Skip to main content

Moodle 3.8.9

Unsupported Moodle Version
This version of Moodle is no longer supported and will not receive fixes for security risks.
You are encouraged to upgrade to a supported version of Moodle.

Release date: 10 May 2021

Here is the full list of fixed issues in 3.8.9.

Privacy improvement

  • MDL-71460 - Change site registration notifications and newsletter subscriptions to opt-in checkbox

Security fixes

  • MSA-21-0012 Forum CSV export could result in posts from all courses being exported
  • MSA-21-0013 Quiz unreleased grade disclosure via web service
  • MSA-21-0014 Blind SQL injection possible via MNet authentication
  • MSA-21-0015 Stored XSS in quiz grading report via user ID number
  • MSA-21-0016 Files API should mitigate denial-of-service risk when adding to the draft file area
  • MSA-21-0018 Reflected XSS and open redirect in LTI authorization endpoint
  • MSA-21-0019 Upgrade H5P PHP library to latest minor version (upstream)