Note:

If you want to create a new page for developers, you should create it on the Moodle Developer Resource site.

Moodle 3.1.8 release notes: Difference between revisions

From MoodleDocs
Line 14: Line 14:
===Security issues===
===Security issues===


A number of security related issues were resolved. Details of these issues will be released after a period of approximately one week to allow system administrators to safely update to the latest version.
* [https://moodle.org/mod/forum/discuss.php?d=358585 MSA-17-0017] XSS in contact form on "non-respondents" page in non-anonymous feedback
* [https://moodle.org/mod/forum/discuss.php?d=358586 MSA-17-0018] Course reports are not respecting group settings in courses
* [https://moodle.org/mod/forum/discuss.php?d=358587 MSA-17-0019] user_can_view_profile() incorrectly assumes $course as shared course
* [https://moodle.org/mod/forum/discuss.php?d=358588 MSA-17-0020] Admins may not know that exposing vendor directory is a security risk


==See also==
==See also==

Revision as of 03:09, 18 September 2017

This version of Moodle is no longer supported for general bug fixes. You are encouraged to upgrade to a supported version of Moodle.

Releases > Moodle 3.1.8 release notes

Release date: 11 September 2017

Here is the full list of fixed issues in 3.1.8.

Fixes and improvements

  • MDL-57649 - Lesson: Fixed bug when files unrelated to the deleted pages were deleted
  • MDL-59068 - Lesson: Restore the behaviour of "No, I just want to go on to the next question"

Security issues

  • MSA-17-0017 XSS in contact form on "non-respondents" page in non-anonymous feedback
  • MSA-17-0018 Course reports are not respecting group settings in courses
  • MSA-17-0019 user_can_view_profile() incorrectly assumes $course as shared course
  • MSA-17-0020 Admins may not know that exposing vendor directory is a security risk

See also