Moodle 5.0.8
Unsupported Moodle Version
This version of Moodle is no longer supported for general bug fixes.
You are encouraged to upgrade to a supported version of Moodle.
You are encouraged to upgrade to a supported version of Moodle.
Release date: 8 June 2026
Here is the full list of fixed issues in 5.0.8.
General fixes and improvements
- MDL-88637 - H5P content fails to load or navigate after Moodle 4.5.11 upgrade / h5plibraryhandler 1.28
- MDL-88518 - H5P downloader task fails on new sites
Security improvements
- MDL-83526 - Session Token Missing SameSite Attribute
Security fixes
- MSA-26-0012 - Arbitrary file read risk in Database activity module
- MSA-26-0013 - Email-based MFA bypass
- MSA-26-0014 - Arbitrary file read risk in backup restore
- MSA-26-0015 - RCE risk via admin presets import
- MSA-26-0016 - Missing group access checks in grade web services
- MSA-26-0017 - IDOR allows arbitrary comment deletion
- MSA-26-0018 - CSRF risk in user homepage preference setting
- MSA-26-0019 - CSRF risk in user profile page reset
- MSA-26-0020 - Reflected XSS via Feedback import error message
- MSA-26-0021 - CSRF and XSS in grade item idnumber editing
- MSA-26-0022 - CSRF risk in group messaging state toggle
- MSA-26-0023 - CSRF risk when adding quiz section headings
- MSA-26-0024 - Missing capability checks in AI placement web services
- MSA-26-0025 - CSRF risk in quiz attempt regrading
- MSA-26-0026 - Missing capability check in Assignment marker allocation
- MSA-26-0027 - Blind SSRF risk in MNet peers function
- MSA-26-0028 - DoS risk via user profile description
- MSA-26-0029 - Missing capability checks in report builder fragment callbacks