Moodle 3.1.8 release notes: Difference between revisions
From MoodleDocs
Line 14: | Line 14: | ||
===Security issues=== | ===Security issues=== | ||
* [https://moodle.org/mod/forum/discuss.php?d=358585 MSA-17-0017] XSS in contact form on "non-respondents" page in non-anonymous feedback | |||
* [https://moodle.org/mod/forum/discuss.php?d=358586 MSA-17-0018] Course reports are not respecting group settings in courses | |||
* [https://moodle.org/mod/forum/discuss.php?d=358587 MSA-17-0019] user_can_view_profile() incorrectly assumes $course as shared course | |||
* [https://moodle.org/mod/forum/discuss.php?d=358588 MSA-17-0020] Admins may not know that exposing vendor directory is a security risk | |||
==See also== | ==See also== |
Revision as of 03:09, 18 September 2017
This version of Moodle is no longer supported for general bug fixes. You are encouraged to upgrade to a supported version of Moodle.
Releases > Moodle 3.1.8 release notes
Release date: 11 September 2017
Here is the full list of fixed issues in 3.1.8.
Fixes and improvements
- MDL-57649 - Lesson: Fixed bug when files unrelated to the deleted pages were deleted
- MDL-59068 - Lesson: Restore the behaviour of "No, I just want to go on to the next question"
Security issues
- MSA-17-0017 XSS in contact form on "non-respondents" page in non-anonymous feedback
- MSA-17-0018 Course reports are not respecting group settings in courses
- MSA-17-0019 user_can_view_profile() incorrectly assumes $course as shared course
- MSA-17-0020 Admins may not know that exposing vendor directory is a security risk