We released some new versions of Moodle last week: full details about them are on the sparkly new Moodle download page.
As usual these point releases wrap up a good number of small fixes and enhancements, including a brand-new security report from Petr Skoda that helps admins discover and correct insecure settings (note that a small performance issue affecting some users has already been fixed since 1.9.4 so get the latest weekly if you can)
Most importantly, there are also fixes for all the security vulnerabilities reported on the Moodle Tracker over the past few months (thanks to all those who reported them!). Full details of these security fixes are, as usual, disclosed on our security page. (Note that administrators of registered Moodle sites were already informed about these releases a week ago as per our normal release process). To keep your sites safe all you need to do is upgrade your Moodle sites as soon as you can! If you would like to discuss any of the disclosed vulnerabilities or general techniques to improve the security of your own site, please come to our Security and Privacy forum.
It's also worth mentioning that Moodle 1.6.9 and Moodle 1.7.7 mark the last builds that the core team plan to release from those branches (unless someone else volunteers to maintain them) due to the amount of work involved. In short, please upgrade to later versions!
In the meantime, we are also pushing ahead rapidly with the Moodle 2.0 roadmap and a number of enhancements for Moodle 1.9.5 ... some exciting things lie ahead!
Cheers,
Martin
P.S. Did I mention you really should upgrade your Moodle sites?