Moodle 3.11.9

Unsupported Moodle Version

This version of Moodle is no longer supported and will not receive fixes for security risks.
You are encouraged to upgrade to a supported version of Moodle.

Release date: 22 August 2022

Here is the full list of fixed issues in 3.11.9.

General fixes and improvements

• MDL-62959 - Changing a course event to a user event results in an error
• MDL-74947 - As Admin, when creating an external tool (LTI), "Shared secret" is truncated at < character
• MDL-69251 - LTI enrol method wrongly unenrols users due to bad task internal state
• MDL-68843 - LTI Tools don't get deleted when linked activity module is deleted from course
• MDL-74681 - Reads directly after writes to a table are stale when using read replicas if the update takes too long
• MDL-75386 - Editor stylesheets does not include stylesheets for subplugins
• MDL-75083 - Login form double submission leads to invalid login
• MDL-74492 - Atto editor wrongfully creates UL tags inside SVG
• MDL-73215 - Undefined variable error when online text assignment submission deleted
• MDL-74784 - Related system badges causing badge rendering issue
• MDL-74282 - Outcomes report should not be available if outcomes are disabled
• MDL-74974 - Show correct answer and feedback when overriding grade (backport of MDL-74495)
• MDL-72430 - Editing events results in changing the type of event and removing the Course option
• MDL-56923 - Assignment, Add new criterion icon should be aligned to the right, in RTL mode (theme:boost)

Security improvements

• MDL-75237 - Alternate implementation of MSA-22-0016 applied to fix a regression (Note: There was no new security risk addressed, however MDL-75237 still has access restricted to avoid revealing details of the original vulnerability)

Security fixes

• MSA-22-0021 - Upgrade Mustache to latest version (upstream)
• MSA-22-0022 - CSRF risk in enabling/disabling installed H5P libraries
• MSA-22-0027 - Quiz sequential navigation bypass using web services