You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: general/releases/4.1/4.1.11.md
+7-2Lines changed: 7 additions & 2 deletions
Original file line number
Diff line number
Diff line change
@@ -18,5 +18,10 @@ import { ReleaseNoteIntro } from '@site/src/components/ReleaseInformation';
18
18
<!-- cspell:enable -->
19
19
20
20
## Security fixes
21
-
22
-
A number of security related issues were resolved. Details of these issues will be released after a period of approximately one week to allow system administrators to safely update to the latest version.
21
+
<!-- cspell:disable -->
22
+
-[MSA-24-0021](https://moodle.org/mod/forum/discuss.php?d=459498) - BigBlueButton web service leaks meeting joining information to users who should not have access
23
+
-[MSA-24-0022](https://moodle.org/mod/forum/discuss.php?d=459499) - Stored XSS via calendar's event title when deleting the event
24
+
-[MSA-24-0023](https://moodle.org/mod/forum/discuss.php?d=459500) - HTTP authorization header is preserved between "emulated redirects"
25
+
-[MSA-24-0024](https://moodle.org/mod/forum/discuss.php?d=459501) - CSRF risks due to misuse of confirm_sesskey
26
+
-[MSA-24-0025](https://moodle.org/mod/forum/discuss.php?d=459502) - QR login key and auto-login key for the Moodle mobile app should be generated as separate keys
Copy file name to clipboardExpand all lines: general/releases/4.2/4.2.8.md
+7-2Lines changed: 7 additions & 2 deletions
Original file line number
Diff line number
Diff line change
@@ -19,5 +19,10 @@ import { ReleaseNoteIntro } from '@site/src/components/ReleaseInformation';
19
19
<!-- cspell:enable -->
20
20
21
21
## Security fixes
22
-
23
-
A number of security related issues were resolved. Details of these issues will be released after a period of approximately one week to allow system administrators to safely update to the latest version.
22
+
<!-- cspell:disable -->
23
+
-[MSA-24-0021](https://moodle.org/mod/forum/discuss.php?d=459498) - BigBlueButton web service leaks meeting joining information to users who should not have access
24
+
-[MSA-24-0022](https://moodle.org/mod/forum/discuss.php?d=459499) - Stored XSS via calendar's event title when deleting the event
25
+
-[MSA-24-0023](https://moodle.org/mod/forum/discuss.php?d=459500) - HTTP authorization header is preserved between "emulated redirects"
26
+
-[MSA-24-0024](https://moodle.org/mod/forum/discuss.php?d=459501) - CSRF risks due to misuse of confirm_sesskey
27
+
-[MSA-24-0025](https://moodle.org/mod/forum/discuss.php?d=459502) - QR login key and auto-login key for the Moodle mobile app should be generated as separate keys
Copy file name to clipboardExpand all lines: general/releases/4.3/4.3.5.md
+7-2Lines changed: 7 additions & 2 deletions
Original file line number
Diff line number
Diff line change
@@ -59,5 +59,10 @@ import { ReleaseNoteIntro } from '@site/src/components/ReleaseInformation';
59
59
<!-- cspell:enable -->
60
60
61
61
## Security fixes
62
-
63
-
A number of security related issues were resolved. Details of these issues will be released after a period of approximately one week to allow system administrators to safely update to the latest version.
62
+
<!-- cspell:disable -->
63
+
-[MSA-24-0021](https://moodle.org/mod/forum/discuss.php?d=459498) - BigBlueButton web service leaks meeting joining information to users who should not have access
64
+
-[MSA-24-0022](https://moodle.org/mod/forum/discuss.php?d=459499) - Stored XSS via calendar's event title when deleting the event
65
+
-[MSA-24-0023](https://moodle.org/mod/forum/discuss.php?d=459500) - HTTP authorization header is preserved between "emulated redirects"
66
+
-[MSA-24-0024](https://moodle.org/mod/forum/discuss.php?d=459501) - CSRF risks due to misuse of confirm_sesskey
67
+
-[MSA-24-0025](https://moodle.org/mod/forum/discuss.php?d=459502) - QR login key and auto-login key for the Moodle mobile app should be generated as separate keys
Copy file name to clipboardExpand all lines: general/releases/4.4/4.4.1.md
+7-2Lines changed: 7 additions & 2 deletions
Original file line number
Diff line number
Diff line change
@@ -76,5 +76,10 @@ import { ReleaseNoteIntro } from '@site/src/components/ReleaseInformation';
76
76
<!-- cspell:enable -->
77
77
78
78
## Security fixes
79
-
80
-
A number of security related issues were resolved. Details of these issues will be released after a period of approximately one week to allow system administrators to safely update to the latest version.
79
+
<!-- cspell:disable -->
80
+
-[MSA-24-0021](https://moodle.org/mod/forum/discuss.php?d=459498) - BigBlueButton web service leaks meeting joining information to users who should not have access
81
+
-[MSA-24-0022](https://moodle.org/mod/forum/discuss.php?d=459499) - Stored XSS via calendar's event title when deleting the event
82
+
-[MSA-24-0023](https://moodle.org/mod/forum/discuss.php?d=459500) - HTTP authorization header is preserved between "emulated redirects"
83
+
-[MSA-24-0024](https://moodle.org/mod/forum/discuss.php?d=459501) - CSRF risks due to misuse of confirm_sesskey
84
+
-[MSA-24-0025](https://moodle.org/mod/forum/discuss.php?d=459502) - QR login key and auto-login key for the Moodle mobile app should be generated as separate keys
0 commit comments