Moodle 3.7.2 release notes

From MoodleDocs

Releases > Moodle 3.7.2 release notes

Release date: 9 September 2019

Here is the full list of fixed issues in 3.7.2.

Fixes and improvements

  • MDL-59911 - Unoconv doesn't work after the scheduled task conversion_cleanup_task has run
  • MDL-65219 - Broken link in messages contact request notification
  • MDL-58026 - Regrading a quiz in progress causes student to lose data
  • MDL-66071 - Cannot update user profile with non-internal auth method such as LDAP
  • MDL-63458 - Do not display "Send a message" option in course participants list if messaging is disabled site-wide
  • MDL-33884 - Export of questions with lots of images as Moodle XML runs out of memory
  • MDL-66136 - Online text assignment error when attempting to submit an image only (with no text)
  • MDL-66021 - 'Delete and then restore' doesn't delete when using asynchronous restore
  • MDL-64598 - Emojis are very big in forum notification emails
  • MDL-35939 - Quiz page title does not tell the user where they are in the quiz
  • MDL-65555 - Course restore excluding groups still restores quiz overrides resulting in extra calendar events
  • MDL-65517 - Manually completed course activities showing in Timeline
  • MDL-65925 - Grade page is broken if submission other than PDF was deleted
  • MDL-66110 - Error reading from database after upgrade to 3.7.1 (MySQL 8.0.2)
  • MDL-65679 - Expanding/collapsing PDF comments causes other annotations to change position
  • MDL-57342 - "Is this your first time here?" shows when self registration disabled and no message in auth_instructions
  • MDL-65954 - Exporting table data to PDF places entries in wrong columns
  • MDL-65116 - Assignment due date does not update for group selection
  • MDL-65786 - Blog-like format forum no longer shows unread messages count
  • MDL-65908 - Annotated PDF - Comments can't be added and viewed in RTL user interface
  • MDL-65749 - Upgrade PHPMailer
  • MDL-50472 - Maintenance Mode messages don't appear with Force Login enabled
  • MDL-52849 - File picker error messages are not read out in assignment to screen reader users
  • MDL-66272 - Custom theme favicon on LTI provider site breaks LTI authentication
  • MDL-66230 - Deleting a user tour causes error in privacy data export
  • MDL-64757 - Some Dashboard elements are following browser language, not page language
  • MDL-66120 - Remove community finder block - as part of Sunsetting
  • MDL-66072 - Remove course-sharing functionality - as part of Sunsetting
  • MDL-65595 - Multiple choice question text not wrapped in Lesson

Security fixes and improvements

Security fixes

  • MSA-19-0018 JavaScript injection possible in some Mustache templates via recursive rendering from contexts
  • MSA-19-0019 Course creation did not check the creator's role assignment capability before automatically assigning them as a teacher in the course
  • MSA-19-0020 Python Machine Learning dependency versions bumped
  • MSA-19-0021 Activity :addinstance capabilities were not respected when creating a course in single activity format
  • MSA-19-0022 Open redirect in the mobile launch endpoint could be used to expose mobile access tokens
  • MSA-19-0023 Forum subscribe link contained an open redirect if forced subscription mode was enabled

Security improvements

See also