From a3a122dabc91b5b2d6a64139eb53a21d58060f36 Mon Sep 17 00:00:00 2001
From: Michael Hawkins <michaelh@moodle.com>
Date: Fri, 20 Sep 2024 10:51:39 +0800
Subject: [PATCH] [docs] Add security announcements to 4.4.3 and friends

---
 general/releases/4.1/4.1.13.md | 8 ++++++--
 general/releases/4.2/4.2.10.md | 8 ++++++--
 general/releases/4.3/4.3.7.md  | 8 ++++++--
 general/releases/4.4/4.4.3.md  | 8 ++++++--
 4 files changed, 24 insertions(+), 8 deletions(-)

diff --git a/general/releases/4.1/4.1.13.md b/general/releases/4.1/4.1.13.md
index 255c70c61..9368a21f7 100644
--- a/general/releases/4.1/4.1.13.md
+++ b/general/releases/4.1/4.1.13.md
@@ -18,5 +18,9 @@ import { ReleaseNoteIntro } from '@site/src/components/ReleaseInformation';
 <!-- cspell:enable -->
 
 ## Security fixes
-
-A number of security related issues were resolved. Details of these issues will be released after a period of approximately one week to allow system administrators to safely update to the latest version.
+<!-- cspell:disable -->
+- [MSA-24-0042](https://moodle.org/mod/forum/discuss.php?d=461894) - Unprotected access to sensitive information via dynamic tables.<br/>
+**Note:** Please check the announcement for further details about required coding changes for any third party Moodle code implementing dynamic tables.
+- [MSA-24-0043](https://moodle.org/mod/forum/discuss.php?d=461895) - IDOR when deleting OAuth2 linked accounts
+- [MSA-24-0044](https://moodle.org/mod/forum/discuss.php?d=461897) - Lesson activity password bypass through PHP loose comparison
+<!-- cspell:enable -->
diff --git a/general/releases/4.2/4.2.10.md b/general/releases/4.2/4.2.10.md
index 598df3409..459fcdf8f 100644
--- a/general/releases/4.2/4.2.10.md
+++ b/general/releases/4.2/4.2.10.md
@@ -20,5 +20,9 @@ import { ReleaseNoteIntro } from '@site/src/components/ReleaseInformation';
 <!-- cspell:enable -->
 
 ## Security fixes
-
-A number of security related issues were resolved. Details of these issues will be released after a period of approximately one week to allow system administrators to safely update to the latest version.
+<!-- cspell:disable -->
+- [MSA-24-0042](https://moodle.org/mod/forum/discuss.php?d=461894) - Unprotected access to sensitive information via dynamic tables.<br/>
+**Note:** Please check the announcement for further details about required coding changes for any third party Moodle code implementing dynamic tables.
+- [MSA-24-0043](https://moodle.org/mod/forum/discuss.php?d=461895) - IDOR when deleting OAuth2 linked accounts
+- [MSA-24-0044](https://moodle.org/mod/forum/discuss.php?d=461897) - Lesson activity password bypass through PHP loose comparison
+<!-- cspell:enable -->
diff --git a/general/releases/4.3/4.3.7.md b/general/releases/4.3/4.3.7.md
index e9f4f3336..0e1e7d18a 100644
--- a/general/releases/4.3/4.3.7.md
+++ b/general/releases/4.3/4.3.7.md
@@ -30,5 +30,9 @@ import { ReleaseNoteIntro } from '@site/src/components/ReleaseInformation';
 <!-- cspell:enable -->
 
 ## Security fixes
-
-A number of security related issues were resolved. Details of these issues will be released after a period of approximately one week to allow system administrators to safely update to the latest version.
+<!-- cspell:disable -->
+- [MSA-24-0042](https://moodle.org/mod/forum/discuss.php?d=461894) - Unprotected access to sensitive information via dynamic tables.<br/>
+**Note:** Please check the announcement for further details about required coding changes for any third party Moodle code implementing dynamic tables.
+- [MSA-24-0043](https://moodle.org/mod/forum/discuss.php?d=461895) - IDOR when deleting OAuth2 linked accounts
+- [MSA-24-0044](https://moodle.org/mod/forum/discuss.php?d=461897) - Lesson activity password bypass through PHP loose comparison
+<!-- cspell:enable -->
diff --git a/general/releases/4.4/4.4.3.md b/general/releases/4.4/4.4.3.md
index 7685ac22f..0e59c0782 100644
--- a/general/releases/4.4/4.4.3.md
+++ b/general/releases/4.4/4.4.3.md
@@ -34,5 +34,9 @@ import { ReleaseNoteIntro } from '@site/src/components/ReleaseInformation';
 <!-- cspell:enable -->
 
 ## Security fixes
-
-A number of security related issues were resolved. Details of these issues will be released after a period of approximately one week to allow system administrators to safely update to the latest version.
+<!-- cspell:disable -->
+- [MSA-24-0042](https://moodle.org/mod/forum/discuss.php?d=461894) - Unprotected access to sensitive information via dynamic tables.<br/>
+**Note:** Please check the announcement for further details about required coding changes for any third party Moodle code implementing dynamic tables.
+- [MSA-24-0043](https://moodle.org/mod/forum/discuss.php?d=461895) - IDOR when deleting OAuth2 linked accounts
+- [MSA-24-0044](https://moodle.org/mod/forum/discuss.php?d=461897) - Lesson activity password bypass through PHP loose comparison
+<!-- cspell:enable -->