Skip to main content

Moodle 3.6

Unsupported Moodle Version
This version of Moodle is no longer supported and will not receive fixes for security risks.
You are encouraged to upgrade to a supported version of Moodle.

Release date: 3 December 2018

Here is the full list of fixed issues in 3.6.

See our New features page in the user documentation for an introduction to Moodle 3.6 with screenshots.

If you are upgrading from a previous version, please see Upgrading in the user docs. In particular, for sites using a custom theme or login form, from 3.6 onwards, the login form must include a new login token field. See Login token for details.


You are recommended to use Moodle 3.6.1, as it includes a messaging regression fix.

Server requirements

These are just the minimum supported versions. We recommend keeping all of your software and operating systems up-to-date.

  • Moodle upgrade: Moodle 3.1 or later
  • PHP version: minimum PHP 7.0.0 Note: minimum PHP version has increased since Moodle 3.3. PHP 7.1.x, 7.2.x and 7.3.x (since Moodle 3.6.4) are supported too. See Moodle and PHP for details.
  • PHP extension intl is required since Moodle 3.4 (it was recommended in 2.0 onwards)

Database requirements

Moodle supports the following database servers. Again, version numbers are just the minimum supported version. We recommend running the latest stable version of any software.

DatabaseMinimum versionRecommended
PostgreSQL9.411.x - note that 12.x is not yet supported (MDL-67414)
Microsoft SQL Server2008Latest
Oracle Database11.2Latest

Client requirements

Browser support

Moodle is compatible with any standards compliant web browser. We regularly test Moodle with the following browsers:


  • Chrome
  • Firefox
  • Safari
  • Edge
  • Internet Explorer


  • MobileSafari
  • Google Chrome

For the best experience and optimum security, we recommend that you keep your browser up to date.

Note: Legacy browsers with known compatibility issues with Moodle 3.6:

  • Internet Explorer 10 and below
  • Safari 7 and below

Major features

Dashboard and Course overview

GDPR and Privacy

Note that some of these GDPR improvements have also been backported to Moodle 3.5.3, 3.4.6 and 3.3.9.

  • MDL-63116 - Data requests bulk actions
  • MDL-62309 - Option to make site policies required or optional
  • MDL-61652 - Capabilities for controlling who can download SAR data
  • MDL-62563 - Data deletion of existing deleted users
  • MDL-63897 - Pre-processing stage removed from data requests process
  • MDL-62558 - Data retention summary (read-only)
  • MDL-63726 - Option to remove the "Data retention summary" link in the footer
  • MDL-62491 - HTML data request export format
  • MDL-63401 - User expiry improvements
  • MDL-63619 - Data purpose and category inheritance improvements
  • MDL-62560 - Different data retention strategies for different roles in a purpose
  • MDL-62554 - Ability to configure data registry to use module type defaults
  • MDL-63009 - Site mentioned in email notifications of data requests
  • MDL-6074 - Option to hide your name in the online users block


  • MDL-57272 and MDL-63280 - Group messaging
  • MDL-63303 - New messaging UI with messaging drawer
  • MDL-63279 - Option to disable site-wide messaging
  • MDL-63214 - Privacy setting for restricting who can message you
    • The new 'Allow site-wide messaging' setting is disabled by default for new installs but enabled for upgraded sites if $CFG->keepmessagingallusersenabled = true; is defined in config.php
  • MDL-63213 - Option to star messaging conversations
  • MDL-63283 - Notifications not sent for group conversations
  • MDL-63281 - Group members synchronised with messaging conversations members


  • MDL-27520 - Assignment feedback can include media or other files


  • MDL-62610 - Improved quiz statistics report usability for randomized questions
  • MDL-62708 - Option to add ID numbers to questions and question categories
  • MDL-63738 - Single questions can be exported from the question bank


  • MDL-60820 - Teachers can specify workshop submission types


Open Badges


  • MDL-54035 - Performance improvements to cache flags
  • MDL-47962 - Glossary auto-linking filter performance improvements

Usability improvements

  • MDL-51177 - atto_htmlplus implemented to improve Atto editor HTML indenting
  • MDL-45170 - Copy and paste of images from one WYSIWYG window to another
  • MDL-61388 - Forum actions announced by screen reader when completed
  • MDL-62899 - Global search displays a relevant icon next to link in results
  • MDL-46415 - SVG/high resolution emoticons
  • MDL-58000 - Larger badge images are used


Other highlights

Functional changes

  • MDL-17943 - 'Resend confirmation email' button on login page
  • MDL-14274 - IF conditions in grade calculations
  • MDL-37624 - Calendar entries location support
  • MDL-36754 - Images are displayed in forum notification emails
  • MDL-59259 - Course format options may be specified in upload courses CSV file
  • MDL-41265 - Page resource option to show/hide "Last modified"
  • MDL-61378 - Forum post HTML structure improvements
  • MDL-59454 - Option to download the list of course participants
  • MDL-60520 - Analytics models can use different machine learning backends
  • MDL-61573 - User menu: customusermenuitems map Font Awesome icons for non pix/t folders
  • MDL-62320 - JSON added to the default MIME types list
  • MDL-63431 - Atto media plugin title global attribute support
  • MDL-60435 - Shibboleth authentication identity providers
  • MDL-59169 - Grader report saves after edit with multiple tabs
  • MDL-62960 - Drag and drop of course events respects the course start date

Security issues

  • MSA-18-0020 Login CSRF vulnerability in login form. Note that this fix has previously been disclosed following the release of Moodle 3.5.3, 3.4.6, 3.3.9 and 3.1.15.

For administrators

For developers

  • MDL-55188 - Old Events API final deprecation
  • MDL-54741 - Phase 2 of deprecation of functions in lib/deprecatedlib.php
  • MDL-51803 - Reusable element for drag and drop sortable table or list
  • MDL-63329 - memcache session handler removal
  • MDL-63658 - New Favourites subsystem
  • MDL-63729 - Badges web services return new fields and data added by the Open Badges v2.0 specification
  • MDL-50812 - core_useragent::get_browser_version_classes distinguishes between different browsers

Privacy API update

In addition to existing requirements, any plugin which implements the plugin provider interface must also implement the \core_privacy\local\request\core_userlist_provider interface. Two new methods need to be implemented:

However, the two above methods are not required for plugins that implement the null provider only (i.e. which do not store personal data).

Note that these changes are also required for latest Moodle 3.4.6 and 3.5.3 versions.

Behat scenario files

  • MDL-57281 - The behat step I navigate to "ITEM" node in "MAINNODE > PATH" has been deprecated and throws an exception with details on how to replace it. The recommended replacement steps work in all recent Moodle versions. The updated Behat will pass with Moodle 3.4 too.

Login token

If your plugin provides an alternative login form (e.g. it is a theme replacing the default login form template / renderer), the login form must include a new login token field. For details of required changes, see Login token. Note that this also affects latest stable branches too.

New core functions

  • userdate_htmltime()

New callback hooking points in page layouts

  • standard_after_main_region_html - A new general purpose callback hooking point in the page layout. Used for example by the new messaging drawer UI.

Component APIs upgrades

Please refer to the upgrade.txt files in the relevant component directory for changes in this particular Moodle release.