Skip to content

Commit

Permalink
Merge pull request #1020 from mickhawkins/main
Browse files Browse the repository at this point in the history 
[docs] Add security announcements to 4.3.4 and friends
  • Loading branch information
@andrewnicols
andrewnicols authored May 14, 2024
2 parents be4fb29 + a9077f6 commit 2066f3a
Show file tree
Hide file tree
Showing 3 changed files with 42 additions and 6 deletions.
15 changes: 13 additions & 2 deletions general/releases/4.1/4.1.10.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,5 +23,16 @@ import { ReleaseNoteIntro } from '@site/src/components/ReleaseInformation';
<!-- cspell:enable -->

## Security fixes

A number of security related issues were resolved. Details of these issues will be released after a period of approximately one week to allow system administrators to safely update to the latest version.
<!-- cspell:disable -->
- [MSA-24-0007](https://moodle.org/mod/forum/discuss.php?d=458384) - Broken access control when setting calendar event type
- [MSA-24-0008](https://moodle.org/mod/forum/discuss.php?d=458385) - Stored XSS risk when editing another user's equation in equation editor
- [MSA-24-0009](https://moodle.org/mod/forum/discuss.php?d=458386) - Stored XSS via user's name on participants page when opening some options
- [MSA-24-0011](https://moodle.org/mod/forum/discuss.php?d=458388) - Stored XSS in lesson overview report via user ID number
- [MSA-24-0012](https://moodle.org/mod/forum/discuss.php?d=458389) - CSRF risk in admin preset tool management of presets
- [MSA-24-0013](https://moodle.org/mod/forum/discuss.php?d=458390) - Authenticated LFI risk in some misconfigured shared hosting environments via modified mod_feedback backup
- [MSA-24-0014](https://moodle.org/mod/forum/discuss.php?d=458391) - Authenticated LFI risk in some misconfigured shared hosting environments via modified mod_workshop backup
- [MSA-24-0015](https://moodle.org/mod/forum/discuss.php?d=458393) - Authenticated LFI risk in some misconfigured shared hosting environments via modified mod_wiki backup
- [MSA-24-0016](https://moodle.org/mod/forum/discuss.php?d=458394) - Authenticated LFI risk in some misconfigured shared hosting environments via modified mod_data backup
- [MSA-24-0017](https://moodle.org/mod/forum/discuss.php?d=458395) - Unsanitized HTML in site log for config_log_created
- [MSA-24-0019](https://moodle.org/mod/forum/discuss.php?d=458397) - CSRF risk in analytics management of models
<!-- cspell:enable -->
15 changes: 13 additions & 2 deletions general/releases/4.2/4.2.7.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -85,5 +85,16 @@ import { ReleaseNoteIntro } from '@site/src/components/ReleaseInformation';
<!-- cspell:enable -->

## Security fixes

A number of security related issues were resolved. Details of these issues will be released after a period of approximately one week to allow system administrators to safely update to the latest version.
<!-- cspell:disable -->
- [MSA-24-0007](https://moodle.org/mod/forum/discuss.php?d=458384) - Broken access control when setting calendar event type
- [MSA-24-0008](https://moodle.org/mod/forum/discuss.php?d=458385) - Stored XSS risk when editing another user's equation in equation editor
- [MSA-24-0009](https://moodle.org/mod/forum/discuss.php?d=458386) - Stored XSS via user's name on participants page when opening some options
- [MSA-24-0011](https://moodle.org/mod/forum/discuss.php?d=458388) - Stored XSS in lesson overview report via user ID number
- [MSA-24-0012](https://moodle.org/mod/forum/discuss.php?d=458389) - CSRF risk in admin preset tool management of presets
- [MSA-24-0013](https://moodle.org/mod/forum/discuss.php?d=458390) - Authenticated LFI risk in some misconfigured shared hosting environments via modified mod_feedback backup
- [MSA-24-0014](https://moodle.org/mod/forum/discuss.php?d=458391) - Authenticated LFI risk in some misconfigured shared hosting environments via modified mod_workshop backup
- [MSA-24-0015](https://moodle.org/mod/forum/discuss.php?d=458393) - Authenticated LFI risk in some misconfigured shared hosting environments via modified mod_wiki backup
- [MSA-24-0016](https://moodle.org/mod/forum/discuss.php?d=458394) - Authenticated LFI risk in some misconfigured shared hosting environments via modified mod_data backup
- [MSA-24-0017](https://moodle.org/mod/forum/discuss.php?d=458395) - Unsanitized HTML in site log for config_log_created
- [MSA-24-0019](https://moodle.org/mod/forum/discuss.php?d=458397) - CSRF risk in analytics management of models
<!-- cspell:enable -->
18 changes: 16 additions & 2 deletions general/releases/4.3/4.3.4.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -96,5 +96,19 @@ import { ReleaseNoteIntro } from '@site/src/components/ReleaseInformation';
<!-- cspell:enable -->

## Security fixes

A number of security related issues were resolved. Details of these issues will be released after a period of approximately one week to allow system administrators to safely update to the latest version.
<!-- cspell:disable -->
- [MSA-24-0007](https://moodle.org/mod/forum/discuss.php?d=458384) - Broken access control when setting calendar event type
- [MSA-24-0008](https://moodle.org/mod/forum/discuss.php?d=458385) - Stored XSS risk when editing another user's equation in equation editor
- [MSA-24-0009](https://moodle.org/mod/forum/discuss.php?d=458386) - Stored XSS via user's name on participants page when opening some options
- [MSA-24-0010](https://moodle.org/mod/forum/discuss.php?d=458387) - Unsafe direct use of $_SERVER['HTTP_REFERER'] in admin/tool/mfa/index.php
- [MSA-24-0011](https://moodle.org/mod/forum/discuss.php?d=458388) - Stored XSS in lesson overview report via user ID number
- [MSA-24-0012](https://moodle.org/mod/forum/discuss.php?d=458389) - CSRF risk in admin preset tool management of presets
- [MSA-24-0013](https://moodle.org/mod/forum/discuss.php?d=458390) - Authenticated LFI risk in some misconfigured shared hosting environments via modified mod_feedback backup
- [MSA-24-0014](https://moodle.org/mod/forum/discuss.php?d=458391) - Authenticated LFI risk in some misconfigured shared hosting environments via modified mod_workshop backup
- [MSA-24-0015](https://moodle.org/mod/forum/discuss.php?d=458393) - Authenticated LFI risk in some misconfigured shared hosting environments via modified mod_wiki backup
- [MSA-24-0016](https://moodle.org/mod/forum/discuss.php?d=458394) - Authenticated LFI risk in some misconfigured shared hosting environments via modified mod_data backup
- [MSA-24-0017](https://moodle.org/mod/forum/discuss.php?d=458395) - Unsanitized HTML in site log for config_log_created
- [MSA-24-0018](https://moodle.org/mod/forum/discuss.php?d=458396) - Logout CSRF in admin/tool/mfa/auth.php
- [MSA-24-0019](https://moodle.org/mod/forum/discuss.php?d=458397) - CSRF risk in analytics management of models
- [MSA-24-0020](https://moodle.org/mod/forum/discuss.php?d=458398) - ReCAPTCHA can be bypassed on the login page
<!-- cspell:enable -->

0 comments on commit 2066f3a

Please sign in to comment.