod/forum/discuss.php?d=451581) - Authenticated remote code execution risk in IMSCP +- [MSA-23-0033](https://moodle.org/mod/forum/discuss.php?d=451582) - XSS risk when using CSV grade import method +- [MSA-23-0036](https://moodle.org/mod/forum/discuss.php?d=451585) - Stored XSS and potential IDOR risk in Wiki comments +- [MSA-23-0037](https://moodle.org/mod/forum/discuss.php?d=451586) - Auto-populated H5P author name causes a potential information leak +- [MSA-23-0039](https://moodle.org/mod/forum/discuss.php?d=451588) - XSS risk when previewing data in course upload tool +- [MSA-23-0040](https://moodle.org/mod/forum/discuss.php?d=451589) - Make file serving endpoints revision control stricter +- [MSA-23-0041](https://moodle.org/mod/forum/discuss.php?d=451590) - Insufficient capability checks when updating the parent of a course category +- [MSA-23-0042](https://moodle.org/mod/forum/discuss.php?d=451591) - RCE due to LFI risk in some misconfigured shared hosting environments +- [MSA-23-0043](https://moodle.org/mod/forum/discuss.php?d=451592) - Forum summary report shows students from other groups when in Separate Groups mode + diff --git a/general/releases/4.0/4.0.11.md b/general/releases/4.0/4.0.11.md index 771ac30994..146385167b 100644 --- a/general/releases/4.0/4.0.11.md +++ b/general/releases/4.0/4.0.11.md @@ -29,5 +29,17 @@ import { ReleaseNoteIntro } from '@site/src/components/ReleaseInformation'; ## Security fixes - -A number of security related issues were resolved. Details of these issues will be released after a period of approximately one week to allow system administrators to safely update to the latest version. + +- [MSA-23-0031](https://moodle.org/mod/forum/discuss.php?d=451580) - Authenticated remote code execution risk in Lesson +- [MSA-23-0032](https://moodle.org/mod/forum/discuss.php?d=451581) - Authenticated remote code execution risk in IMSCP +- [MSA-23-0033](https://moodle.org/mod/forum/discuss.php?d=451582) - XSS risk when using CSV grade import method +- [MSA-23-0035](https://moodle.org/mod/forum/discuss.php?d=451584) - Duplicating a BigBlueButton activity assigns the same meeting ID +- [MSA-23-0036](https://moodle.org/mod/forum/discuss.php?d=451585) - Stored XSS and potential IDOR risk in Wiki comments +- [MSA-23-0037](https://moodle.org/mod/forum/discuss.php?d=451586) - Auto-populated H5P author name causes a potential information leak +- [MSA-23-0038](https://moodle.org/mod/forum/discuss.php?d=451587) - Stored XSS in quiz grading report via user ID number +- [MSA-23-0039](https://moodle.org/mod/forum/discuss.php?d=451588) - XSS risk when previewing data in course upload tool +- [MSA-23-0040](https://moodle.org/mod/forum/discuss.php?d=451589) - Make file serving endpoints revision control stricter +- [MSA-23-0041](https://moodle.org/mod/forum/discuss.php?d=451590) - Insufficient capability checks when updating the parent of a course category +- [MSA-23-0042](https://moodle.org/mod/forum/discuss.php?d=451591) - RCE due to LFI risk in some misconfigured shared hosting environments +- [MSA-23-0043](https://moodle.org/mod/forum/discuss.php?d=451592) - Forum summary report shows students from other groups when in Separate Groups mode + diff --git a/general/releases/4.1/4.1.6.md b/general/releases/4.1/4.1.6.md index b5cd62cf81..1c31601bc2 100644 --- a/general/releases/4.1/4.1.6.md +++ b/general/releases/4.1/4.1.6.md @@ -94,5 +94,17 @@ import { ReleaseNoteIntro } from '@site/src/components/ReleaseInformation'; ## Security fixes - -A number of security related issues were resolved. Details of these issues will be released after a period of approximately one week to allow system administrators to safely update to the latest version. + +- [MSA-23-0031](https://moodle.org/mod/forum/discuss.php?d=451580) - Authenticated remote code execution risk in Lesson +- [MSA-23-0032](https://moodle.org/mod/forum/discuss.php?d=451581) - Authenticated remote code execution risk in IMSCP +- [MSA-23-0033](https://moodle.org/mod/forum/discuss.php?d=451582) - XSS risk when using CSV grade import method +- [MSA-23-0035](https://moodle.org/mod/forum/discuss.php?d=451584) - Duplicating a BigBlueButton activity assigns the same meeting ID +- [MSA-23-0036](https://moodle.org/mod/forum/discuss.php?d=451585) - Stored XSS and potential IDOR risk in Wiki comments +- [MSA-23-0037](https://moodle.org/mod/forum/discuss.php?d=451586) - Auto-populated H5P author name causes a potential information leak +- [MSA-23-0038](https://moodle.org/mod/forum/discuss.php?d=451587) - Stored XSS in quiz grading report via user ID number +- [MSA-23-0039](https://moodle.org/mod/forum/discuss.php?d=451588) - XSS risk when previewing data in course upload tool +- [MSA-23-0040](https://moodle.org/mod/forum/discuss.php?d=451589) - Make file serving endpoints revision control stricter +- [MSA-23-0041](https://moodle.org/mod/forum/discuss.php?d=451590) - Insufficient capability checks when updating the parent of a course category +- [MSA-23-0042](https://moodle.org/mod/forum/discuss.php?d=451591) - RCE due to LFI risk in some misconfigured shared hosting environments +- [MSA-23-0043](https://moodle.org/mod/forum/discuss.php?d=451592) - Forum summary report shows students from other groups when in Separate Groups mode + diff --git a/general/releases/4.2/4.2.3.md b/general/releases/4.2/4.2.3.md index 99db4a5d57..587e8dbae2 100644 --- a/general/releases/4.2/4.2.3.md +++ b/general/releases/4.2/4.2.3.md @@ -100,5 +100,18 @@ import { ReleaseNoteIntro } from '@site/src/components/ReleaseInformation'; ## Security fixes - -A number of security related issues were resolved. Details of these issues will be released after a period of approximately one week to allow system administrators to safely update to the latest version. + +- [MSA-23-0031](https://moodle.org/mod/forum/discuss.php?d=451580) - Authenticated remote code execution risk in Lesson +- [MSA-23-0032](https://moodle.org/mod/forum/discuss.php?d=451581) - Authenticated remote code execution risk in IMSCP +- [MSA-23-0033](https://moodle.org/mod/forum/discuss.php?d=451582) - XSS risk when using CSV grade import method +- [MSA-23-0034](https://moodle.org/mod/forum/discuss.php?d=451583) - Students could see other students in "Only see own membership" groups +- [MSA-23-0035](https://moodle.org/mod/forum/discuss.php?d=451584) - Duplicating a BigBlueButton activity assigns the same meeting ID +- [MSA-23-0036](https://moodle.org/mod/forum/discuss.php?d=451585) - Stored XSS and potential IDOR risk in Wiki comments +- [MSA-23-0037](https://moodle.org/mod/forum/discuss.php?d=451586) - Auto-populated H5P author name causes a potential information leak +- [MSA-23-0038](https://moodle.org/mod/forum/discuss.php?d=451587) - Stored XSS in quiz grading report via user ID number +- [MSA-23-0039](https://moodle.org/mod/forum/discuss.php?d=451588) - XSS risk when previewing data in course upload tool +- [MSA-23-0040](https://moodle.org/mod/forum/discuss.php?d=451589) - Make file serving endpoints revision control stricter +- [MSA-23-0041](https://moodle.org/mod/forum/discuss.php?d=451590) - Insufficient capability checks when updating the parent of a course category +- [MSA-23-0042](https://moodle.org/mod/forum/discuss.php?d=451591) - RCE due to LFI risk in some misconfigured shared hosting environments +- [MSA-23-0043](https://moodle.org/mod/forum/discuss.php?d=451592) - Forum summary report shows students from other groups when in Separate Groups mode +