Skip to main content

Moodle 3.11.16

Unsupported Moodle Version
This version of Moodle is no longer supported for general bug fixes.
You are encouraged to upgrade to a supported version of Moodle.

Release date: 14 August 2023

Here is the full list of fixed issues in 3.11.16.

General fixes and improvements

Security fixes

  • MSA-23-0019 - Proxy bypass risk due to insufficient validation
  • MSA-23-0020 - Remote code execution risk when parsing malformed file repository reference
  • MSA-23-0021 - Some block permissions on Dashboard not respected
  • MSA-23-0023 - Stored self-XSS escalated to stored XSS via OAuth 2 login
  • MSA-23-0025 - phpCAS library upgraded to 1.6.0 (upstream)
  • MSA-23-0026 - IDOR in message processor fragments allows fetching of other users' data
  • MSA-23-0027 - JQuery UI library upgraded to 1.13.2 (upstream)
  • MSA-23-0028 - Open redirect risk on admin view all policies page
  • MSA-23-0029 - Competency framework tools are not restricted as intended
  • MSA-23-0030 - Quiz sequential navigation bypass possible