Martin Dougiamas (@moodler) send a message to all registered Moodle administrators last week discussing new security patches within versions 1.8.12 and 1.9.8 (to register you need to opt in from your administration dashboard). The announcements for security fixes always come a few days earlier than the general release of versions.
Security vulnerabilities are a serious concern for Moodle.org and users worldwide. In fact, one past security fix released provided a patch to prevent a simple ‘hack’ which exposed all user passwords. By giving Administrators a few days head start it’s possible to put this new code in place so that Administrators can plug the leaks before the general public is aware of the vulnerabilities.
If your Moodle site is not registered MoodleMonthly highly urges you to register. Not only will it provide you with access to urgent updates from the Moodle.org team but it will give Moodle.org a sharper view of their global site, user and course data at http://moodle.org/stats/ (additionally your site will be included at http://moodle.org/sites/).
Here’s the notification (as seen by the general public on 4/1), http://moodle.org/mod/forum/discuss.php?d=147214:
Moodle 1.9.8 and Moodle 1.8.12 were recently released. Apart from a range of bug fixes and small improvements, nine security vulnerabilities (2 critical, 5 major and 2 minor) have been discovered and fixed since Moodle 1.9.7. (Thanks as usual to the reporters and to all the team responsible for fixing and publicising these serious issues).
WE RECOMMEND ALL MOODLE SITES UPGRADE THEIR SITES TO ONE OF THESE VERSIONS AS SOON AS POSSIBLE.
As per our usual release procedure, all 46,000 admins of registered Moodle sites were already privately notified nearly a week ago.
Upgrading from 1.9.7 or 1.8.11 should be a very straightforward affair for most Moodle users, but you may have login issues if you are using a custom authentication method. Full details about the releases can be found in the Moodle 1.9.8 release notes and the Moodle 1.8.12 release notes.