Moodle 3.10.8 release notes: Difference between revisions
From MoodleDocs
(released) |
Dev Docs Bot (talk | contribs) m (Protected "Moodle 3.10.8 release notes": Developer Docs Migration ([Edit=Allow only administrators] (indefinite))) |
||
(2 intermediate revisions by 2 users not shown) | |||
Line 1: | Line 1: | ||
{{Template:Migrated|newDocId=/general/releases/3.10/3.10.8}} | |||
[[Releases]] > {{FULLPAGENAME}} | [[Releases]] > {{FULLPAGENAME}} | ||
Line 54: | Line 55: | ||
==Security fixes== | ==Security fixes== | ||
* [https://moodle.org/mod/forum/discuss.php?d=429095 MSA-21-0038] Remote code execution risk when restoring malformed backup file | |||
* [https://moodle.org/mod/forum/discuss.php?d=429096 MSA-21-0039] Upgrade moodle-mlbackend-python and update its reference in /lib/mlbackend/python/classes/processor.php (upstream). '''Please note:''' If you are using Moodle Analytics, an upgrade to mlbackend version 2.6.4 is required. See the [https://docs.moodle.org/en/Analytics_settings#Versions Analytics settings documentation] for more information about how to upgrade. | |||
* [https://moodle.org/mod/forum/discuss.php?d=429097 MSA-21-0040] Reflected XSS in filetype admin tool | |||
* [https://moodle.org/mod/forum/discuss.php?d=429099 MSA-21-0041] CSRF risk on delete related badge feature | |||
* [https://moodle.org/mod/forum/discuss.php?d=429100 MSA-21-0042] IDOR in a calendar web service allows fetching of other users' action events | |||
==See also== | ==See also== |
Latest revision as of 09:08, 25 May 2022
Important:
This content of this page has been updated and migrated to the new Moodle Developer Resources. The information contained on the page should no longer be seen up-to-date. Why not view this page on the new site and help us to migrate more content to the new site! |
Releases > Moodle 3.10.8 release notes
Release date: 8 November 2021
Here is the full list of fixed issues in 3.10.8.
General fixes and improvements
- MDL-66203 - The submission status stays "Submitted for grading" after a submission is removed by or for the student
- MDL-65943 - RecordRTC Content Does Not Playback in iOS (multiple browsers)
- MDL-26633 - Unable to randomly allocate more than 30 reviews per submission / reviewer
- MDL-64576 - Course completion activity dates are incorrect if course completion criteria have been edited
- MDL-71344 - Drag and drop question type: does not work correctly with multiple questions on one page
- MDL-72607 - Domain restricted Vimeo videos require an updated URL format to load correctly
- MDL-72316 - SVG files being downloaded instead of served in SCORM activities
- MDL-71970 - Fatal error with H5P due to incompatible "Declaration of core_h5p\framework::fetchExternalData"
- MDL-72590 - When unenrolling from a course with self enrolment, the course name does not pass filters
- MDL-71750 - File upload: Submit buttons aren't disabled when upload multiple files
- MDL-72743 - Make question restore more fault tolerant of missing user data in course backups
- MDL-72621 - Drop support for $CFG->admin
- MDL-72515 - Plugins overview page calls curl unnecessarily
- MDL-72507 - Quiz auto-save does not detect uploaded files
- MDL-51165 - Trailing slash in URL supplied to URL Resource causes extra click to open
- MDL-72884 - Inserting an SVG file using the "Insert image" doesn't work well with "Auto-size"
- MDL-56773 - Atto equation editor textarea input should be left aligned in RTL mode
- MDL-72013 - Add jsdoc validation checks
- MDL-72064 - Too easy to accidentally change your answer to a multiple-choice questions
- MDL-72060 - LTI gradebookservice is user gradable in course not working as expected
- MDL-72599 - Cannot configure or delete blocks added to admin/index.php
- MDL-39324 - Adding custom video dimensions to a URL resource reverts media icon back to default
- MDL-71306 - Error when cancelling add cohort_sync enrolment method
- MDL-72767 - Forum digests may not be sent to a user if new posts made near to the digest send time
- MDL-72275 - Timeline block "sort by courses" sometimes fetches incorrect or no results for time periods
- MDL-71785 - Empty quiz section name behaves like new page
- MDL-72342 - Group import from CSV is broken by byte order mark
- MDL-72110 - Admin home page preference not respected
- MDL-72309 - Course creation without category
- MDL-71137 - File upload: The progress bars are displaying error when drag-and-drop multiple files sequentially
- MDL-68325 - 'Complete another course' allows to select courses that has completion tracking disabled
- MDL-71961 - Disable quiz navigation buttons while file uploads are in progress
- MDL-72857 - Issued badge page doesn't filter site/course names (e.g. multi-lang content)
Accessibility improvements
- MDL-72673 - Duplicate element IDs in Glossary
- MDL-72669 - Invalid HTML in multi-answer (Cloze) questions: blank <option> content is not allowed
- MDL-72674 - Give feedback about this software link does not warn users that it opens in a new window
- MDL-71352 - Red/green color for fail/pass in grader report is not accessible
- MDL-72426 - Insufficient colour contrast for the notification and message badges
- MDL-71602 - Essay question type: no lable for the editor where the student enters their response
Security improvements
- MDL-72464 - Web service get_active_tokens doesn't return those without expiry date
Security fixes
- MSA-21-0038 Remote code execution risk when restoring malformed backup file
- MSA-21-0039 Upgrade moodle-mlbackend-python and update its reference in /lib/mlbackend/python/classes/processor.php (upstream). Please note: If you are using Moodle Analytics, an upgrade to mlbackend version 2.6.4 is required. See the Analytics settings documentation for more information about how to upgrade.
- MSA-21-0040 Reflected XSS in filetype admin tool
- MSA-21-0041 CSRF risk on delete related badge feature
- MSA-21-0042 IDOR in a calendar web service allows fetching of other users' action events