Moodle 3.9.24
Unsupported Moodle Version
This version of Moodle is no longer supported and will not receive fixes for security risks.
You are encouraged to upgrade to a supported version of Moodle.
You are encouraged to upgrade to a supported version of Moodle.
Release date: 9 October 2023
Here is the full list of fixed issues in 3.9.24.
General fixes and improvements
- MDL-79360 - Broken nolink tag support in text filtering
Accessibility improvements
- MDL-78806 - Accessibility issue: Page title does not contain website (WCAG 2.1 - 2.4.2 Page Titled)
Security improvements
- MDL-79017 - Semicolon or closing curly braces in reference filename break \file_storage::unpack_reference
Security fixes
- MSA-23-0031 - Authenticated remote code execution risk in Lesson
- MSA-23-0032 - Authenticated remote code execution risk in IMSCP
- MSA-23-0033 - XSS risk when using CSV grade import method
- MSA-23-0036 - Stored XSS and potential IDOR risk in Wiki comments
- MSA-23-0037 - Auto-populated H5P author name causes a potential information leak
- MSA-23-0039 - XSS risk when previewing data in course upload tool
- MSA-23-0040 - Make file serving endpoints revision control stricter
- MSA-23-0041 - Insufficient capability checks when updating the parent of a course category
- MSA-23-0042 - RCE due to LFI risk in some misconfigured shared hosting environments
- MSA-23-0043 - Forum summary report shows students from other groups when in Separate Groups mode