Skip to main content

Moodle 3.9.11

Unsupported Moodle Version
This version of Moodle is no longer supported and will not receive fixes for security risks.
You are encouraged to upgrade to a supported version of Moodle.

Release date: 8 November 2021

Here is the full list of fixed issues in 3.9.11.

Backported bug fixes

  • MDL-72621 - Drop support for $CFG->admin
  • MDL-72515 - Plugins overview page calls curl unnecessarily

Security fixes

  • MSA-21-0038 Remote code execution risk when restoring malformed backup file
  • MSA-21-0039 Upgrade moodle-mlbackend-python and update its reference in /lib/mlbackend/python/classes/processor.php (upstream). Please note: If you are using Moodle Analytics, an upgrade to mlbackend version 2.6.4 is required. See the Analytics settings documentation for more information about how to upgrade.
  • MSA-21-0040 Reflected XSS in filetype admin tool
  • MSA-21-0041 CSRF risk on delete related badge feature
  • MSA-21-0042 IDOR in a calendar web service allows fetching of other users' action events

Translations