diff --git a/general/releases/4.5/4.5.11.md b/general/releases/4.5/4.5.11.md index 79bba7f67..bb28bd014 100644 --- a/general/releases/4.5/4.5.11.md +++ b/general/releases/4.5/4.5.11.md @@ -53,4 +53,12 @@ import { ReleaseNoteIntro } from '@site/src/components/ReleaseInformation'; ## Security fixes {/* #security-fixes */} -A number of security related issues were resolved. Details of these issues will be released after a period of approximately one week to allow system administrators to safely update to the latest version. +{/* */} + +- [MSA-26-0005](https://moodle.org/mod/forum/discuss.php?d=474063) - SQL injection risk in external database authentication plugin +- [MSA-26-0006](https://moodle.org/mod/forum/discuss.php?d=474064) - RCE risk via Moodle's Google Drive repository plugin +- [MSA-26-0007](https://moodle.org/mod/forum/discuss.php?d=474065) - Message panel breaks with messages from deleted users (messaging DoS risk) +- [MSA-26-0008](https://moodle.org/mod/forum/discuss.php?d=474066) - Upgrade PHPUnit version to avoid a security risk (upstream) +- [MSA-26-0010](https://moodle.org/mod/forum/discuss.php?d=474068) - Upgrade AWS SDK for PHP including security fix (upstream) +- [MSA-26-0011](https://moodle.org/mod/forum/discuss.php?d=474069) - CSRF and missing capability check in admin/mnet/peers.php +{/* */} diff --git a/general/releases/5.0/5.0.7.md b/general/releases/5.0/5.0.7.md index efeec2a4e..c44bfc863 100644 --- a/general/releases/5.0/5.0.7.md +++ b/general/releases/5.0/5.0.7.md @@ -118,4 +118,12 @@ import { ReleaseNoteIntro } from '@site/src/components/ReleaseInformation'; ## Security fixes {/* #security-fixes */} -A number of security related issues were resolved. Details of these issues will be released after a period of approximately one week to allow system administrators to safely update to the latest version. +{/* */} + +- [MSA-26-0005](https://moodle.org/mod/forum/discuss.php?d=474063) - SQL injection risk in external database authentication plugin +- [MSA-26-0006](https://moodle.org/mod/forum/discuss.php?d=474064) - RCE risk via Moodle's Google Drive repository plugin +- [MSA-26-0007](https://moodle.org/mod/forum/discuss.php?d=474065) - Message panel breaks with messages from deleted users (messaging DoS risk) +- [MSA-26-0009](https://moodle.org/mod/forum/discuss.php?d=474067) - CSRF risk in reset penalty rules functionality +- [MSA-26-0010](https://moodle.org/mod/forum/discuss.php?d=474068) - Upgrade AWS SDK for PHP including security fix (upstream) +- [MSA-26-0011](https://moodle.org/mod/forum/discuss.php?d=474069) - CSRF and missing capability check in admin/mnet/peers.php +{/* */} diff --git a/general/releases/5.1/5.1.4.md b/general/releases/5.1/5.1.4.md index 0083efcf6..fe3f3a18f 100644 --- a/general/releases/5.1/5.1.4.md +++ b/general/releases/5.1/5.1.4.md @@ -121,4 +121,12 @@ import { ReleaseNoteIntro } from '@site/src/components/ReleaseInformation'; ## Security fixes {/* #security-fixes */} -A number of security related issues were resolved. Details of these issues will be released after a period of approximately one week to allow system administrators to safely update to the latest version. +{/* */} + +- [MSA-26-0005](https://moodle.org/mod/forum/discuss.php?d=474063) - SQL injection risk in external database authentication plugin +- [MSA-26-0006](https://moodle.org/mod/forum/discuss.php?d=474064) - RCE risk via Moodle's Google Drive repository plugin +- [MSA-26-0007](https://moodle.org/mod/forum/discuss.php?d=474065) - Message panel breaks with messages from deleted users (messaging DoS risk) +- [MSA-26-0009](https://moodle.org/mod/forum/discuss.php?d=474067) - CSRF risk in reset penalty rules functionality +- [MSA-26-0010](https://moodle.org/mod/forum/discuss.php?d=474068) - Upgrade AWS SDK for PHP including security fix (upstream) +- [MSA-26-0011](https://moodle.org/mod/forum/discuss.php?d=474069) - CSRF and missing capability check in admin/mnet/peers.php +{/* */}