https://moodle.org/mod/forum/view.php?f=1048 How to keep your Moodle site secure and methods for increasing privacy.Please do not post security scans or vulnerability findings in this public forum. Any potential vulnerabilities can be submitted via the Security Submission form, which adheres to our Security Procedures and Responsible Disclosure Policy. Documentation: [[Security]], [[Security FAQ]] and [[Increasing privacy in Moodle]] Before starting a new discussion topic, please check the [[Security FAQ]] and try a forum search. PLEASE DO NOT PUBLISH SECURITY FINDINGS PUBLICLY. If you discover a potential security issue, please report it via our Security Submission Form. For more information about our security processes and responsible disclosure policy, see the Security Procedures documentation. Moodle de (c) 2026 Moodle - Open-source learning platform | Moodle.org https://moodle.org/theme/image.php/moodleorg/core/1779449693/i/rsssitelogo https://moodle.org 140 35 https://moodle.org/mod/forum/discuss.php?d=473975&parent=1899866 Wed, 20 May 2026 11:05:06 GMT von Michael Hawkins. &nbsp;<p><div class="text_to_html">Hi Niki,<br /> <br /> In the first instance, currently the best method is to check the <a title="Auto-link" href="https://moodle.org/plugins">Plugins directory</a> for the maintainer and reaching out directly - sometimes they are linked to our bug tracker, and other times it's more direct contact (message/email via their profile, or reaching out via Github to check how they would like the information disclosed), as they are the primary people who are able to address any issues. Failing that, we are sometimes able to assist with informing plugin maintainers where they can't be reached by other means.<br /> <br /> I cannot find any previous correspondence from you in the security inbox you mentioned, but please reach out via that email address again with further details, so we can try to assist you with responsible disclosure of your findings.<br /> <br /> It is worth noting that in the future, this process will be much easier. A security reporting mechanism is on the roadmap for Moodle Marketplace (though that feature will not be available at launch, it will be available in the future).</div></p> https://moodle.org/mod/forum/discuss.php?d=473975&parent=1899866 https://moodle.org/mod/forum/discuss.php?d=471295&parent=1899756 Mon, 18 May 2026 09:30:08 GMT von Ryn Janecks. &nbsp;<p><div class="text_to_html">I’d also check the Moodle cache after making changes. I’ve had a few situations where things looked broken until I purged all caches and forced the theme/plugin data to rebuild properly.</div></p> https://moodle.org/mod/forum/discuss.php?d=471295&parent=1899756 https://moodle.org/mod/forum/discuss.php?d=474175&parent=1899533 Tue, 12 May 2026 13:17:34 GMT von Marc Couture. &nbsp;<p><div class="text_to_html">Unless you are disabling critical system services in the kernel, I wouldn't worry too much about Moodle having any issues.</div></p> https://moodle.org/mod/forum/discuss.php?d=474175&parent=1899533 https://moodle.org/mod/forum/discuss.php?d=474175&parent=1899418 Sat, 09 May 2026 02:14:17 GMT von Visvanath Ratnaweera. &nbsp;<p><div class="text_to_html">Debian 13 "Trixie" has already deployed the patched kernel. Debian 6.12.86-1 (2026-05-08). And the machine booted! <img class="icon emoticon" alt="zwinkernd" title="zwinkernd" src="https://moodle.org/theme/image.php/moodleorg/core/1779449693/s/wink" /></div></p> https://moodle.org/mod/forum/discuss.php?d=474175&parent=1899418 https://moodle.org/mod/forum/discuss.php?d=474175&parent=1899414 Fri, 08 May 2026 21:24:44 GMT von Petr Skoda. &nbsp;<p><p>you'd do your testing on a staging <a href="https://moodle.org/mod/glossary/showentry.php?eid=30&amp;displayformat=dictionary" title="Glossary of common terms: server" class="glossary autolink concept glossaryid5" data-entryid="30">server</a>, never on a production server</p> </p> https://moodle.org/mod/forum/discuss.php?d=474175&parent=1899414 https://moodle.org/mod/forum/discuss.php?d=474175&parent=1899410 Fri, 08 May 2026 16:48:38 GMT von Ken Task. &nbsp;<p><p><a href="https://moodle.org/mod/glossary/showentry.php?eid=10401&amp;displayformat=dictionary" title="Glossary of common terms: OP" class="glossary autolink concept glossaryid5" data-entryid="10401">OP</a> has a moodle already installed and running.  OP asked if an update to the Kernel would affect the moodle app.   The checks.php script would be a quickie to see if the moodle is running ok.</p> <p>But since you mention a full test, where does one do that via CLI?</p> <p>'SoS', Ken</p> <p></p></p> https://moodle.org/mod/forum/discuss.php?d=474175&parent=1899410 https://moodle.org/mod/forum/discuss.php?d=474175&parent=1899408 Fri, 08 May 2026 15:38:37 GMT von Petr Skoda. &nbsp;<p><p>The only way to find out if server is compatible with Moodle is to run the full suite of PHPUnit and Behat tests. Environment check is for basic OS configuration validation only - it does not tell you if Moodle will actually run fine or not.</p> </p> https://moodle.org/mod/forum/discuss.php?d=474175&parent=1899408 https://moodle.org/mod/forum/discuss.php?d=474175&parent=1899391 Fri, 08 May 2026 08:44:24 GMT von Sergio Rabellino. &nbsp;<p><p>From my understanding, the kernel optimisation introduced for cryptography known as copy.fail, which was found hardly buggy, does not involve Moodle in any way.</p> <p>But you can follow first the suggested mitigation action that can be reverted more simply if you (strangely) got some problems in Moodle, instead of going for the kernel update road.</p></p> https://moodle.org/mod/forum/discuss.php?d=474175&parent=1899391 https://moodle.org/mod/forum/discuss.php?d=474175&parent=1899389 Fri, 08 May 2026 07:59:13 GMT von Visvanath Ratnaweera. &nbsp;<p><div class="text_to_html">In theory, Moodle should work when the Server requirements in its Release notes, eg. <a href="https://moodledev.io/general/releases/4.5" class="_blanktarget">https://moodledev.io/general/releases/4.5</a>, are satisfied. I doesn't react to the kernel version as long as those software it depends on do function.</div> <div class="text_to_html"> </div> <div class="text_to_html">As you see here <a href="https://moodle.org/mod/forum/discuss.php?d=474096" class="_blanktarget">https://moodle.org/mod/forum/discuss.php?d=474096</a> no Moodle is still directly impacted.</div></p> https://moodle.org/mod/forum/discuss.php?d=474175&parent=1899389 https://moodle.org/mod/forum/discuss.php?d=474175&parent=1899388 Fri, 08 May 2026 07:19:32 GMT von Ryotaro Yamada. &nbsp;<p><div class="text_to_html">Thank you very much for your helpful information and comments.<br /> <br /> I understand that kernel-5.14.0-611.49.2.el9_7 and later include the patch for AlmaLinux 9, and that you have not seen issues with Moodle on Rocky Linux 9 systems when checking with checks.php.<br /> <br /> I also understand that this does not provide 100% assurance for our own environment, especially because server configurations, plugins, and operational conditions may differ.<br /> <br /> We will use your comments as a useful reference, and we will consider applying the update first in a test environment, checking Moodle with admin/cli/checks.php -v and performing basic Moodle operation checks before updating the production servers.<br /> <br /> Thank you again for sharing your experience.</div></p> https://moodle.org/mod/forum/discuss.php?d=474175&parent=1899388