Skip to main content

Moodle 3.8.8

Unsupported Moodle Version
This version of Moodle is no longer supported and will not receive fixes for security risks.
You are encouraged to upgrade to a supported version of Moodle.

Release date: 8 March 2021

Here is the full list of fixed issues in 3.8.8.

Security fixes

  • MSA-21-0006 Stored XSS via ID number user profile field
  • MSA-21-0007 Stored XSS and blind SSRF possible via feedback answer text
  • MSA-21-0008 User full name disclosure within online users block
  • MSA-21-0009 Bypass email verification secret when confirming account registration
  • MSA-21-0010 Fetching a user's enrolled courses via web services did not check profile access in each course
  • MSA-21-0011 JQuery versions below 3.5.0 contain some potential vulnerabilities (upstream)