Skip to main content

Moodle 3.11.17

Unsupported Moodle Version
This version of Moodle is no longer supported for general bug fixes.
You are encouraged to upgrade to a supported version of Moodle.

Release date: 9 October 2023

Here is the full list of fixed issues in 3.11.17.

General fixes and improvements

  • MDL-79360 - Broken nolink tag support in text filtering

Accessibility improvements

  • MDL-78806 - Accessibility issue: Page title does not contain website (WCAG 2.1 - 2.4.2 Page Titled)

Security improvements

  • MDL-79017 - Semicolon or closing curly braces in reference filename break \file_storage::unpack_reference

Security fixes

  • MSA-23-0031 - Authenticated remote code execution risk in Lesson
  • MSA-23-0032 - Authenticated remote code execution risk in IMSCP
  • MSA-23-0033 - XSS risk when using CSV grade import method
  • MSA-23-0036 - Stored XSS and potential IDOR risk in Wiki comments
  • MSA-23-0037 - Auto-populated H5P author name causes a potential information leak
  • MSA-23-0039 - XSS risk when previewing data in course upload tool
  • MSA-23-0040 - Make file serving endpoints revision control stricter
  • MSA-23-0041 - Insufficient capability checks when updating the parent of a course category
  • MSA-23-0042 - RCE due to LFI risk in some misconfigured shared hosting environments
  • MSA-23-0043 - Forum summary report shows students from other groups when in Separate Groups mode