Skip to content

Commit

Permalink
[docs] Add security announcements to 4.4.1 and friends
Browse files Browse the repository at this point in the history
  • Loading branch information
mickhawkins committed Jun 18, 2024
1 parent 784b794 commit f119c88
Show file tree
Hide file tree
Showing 4 changed files with 28 additions and 8 deletions.
9 changes: 7 additions & 2 deletions general/releases/4.1/4.1.11.md
Original file line number Diff line number Diff line change
Expand Up @@ -18,5 +18,10 @@ import { ReleaseNoteIntro } from '@site/src/components/ReleaseInformation';
<!-- cspell:enable -->

## Security fixes

A number of security related issues were resolved. Details of these issues will be released after a period of approximately one week to allow system administrators to safely update to the latest version.
<!-- cspell:disable -->
- [MSA-24-0021](https://moodle.org/mod/forum/discuss.php?d=459498) - BigBlueButton web service leaks meeting joining information to users who should not have access
- [MSA-24-0022](https://moodle.org/mod/forum/discuss.php?d=459499) - Stored XSS via calendar's event title when deleting the event
- [MSA-24-0023](https://moodle.org/mod/forum/discuss.php?d=459500) - HTTP authorization header is preserved between "emulated redirects"
- [MSA-24-0024](https://moodle.org/mod/forum/discuss.php?d=459501) - CSRF risks due to misuse of confirm_sesskey
- [MSA-24-0025](https://moodle.org/mod/forum/discuss.php?d=459502) - QR login key and auto-login key for the Moodle mobile app should be generated as separate keys
<!-- cspell:enable -->
9 changes: 7 additions & 2 deletions general/releases/4.2/4.2.8.md
Original file line number Diff line number Diff line change
Expand Up @@ -19,5 +19,10 @@ import { ReleaseNoteIntro } from '@site/src/components/ReleaseInformation';
<!-- cspell:enable -->

## Security fixes

A number of security related issues were resolved. Details of these issues will be released after a period of approximately one week to allow system administrators to safely update to the latest version.
<!-- cspell:disable -->
- [MSA-24-0021](https://moodle.org/mod/forum/discuss.php?d=459498) - BigBlueButton web service leaks meeting joining information to users who should not have access
- [MSA-24-0022](https://moodle.org/mod/forum/discuss.php?d=459499) - Stored XSS via calendar's event title when deleting the event
- [MSA-24-0023](https://moodle.org/mod/forum/discuss.php?d=459500) - HTTP authorization header is preserved between "emulated redirects"
- [MSA-24-0024](https://moodle.org/mod/forum/discuss.php?d=459501) - CSRF risks due to misuse of confirm_sesskey
- [MSA-24-0025](https://moodle.org/mod/forum/discuss.php?d=459502) - QR login key and auto-login key for the Moodle mobile app should be generated as separate keys
<!-- cspell:enable -->
9 changes: 7 additions & 2 deletions general/releases/4.3/4.3.5.md
Original file line number Diff line number Diff line change
Expand Up @@ -59,5 +59,10 @@ import { ReleaseNoteIntro } from '@site/src/components/ReleaseInformation';
<!-- cspell:enable -->

## Security fixes

A number of security related issues were resolved. Details of these issues will be released after a period of approximately one week to allow system administrators to safely update to the latest version.
<!-- cspell:disable -->
- [MSA-24-0021](https://moodle.org/mod/forum/discuss.php?d=459498) - BigBlueButton web service leaks meeting joining information to users who should not have access
- [MSA-24-0022](https://moodle.org/mod/forum/discuss.php?d=459499) - Stored XSS via calendar's event title when deleting the event
- [MSA-24-0023](https://moodle.org/mod/forum/discuss.php?d=459500) - HTTP authorization header is preserved between "emulated redirects"
- [MSA-24-0024](https://moodle.org/mod/forum/discuss.php?d=459501) - CSRF risks due to misuse of confirm_sesskey
- [MSA-24-0025](https://moodle.org/mod/forum/discuss.php?d=459502) - QR login key and auto-login key for the Moodle mobile app should be generated as separate keys
<!-- cspell:enable -->
9 changes: 7 additions & 2 deletions general/releases/4.4/4.4.1.md
Original file line number Diff line number Diff line change
Expand Up @@ -76,5 +76,10 @@ import { ReleaseNoteIntro } from '@site/src/components/ReleaseInformation';
<!-- cspell:enable -->

## Security fixes

A number of security related issues were resolved. Details of these issues will be released after a period of approximately one week to allow system administrators to safely update to the latest version.
<!-- cspell:disable -->
- [MSA-24-0021](https://moodle.org/mod/forum/discuss.php?d=459498) - BigBlueButton web service leaks meeting joining information to users who should not have access
- [MSA-24-0022](https://moodle.org/mod/forum/discuss.php?d=459499) - Stored XSS via calendar's event title when deleting the event
- [MSA-24-0023](https://moodle.org/mod/forum/discuss.php?d=459500) - HTTP authorization header is preserved between "emulated redirects"
- [MSA-24-0024](https://moodle.org/mod/forum/discuss.php?d=459501) - CSRF risks due to misuse of confirm_sesskey
- [MSA-24-0025](https://moodle.org/mod/forum/discuss.php?d=459502) - QR login key and auto-login key for the Moodle mobile app should be generated as separate keys
<!-- cspell:enable -->

0 comments on commit f119c88

Please sign in to comment.