Skip to main content

Moodle 3.11.13

Unsupported Moodle Version
This version of Moodle is no longer supported and will not receive fixes for security risks.
You are encouraged to upgrade to a supported version of Moodle.

Release date: 13 March 2023

Here is the full list of fixed issues in 3.11.13.

General fixes and improvements

  • MDL-74905 - Decide Moodle 4.2 requirements and push them to environment.xml (due date: 2022-12-26)
  • MDL-75012 - Bump nodejs from lts/gallium to stable (>=v18.x.x, now lts/hydrogen)

Security improvements

  • MDL-76478 - Browsers auto-completing the user's password into inappropriate password unmask form fields

Security fixes

  • MSA-23-0004 - Authenticated SQL injection via availability check
  • MSA-23-0005 - Authenticated arbitrary file read through malformed backup file
  • MSA-23-0006 - XSS risk when outputting database activity filter data
  • MSA-23-0007 - Algebra filter XSS when filter is misconfigured
  • MSA-23-0008 - Pix helper potential Mustache code injection risk
  • MSA-23-0011 - Teacher can access names of users they do not have permission to access
  • MSA-23-0012 - Course participation report shows roles the user should not see