Releases > Moodle 3.6.6 release notes

Release date: 9 September 2019

Here is the full list of fixed issues in 3.6.6.

Fixes and improvements

• MDL-59911 - Unoconv doesn't work after the scheduled task conversion_cleanup_task has run
• MDL-65219 - Broken link in messages contact request notification
• MDL-58026 - Regrading a quiz in progress causes student to lose data
• MDL-66071 - Cannot update user profile with non-internal auth method such as LDAP
• MDL-63458 - Do not display "Send a message" option in course participants list if messaging is disabled site-wide
• MDL-33884 - Export of questions with lots of images as Moodle XML runs out of memory
• MDL-66136 - Online text assignment error when attempting to submit an image only (with no text)
• MDL-64598 - Emojis are very big in forum notification emails
• MDL-35939 - Quiz page title does not tell the user where they are in the quiz
• MDL-65555 - Course restore excluding groups still restores quiz overrides resulting in extra calendar events
• MDL-65517 - Manually completed course activities showing in Timeline
• MDL-65925 - Grade page is broken if submission other than PDF was deleted
• MDL-66110 - Error reading from database after upgrade to 3.7.1 (MySQL 8.0.2)
• MDL-65679 - Expanding/collapsing PDF comments causes other annotations to change position
• MDL-57342 - "Is this your first time here?" shows when self registration disabled and no message in auth_instructions
• MDL-65116 - Assignment due date does not update for group selection
• MDL-65908 - Annotated PDF - Comments can't be added and viewed in RTL user interface
• MDL-65749 - Upgrade PHPMailer
• MDL-50472 - Maintenance Mode messages don't appear with Force Login enabled
• MDL-52849 - File picker error messages are not read out in assignment to screen reader users
• MDL-66272 - Custom theme favicon on LTI provider site breaks LTI authentication
• MDL-66230 - Deleting a user tour causes error in privacy data export
• MDL-65975 - Mobile features should reflect new features supported by Moodle App version 3.7 (backport of MDL-61199)
• MDL-66120 - Remove community finder block - as part of Sunsetting moodle.net
• MDL-66072 - Remove course-sharing functionality - as part of Sunsetting moodle.net
• MDL-65595 - Multiple choice question text not wrapped in Lesson

Security fixes and improvements

Security fixes

• MSA-19-0018 JavaScript injection possible in some Mustache templates via recursive rendering from contexts
• MSA-19-0019 Course creation did not check the creator's role assignment capability before automatically assigning them as a teacher in the course
• MSA-19-0020 Python Machine Learning dependency versions bumped
• MSA-19-0021 Activity :addinstance capabilities were not respected when creating a course in single activity format
• MSA-19-0022 Open redirect in the mobile launch endpoint could be used to expose mobile access tokens
• MSA-19-0023 Forum subscribe link contained an open redirect if forced subscription mode was enabled

Security improvements

• MDL-65443 - Context freezing not logged

See also

• Moodle 3.6.5 release notes