-
Bug
-
Resolution: Fixed
-
Major
-
3.9.16, 3.11.9, 4.0.3
-
MOODLE_311_STABLE, MOODLE_39_STABLE, MOODLE_400_STABLE
-
MOODLE_311_STABLE, MOODLE_39_STABLE, MOODLE_400_STABLE
-
MDL-75550-master -
-
1
-
Team Hedgehog 4.1 sprint 0.3
We recently upgraded Mustache to version 2.14.1 to apply a security fix made in that version. We used the officially tagged version in Github for that update. There is a small oversight in that version (in the upstream repo), where the version number listed in the code is 2.14.0 (which at the time we decided to leave as-is so it was correct to the original library).
Unfortunately, it seems like that may cause some confusion / false positive security reports, where people see the version number and assume the code is the un-patched 2.14.0 version.
To avoid further confusion, we should make the following change in the Mustache library on master, 400, 311 and 310:
https://github.com/bobthecow/mustache.php/commit/d36cd805c41dd21710a4ce9f2f385eeb51aacaba