Skip to content

Commit 248c155

Browse files
mickhawkinsmickhawkins
committed
[docs] Add security announcements to 4.5.2 and friends
1 parent c7848ee commit 248c155

File tree

4 files changed

+47
-8
lines changed

4 files changed

+47
-8
lines changed

general/releases/4.1/4.1.16.md

+11-2
Original file line numberDiff line numberDiff line change
@@ -19,5 +19,14 @@ import { ReleaseNoteIntro } from '@site/src/components/ReleaseInformation';
1919
<!-- cspell:enable -->
2020

2121
## Security fixes
22-
23-
A number of security related issues were resolved. Details of these issues will be released after a period of approximately one week to allow system administrators to safely update to the latest version.
22+
<!-- cspell:disable -->
23+
- [MSA-25-0001](https://moodle.org/mod/forum/discuss.php?d=466141) - Arbitrary file read risk through pdfTeX
24+
- [MSA-25-0002](https://moodle.org/mod/forum/discuss.php?d=466142) - Feedback response viewing and deletions did not respect Separate Groups mode
25+
- [MSA-25-0003](https://moodle.org/mod/forum/discuss.php?d=466143) - Non-searchable tags can still be discovered on the tag search page and in the tags block
26+
- [MSA-25-0004](https://moodle.org/mod/forum/discuss.php?d=466144) - Stored XSS in ddimageortext question type
27+
- [MSA-25-0005](https://moodle.org/mod/forum/discuss.php?d=466145) - Stored XSS risk in admin live log
28+
- [MSA-25-0007](https://moodle.org/mod/forum/discuss.php?d=466147) - Upgrade RequireJS including security fix (upstream)
29+
- [MSA-25-0008](https://moodle.org/mod/forum/discuss.php?d=466148) - IDOR in badges allows disabling of arbitrary badges
30+
- [MSA-25-0009](https://moodle.org/mod/forum/discuss.php?d=466149) - Teachers can evade trusttext config when restoring glossary entries
31+
- [MSA-25-0010](https://moodle.org/mod/forum/discuss.php?d=466150) - SQL injection risk in course search module list filter
32+
<!-- cspell:enable -->

general/releases/4.3/4.3.10.md

+12-2
Original file line numberDiff line numberDiff line change
@@ -19,5 +19,15 @@ import { ReleaseNoteIntro } from '@site/src/components/ReleaseInformation';
1919
<!-- cspell:enable -->
2020

2121
## Security fixes
22-
23-
A number of security related issues were resolved. Details of these issues will be released after a period of approximately one week to allow system administrators to safely update to the latest version.
22+
<!-- cspell:disable -->
23+
- [MSA-25-0001](https://moodle.org/mod/forum/discuss.php?d=466141) - Arbitrary file read risk through pdfTeX
24+
- [MSA-25-0002](https://moodle.org/mod/forum/discuss.php?d=466142) - Feedback response viewing and deletions did not respect Separate Groups mode
25+
- [MSA-25-0003](https://moodle.org/mod/forum/discuss.php?d=466143) - Non-searchable tags can still be discovered on the tag search page and in the tags block
26+
- [MSA-25-0004](https://moodle.org/mod/forum/discuss.php?d=466144) - Stored XSS in ddimageortext question type
27+
- [MSA-25-0005](https://moodle.org/mod/forum/discuss.php?d=466145) - Stored XSS risk in admin live log
28+
- [MSA-25-0006](https://moodle.org/mod/forum/discuss.php?d=466146) - Reflected XSS via question bank filter
29+
- [MSA-25-0007](https://moodle.org/mod/forum/discuss.php?d=466147) - Upgrade RequireJS including security fix (upstream)
30+
- [MSA-25-0008](https://moodle.org/mod/forum/discuss.php?d=466148) - IDOR in badges allows disabling of arbitrary badges
31+
- [MSA-25-0009](https://moodle.org/mod/forum/discuss.php?d=466149) - Teachers can evade trusttext config when restoring glossary entries
32+
- [MSA-25-0010](https://moodle.org/mod/forum/discuss.php?d=466150) - SQL injection risk in course search module list filter
33+
<!-- cspell:enable -->

general/releases/4.4/4.4.6.md

+12-2
Original file line numberDiff line numberDiff line change
@@ -78,5 +78,15 @@ import { ReleaseNoteIntro } from '@site/src/components/ReleaseInformation';
7878
<!-- cspell:enable -->
7979

8080
## Security fixes
81-
82-
A number of security related issues were resolved. Details of these issues will be released after a period of approximately one week to allow system administrators to safely update to the latest version.
81+
<!-- cspell:disable -->
82+
- [MSA-25-0001](https://moodle.org/mod/forum/discuss.php?d=466141) - Arbitrary file read risk through pdfTeX
83+
- [MSA-25-0002](https://moodle.org/mod/forum/discuss.php?d=466142) - Feedback response viewing and deletions did not respect Separate Groups mode
84+
- [MSA-25-0003](https://moodle.org/mod/forum/discuss.php?d=466143) - Non-searchable tags can still be discovered on the tag search page and in the tags block
85+
- [MSA-25-0004](https://moodle.org/mod/forum/discuss.php?d=466144) - Stored XSS in ddimageortext question type
86+
- [MSA-25-0005](https://moodle.org/mod/forum/discuss.php?d=466145) - Stored XSS risk in admin live log
87+
- [MSA-25-0006](https://moodle.org/mod/forum/discuss.php?d=466146) - Reflected XSS via question bank filter
88+
- [MSA-25-0007](https://moodle.org/mod/forum/discuss.php?d=466147) - Upgrade RequireJS including security fix (upstream)
89+
- [MSA-25-0008](https://moodle.org/mod/forum/discuss.php?d=466148) - IDOR in badges allows disabling of arbitrary badges
90+
- [MSA-25-0009](https://moodle.org/mod/forum/discuss.php?d=466149) - Teachers can evade trusttext config when restoring glossary entries
91+
- [MSA-25-0010](https://moodle.org/mod/forum/discuss.php?d=466150) - SQL injection risk in course search module list filter
92+
<!-- cspell:enable -->

general/releases/4.5/4.5.2.md

+12-2
Original file line numberDiff line numberDiff line change
@@ -86,5 +86,15 @@ import { ReleaseNoteIntro } from '@site/src/components/ReleaseInformation';
8686
<!-- cspell:enable -->
8787

8888
## Security fixes
89-
90-
A number of security related issues were resolved. Details of these issues will be released after a period of approximately one week to allow system administrators to safely update to the latest version.
89+
<!-- cspell:disable -->
90+
- [MSA-25-0001](https://moodle.org/mod/forum/discuss.php?d=466141) - Arbitrary file read risk through pdfTeX
91+
- [MSA-25-0002](https://moodle.org/mod/forum/discuss.php?d=466142) - Feedback response viewing and deletions did not respect Separate Groups mode
92+
- [MSA-25-0003](https://moodle.org/mod/forum/discuss.php?d=466143) - Non-searchable tags can still be discovered on the tag search page and in the tags block
93+
- [MSA-25-0004](https://moodle.org/mod/forum/discuss.php?d=466144) - Stored XSS in ddimageortext question type
94+
- [MSA-25-0005](https://moodle.org/mod/forum/discuss.php?d=466145) - Stored XSS risk in admin live log
95+
- [MSA-25-0006](https://moodle.org/mod/forum/discuss.php?d=466146) - Reflected XSS via question bank filter
96+
- [MSA-25-0007](https://moodle.org/mod/forum/discuss.php?d=466147) - Upgrade RequireJS including security fix (upstream)
97+
- [MSA-25-0008](https://moodle.org/mod/forum/discuss.php?d=466148) - IDOR in badges allows disabling of arbitrary badges
98+
- [MSA-25-0009](https://moodle.org/mod/forum/discuss.php?d=466149) - Teachers can evade trusttext config when restoring glossary entries
99+
- [MSA-25-0010](https://moodle.org/mod/forum/discuss.php?d=466150) - SQL injection risk in course search module list filter
100+
<!-- cspell:enable -->

0 commit comments

Comments
 (0)