Moodle 3.9.20

Unsupported Moodle Version

This version of Moodle is no longer supported for general bug fixes.
You are encouraged to upgrade to a supported version of Moodle.

Release date: 13 March 2023

Here is the full list of fixed issues in 3.9.20.

General fixes and improvements

• MDL-74905 - Decide Moodle 4.2 requirements and push them to environment.xml (due date: 2022-12-26)
• MDL-75012 - Bump nodejs from lts/gallium to stable (>=v18.x.x, now lts/hydrogen)

Security fixes

• MSA-23-0004 - Authenticated SQL injection via availability check
• MSA-23-0005 - Authenticated arbitrary file read through malformed backup file
• MSA-23-0006 - XSS risk when outputting database activity filter data
• MSA-23-0007 - Algebra filter XSS when filter is misconfigured
• MSA-23-0008 - Pix helper potential Mustache code injection risk
• MSA-23-0011 - Teacher can access names of users they do not have permission to access
• MSA-23-0012 - Course participation report shows roles the user should not see