We have identified a regression in Moodle 3.11.1, 3.10.5, and 3.9.8 as a result of a security patch. We are currently working on a fix for this (MDL-72203). As soon as that’s available we will release new minors.
What is the issue?
A security bug fix released with Moodle 3.11.1, 3.10.5, and 3.9.8 performs an additional request to URLs when they are fetched using Moodle's cURL handler, which could unintentionally cause some requests to fail (such as those using one-time access URLs/tokens, as they do not support being requested more than once).
How are we resolving the issue?
We are implementing an alternative solution to the security patch, that will maintain the security of your site, without introducing the side effects of the earlier patch.
For Moodle Administrators
If you have already upgraded to one of the affected versions, we apologise for the inconvenience this may have caused. As soon as the new minor versions are released please update to the new version.
We will provide further notification when the new minor versions are released.