Skip to main content

Moodle 3.6.6

Unsupported Moodle Version
This version of Moodle is no longer supported and will not receive fixes for security risks.
You are encouraged to upgrade to a supported version of Moodle.

Release date: 9 September 2019

Here is the full list of fixed issues in 3.6.6.

Fixes and improvements

  • MDL-59911 - Unoconv doesn't work after the scheduled task conversion_cleanup_task has run
  • MDL-65219 - Broken link in messages contact request notification
  • MDL-58026 - Regrading a quiz in progress causes student to lose data
  • MDL-66071 - Cannot update user profile with non-internal auth method such as LDAP
  • MDL-63458 - Do not display "Send a message" option in course participants list if messaging is disabled site-wide
  • MDL-33884 - Export of questions with lots of images as Moodle XML runs out of memory
  • MDL-66136 - Online text assignment error when attempting to submit an image only (with no text)
  • MDL-64598 - Emojis are very big in forum notification emails
  • MDL-35939 - Quiz page title does not tell the user where they are in the quiz
  • MDL-65555 - Course restore excluding groups still restores quiz overrides resulting in extra calendar events
  • MDL-65517 - Manually completed course activities showing in Timeline
  • MDL-65925 - Grade page is broken if submission other than PDF was deleted
  • MDL-66110 - Error reading from database after upgrade to 3.7.1 (MySQL 8.0.2)
  • MDL-65679 - Expanding/collapsing PDF comments causes other annotations to change position
  • MDL-57342 - "Is this your first time here?" shows when self registration disabled and no message in auth_instructions
  • MDL-65116 - Assignment due date does not update for group selection
  • MDL-65908 - Annotated PDF - Comments can't be added and viewed in RTL user interface
  • MDL-65749 - Upgrade PHPMailer
  • MDL-50472 - Maintenance Mode messages don't appear with Force Login enabled
  • MDL-52849 - File picker error messages are not read out in assignment to screen reader users
  • MDL-66272 - Custom theme favicon on LTI provider site breaks LTI authentication
  • MDL-66230 - Deleting a user tour causes error in privacy data export
  • MDL-65975 - Mobile features should reflect new features supported by Moodle App version 3.7 (backport of MDL-61199)
  • MDL-66120 - Remove community finder block - as part of Sunsetting
  • MDL-66072 - Remove course-sharing functionality - as part of Sunsetting
  • MDL-65595 - Multiple choice question text not wrapped in Lesson

Security fixes and improvements

Security fixes

  • MSA-19-0018 JavaScript injection possible in some Mustache templates via recursive rendering from contexts
  • MSA-19-0019 Course creation did not check the creator's role assignment capability before automatically assigning them as a teacher in the course
  • MSA-19-0020 Python Machine Learning dependency versions bumped
  • MSA-19-0021 Activity :addinstance capabilities were not respected when creating a course in single activity format
  • MSA-19-0022 Open redirect in the mobile launch endpoint could be used to expose mobile access tokens
  • MSA-19-0023 Forum subscribe link contained an open redirect if forced subscription mode was enabled

Security improvements

See also