Merge pull request #1212 from mickhawkins/main

junpataleta · web-flow · commit e78cceedb06d · 2024-12-17T11:45:31.000Z
[docs] Add security announcements to 4.5.1 and friends
diff --git a/general/releases/4.1/4.1.15.md b/general/releases/4.1/4.1.15.md
@@ -13,5 +13,10 @@ import { ReleaseNoteIntro } from '@site/src/components/ReleaseInformation';
 <ReleaseNoteIntro releaseName={frontMatter.moodleVersion} />
 
 ## Security fixes
-
-A number of security related issues were resolved. Details of these issues will be released after a period of approximately one week to allow system administrators to safely update to the latest version.
+<!-- cspell:disable -->
+- [MSA-24-0051](https://moodle.org/mod/forum/discuss.php?d=464554) - Unprotected access to sensitive information via learning plan web service
+- [MSA-24-0052](https://moodle.org/mod/forum/discuss.php?d=464555) - Tag index page displays other users tagged with the selected tag
+- [MSA-24-0053](https://moodle.org/mod/forum/discuss.php?d=464556) - Email change confirmation token available via preference
+- [MSA-24-0054](https://moodle.org/mod/forum/discuss.php?d=464557) - Database activity issue in separate groups mode, for users not in a group
+- [MSA-24-0056](https://moodle.org/mod/forum/discuss.php?d=464559) - Potential denial of service risk due to guest sessions' longer timeout period
+<!-- cspell:enable -->
diff --git a/general/releases/4.3/4.3.9.md b/general/releases/4.3/4.3.9.md
@@ -13,5 +13,11 @@ import { ReleaseNoteIntro } from '@site/src/components/ReleaseInformation';
 <ReleaseNoteIntro releaseName={frontMatter.moodleVersion} />
 
 ## Security fixes
-
-A number of security related issues were resolved. Details of these issues will be released after a period of approximately one week to allow system administrators to safely update to the latest version.
+<!-- cspell:disable -->
+- [MSA-24-0051](https://moodle.org/mod/forum/discuss.php?d=464554) - Unprotected access to sensitive information via learning plan web service
+- [MSA-24-0052](https://moodle.org/mod/forum/discuss.php?d=464555) - Tag index page displays other users tagged with the selected tag
+- [MSA-24-0053](https://moodle.org/mod/forum/discuss.php?d=464556) - Email change confirmation token available via preference
+- [MSA-24-0054](https://moodle.org/mod/forum/discuss.php?d=464557) - Database activity issue in separate groups mode, for users not in a group
+- [MSA-24-0055](https://moodle.org/mod/forum/discuss.php?d=464558) - Reflected XSS in question bank filter
+- [MSA-24-0056](https://moodle.org/mod/forum/discuss.php?d=464559) - Potential denial of service risk due to guest sessions' longer timeout period
+<!-- cspell:enable -->
diff --git a/general/releases/4.4/4.4.5.md b/general/releases/4.4/4.4.5.md
@@ -77,5 +77,11 @@ import { ReleaseNoteIntro } from '@site/src/components/ReleaseInformation';
 <!-- cspell:enable -->
 
 ## Security fixes
-
-A number of security related issues were resolved. Details of these issues will be released after a period of approximately one week to allow system administrators to safely update to the latest version.
+<!-- cspell:disable -->
+- [MSA-24-0051](https://moodle.org/mod/forum/discuss.php?d=464554) - Unprotected access to sensitive information via learning plan web service
+- [MSA-24-0052](https://moodle.org/mod/forum/discuss.php?d=464555) - Tag index page displays other users tagged with the selected tag
+- [MSA-24-0053](https://moodle.org/mod/forum/discuss.php?d=464556) - Email change confirmation token available via preference
+- [MSA-24-0054](https://moodle.org/mod/forum/discuss.php?d=464557) - Database activity issue in separate groups mode, for users not in a group
+- [MSA-24-0055](https://moodle.org/mod/forum/discuss.php?d=464558) - Reflected XSS in question bank filter
+- [MSA-24-0056](https://moodle.org/mod/forum/discuss.php?d=464559) - Potential denial of service risk due to guest sessions' longer timeout period
+<!-- cspell:enable -->
diff --git a/general/releases/4.5/4.5.1.md b/general/releases/4.5/4.5.1.md
@@ -85,5 +85,11 @@ import { ReleaseNoteIntro } from '@site/src/components/ReleaseInformation';
 <!-- cspell:enable -->
 
 ## Security fixes
-
-A number of security related issues were resolved. Details of these issues will be released after a period of approximately one week to allow system administrators to safely update to the latest version.
+<!-- cspell:disable -->
+- [MSA-24-0051](https://moodle.org/mod/forum/discuss.php?d=464554) - Unprotected access to sensitive information via learning plan web service
+- [MSA-24-0052](https://moodle.org/mod/forum/discuss.php?d=464555) - Tag index page displays other users tagged with the selected tag
+- [MSA-24-0053](https://moodle.org/mod/forum/discuss.php?d=464556) - Email change confirmation token available via preference
+- [MSA-24-0054](https://moodle.org/mod/forum/discuss.php?d=464557) - Database activity issue in separate groups mode, for users not in a group
+- [MSA-24-0055](https://moodle.org/mod/forum/discuss.php?d=464558) - Reflected XSS in question bank filter
+- [MSA-24-0056](https://moodle.org/mod/forum/discuss.php?d=464559) - Potential denial of service risk due to guest sessions' longer timeout period
+<!-- cspell:enable -->
