Skip to main content

Moodle 3.11.1

Unsupported Moodle Version
This version of Moodle is no longer supported and will not receive fixes for security risks.
You are encouraged to upgrade to a supported version of Moodle.

Release date: 12 July 2021

Here is the full list of fixed issues in 3.11.1.

General fixes and improvements

  • MDL-68925 - Quicklist items broken and cannot be used in PDF Annotator
  • MDL-65203 - Tab characters in event names produce malformed JSON in mustache template
  • MDL-65637 - Linkedin Authentication Stopped working
  • MDL-67975 - Nextcloud integration should allow the use of aliases to files in repository
  • MDL-55243 - SVG files are images and should be allowed for course images, drag-drop questions, etc.
  • MDL-71926 - Add an activity or resource link always visible in 3.11+
  • MDL-71126 - Quiz manual grading: page size preference can get stuck at 0
  • MDL-68915 - Forum and Lesson do not allow a change to max grade after a grade has been given
  • MDL-71659 - Grade item inconsistencies can break courses with courses with activities that require grade
  • MDL-64236 - The content in the Grader report table is partly covered by the scrollbar in RTL mode
  • MDL-67771 - Classic theme - unable to place blocks in Right region of activity modules
  • MDL-71694 - Grade validation failure causes loss of feedback comments
  • MDL-71047 - The cursor position is not correct when paste HTML in Atto editor
  • MDL-71113 - Integrate jsdoc into Grunt and allow for JS Documentation to be generated
  • MDL-70750 - In Survey activity the Response report -> Question doesn't work at all
  • MDL-71559 - User fields: new PROFILE_VISIBLE_TEACHERS constant not supported
  • MDL-71644 - File upload still gets stuck if try to leave page mid-upload
  • MDL-71366 - Checkboxes/Radio Buttons within multiple choice questions become invisible or shrink
  • MDL-71647 - Locally assigned roles no longer searches email address
  • MDL-71628 - Quiz review: names not shown on Manual grading screens
  • MDL-72010 - Quiz should use Moodle's mechanism for keeping the session alive
  • MDL-71947 - The indentation of the text must be corrected in the notice of time limit when starting a quiz
  • MDL-71789 - Add mform validation for invalid url when importing a calendar
  • MDL-71971 - In the "Edit quiz" page, don't stick together the "Repaginate" and the "Select multiple items" button
  • MDL-71838 - Quiz overview report runs out of memory with huge courses
  • MDL-71145 - Drag and Drop Marker Question Type: Saves incorrect marker positions or lost markers
  • MDL-71837 - Export Calendar buttons become inactive after pressing 'Export' (as file)
  • MDL-71836 - Enrol users: Cannot search by username
  • MDL-71832 - Browse list of users page error when sorting by custom user field
  • MDL-69703 - Selected potential group member are not highlighted properly
  • MDL-71438 - Block deletion timeouts can occur on large sites

Accessibility improvements

  • MDL-71373 - Localize hard coded aria-label strings in table pagination and role manager
  • MDL-71669 - Menus opened by Atto buttons are announced as dialog box by screen-readers
  • MDL-71813 - File picker – folder view file details not available using keyboard (Enter)
  • MDL-71668 - Atto buttons do not have proper focus indicator

Security fixes

  • MSA-21-0020 SQL injection risk in code fetching enrolled courses
  • MSA-21-0021 SQL injection risk in code fetching recent courses
  • MSA-21-0022 Remote code execution risk when Shibboleth authentication is enabled
  • MSA-21-0023 Recursion denial of service possible due to recursive cURL in file repository
  • MSA-21-0024 Blind SSRF possible against cURL blocked hosts via redirect
  • MSA-21-0025 Messaging web service allows deletion of other users' messages
  • MSA-21-0026 Stored XSS in the web service token list via user ID number
  • MSA-21-0027 Stored XSS in quiz override screens via user ID number
  • MSA-21-0028 IDOR allows removal of other users' calendar URL subscriptions
  • MSA-21-0029 Stored XSS when exporting to data formats supporting HTML via user ID number
  • MSA-21-0030 Insufficient escaping of users' names in account confirmation email - Note: If you have customised the language string emailconfirmation, you will need to edit the customisation and remove the placeholder {$a->firstname}.
  • MSA-21-0031 Messaging email notifications containing HTML may hide the final line of the email

Translations