Moodle 3.9.13
Unsupported Moodle Version
This version of Moodle is no longer supported and will not receive fixes for security risks.
You are encouraged to upgrade to a supported version of Moodle.
You are encouraged to upgrade to a supported version of Moodle.
Release date: 14 March 2022
Here is the full list of fixed issues in 3.9.13.
Backported bug fixes
- MDL-73915 - Bump NodeJS version, dependencies, and update JS build process, drop IE support
- MDL-73588 - Unexpected content in the CURLOPT_FILE output stream on redirects
Security fixes
- MSA-22-0005 SQL injection risk in Badges criteria code
- MSA-22-0006 Users with moodle/site:uploadusers but without moodle/user:delete could delete users
- MSA-22-0007 Possible to reach the profile field badge criteria on a course page
- MSA-22-0008 Upgrade PHPMailer to latest version (upstream)
- MSA-22-0009 Upgrade CKEditor included in h5p-editor-php-library to latest version (upstream)