Note:

If you want to create a new page for developers, you should create it on the Moodle Developer Resource site.

Moodle 3.10.8 release notes: Difference between revisions

From MoodleDocs
(released)
m (Protected "Moodle 3.10.8 release notes": Developer Docs Migration ([Edit=Allow only administrators] (indefinite)))
 
(2 intermediate revisions by 2 users not shown)
Line 1: Line 1:
{{Template:Migrated|newDocId=/general/releases/3.10/3.10.8}}
[[Releases]] > {{FULLPAGENAME}}
[[Releases]] > {{FULLPAGENAME}}
   
   
Line 54: Line 55:
==Security fixes==
==Security fixes==
 
 
Details of any security issues will be released after a period of approximately one week to allow system administrators to safely update to the latest version.
* [https://moodle.org/mod/forum/discuss.php?d=429095 MSA-21-0038] Remote code execution risk when restoring malformed backup file
* [https://moodle.org/mod/forum/discuss.php?d=429096 MSA-21-0039] Upgrade moodle-mlbackend-python and update its reference in /lib/mlbackend/python/classes/processor.php (upstream). '''Please note:''' If you are using Moodle Analytics, an upgrade to mlbackend version 2.6.4 is required. See the [https://docs.moodle.org/en/Analytics_settings#Versions Analytics settings documentation] for more information about how to upgrade.
* [https://moodle.org/mod/forum/discuss.php?d=429097 MSA-21-0040] Reflected XSS in filetype admin tool
* [https://moodle.org/mod/forum/discuss.php?d=429099 MSA-21-0041] CSRF risk on delete related badge feature
* [https://moodle.org/mod/forum/discuss.php?d=429100 MSA-21-0042] IDOR in a calendar web service allows fetching of other users' action events


==See also==
==See also==

Latest revision as of 09:08, 25 May 2022

Important:

This content of this page has been updated and migrated to the new Moodle Developer Resources. The information contained on the page should no longer be seen up-to-date.

Why not view this page on the new site and help us to migrate more content to the new site!

Releases > Moodle 3.10.8 release notes


Release date: 8 November 2021

Here is the full list of fixed issues in 3.10.8.

General fixes and improvements

  • MDL-66203 - The submission status stays "Submitted for grading" after a submission is removed by or for the student
  • MDL-65943 - RecordRTC Content Does Not Playback in iOS (multiple browsers)
  • MDL-26633 - Unable to randomly allocate more than 30 reviews per submission / reviewer
  • MDL-64576 - Course completion activity dates are incorrect if course completion criteria have been edited
  • MDL-71344 - Drag and drop question type: does not work correctly with multiple questions on one page
  • MDL-72607 - Domain restricted Vimeo videos require an updated URL format to load correctly
  • MDL-72316 - SVG files being downloaded instead of served in SCORM activities
  • MDL-71970 - Fatal error with H5P due to incompatible "Declaration of core_h5p\framework::fetchExternalData"
  • MDL-72590 - When unenrolling from a course with self enrolment, the course name does not pass filters
  • MDL-71750 - File upload: Submit buttons aren't disabled when upload multiple files
  • MDL-72743 - Make question restore more fault tolerant of missing user data in course backups
  • MDL-72621 - Drop support for $CFG->admin
  • MDL-72515 - Plugins overview page calls curl unnecessarily
  • MDL-72507 - Quiz auto-save does not detect uploaded files
  • MDL-51165 - Trailing slash in URL supplied to URL Resource causes extra click to open
  • MDL-72884 - Inserting an SVG file using the "Insert image" doesn't work well with "Auto-size"
  • MDL-56773 - Atto equation editor textarea input should be left aligned in RTL mode
  • MDL-72013 - Add jsdoc validation checks
  • MDL-72064 - Too easy to accidentally change your answer to a multiple-choice questions
  • MDL-72060 - LTI gradebookservice is user gradable in course not working as expected
  • MDL-72599 - Cannot configure or delete blocks added to admin/index.php
  • MDL-39324 - Adding custom video dimensions to a URL resource reverts media icon back to default
  • MDL-71306 - Error when cancelling add cohort_sync enrolment method
  • MDL-72767 - Forum digests may not be sent to a user if new posts made near to the digest send time
  • MDL-72275 - Timeline block "sort by courses" sometimes fetches incorrect or no results for time periods
  • MDL-71785 - Empty quiz section name behaves like new page
  • MDL-72342 - Group import from CSV is broken by byte order mark
  • MDL-72110 - Admin home page preference not respected
  • MDL-72309 - Course creation without category
  • MDL-71137 - File upload: The progress bars are displaying error when drag-and-drop multiple files sequentially
  • MDL-68325 - 'Complete another course' allows to select courses that has completion tracking disabled
  • MDL-71961 - Disable quiz navigation buttons while file uploads are in progress
  • MDL-72857 - Issued badge page doesn't filter site/course names (e.g. multi-lang content)

Accessibility improvements

  • MDL-72673 - Duplicate element IDs in Glossary
  • MDL-72669 - Invalid HTML in multi-answer (Cloze) questions: blank <option> content is not allowed
  • MDL-72674 - Give feedback about this software link does not warn users that it opens in a new window
  • MDL-71352 - Red/green color for fail/pass in grader report is not accessible
  • MDL-72426 - Insufficient colour contrast for the notification and message badges
  • MDL-71602 - Essay question type: no lable for the editor where the student enters their response

Security improvements

  • MDL-72464 - Web service get_active_tokens doesn't return those without expiry date

Security fixes

  • MSA-21-0038 Remote code execution risk when restoring malformed backup file
  • MSA-21-0039 Upgrade moodle-mlbackend-python and update its reference in /lib/mlbackend/python/classes/processor.php (upstream). Please note: If you are using Moodle Analytics, an upgrade to mlbackend version 2.6.4 is required. See the Analytics settings documentation for more information about how to upgrade.
  • MSA-21-0040 Reflected XSS in filetype admin tool
  • MSA-21-0041 CSRF risk on delete related badge feature
  • MSA-21-0042 IDOR in a calendar web service allows fetching of other users' action events

See also