Moodle 3.11.17

Unsupported Moodle Version

This version of Moodle is no longer supported for general bug fixes.
You are encouraged to upgrade to a supported version of Moodle.

Release date: 9 October 2023

Here is the full list of fixed issues in 3.11.17.

General fixes and improvements

• MDL-79360 - Broken nolink tag support in text filtering

Accessibility improvements

• MDL-78806 - Accessibility issue: Page title does not contain website (WCAG 2.1 - 2.4.2 Page Titled)

Security improvements

• MDL-79017 - Semicolon or closing curly braces in reference filename break \file_storage::unpack_reference

Security fixes

• MSA-23-0031 - Authenticated remote code execution risk in Lesson
• MSA-23-0032 - Authenticated remote code execution risk in IMSCP
• MSA-23-0033 - XSS risk when using CSV grade import method
• MSA-23-0036 - Stored XSS and potential IDOR risk in Wiki comments
• MSA-23-0037 - Auto-populated H5P author name causes a potential information leak
• MSA-23-0039 - XSS risk when previewing data in course upload tool
• MSA-23-0040 - Make file serving endpoints revision control stricter
• MSA-23-0041 - Insufficient capability checks when updating the parent of a course category
• MSA-23-0042 - RCE due to LFI risk in some misconfigured shared hosting environments
• MSA-23-0043 - Forum summary report shows students from other groups when in Separate Groups mode