Moodle LMS 3.3.4

28 January 2018

Moodle LMS version 3.3.4 is now available (security release).

Upgrading to Moodle LMS 3.3.4

What's New in Moodle LMS 3.3.4

• Server Side Request Forgery in the filepicker
  
• Setting for blocked hosts list can be bypassed with multiple A record hostnames
  
• Privilege escalation in quiz web services
  
• XSS in calendar event name
  

• LTI: backup and restore supports submissions and also course and site tools. References to the site tools are restored only on the same site (they are not included in course backup for security reasons).
  
• If general backup setting "Include users" is unchecked, users with relevant capability can now backup user data
  
• LDAP authentication method now can synchronise custom user profile fields
  

• Accessibility: Gear icon is now properly defined for screen readers
  
• Fixed bug preventing deletion of incomplete users accounts after specified period of time (setting "Delete not fully setup users after")
  
• Allow to connect to OAuth 2 services that only support client authentication via Basic Auth
  
• Lesson: Multiple Choice answers should appear on same line as radio button
  
• Number of bug fixes in Import Groups from CSV tool
  
• Folder resource: Fixed bug with big files being deleted when editing teachers update resource with global maxbytes lower
  
• Turning off Server Files Repository should not break courses that use it
  
• Assignment: Fixed bug when converting images in submisisons to pdf (unoconv)
  
• IMS Common Cartridge import works correctly with HTML entities in URLs
  
• Quiz: when group override is deleted the calendar event should also be deleted
  
• Quiz: Clicking on help for "Shuffle" button no longer toggles shuffle itself
  
• Assignment: Bug fix. The "This assignment is not accepting submissions" message is displayed in the assignment when override the grade
  
• Category manager with the 'moodle/course:changecategory' should be able to move existing courses between categories
  
• Lesson: Fixed bug with content pages displaying grade when they should not
  
• Allow uninstalling grading methods plugins
  
• LTI: display correct icons
  
• Lession multichoice questions with multiple answers : more clear indication for the user which answer was correct
  
• Lesson: UI fix for content buttons running off the edge of the page
  
• Lesson: Grade essays page does should show which essays have been graded
  
• Respect setting "Sort my courses (navsortmycoursessort)" on the dashboard
  

• Students can find out email addresses of other students in the same course
  

• Assignment: Show Due Date in calendar for teachers and managers
  
• External Tool: backup/restore consumer key and secret (on the same site only)
  
• Show file upload progress bar in Boost theme
  
• List custom roles in the filter on Participants page
  

• Respect comment format in questions manual comments when Plain text area editor is used
  
• Assignment: Reopening a group assignment should not create additional attempts for each group member
  
• Fixed error in ad-hoc refresh_mod_calendar_events_task that caused exceptions and very long cron run time
  
• Restore MathJax filter settings that were lost in previous upgrades
  
• External tool: Allow to switch to full screen mode
  
• Better explaination of the reason for failed logins in the logs report
  
• Label resource: allow to access "Label administration" without Administration block on the "Edit label" page
  
• Show error message when incorrect CAPTCHA is entered on sign-up page
  
• Fixed configuration of PHP 7 sessions using memcached (3.x.x)
  
• Forum: Avoid creating duplicate subscriptions due to race conditions
  
• Feedback: fixed upgrade script (introduced in 3.1.6 and 3.2.3) that deleted valid multiple anonymous attempts. If your site was affected, please follow MDL-60592 for the script that restores accidentally deleted data.