Moodle LMS 3.2.7
28 January 2018
Moodle LMS version 3.2.7 is now available (security release).
Upgrading to Moodle LMS 3.2.7
Moodle LMS 3.2.7 can be upgraded to (or installed) using any of Installatron's products. Use Installatron's optional Automatic Update feature to automatically apply Moodle LMS updates as new versions are released, or use Installatron's Clone feature to duplicate an existing Moodle LMS install to test the 3.2.7 upgrade prior to applying it live. Get started managing your Moodle LMS installations with Installatron
What's New in Moodle LMS 3.2.7
3.2.7
Security
- Server Side Request Forgery in the filepicker
- Setting for blocked hosts list can be bypassed with multiple A record hostnames
- Privilege escalation in quiz web services
- XSS in calendar event name
3.2.6
Security
- Students can find out email addresses of other students in the same course
Highlights
- External Tool: backup/restore consumer key and secret (on the same site only)
- Show file upload pr*ogress bar in Boost theme
- List custom roles in the filter on Participants page
Bug Fixes
- Respect comment format in questions manual comments when Plain text area editor is used
- Assignment: Reopening a group assignment should not create additional attempts for each group member
- Restore MathJax filter settings that were lost in previous upgrades
- External tool: Allow to switch to full screen mode
- Better explaination of the reason for failed logins in the logs report
- Label resource: allow to access "Label administration" without Administration block on the "Edit label" page
- Show error message when incorrect CAPTCHA is entered on sign-up page
- Fixed configuration of PHP 7 sessions using memcached (3.x.x)
- Forum: Avoid creating duplicate subscriptions due to race conditions
- Feedback: fixed upgrade script (introduced in 3.1.6 and 3.2.3) that deleted valid multiple anonymous attempts. If your site was affected, please follow MDL-60592 for the script that restores accidentally deleted data.