Moodle 3.11.4
Release date: 8 November 2021
Here is the full list of fixed issues in 3.11.4.
General fixes and improvements
- MDL-66203 - The submission status stays "Submitted for grading" after a submission is removed by or for the student
- MDL-65943 - RecordRTC Content Does Not Playback in iOS (multiple browsers)
- MDL-26633 - Unable to randomly allocate more than 30 reviews per submission / reviewer
- MDL-72566 - Activity information performance enhancement could cause 'invalidcoursemodule' exception
- MDL-64576 - Course completion activity dates are incorrect if course completion criteria have been edited
- MDL-71344 - Drag and drop question type: does not work correctly with multiple questions on one page
- MDL-72607 - Domain restricted Vimeo videos require an updated URL format to load correctly
- MDL-72316 - SVG files being downloaded instead of served in SCORM activities
- MDL-71970 - Fatal error with H5P due to incompatible "Declaration of core_h5p\framework::fetchExternalData"
- MDL-72590 - When unenrolling from a course with self enrolment, the course name does not pass filters
- MDL-71750 - File upload: Submit buttons aren't disabled when upload multiple files
- MDL-72743 - Make question restore more fault tolerant of missing user data in course backups
- MDL-72621 - Drop support for $CFG->admin
- MDL-72515 - Plugins overview page calls curl unnecessarily
- MDL-72507 - Quiz auto-save does not detect uploaded files
- MDL-51165 - Trailing slash in URL supplied to URL Resource causes extra click to open
- MDL-72884 - Inserting an SVG file using the "Insert image" doesn't work well with "Auto-size"
- MDL-56773 - Atto equation editor textarea input should be left aligned in RTL mode
- MDL-72013 - Add jsdoc validation checks
- MDL-72064 - Too easy to accidentally change your answer to a multiple-choice questions
- MDL-72060 - LTI gradebookservice is user gradable in course not working as expected
- MDL-72599 - Cannot configure or delete blocks added to admin/index.php
- MDL-39324 - Adding custom video dimensions to a URL resource reverts media icon back to default
- MDL-71306 - Error when cancelling add cohort_sync enrolment method
- MDL-72767 - Forum digests may not be sent to a user if new posts made near to the digest send time
- MDL-72275 - Timeline block "sort by courses" sometimes fetches incorrect or no results for time periods
- MDL-71785 - Empty quiz section name behaves like new page
- MDL-72342 - Group import from CSV is broken by byte order mark
- MDL-72110 - Admin home page preference not respected
- MDL-72309 - Course creation without category
- MDL-71137 - File upload: The progress bars are displaying error when drag-and-drop multiple files sequentially
- MDL-68325 - 'Complete another course' allows to select courses that has completion tracking disabled
- MDL-71961 - Disable quiz navigation buttons while file uploads are in progress
- MDL-72857 - Issued badge page doesn't filter site/course names (e.g. multi-lang content)
Accessibility improvements
- MDL-72673 - Duplicate element IDs in Glossary
- MDL-72669 - Invalid HTML in multi-answer (Cloze) questions: blank
<option>
content is not allowed - MDL-72674 - Give feedback about this software link does not warn users that it opens in a new window
- MDL-71352 - Red/green color for fail/pass in grader report is not accessible
- MDL-72426 - Insufficient colour contrast for the notification and message badges
- MDL-71602 - Essay question type: no lable for the editor where the student enters their response
Security improvements
- MDL-72464 - Web service get_active_tokens doesn't return those without expiry date
Security fixes
- MSA-21-0038 Remote code execution risk when restoring malformed backup file
- MSA-21-0039 Upgrade moodle-mlbackend-python and update its reference in /lib/mlbackend/python/classes/processor.php (upstream). Please note: If you are using Moodle Analytics, an upgrade to mlbackend version 2.6.4 is required. See the Analytics settings documentation for more information about how to upgrade.
- MSA-21-0040 Reflected XSS in filetype admin tool
- MSA-21-0041 CSRF risk on delete related badge feature
- MSA-21-0042 IDOR in a calendar web service allows fetching of other users' action events