Moodle 3.11.5
Unsupported Moodle Version
This version of Moodle is no longer supported and will not receive fixes for security risks.
You are encouraged to upgrade to a supported version of Moodle.
You are encouraged to upgrade to a supported version of Moodle.
Release date: 17 January 2022
Here is the full list of fixed issues in 3.11.5.
General fixes and improvements
- MDL-68944 - Workshop skips scheduled allocation
- MDL-69467 - H5P attempts not recorded when multiple users have same email address
- MDL-69496 - mod_quiz: Or all available attempts completed setting value lost
- MDL-68773 - Adhoc tasks for backup and restore are stuck in endless fail delay loop
- MDL-59115 - OAuth2 does not pass in all user mapped settings into new account
- MDL-72796 - retry interval in milliseconds for redis session cache is far too high
- MDL-72791 - Custom course field content for new course not found in global search
- MDL-72443 - SVG files do not support the preview mode
- MDL-72716 - You should not be able to add more than one instance of most blocks to your Dashboard
- MDL-72925 - Forum grading separate group filter shows discussion topics in the other groups
- MDL-73414 - Impossible to turn on only "Enable web services" from site admin page
- MDL-73189 - File upload limits not always enforced if there are many simultaneous uploads in progress
- MDL-69061 - Lack of files reported during upgrade to 3.9 when $CFG->admin differs from 'admin'
- MDL-73046 - HTML5 video in the mediaplugin fails when using .MOV files
- MDL-72988 - PHP Notices detected in web server logs (mod_lti)
- MDL-72966 - File upload: Uncaught TypeError from JavaScript when uploading a single file
- MDL-73195 - mod_url: Error makes course/view.php unreachable if an invalid URL is saved
- MDL-73207 - $CFG->scheduled_tasks has incorrect order for dayofweek and months in cron spec
- MDL-72701 - Expand unit test coverage defaults
- MDL-73128 - Image caption warning for external badges
- MDL-73155 - Essay qtype: Error message is displayed when Allow attachments field is reset to 'No'
- MDL-73256 - Disabling "Require email verification" doesn't persist properly the first time
- MDL-73086 - User profile fields are broken when having uppercase in shortname
- MDL-73153 - External badge image not displayed in some cases
- MDL-72992 - Cannot enter feedback from grader report when feedback was previously deleted from assign grader
- MDL-72785 - Can't delete course category
- MDL-73176 - JS exception filtering course participants for keyword containing quotes
- MDL-73402 - Admin bookmarks block is too aggressive at cleaning bookmarked section
- MDL-72870 - Quiz attempt navigation buttons misaligned
- MDL-73039 - Double encoding of site/course name in course download
- MDL-73140 - Badly formatted lists in the grade history report
- MDL-72982 - Data request email breaks organisation signature
- MDL-61671 - Admin mobile certificate check can return errors on valid certificate
- MDL-72789 - Improve filtering by component in eventlist report
- MDL-72908 - Purge all caches only purges the selected cache if selected
- MDL-73074 - Course autocomplete duplicated in report condition/filter
- MDL-73255 - User Participants filter leaves invalid group filter row if no groups are present
Accessibility improvements
- MDL-70274 - The WCAG (cynthia.exe) validator links in the footer is no longer available
- MDL-73026 - Focus outline for modal close button is clipped and has insufficient colour contrast
- MDL-70721 - Need a Mustache helper method for html entities
- MDL-73142 - File extension in Essay accepted file type list is failing accessibility color contrast limits
For developers
- MDL-73175 - Add behat generators for glossary entries and categories
- MDL-73202 - Add behat generators for forum discussions and posts
- MDL-72846 - Create default block generator for testing
- MDL-73269 - Add PHP version and required/optional extensions to composer.json
Security improvements
- MDL-72096 - New helper function for cleaning SQL ORDER BY clauses
- MDL-73295 - sesskey is exposed in url for /user/managetoken.php
Security fixes
- MSA-22-0001 SQL injection risk in code fetching h5p activity user attempts
- MSA-22-0002 calendar:manageentries capability allows CRUD access to all calendar events
- MSA-22-0003 Capability gradereport/user:view not always respected when navigating to a user's course grade report
- MSA-22-0004 CSRF risk in badge alignment deletion