Merge pull request #1493 from mickhawkins/main

[docs] Add security announcements to 5.1.1 and friends

Author: HuongNV13

general/releases/4.1/4.1.22.md

@@ -18,5 +18,15 @@ import { ReleaseNoteIntro } from '@site/src/components/ReleaseInformation';
 <!-- cspell:enable -->
 
 ## Security fixes
-
-A number of security related issues were resolved. Details of these issues will be released after a period of approximately one week to allow system administrators to safely update to the latest version.
+<!-- cspell:disable -->
+- [MSA-25-0051](https://moodle.org/mod/forum/discuss.php?d=471297) - Remote code execution risk via file restore
+- [MSA-25-0052](https://moodle.org/mod/forum/discuss.php?d=471298) - Authentication via LTI Provider available to suspended users
+- [MSA-25-0054](https://moodle.org/mod/forum/discuss.php?d=471300) - XSS risk in formula editor
+- [MSA-25-0055](https://moodle.org/mod/forum/discuss.php?d=471301) - Formula injection risk when exporting data to CSV / Excel
+- [MSA-25-0056](https://moodle.org/mod/forum/discuss.php?d=471302) - Open redirect in OAuth login
+- [MSA-25-0057](https://moodle.org/mod/forum/discuss.php?d=471303) - Password brute force risk from confirmation email web service
+- [MSA-25-0058](https://moodle.org/mod/forum/discuss.php?d=471304) - Participants can access forum ratings without permission
+- [MSA-25-0059](https://moodle.org/mod/forum/discuss.php?d=471305) - Reflected XSS risk in policy tool
+- [MSA-25-0060](https://moodle.org/mod/forum/discuss.php?d=471306) - Badges with a role criterion could be awarded to users who do not hold the role
+- [MSA-25-0061](https://moodle.org/mod/forum/discuss.php?d=471307) - User IDs exposed in URLs when using anonymous submissions in assignment
+<!-- cspell:enable -->

general/releases/4.4/4.4.12.md

@@ -28,5 +28,15 @@ import { ReleaseNoteIntro } from '@site/src/components/ReleaseInformation';
 <!-- cspell:enable -->
 
 ## Security fixes
-
-A number of security related issues were resolved. Details of these issues will be released after a period of approximately one week to allow system administrators to safely update to the latest version.
+<!-- cspell:disable -->
+- [MSA-25-0051](https://moodle.org/mod/forum/discuss.php?d=471297) - Remote code execution risk via file restore
+- [MSA-25-0052](https://moodle.org/mod/forum/discuss.php?d=471298) - Authentication via LTI Provider available to suspended users
+- [MSA-25-0054](https://moodle.org/mod/forum/discuss.php?d=471300) - XSS risk in formula editor
+- [MSA-25-0055](https://moodle.org/mod/forum/discuss.php?d=471301) - Formula injection risk when exporting data to CSV / Excel
+- [MSA-25-0056](https://moodle.org/mod/forum/discuss.php?d=471302) - Open redirect in OAuth login
+- [MSA-25-0057](https://moodle.org/mod/forum/discuss.php?d=471303) - Password brute force risk from confirmation email web service
+- [MSA-25-0058](https://moodle.org/mod/forum/discuss.php?d=471304) - Participants can access forum ratings without permission
+- [MSA-25-0059](https://moodle.org/mod/forum/discuss.php?d=471305) - Reflected XSS risk in policy tool
+- [MSA-25-0060](https://moodle.org/mod/forum/discuss.php?d=471306) - Badges with a role criterion could be awarded to users who do not hold the role
+- [MSA-25-0061](https://moodle.org/mod/forum/discuss.php?d=471307) - User IDs exposed in URLs when using anonymous submissions in assignment
+<!-- cspell:enable -->

general/releases/4.5/4.5.8.md

@@ -59,5 +59,16 @@ import { ReleaseNoteIntro } from '@site/src/components/ReleaseInformation';
 <!-- cspell:enable -->
 
 ## Security fixes
-
-A number of security related issues were resolved. Details of these issues will be released after a period of approximately one week to allow system administrators to safely update to the latest version.
+<!-- cspell:disable -->
+- [MSA-25-0051](https://moodle.org/mod/forum/discuss.php?d=471297) - Remote code execution risk via file restore
+- [MSA-25-0052](https://moodle.org/mod/forum/discuss.php?d=471298) - Authentication via LTI Provider available to suspended users
+- [MSA-25-0053](https://moodle.org/mod/forum/discuss.php?d=471299) - XSS risk via AI prompt injection
+- [MSA-25-0054](https://moodle.org/mod/forum/discuss.php?d=471300) - XSS risk in formula editor
+- [MSA-25-0055](https://moodle.org/mod/forum/discuss.php?d=471301) - Formula injection risk when exporting data to CSV / Excel
+- [MSA-25-0056](https://moodle.org/mod/forum/discuss.php?d=471302) - Open redirect in OAuth login
+- [MSA-25-0057](https://moodle.org/mod/forum/discuss.php?d=471303) - Password brute force risk from confirmation email web service
+- [MSA-25-0058](https://moodle.org/mod/forum/discuss.php?d=471304) - Participants can access forum ratings without permission
+- [MSA-25-0059](https://moodle.org/mod/forum/discuss.php?d=471305) - Reflected XSS risk in policy tool
+- [MSA-25-0060](https://moodle.org/mod/forum/discuss.php?d=471306) - Badges with a role criterion could be awarded to users who do not hold the role
+- [MSA-25-0061](https://moodle.org/mod/forum/discuss.php?d=471307) - User IDs exposed in URLs when using anonymous submissions in assignment
+<!-- cspell:enable -->

general/releases/5.0/5.0.4.md

@@ -113,5 +113,16 @@ import { ReleaseNoteIntro } from '@site/src/components/ReleaseInformation';
 <!-- cspell:enable -->
 
 ## Security fixes
-
-A number of security related issues were resolved. Details of these issues will be released after a period of approximately one week to allow system administrators to safely update to the latest version.
+<!-- cspell:disable -->
+- [MSA-25-0051](https://moodle.org/mod/forum/discuss.php?d=471297) - Remote code execution risk via file restore
+- [MSA-25-0052](https://moodle.org/mod/forum/discuss.php?d=471298) - Authentication via LTI Provider available to suspended users
+- [MSA-25-0053](https://moodle.org/mod/forum/discuss.php?d=471299) - XSS risk via AI prompt injection
+- [MSA-25-0054](https://moodle.org/mod/forum/discuss.php?d=471300) - XSS risk in formula editor
+- [MSA-25-0055](https://moodle.org/mod/forum/discuss.php?d=471301) - Formula injection risk when exporting data to CSV / Excel
+- [MSA-25-0056](https://moodle.org/mod/forum/discuss.php?d=471302) - Open redirect in OAuth login
+- [MSA-25-0057](https://moodle.org/mod/forum/discuss.php?d=471303) - Password brute force risk from confirmation email web service
+- [MSA-25-0058](https://moodle.org/mod/forum/discuss.php?d=471304) - Participants can access forum ratings without permission
+- [MSA-25-0059](https://moodle.org/mod/forum/discuss.php?d=471305) - Reflected XSS risk in policy tool
+- [MSA-25-0060](https://moodle.org/mod/forum/discuss.php?d=471306) - Badges with a role criterion could be awarded to users who do not hold the role
+- [MSA-25-0061](https://moodle.org/mod/forum/discuss.php?d=471307) - User IDs exposed in URLs when using anonymous submissions in assignment
+<!-- cspell:enable -->

general/releases/5.1/5.1.1.md

@@ -113,5 +113,16 @@ import { ReleaseNoteIntro } from '@site/src/components/ReleaseInformation';
 <!-- cspell:enable -->
 
 ## Security fixes
-
-A number of security related issues were resolved. Details of these issues will be released after a period of approximately one week to allow system administrators to safely update to the latest version.
+<!-- cspell:disable -->
+- [MSA-25-0051](https://moodle.org/mod/forum/discuss.php?d=471297) - Remote code execution risk via file restore
+- [MSA-25-0052](https://moodle.org/mod/forum/discuss.php?d=471298) - Authentication via LTI Provider available to suspended users
+- [MSA-25-0053](https://moodle.org/mod/forum/discuss.php?d=471299) - XSS risk via AI prompt injection
+- [MSA-25-0054](https://moodle.org/mod/forum/discuss.php?d=471300) - XSS risk in formula editor
+- [MSA-25-0055](https://moodle.org/mod/forum/discuss.php?d=471301) - Formula injection risk when exporting data to CSV / Excel
+- [MSA-25-0056](https://moodle.org/mod/forum/discuss.php?d=471302) - Open redirect in OAuth login
+- [MSA-25-0057](https://moodle.org/mod/forum/discuss.php?d=471303) - Password brute force risk from confirmation email web service
+- [MSA-25-0058](https://moodle.org/mod/forum/discuss.php?d=471304) - Participants can access forum ratings without permission
+- [MSA-25-0059](https://moodle.org/mod/forum/discuss.php?d=471305) - Reflected XSS risk in policy tool
+- [MSA-25-0060](https://moodle.org/mod/forum/discuss.php?d=471306) - Badges with a role criterion could be awarded to users who do not hold the role
+- [MSA-25-0061](https://moodle.org/mod/forum/discuss.php?d=471307) - User IDs exposed in URLs when using anonymous submissions in assignment
+<!-- cspell:enable -->