Merge pull request #896 from mickhawkins/main

HuongNV13 · web-flow · commit c08db9ca3895 · 2024-02-20T03:48:32.000Z
[docs] Add security announcements to 4.3.3 and friends
diff --git a/general/releases/4.1/4.1.9.md b/general/releases/4.1/4.1.9.md
@@ -19,5 +19,11 @@ import { ReleaseNoteIntro } from '@site/src/components/ReleaseInformation';
 <!-- cspell:enable -->
 
 ## Security fixes
-
-A number of security related issues were resolved. Details of these issues will be released after a period of approximately one week to allow system administrators to safely update to the latest version.
+<!-- cspell:disable -->
+- [MSA-24-0001](https://moodle.org/mod/forum/discuss.php?d=455634) - Denial of service risk in file picker unzip functionality
+- [MSA-24-0002](https://moodle.org/mod/forum/discuss.php?d=455635) - Forum search accepted random parameters in its URL
+- [MSA-24-0003](https://moodle.org/mod/forum/discuss.php?d=455636) - H5P attempts report did not respect activity group settings
+- [MSA-24-0004](https://moodle.org/mod/forum/discuss.php?d=455637) - Forum export did not respect activity group settings
+- [MSA-24-0005](https://moodle.org/mod/forum/discuss.php?d=455638) - CSRF risk in Language import utility
+- [MSA-24-0006](https://moodle.org/mod/forum/discuss.php?d=455641) - IDOR on dashboard comments block
+<!-- cspell:enable -->
diff --git a/general/releases/4.2/4.2.6.md b/general/releases/4.2/4.2.6.md
@@ -85,5 +85,11 @@ import { ReleaseNoteIntro } from '@site/src/components/ReleaseInformation';
 <!-- cspell:enable -->
 
 ## Security fixes
-
-A number of security related issues were resolved. Details of these issues will be released after a period of approximately one week to allow system administrators to safely update to the latest version.
+<!-- cspell:disable -->
+- [MSA-24-0001](https://moodle.org/mod/forum/discuss.php?d=455634) - Denial of service risk in file picker unzip functionality
+- [MSA-24-0002](https://moodle.org/mod/forum/discuss.php?d=455635) - Forum search accepted random parameters in its URL
+- [MSA-24-0003](https://moodle.org/mod/forum/discuss.php?d=455636) - H5P attempts report did not respect activity group settings
+- [MSA-24-0004](https://moodle.org/mod/forum/discuss.php?d=455637) - Forum export did not respect activity group settings
+- [MSA-24-0005](https://moodle.org/mod/forum/discuss.php?d=455638) - CSRF risk in Language import utility
+- [MSA-24-0006](https://moodle.org/mod/forum/discuss.php?d=455641) - IDOR on dashboard comments block
+<!-- cspell:enable -->
diff --git a/general/releases/4.3/4.3.3.md b/general/releases/4.3/4.3.3.md
@@ -97,5 +97,11 @@ import { ReleaseNoteIntro } from '@site/src/components/ReleaseInformation';
 <!-- cspell:enable -->
 
 ## Security fixes
-
-A number of security related issues were resolved. Details of these issues will be released after a period of approximately one week to allow system administrators to safely update to the latest version.
+<!-- cspell:disable -->
+- [MSA-24-0001](https://moodle.org/mod/forum/discuss.php?d=455634) - Denial of service risk in file picker unzip functionality
+- [MSA-24-0002](https://moodle.org/mod/forum/discuss.php?d=455635) - Forum search accepted random parameters in its URL
+- [MSA-24-0003](https://moodle.org/mod/forum/discuss.php?d=455636) - H5P attempts report did not respect activity group settings
+- [MSA-24-0004](https://moodle.org/mod/forum/discuss.php?d=455637) - Forum export did not respect activity group settings
+- [MSA-24-0005](https://moodle.org/mod/forum/discuss.php?d=455638) - CSRF risk in Language import utility
+- [MSA-24-0006](https://moodle.org/mod/forum/discuss.php?d=455641) - IDOR on dashboard comments block
+<!-- cspell:enable -->
