Moodle LMS 3.4.8
8 May 2019
Moodle LMS version 3.4.8 is now available (security release).
Upgrading to Moodle LMS 3.4.8
Moodle LMS 3.4.8 can be upgraded to (or installed) using any of Installatron's products. Use Installatron's optional Automatic Update feature to automatically apply Moodle LMS updates as new versions are released, or use Installatron's Clone feature to duplicate an existing Moodle LMS install to test the 3.4.8 upgrade prior to applying it live. Get started managing your Moodle LMS installations with Installatron
What's New in Moodle LMS 3.4.8
3.4.8
Security
- "Log in as" functionality exposed to JavaScript risk on other users' Dashboards
- Logged in users could view all calendar events
- Users could elevate their role when accessing the LTI tool on a provider site
- Stored HTML in assignment submission comments allowed links to be opened directly
Highlights
- Last post date and time shown correctly on forum page
- Data export performance improvement
- get_with_capability_join, get_users_by_capability, assign/unassign_capability now check the capability exists
- Exponential question growth prevented when duplicating quizzes
3.4.7
Security
- Manage groups capability was missing the XSS risk flag
- User full name is now escaped in the un-linked userpix page
Highlights
- CAS authentication fixed
- Hidden courses no longer send forum notifications to participants
- Deletion requests can be processed without a site purpose being set
- ReCAPTCHA v2 now works globally
- Auto-linking now works with titles containing brackets