Moodle 3.6.6
Unsupported Moodle Version
This version of Moodle is no longer supported and will not receive fixes for security risks.
You are encouraged to upgrade to a supported version of Moodle.
You are encouraged to upgrade to a supported version of Moodle.
Release date: 9 September 2019
Here is the full list of fixed issues in 3.6.6.
Fixes and improvements
- MDL-59911 - Unoconv doesn't work after the scheduled task conversion_cleanup_task has run
- MDL-65219 - Broken link in messages contact request notification
- MDL-58026 - Regrading a quiz in progress causes student to lose data
- MDL-66071 - Cannot update user profile with non-internal auth method such as LDAP
- MDL-63458 - Do not display "Send a message" option in course participants list if messaging is disabled site-wide
- MDL-33884 - Export of questions with lots of images as Moodle XML runs out of memory
- MDL-66136 - Online text assignment error when attempting to submit an image only (with no text)
- MDL-64598 - Emojis are very big in forum notification emails
- MDL-35939 - Quiz page title does not tell the user where they are in the quiz
- MDL-65555 - Course restore excluding groups still restores quiz overrides resulting in extra calendar events
- MDL-65517 - Manually completed course activities showing in Timeline
- MDL-65925 - Grade page is broken if submission other than PDF was deleted
- MDL-66110 - Error reading from database after upgrade to 3.7.1 (MySQL 8.0.2)
- MDL-65679 - Expanding/collapsing PDF comments causes other annotations to change position
- MDL-57342 - "Is this your first time here?" shows when self registration disabled and no message in auth_instructions
- MDL-65116 - Assignment due date does not update for group selection
- MDL-65908 - Annotated PDF - Comments can't be added and viewed in RTL user interface
- MDL-65749 - Upgrade PHPMailer
- MDL-50472 - Maintenance Mode messages don't appear with Force Login enabled
- MDL-52849 - File picker error messages are not read out in assignment to screen reader users
- MDL-66272 - Custom theme favicon on LTI provider site breaks LTI authentication
- MDL-66230 - Deleting a user tour causes error in privacy data export
- MDL-65975 - Mobile features should reflect new features supported by Moodle App version 3.7 (backport of MDL-61199)
- MDL-66120 - Remove community finder block - as part of Sunsetting moodle.net
- MDL-66072 - Remove course-sharing functionality - as part of Sunsetting moodle.net
- MDL-65595 - Multiple choice question text not wrapped in Lesson
Security fixes and improvements
Security fixes
- MSA-19-0018 JavaScript injection possible in some Mustache templates via recursive rendering from contexts
- MSA-19-0019 Course creation did not check the creator's role assignment capability before automatically assigning them as a teacher in the course
- MSA-19-0020 Python Machine Learning dependency versions bumped
- MSA-19-0021 Activity :addinstance capabilities were not respected when creating a course in single activity format
- MSA-19-0022 Open redirect in the mobile launch endpoint could be used to expose mobile access tokens
- MSA-19-0023 Forum subscribe link contained an open redirect if forced subscription mode was enabled
Security improvements
- MDL-65443 - Context freezing not logged