Moodle 3.9.20
Unsupported Moodle Version
This version of Moodle is no longer supported for general bug fixes.
You are encouraged to upgrade to a supported version of Moodle.
You are encouraged to upgrade to a supported version of Moodle.
Release date: 13 March 2023
Here is the full list of fixed issues in 3.9.20.
General fixes and improvements
- MDL-74905 - Decide Moodle 4.2 requirements and push them to environment.xml (due date: 2022-12-26)
- MDL-75012 - Bump nodejs from lts/gallium to stable (>=v18.x.x, now lts/hydrogen)
Security fixes
- MSA-23-0004 - Authenticated SQL injection via availability check
- MSA-23-0005 - Authenticated arbitrary file read through malformed backup file
- MSA-23-0006 - XSS risk when outputting database activity filter data
- MSA-23-0007 - Algebra filter XSS when filter is misconfigured
- MSA-23-0008 - Pix helper potential Mustache code injection risk
- MSA-23-0011 - Teacher can access names of users they do not have permission to access
- MSA-23-0012 - Course participation report shows roles the user should not see