On September 11th, Moodle released the 3.7.1 version of the Moodle Apps for mobile devices running on Android and iOS.
(Moodle Desktop has not been updated since the unscheduled 3.6.1 release last May, according to the release notes.)
It was published following an issue, “MOBILE-3163: Remote Token Hijack” was identified. A bug allows a malicious actor to potentially take advantage of Moodle’s WebService capabilities, which enable users to access content hosted by a third-party right within their LMS interface.
In order to access the content, Moodle must provide an authentication key, which the developer must secure to deliver content on the site. According to the bug, the token uses an “open redirect” allowing anyone to see it, potentially allowing a malicious actor to use it for identification.
Moodle developers urge Mobile app users to make sure they are running the latest app, Moodle 3.7.1.
- Limited support for blocks
- Event management
- Tag-based navigation
- Three font sizes
Moodle minor releases 3.7.2, 3.6.6 and 3.5.8
The most noticeable change in these new batch of minor upgrades is the official decommision of the moodle.net OER portal, to be replaced by the yet to be ready MoodleNet federated social network for educators.
User will no longer be able to share courses. The “community finder block” is now removed also.