4.3.1 security announcements AND 4.3.2 unscheduled release updates

data/versions.json

@@ -33,6 +33,12 @@
                     "name": "4.3.1",
                     "releaseDate": "11 December 2023",
                     "version": 2023100901
+                },
+                {
+                    "name": "4.3.2",
+                    "releaseDate": "22 December 2023",
+                    "version": 2023100902,
+                    "notes": "Unscheduled minor release"
                 }
             ]
         },
@@ -68,6 +74,12 @@
                     "name": "4.2.4",
                     "releaseDate": "11 December 2023",
                     "version": 2023042404
+                },
+                {
+                    "name": "4.2.5",
+                    "releaseDate": "22 December 2023",
+                    "version": 2023042405,
+                    "notes": "Unscheduled minor release"
                 }
             ]
         },
@@ -118,6 +130,12 @@
                     "name": "4.1.7",
                     "releaseDate": "11 December 2023",
                     "version": 2022112807
+                },
+                {
+                    "name": "4.1.8",
+                    "releaseDate": "22 December 2023",
+                    "version": 2022112808,
+                    "notes": "Unscheduled minor release"
                 }
             ]
         },

general/releases.md

@@ -19,7 +19,7 @@ The most recent [long-term support release (LTS)](https://en.wikipedia.org/wiki/
 
 <SupportedReleases />
 
-![Release graph summarising the currently supported Moodle releases in a visual form](_releases/4031_release_graph.png)
+![Release graph summarising the currently supported Moodle releases in a visual form](_releases/4032_release_graph.png)
 
 <details>
     <summary>Release graph key</summary>

general/releases/3.11/3.11.18.md

@@ -13,5 +13,12 @@ import { ReleaseNoteIntro } from '@site/src/components/ReleaseInformation';
 <ReleaseNoteIntro releaseName={frontMatter.moodleVersion} />
 
 ## Security fixes
-
-A number of security related issues were resolved. Details of these issues will be released after a period of approximately one week to allow system administrators to safely update to the latest version.
+<!-- cspell:disable -->
+- [MSA-23-0044](https://moodle.org/mod/forum/discuss.php?d=453758) - Authenticated remote code execution risk in logstore as manager
+- [MSA-23-0045](https://moodle.org/mod/forum/discuss.php?d=453759) - DOS risk in URL downloader
+- [MSA-23-0046](https://moodle.org/mod/forum/discuss.php?d=453760) - Authenticated remote code execution risk in course blocks
+- [MSA-23-0047](https://moodle.org/mod/forum/discuss.php?d=453761) - Logs and Live logs course reports did not respect activity group settings
+- [MSA-23-0050](https://moodle.org/mod/forum/discuss.php?d=453764) - Survey responses did not respect group settings
+- [MSA-23-0051](https://moodle.org/mod/forum/discuss.php?d=453765) - Badge recipients are available to all users
+- [MSA-23-0052](https://moodle.org/mod/forum/discuss.php?d=453766) - XSS risk when manually running a task in the admin UI
+<!-- cspell:enable -->

general/releases/3.9/3.9.25.md

@@ -13,5 +13,12 @@ import { ReleaseNoteIntro } from '@site/src/components/ReleaseInformation';
 <ReleaseNoteIntro releaseName={frontMatter.moodleVersion} />
 
 ## Security fixes
-
-A number of security related issues were resolved. Details of these issues will be released after a period of approximately one week to allow system administrators to safely update to the latest version.
+<!-- cspell:disable -->
+- [MSA-23-0044](https://moodle.org/mod/forum/discuss.php?d=453758) - Authenticated remote code execution risk in logstore as manager
+- [MSA-23-0045](https://moodle.org/mod/forum/discuss.php?d=453759) - DOS risk in URL downloader
+- [MSA-23-0046](https://moodle.org/mod/forum/discuss.php?d=453760) - Authenticated remote code execution risk in course blocks
+- [MSA-23-0047](https://moodle.org/mod/forum/discuss.php?d=453761) - Logs and Live logs course reports did not respect activity group settings
+- [MSA-23-0050](https://moodle.org/mod/forum/discuss.php?d=453764) - Survey responses did not respect group settings
+- [MSA-23-0051](https://moodle.org/mod/forum/discuss.php?d=453765) - Badge recipients are available to all users
+- [MSA-23-0052](https://moodle.org/mod/forum/discuss.php?d=453766) - XSS risk when manually running a task in the admin UI
+<!-- cspell:enable -->

general/releases/4.0/4.0.12.md

@@ -13,5 +13,12 @@ import { ReleaseNoteIntro } from '@site/src/components/ReleaseInformation';
 <ReleaseNoteIntro releaseName={frontMatter.moodleVersion} />
 
 ## Security fixes
-
-A number of security related issues were resolved. Details of these issues will be released after a period of approximately one week to allow system administrators to safely update to the latest version.
+<!-- cspell:disable -->
+- [MSA-23-0044](https://moodle.org/mod/forum/discuss.php?d=453758) - Authenticated remote code execution risk in logstore as manager
+- [MSA-23-0045](https://moodle.org/mod/forum/discuss.php?d=453759) - DOS risk in URL downloader
+- [MSA-23-0046](https://moodle.org/mod/forum/discuss.php?d=453760) - Authenticated remote code execution risk in course blocks
+- [MSA-23-0047](https://moodle.org/mod/forum/discuss.php?d=453761) - Logs and Live logs course reports did not respect activity group settings
+- [MSA-23-0050](https://moodle.org/mod/forum/discuss.php?d=453764) - Survey responses did not respect group settings
+- [MSA-23-0051](https://moodle.org/mod/forum/discuss.php?d=453765) - Badge recipients are available to all users
+- [MSA-23-0052](https://moodle.org/mod/forum/discuss.php?d=453766) - XSS risk when manually running a task in the admin UI
+<!-- cspell:enable -->

general/releases/4.1/4.1.7.md

@@ -94,5 +94,12 @@ import { ReleaseNoteIntro } from '@site/src/components/ReleaseInformation';
 <!-- cspell:enable -->
 
 ## Security fixes
-
-A number of security related issues were resolved. Details of these issues will be released after a period of approximately one week to allow system administrators to safely update to the latest version.
+<!-- cspell:disable -->
+- [MSA-23-0044](https://moodle.org/mod/forum/discuss.php?d=453758) - Authenticated remote code execution risk in logstore as manager
+- [MSA-23-0045](https://moodle.org/mod/forum/discuss.php?d=453759) - DOS risk in URL downloader
+- [MSA-23-0046](https://moodle.org/mod/forum/discuss.php?d=453760) - Authenticated remote code execution risk in course blocks
+- [MSA-23-0047](https://moodle.org/mod/forum/discuss.php?d=453761) - Logs and Live logs course reports did not respect activity group settings
+- [MSA-23-0050](https://moodle.org/mod/forum/discuss.php?d=453764) - Survey responses did not respect group settings
+- [MSA-23-0051](https://moodle.org/mod/forum/discuss.php?d=453765) - Badge recipients are available to all users
+- [MSA-23-0052](https://moodle.org/mod/forum/discuss.php?d=453766) - XSS risk when manually running a task in the admin UI
+<!-- cspell:enable -->

general/releases/4.1/4.1.8.md

@@ -0,0 +1,25 @@
+---
+title: Moodle 4.1.8
+tags:
+  - Release notes
+  - Moodle 4.1
+sidebar_position: 8
+moodleVersion: 4.1.8
+description: The release notes for Moodle version 4.1.8.
+---
+
+import { ReleaseNoteIntro } from '@site/src/components/ReleaseInformation';
+
+<ReleaseNoteIntro releaseName={frontMatter.moodleVersion} />
+
+Moodle 4.1.8 has been released outside of the normal release schedule, primarily to address two regressions that were introduced in 4.1.7. A minor release will still take place in February 2024, as scheduled.
+
+## Regression fixes
+<!-- cspell:disable -->
+- [MDL-80393](https://tracker.moodle.org/browse/MDL-80393) - Ensure JavaScript requests that require current language have access to it
+- [MDL-80394](https://tracker.moodle.org/browse/MDL-80394) - Backwards-incompatible Grade API changes committed to stable branches in MDL-68652
+<!-- cspell:enable -->
+
+## Security fixes
+
+There are no security fixes included in this release.

general/releases/4.2/4.2.4.md

@@ -101,5 +101,15 @@ import { ReleaseNoteIntro } from '@site/src/components/ReleaseInformation';
 <!-- cspell:enable -->
 
 ## Security fixes
-
-A number of security related issues were resolved. Details of these issues will be released after a period of approximately one week to allow system administrators to safely update to the latest version.
+<!-- cspell:disable -->
+- [MSA-23-0044](https://moodle.org/mod/forum/discuss.php?d=453758) - Authenticated remote code execution risk in logstore as manager
+- [MSA-23-0045](https://moodle.org/mod/forum/discuss.php?d=453759) - DOS risk in URL downloader
+- [MSA-23-0046](https://moodle.org/mod/forum/discuss.php?d=453760) - Authenticated remote code execution risk in course blocks
+- [MSA-23-0047](https://moodle.org/mod/forum/discuss.php?d=453761) - Logs and Live logs course reports did not respect activity group settings
+- [MSA-23-0048](https://moodle.org/mod/forum/discuss.php?d=453762) - Stored XSS in grader report via user ID number
+- [MSA-23-0049](https://moodle.org/mod/forum/discuss.php?d=453763) - Reflected XSS risk in grader report search
+- [MSA-23-0050](https://moodle.org/mod/forum/discuss.php?d=453764) - Survey responses did not respect group settings
+- [MSA-23-0051](https://moodle.org/mod/forum/discuss.php?d=453765) - Badge recipients are available to all users
+- [MSA-23-0052](https://moodle.org/mod/forum/discuss.php?d=453766) - XSS risk when manually running a task in the admin UI
+- [MSA-23-0053](https://moodle.org/mod/forum/discuss.php?d=453767) - Reflected XSS risk on ad-hoc tasks page
+<!-- cspell:enable -->

general/releases/4.2/4.2.5.md

@@ -0,0 +1,36 @@
+---
+title: Moodle 4.2.5
+tags:
+  - Release notes
+  - Moodle 4.2
+sidebar_position: 5
+moodleVersion: 4.2.5
+description: The release notes for Moodle version 4.2.5.
+---
+
+import { ReleaseNoteIntro } from '@site/src/components/ReleaseInformation';
+
+<ReleaseNoteIntro releaseName={frontMatter.moodleVersion} />
+
+Moodle 4.2.5 has been released outside of the normal release schedule, primarily to address two regressions that were introduced in 4.2.4. A minor release will still take place in February 2024, as scheduled.
+
+## Regression fixes
+<!-- cspell:disable -->
+- [MDL-80393](https://tracker.moodle.org/browse/MDL-80393) - Ensure JavaScript requests that require current language have access to it
+- [MDL-80394](https://tracker.moodle.org/browse/MDL-80394) - Backwards-incompatible Grade API changes committed to stable branches in MDL-68652
+<!-- cspell:enable -->
+
+## General fixes
+<!-- cspell:disable -->
+- [MDL-80003](https://tracker.moodle.org/browse/MDL-80003) - Autosave in quiz does not always work with TinyMCE editor fields
+- [MDL-77572](https://tracker.moodle.org/browse/MDL-77572) - Some course capabilities do not allow the course edit menu (kebab) to display
+<!-- cspell:enable -->
+
+## Security improvements
+<!-- cspell:disable -->
+- [MDL-74466](https://tracker.moodle.org/browse/MDL-74466) - Repository management leaks sesskey in GET requests
+<!-- cspell:enable -->
+
+## Security fixes
+
+There are no security fixes included in this release.

general/releases/4.3/4.3.1.md

@@ -119,5 +119,15 @@ import { ReleaseNoteIntro } from '@site/src/components/ReleaseInformation';
 <!-- cspell:enable -->
 
 ## Security fixes
-
-A number of security related issues were resolved. Details of these issues will be released after a period of approximately one week to allow system administrators to safely update to the latest version.
+<!-- cspell:disable -->
+- [MSA-23-0044](https://moodle.org/mod/forum/discuss.php?d=453758) - Authenticated remote code execution risk in logstore as manager
+- [MSA-23-0045](https://moodle.org/mod/forum/discuss.php?d=453759) - DOS risk in URL downloader
+- [MSA-23-0046](https://moodle.org/mod/forum/discuss.php?d=453760) - Authenticated remote code execution risk in course blocks
+- [MSA-23-0047](https://moodle.org/mod/forum/discuss.php?d=453761) - Logs and Live logs course reports did not respect activity group settings
+- [MSA-23-0048](https://moodle.org/mod/forum/discuss.php?d=453762) - Stored XSS in grader report via user ID number
+- [MSA-23-0049](https://moodle.org/mod/forum/discuss.php?d=453763) - Reflected XSS risk in grader report search
+- [MSA-23-0050](https://moodle.org/mod/forum/discuss.php?d=453764) - Survey responses did not respect group settings
+- [MSA-23-0051](https://moodle.org/mod/forum/discuss.php?d=453765) - Badge recipients are available to all users
+- [MSA-23-0052](https://moodle.org/mod/forum/discuss.php?d=453766) - XSS risk when manually running a task in the admin UI
+- [MSA-23-0053](https://moodle.org/mod/forum/discuss.php?d=453767) - Reflected XSS risk on ad-hoc tasks page
+<!-- cspell:enable -->

general/releases/4.3/4.3.2.md

@@ -0,0 +1,37 @@
+---
+title: Moodle 4.3.2
+tags:
+  - Release notes
+  - Moodle 4.3
+sidebar_position: 2
+moodleVersion: 4.3.2
+description: The release notes for Moodle version 4.3.2.
+---
+
+import { ReleaseNoteIntro } from '@site/src/components/ReleaseInformation';
+
+<ReleaseNoteIntro releaseName={frontMatter.moodleVersion} />
+
+Moodle 4.3.2 has been released outside of the normal release schedule, primarily to address two regressions that were introduced in 4.3.1. A minor release will still take place in February 2024, as scheduled.
+
+## Regression fixes
+<!-- cspell:disable -->
+- [MDL-80393](https://tracker.moodle.org/browse/MDL-80393) - Ensure JavaScript requests that require current language have access to it
+- [MDL-80394](https://tracker.moodle.org/browse/MDL-80394) - Backwards-incompatible Grade API changes committed to stable branches in MDL-68652
+<!-- cspell:enable -->
+
+## General fixes
+<!-- cspell:disable -->
+- [MDL-77572](https://tracker.moodle.org/browse/MDL-77572) - Some course capabilities do not allow the course edit menu (kebab) to display
+- [MDL-80003](https://tracker.moodle.org/browse/MDL-80003) - Autosave in quiz does not always work with TinyMCE editor fields
+- [MDL-80233](https://tracker.moodle.org/browse/MDL-80233) - Cannot disable 'View activity' requirement in default activity completion
+<!-- cspell:enable -->
+
+## Security improvements
+<!-- cspell:disable -->
+- [MDL-74466](https://tracker.moodle.org/browse/MDL-74466) - Repository management leaks sesskey in GET requests
+<!-- cspell:enable -->
+
+## Security fixes
+
+There are no security fixes included in this release.