Merge pull request #1454 from mickhawkins/main

HuongNV13 · web-flow · commit abe3dd6521f2 · 2025-10-14T07:53:14.000Z
[docs] Add security announcements to 5.0.3 and friends
diff --git a/general/releases/4.1/4.1.21.md b/general/releases/4.1/4.1.21.md
@@ -18,5 +18,10 @@ import { ReleaseNoteIntro } from '@site/src/components/ReleaseInformation';
 <!-- cspell:enable -->
 
 ## Security fixes
-
-A number of security related issues were resolved. Details of these issues will be released after a period of approximately one week to allow system administrators to safely update to the latest version.
+<!-- cspell:disable -->
+- [MSA-25-0042](https://moodle.org/mod/forum/discuss.php?d=470382) - Upgrade FPDI including security fix (upstream)
+- [MSA-25-0044](https://moodle.org/mod/forum/discuss.php?d=470384) - External cohort search service method leaks system cohort data
+- [MSA-25-0048](https://moodle.org/mod/forum/discuss.php?d=470388) - Password brute force risk when mobile/web services enabled
+- [MSA-25-0049](https://moodle.org/mod/forum/discuss.php?d=470389) - Names of hidden groups are visible to users with access to create group calendar events
+- [MSA-25-0050](https://moodle.org/mod/forum/discuss.php?d=470390) - Possible to bypass timer in timed assignments
+<!-- cspell:enable -->
diff --git a/general/releases/4.4/4.4.11.md b/general/releases/4.4/4.4.11.md
@@ -18,5 +18,11 @@ import { ReleaseNoteIntro } from '@site/src/components/ReleaseInformation';
 <!-- cspell:enable -->
 
 ## Security fixes
-
-A number of security related issues were resolved. Details of these issues will be released after a period of approximately one week to allow system administrators to safely update to the latest version.
+<!-- cspell:disable -->
+- [MSA-25-0042](https://moodle.org/mod/forum/discuss.php?d=470382) - Upgrade FPDI including security fix (upstream)
+- [MSA-25-0044](https://moodle.org/mod/forum/discuss.php?d=470384) - External cohort search service method leaks system cohort data
+- [MSA-25-0047](https://moodle.org/mod/forum/discuss.php?d=470387) - Possible to bypass MFA
+- [MSA-25-0048](https://moodle.org/mod/forum/discuss.php?d=470388) - Password brute force risk when mobile/web services enabled
+- [MSA-25-0049](https://moodle.org/mod/forum/discuss.php?d=470389) - Names of hidden groups are visible to users with access to create group calendar events
+- [MSA-25-0050](https://moodle.org/mod/forum/discuss.php?d=470390) - Possible to bypass timer in timed assignments
+<!-- cspell:enable -->
diff --git a/general/releases/4.5/4.5.7.md b/general/releases/4.5/4.5.7.md
@@ -61,5 +61,13 @@ import { ReleaseNoteIntro } from '@site/src/components/ReleaseInformation';
 <!-- cspell:enable -->
 
 ## Security fixes
-
-A number of security related issues were resolved. Details of these issues will be released after a period of approximately one week to allow system administrators to safely update to the latest version.
+<!-- cspell:disable -->
+- [MSA-25-0042](https://moodle.org/mod/forum/discuss.php?d=470382) - Upgrade FPDI including security fix (upstream)
+- [MSA-25-0043](https://moodle.org/mod/forum/discuss.php?d=470383) - Quiz notifications sent to suspended course participants
+- [MSA-25-0044](https://moodle.org/mod/forum/discuss.php?d=470384) - External cohort search service method leaks system cohort data
+- [MSA-25-0045](https://moodle.org/mod/forum/discuss.php?d=470385) - When using router (r.php) it was possible for the server to show application directories
+- [MSA-25-0047](https://moodle.org/mod/forum/discuss.php?d=470387) - Possible to bypass MFA
+- [MSA-25-0048](https://moodle.org/mod/forum/discuss.php?d=470388) - Password brute force risk when mobile/web services enabled
+- [MSA-25-0049](https://moodle.org/mod/forum/discuss.php?d=470389) - Names of hidden groups are visible to users with access to create group calendar events
+- [MSA-25-0050](https://moodle.org/mod/forum/discuss.php?d=470390) - Possible to bypass timer in timed assignments
+<!-- cspell:enable -->
diff --git a/general/releases/5.0/5.0.3.md b/general/releases/5.0/5.0.3.md
@@ -78,5 +78,15 @@ import { ReleaseNoteIntro } from '@site/src/components/ReleaseInformation';
 <!-- cspell:enable -->
 
 ## Security fixes
-
-A number of security related issues were resolved. Details of these issues will be released after a period of approximately one week to allow system administrators to safely update to the latest version.
+<!-- cspell:disable -->
+- [MSA-25-0041](https://moodle.org/mod/forum/discuss.php?d=470381) - Course access permissions are not properly checked in course_output_fragment_course_overview
+- [MSA-25-0042](https://moodle.org/mod/forum/discuss.php?d=470382) - Upgrade FPDI including security fix (upstream)
+- [MSA-25-0043](https://moodle.org/mod/forum/discuss.php?d=470383) - Quiz notifications sent to suspended course participants
+- [MSA-25-0044](https://moodle.org/mod/forum/discuss.php?d=470384) - External cohort search service method leaks system cohort data
+- [MSA-25-0045](https://moodle.org/mod/forum/discuss.php?d=470385) - When using router (r.php) it was possible for the server to show application directories
+- [MSA-25-0046](https://moodle.org/mod/forum/discuss.php?d=470386) - Router produces JSON instead of 404 error when passed a non-existent course ID
+- [MSA-25-0047](https://moodle.org/mod/forum/discuss.php?d=470387) - Possible to bypass MFA
+- [MSA-25-0048](https://moodle.org/mod/forum/discuss.php?d=470388) - Password brute force risk when mobile/web services enabled
+- [MSA-25-0049](https://moodle.org/mod/forum/discuss.php?d=470389) - Names of hidden groups are visible to users with access to create group calendar events
+- [MSA-25-0050](https://moodle.org/mod/forum/discuss.php?d=470390) - Possible to bypass timer in timed assignments
+<!-- cspell:enable -->
