Moodle 3.9.23
Unsupported Moodle Version
This version of Moodle is no longer supported and will not receive fixes for security risks.
You are encouraged to upgrade to a supported version of Moodle.
You are encouraged to upgrade to a supported version of Moodle.
Release date: 14 August 2023
Here is the full list of fixed issues in 3.9.23.
General fixes and improvements
- MDL-77525 - Add text filtering stages
Security fixes
- MSA-23-0019 - Proxy bypass risk due to insufficient validation
- MSA-23-0020 - Remote code execution risk when parsing malformed file repository reference
- MSA-23-0021 - Some block permissions on Dashboard not respected
- MSA-23-0023 - Stored self-XSS escalated to stored XSS via OAuth 2 login
- MSA-23-0025 - phpCAS library upgraded to 1.6.0 (upstream)
- MSA-23-0026 - IDOR in message processor fragments allows fetching of other users' data
- MSA-23-0027 - JQuery UI library upgraded to 1.13.2 (upstream)
- MSA-23-0028 - Open redirect risk on admin view all policies page
- MSA-23-0029 - Competency framework tools are not restricted as intended
- MSA-23-0030 - Quiz sequential navigation bypass possible