diff --git a/filter/mathjaxloader/db/upgrade.php b/filter/mathjaxloader/db/upgrade.php index 9b64471bc64..3e83f5aa216 100644 --- a/filter/mathjaxloader/db/upgrade.php +++ b/filter/mathjaxloader/db/upgrade.php @@ -43,5 +43,17 @@ function xmldb_filter_mathjaxloader_upgrade($oldversion) { // Automatically generated Moodle v3.8.0 release upgrade line. // Put any upgrade step following this. + if ($oldversion < 2020050401) { + // Update CDN url. + $originalurl = 'https://cdnjs.cloudflare.com/ajax/libs/mathjax/2.7.2/MathJax.js'; + $newurl = 'https://cdn.jsdelivr.net/npm/mathjax@2.7.8/MathJax.js'; + $currenturl = get_config('filter_mathjaxloader', 'httpsurl'); + if ($currenturl == $originalurl) { + set_config('httpsurl', $newurl, 'filter_mathjaxloader'); + } + + upgrade_plugin_savepoint(true, 2020050401, 'filter', 'mathjaxloader'); + } + return true; } diff --git a/filter/mathjaxloader/readme_moodle.txt b/filter/mathjaxloader/readme_moodle.txt index 055a986e8b6..32a4fc00067 100644 --- a/filter/mathjaxloader/readme_moodle.txt +++ b/filter/mathjaxloader/readme_moodle.txt @@ -1,7 +1,7 @@ Description of MathJAX library integration in Moodle ==================================================== -* Default MathJax version: 2.7.2 +* Default MathJax version: 2.7.8 * License: Apache 2.0 * Source: https://www.mathjax.org/ @@ -18,3 +18,8 @@ Upgrading the default MathJax version 3. Check and eventually update the list of language mappings in filter.php. Also see the unit test for the language mappings. +Changes +------- + +* The MathJax 2.7.2 seems to have a possible security issue, the CDN default value have been +updated to point to the recommended 2.7.8 version. See MDL-68430 for details. diff --git a/filter/mathjaxloader/settings.php b/filter/mathjaxloader/settings.php index a911788d89b..06ceee8f102 100644 --- a/filter/mathjaxloader/settings.php +++ b/filter/mathjaxloader/settings.php @@ -33,7 +33,7 @@ if ($ADMIN->fulltree) { $item = new admin_setting_configtext('filter_mathjaxloader/httpsurl', new lang_string('httpsurl', 'filter_mathjaxloader'), new lang_string('httpsurl_help', 'filter_mathjaxloader'), - 'https://cdnjs.cloudflare.com/ajax/libs/mathjax/2.7.2/MathJax.js', + 'https://cdn.jsdelivr.net/npm/mathjax@2.7.8/MathJax.js', PARAM_RAW); $settings->add($item); diff --git a/filter/mathjaxloader/version.php b/filter/mathjaxloader/version.php index 6659239738e..774eac9ccf5 100644 --- a/filter/mathjaxloader/version.php +++ b/filter/mathjaxloader/version.php @@ -24,6 +24,6 @@ defined('MOODLE_INTERNAL') || die(); -$plugin->version = 2019111800; +$plugin->version = 2020050401; $plugin->requires = 2019111200; // Requires this Moodle version. $plugin->component= 'filter_mathjaxloader';