Skip to main content

Moodle 3.11.16

Unsupported Moodle Version
This version of Moodle is no longer supported and will not receive fixes for security risks.
You are encouraged to upgrade to a supported version of Moodle.

Release date: 14 August 2023

Here is the full list of fixed issues in 3.11.16.

General fixes and improvements

Security fixes

  • MSA-23-0019 - Proxy bypass risk due to insufficient validation
  • MSA-23-0020 - Remote code execution risk when parsing malformed file repository reference
  • MSA-23-0021 - Some block permissions on Dashboard not respected
  • MSA-23-0023 - Stored self-XSS escalated to stored XSS via OAuth 2 login
  • MSA-23-0025 - phpCAS library upgraded to 1.6.0 (upstream)
  • MSA-23-0026 - IDOR in message processor fragments allows fetching of other users' data
  • MSA-23-0027 - JQuery UI library upgraded to 1.13.2 (upstream)
  • MSA-23-0028 - Open redirect risk on admin view all policies page
  • MSA-23-0029 - Competency framework tools are not restricted as intended
  • MSA-23-0030 - Quiz sequential navigation bypass possible