Moodle 3.11.1
Release date: 12 July 2021
Here is the full list of fixed issues in 3.11.1.
General fixes and improvements
- MDL-68925 - Quicklist items broken and cannot be used in PDF Annotator
- MDL-65203 - Tab characters in event names produce malformed JSON in mustache template
- MDL-65637 - Linkedin Authentication Stopped working
- MDL-67975 - Nextcloud integration should allow the use of aliases to files in repository
- MDL-55243 - SVG files are images and should be allowed for course images, drag-drop questions, etc.
- MDL-71926 - Add an activity or resource link always visible in 3.11+
- MDL-71126 - Quiz manual grading: page size preference can get stuck at 0
- MDL-68915 - Forum and Lesson do not allow a change to max grade after a grade has been given
- MDL-71659 - Grade item inconsistencies can break courses with courses with activities that require grade
- MDL-64236 - The content in the Grader report table is partly covered by the scrollbar in RTL mode
- MDL-67771 - Classic theme - unable to place blocks in Right region of activity modules
- MDL-71694 - Grade validation failure causes loss of feedback comments
- MDL-71047 - The cursor position is not correct when paste HTML in Atto editor
- MDL-71113 - Integrate jsdoc into Grunt and allow for JS Documentation to be generated
- MDL-70750 - In Survey activity the Response report -> Question doesn't work at all
- MDL-71559 - User fields: new PROFILE_VISIBLE_TEACHERS constant not supported
- MDL-71644 - File upload still gets stuck if try to leave page mid-upload
- MDL-71366 - Checkboxes/Radio Buttons within multiple choice questions become invisible or shrink
- MDL-71647 - Locally assigned roles no longer searches email address
- MDL-71628 - Quiz review: names not shown on Manual grading screens
- MDL-72010 - Quiz should use Moodle's mechanism for keeping the session alive
- MDL-71947 - The indentation of the text must be corrected in the notice of time limit when starting a quiz
- MDL-71789 - Add mform validation for invalid url when importing a calendar
- MDL-71971 - In the "Edit quiz" page, don't stick together the "Repaginate" and the "Select multiple items" button
- MDL-71838 - Quiz overview report runs out of memory with huge courses
- MDL-71145 - Drag and Drop Marker Question Type: Saves incorrect marker positions or lost markers
- MDL-71837 - Export Calendar buttons become inactive after pressing 'Export' (as file)
- MDL-71836 - Enrol users: Cannot search by username
- MDL-71832 - Browse list of users page error when sorting by custom user field
- MDL-69703 - Selected potential group member are not highlighted properly
- MDL-71438 - Block deletion timeouts can occur on large sites
Accessibility improvements
- MDL-71373 - Localize hard coded aria-label strings in table pagination and role manager
- MDL-71669 - Menus opened by Atto buttons are announced as dialog box by screen-readers
- MDL-71813 - File picker – folder view file details not available using keyboard (Enter)
- MDL-71668 - Atto buttons do not have proper focus indicator
Security fixes
- MSA-21-0020 SQL injection risk in code fetching enrolled courses
- MSA-21-0021 SQL injection risk in code fetching recent courses
- MSA-21-0022 Remote code execution risk when Shibboleth authentication is enabled
- MSA-21-0023 Recursion denial of service possible due to recursive cURL in file repository
- MSA-21-0024 Blind SSRF possible against cURL blocked hosts via redirect
- MSA-21-0025 Messaging web service allows deletion of other users' messages
- MSA-21-0026 Stored XSS in the web service token list via user ID number
- MSA-21-0027 Stored XSS in quiz override screens via user ID number
- MSA-21-0028 IDOR allows removal of other users' calendar URL subscriptions
- MSA-21-0029 Stored XSS when exporting to data formats supporting HTML via user ID number
- MSA-21-0030 Insufficient escaping of users' names in account confirmation email - Note: If you have customised the language string emailconfirmation, you will need to edit the customisation and remove the placeholder
{$a->firstname}
. - MSA-21-0031 Messaging email notifications containing HTML may hide the final line of the email