Skip to content

Commit

Permalink
Merge pull request #845 from mickhawkins/main
Browse files Browse the repository at this point in the history 
4.3.1 security announcements AND 4.3.2 unscheduled release updates
  • Loading branch information
@mattporritt
mattporritt authored Dec 21, 2023
2 parents 4d16a40 + 15725d6 commit 1924445
Show file tree
Hide file tree
Showing 13 changed files with 177 additions and 13 deletions.
18 changes: 18 additions & 0 deletions data/versions.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,12 @@
"name": "4.3.1",
"releaseDate": "11 December 2023",
"version": 2023100901
},
{
"name": "4.3.2",
"releaseDate": "22 December 2023",
"version": 2023100902,
"notes": "Unscheduled minor release"
}
]
},
Expand Down Expand Up @@ -68,6 +74,12 @@
"name": "4.2.4",
"releaseDate": "11 December 2023",
"version": 2023042404
},
{
"name": "4.2.5",
"releaseDate": "22 December 2023",
"version": 2023042405,
"notes": "Unscheduled minor release"
}
]
},
Expand Down Expand Up @@ -118,6 +130,12 @@
"name": "4.1.7",
"releaseDate": "11 December 2023",
"version": 2022112807
},
{
"name": "4.1.8",
"releaseDate": "22 December 2023",
"version": 2022112808,
"notes": "Unscheduled minor release"
}
]
},
Expand Down
Binary file removed general/_releases/4031_release_graph.png
View file
Binary file not shown.
Binary file added general/_releases/4032_release_graph.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
2 changes: 1 addition & 1 deletion general/releases.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@ The most recent [long-term support release (LTS)](https://en.wikipedia.org/wiki/

<SupportedReleases />

![Release graph summarising the currently supported Moodle releases in a visual form](_releases/4031_release_graph.png)
![Release graph summarising the currently supported Moodle releases in a visual form](_releases/4032_release_graph.png)

<details>
<summary>Release graph key</summary>
Expand Down
11 changes: 9 additions & 2 deletions general/releases/3.11/3.11.18.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,5 +13,12 @@ import { ReleaseNoteIntro } from '@site/src/components/ReleaseInformation';
<ReleaseNoteIntro releaseName={frontMatter.moodleVersion} />

## Security fixes

A number of security related issues were resolved. Details of these issues will be released after a period of approximately one week to allow system administrators to safely update to the latest version.
<!-- cspell:disable -->
- [MSA-23-0044](https://moodle.org/mod/forum/discuss.php?d=453758) - Authenticated remote code execution risk in logstore as manager
- [MSA-23-0045](https://moodle.org/mod/forum/discuss.php?d=453759) - DOS risk in URL downloader
- [MSA-23-0046](https://moodle.org/mod/forum/discuss.php?d=453760) - Authenticated remote code execution risk in course blocks
- [MSA-23-0047](https://moodle.org/mod/forum/discuss.php?d=453761) - Logs and Live logs course reports did not respect activity group settings
- [MSA-23-0050](https://moodle.org/mod/forum/discuss.php?d=453764) - Survey responses did not respect group settings
- [MSA-23-0051](https://moodle.org/mod/forum/discuss.php?d=453765) - Badge recipients are available to all users
- [MSA-23-0052](https://moodle.org/mod/forum/discuss.php?d=453766) - XSS risk when manually running a task in the admin UI
<!-- cspell:enable -->
11 changes: 9 additions & 2 deletions general/releases/3.9/3.9.25.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,5 +13,12 @@ import { ReleaseNoteIntro } from '@site/src/components/ReleaseInformation';
<ReleaseNoteIntro releaseName={frontMatter.moodleVersion} />

## Security fixes

A number of security related issues were resolved. Details of these issues will be released after a period of approximately one week to allow system administrators to safely update to the latest version.
<!-- cspell:disable -->
- [MSA-23-0044](https://moodle.org/mod/forum/discuss.php?d=453758) - Authenticated remote code execution risk in logstore as manager
- [MSA-23-0045](https://moodle.org/mod/forum/discuss.php?d=453759) - DOS risk in URL downloader
- [MSA-23-0046](https://moodle.org/mod/forum/discuss.php?d=453760) - Authenticated remote code execution risk in course blocks
- [MSA-23-0047](https://moodle.org/mod/forum/discuss.php?d=453761) - Logs and Live logs course reports did not respect activity group settings
- [MSA-23-0050](https://moodle.org/mod/forum/discuss.php?d=453764) - Survey responses did not respect group settings
- [MSA-23-0051](https://moodle.org/mod/forum/discuss.php?d=453765) - Badge recipients are available to all users
- [MSA-23-0052](https://moodle.org/mod/forum/discuss.php?d=453766) - XSS risk when manually running a task in the admin UI
<!-- cspell:enable -->
11 changes: 9 additions & 2 deletions general/releases/4.0/4.0.12.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,5 +13,12 @@ import { ReleaseNoteIntro } from '@site/src/components/ReleaseInformation';
<ReleaseNoteIntro releaseName={frontMatter.moodleVersion} />

## Security fixes

A number of security related issues were resolved. Details of these issues will be released after a period of approximately one week to allow system administrators to safely update to the latest version.
<!-- cspell:disable -->
- [MSA-23-0044](https://moodle.org/mod/forum/discuss.php?d=453758) - Authenticated remote code execution risk in logstore as manager
- [MSA-23-0045](https://moodle.org/mod/forum/discuss.php?d=453759) - DOS risk in URL downloader
- [MSA-23-0046](https://moodle.org/mod/forum/discuss.php?d=453760) - Authenticated remote code execution risk in course blocks
- [MSA-23-0047](https://moodle.org/mod/forum/discuss.php?d=453761) - Logs and Live logs course reports did not respect activity group settings
- [MSA-23-0050](https://moodle.org/mod/forum/discuss.php?d=453764) - Survey responses did not respect group settings
- [MSA-23-0051](https://moodle.org/mod/forum/discuss.php?d=453765) - Badge recipients are available to all users
- [MSA-23-0052](https://moodle.org/mod/forum/discuss.php?d=453766) - XSS risk when manually running a task in the admin UI
<!-- cspell:enable -->
11 changes: 9 additions & 2 deletions general/releases/4.1/4.1.7.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -94,5 +94,12 @@ import { ReleaseNoteIntro } from '@site/src/components/ReleaseInformation';
<!-- cspell:enable -->

## Security fixes

A number of security related issues were resolved. Details of these issues will be released after a period of approximately one week to allow system administrators to safely update to the latest version.
<!-- cspell:disable -->
- [MSA-23-0044](https://moodle.org/mod/forum/discuss.php?d=453758) - Authenticated remote code execution risk in logstore as manager
- [MSA-23-0045](https://moodle.org/mod/forum/discuss.php?d=453759) - DOS risk in URL downloader
- [MSA-23-0046](https://moodle.org/mod/forum/discuss.php?d=453760) - Authenticated remote code execution risk in course blocks
- [MSA-23-0047](https://moodle.org/mod/forum/discuss.php?d=453761) - Logs and Live logs course reports did not respect activity group settings
- [MSA-23-0050](https://moodle.org/mod/forum/discuss.php?d=453764) - Survey responses did not respect group settings
- [MSA-23-0051](https://moodle.org/mod/forum/discuss.php?d=453765) - Badge recipients are available to all users
- [MSA-23-0052](https://moodle.org/mod/forum/discuss.php?d=453766) - XSS risk when manually running a task in the admin UI
<!-- cspell:enable -->
25 changes: 25 additions & 0 deletions general/releases/4.1/4.1.8.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
---
title: Moodle 4.1.8
tags:
- Release notes
- Moodle 4.1
sidebar_position: 8
moodleVersion: 4.1.8
description: The release notes for Moodle version 4.1.8.
---

import { ReleaseNoteIntro } from '@site/src/components/ReleaseInformation';

<ReleaseNoteIntro releaseName={frontMatter.moodleVersion} />

Moodle 4.1.8 has been released outside of the normal release schedule, primarily to address two regressions that were introduced in 4.1.7. A minor release will still take place in February 2024, as scheduled.

## Regression fixes
<!-- cspell:disable -->
- [MDL-80393](https://tracker.moodle.org/browse/MDL-80393) - Ensure JavaScript requests that require current language have access to it
- [MDL-80394](https://tracker.moodle.org/browse/MDL-80394) - Backwards-incompatible Grade API changes committed to stable branches in MDL-68652
<!-- cspell:enable -->

## Security fixes

There are no security fixes included in this release.
14 changes: 12 additions & 2 deletions general/releases/4.2/4.2.4.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -101,5 +101,15 @@ import { ReleaseNoteIntro } from '@site/src/components/ReleaseInformation';
<!-- cspell:enable -->

## Security fixes

A number of security related issues were resolved. Details of these issues will be released after a period of approximately one week to allow system administrators to safely update to the latest version.
<!-- cspell:disable -->
- [MSA-23-0044](https://moodle.org/mod/forum/discuss.php?d=453758) - Authenticated remote code execution risk in logstore as manager
- [MSA-23-0045](https://moodle.org/mod/forum/discuss.php?d=453759) - DOS risk in URL downloader
- [MSA-23-0046](https://moodle.org/mod/forum/discuss.php?d=453760) - Authenticated remote code execution risk in course blocks
- [MSA-23-0047](https://moodle.org/mod/forum/discuss.php?d=453761) - Logs and Live logs course reports did not respect activity group settings
- [MSA-23-0048](https://moodle.org/mod/forum/discuss.php?d=453762) - Stored XSS in grader report via user ID number
- [MSA-23-0049](https://moodle.org/mod/forum/discuss.php?d=453763) - Reflected XSS risk in grader report search
- [MSA-23-0050](https://moodle.org/mod/forum/discuss.php?d=453764) - Survey responses did not respect group settings
- [MSA-23-0051](https://moodle.org/mod/forum/discuss.php?d=453765) - Badge recipients are available to all users
- [MSA-23-0052](https://moodle.org/mod/forum/discuss.php?d=453766) - XSS risk when manually running a task in the admin UI
- [MSA-23-0053](https://moodle.org/mod/forum/discuss.php?d=453767) - Reflected XSS risk on ad-hoc tasks page
<!-- cspell:enable -->
36 changes: 36 additions & 0 deletions general/releases/4.2/4.2.5.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,36 @@
---
title: Moodle 4.2.5
tags:
- Release notes
- Moodle 4.2
sidebar_position: 5
moodleVersion: 4.2.5
description: The release notes for Moodle version 4.2.5.
---

import { ReleaseNoteIntro } from '@site/src/components/ReleaseInformation';

<ReleaseNoteIntro releaseName={frontMatter.moodleVersion} />

Moodle 4.2.5 has been released outside of the normal release schedule, primarily to address two regressions that were introduced in 4.2.4. A minor release will still take place in February 2024, as scheduled.

## Regression fixes
<!-- cspell:disable -->
- [MDL-80393](https://tracker.moodle.org/browse/MDL-80393) - Ensure JavaScript requests that require current language have access to it
- [MDL-80394](https://tracker.moodle.org/browse/MDL-80394) - Backwards-incompatible Grade API changes committed to stable branches in MDL-68652
<!-- cspell:enable -->

## General fixes
<!-- cspell:disable -->
- [MDL-80003](https://tracker.moodle.org/browse/MDL-80003) - Autosave in quiz does not always work with TinyMCE editor fields
- [MDL-77572](https://tracker.moodle.org/browse/MDL-77572) - Some course capabilities do not allow the course edit menu (kebab) to display
<!-- cspell:enable -->

## Security improvements
<!-- cspell:disable -->
- [MDL-74466](https://tracker.moodle.org/browse/MDL-74466) - Repository management leaks sesskey in GET requests
<!-- cspell:enable -->

## Security fixes

There are no security fixes included in this release.
14 changes: 12 additions & 2 deletions general/releases/4.3/4.3.1.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -119,5 +119,15 @@ import { ReleaseNoteIntro } from '@site/src/components/ReleaseInformation';
<!-- cspell:enable -->

## Security fixes

A number of security related issues were resolved. Details of these issues will be released after a period of approximately one week to allow system administrators to safely update to the latest version.
<!-- cspell:disable -->
- [MSA-23-0044](https://moodle.org/mod/forum/discuss.php?d=453758) - Authenticated remote code execution risk in logstore as manager
- [MSA-23-0045](https://moodle.org/mod/forum/discuss.php?d=453759) - DOS risk in URL downloader
- [MSA-23-0046](https://moodle.org/mod/forum/discuss.php?d=453760) - Authenticated remote code execution risk in course blocks
- [MSA-23-0047](https://moodle.org/mod/forum/discuss.php?d=453761) - Logs and Live logs course reports did not respect activity group settings
- [MSA-23-0048](https://moodle.org/mod/forum/discuss.php?d=453762) - Stored XSS in grader report via user ID number
- [MSA-23-0049](https://moodle.org/mod/forum/discuss.php?d=453763) - Reflected XSS risk in grader report search
- [MSA-23-0050](https://moodle.org/mod/forum/discuss.php?d=453764) - Survey responses did not respect group settings
- [MSA-23-0051](https://moodle.org/mod/forum/discuss.php?d=453765) - Badge recipients are available to all users
- [MSA-23-0052](https://moodle.org/mod/forum/discuss.php?d=453766) - XSS risk when manually running a task in the admin UI
- [MSA-23-0053](https://moodle.org/mod/forum/discuss.php?d=453767) - Reflected XSS risk on ad-hoc tasks page
<!-- cspell:enable -->
37 changes: 37 additions & 0 deletions general/releases/4.3/4.3.2.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,37 @@
---
title: Moodle 4.3.2
tags:
- Release notes
- Moodle 4.3
sidebar_position: 2
moodleVersion: 4.3.2
description: The release notes for Moodle version 4.3.2.
---

import { ReleaseNoteIntro } from '@site/src/components/ReleaseInformation';

<ReleaseNoteIntro releaseName={frontMatter.moodleVersion} />

Moodle 4.3.2 has been released outside of the normal release schedule, primarily to address two regressions that were introduced in 4.3.1. A minor release will still take place in February 2024, as scheduled.

## Regression fixes
<!-- cspell:disable -->
- [MDL-80393](https://tracker.moodle.org/browse/MDL-80393) - Ensure JavaScript requests that require current language have access to it
- [MDL-80394](https://tracker.moodle.org/browse/MDL-80394) - Backwards-incompatible Grade API changes committed to stable branches in MDL-68652
<!-- cspell:enable -->

## General fixes
<!-- cspell:disable -->
- [MDL-77572](https://tracker.moodle.org/browse/MDL-77572) - Some course capabilities do not allow the course edit menu (kebab) to display
- [MDL-80003](https://tracker.moodle.org/browse/MDL-80003) - Autosave in quiz does not always work with TinyMCE editor fields
- [MDL-80233](https://tracker.moodle.org/browse/MDL-80233) - Cannot disable 'View activity' requirement in default activity completion
<!-- cspell:enable -->

## Security improvements
<!-- cspell:disable -->
- [MDL-74466](https://tracker.moodle.org/browse/MDL-74466) - Repository management leaks sesskey in GET requests
<!-- cspell:enable -->

## Security fixes

There are no security fixes included in this release.

0 comments on commit 1924445

Please sign in to comment.