Moodle LMS 4.3.6
22 August 2024
Moodle LMS version 4.3.6 is now available (security release).
Upgrading to Moodle LMS 4.3.6
Moodle LMS 4.3.6 can be upgraded to (or installed) using any of Installatron's products. Use Installatron's optional Automatic Update feature to automatically apply Moodle LMS updates as new versions are released, or use Installatron's Clone feature to duplicate an existing Moodle LMS install to test the 4.3.6 upgrade prior to applying it live. Get started managing your Moodle LMS installations with Installatron
What's New in Moodle LMS 4.3.6
General fixes and improvements
- MDL-79758 - Quiz add from question bank: paging loses filter options
- MDL-77665 - H5P activity Link to file error after removing user
- MDL-80017 - user_get_grade_items web service throws exception with special characters and spaces
- MDL-73662 - 404 error on quiz with browsersecurity when time finish or student clicks "Submit all and finish"
- MDL-82344 - LTI Select content button has become required
- MDL-78388 - Duplicate activity does not copy permission overrides
- MDL-75864 - Cleaning old sessions from cache not working (and raises warnings if no sessions found)
- MDL-79796 - Quiz add from question bank pop-up: Question preview icon should be visible without scrolling
- MDL-66251 - Static form elements cannot be hidden using hideIf and disabled using disabledif
- MDL-81739 - TinyMCE noautolink plugin behaves differently to Atto version
- MDL-80345 - Hash collision guaranteed to break cron with 'locktimeout' (only with PostgreSQL)
- MDL-79231 - TinyMCE in fullscreen mode doesn't show menus in Feedback comments (Assignment and modals)
- MDL-81689 - Failing ad-hoc tasks sometimes run twice ignoring nextruntime/faildelay
- MDL-70972 - Course Creator cannot create Single Activity course format
- MDL-77834 - Feedback module has a problem with symbols such as ampersand (&) and quotation mark (")
- MDL-81730 - Randomly incorrect submission order in PDF annotator
- MDL-66903 - Support autoloading of test classes
- MDL-82605 - H5P core content bank slow when user has elevated system capabilities
- MDL-78080 - Duplicate section has several issues
- MDL-81781 - CSV log report exports contain HTML code for the apostrophe in the "Description" field
- MDL-80064 - Null passwords no longer allowed for auth plugin user creation
- MDL-82373 - Support Selenium 4
- MDL-80947 - Changing some course settings removes the "Custom link" URL setting for the course
- MDL-58287 - Missing format not listed in plugins overview
- MDL-80061 - Change Field Used to Filter recordings in check_dismissed_recordings task
- MDL-82024 - Highlight/Un-highlight icon is not updated properly in the actions menu
- MDL-82100 - Quiz reports do not show customised question numbers
- MDL-69514 - Help text floating after closing a modal
- MDL-81287 - Setting Discussions per page (forum_manydiscussions) has no effect
- MDL-81949 - Replace CLI script options return true if no arguments given
- MDL-68540 - hideIf function doesn't work with editor field
- MDL-81510 - "Text and media" resources are not automatically opened in additional cases (follow up of MDL-80934)
- MDL-82289 - Feedback response action bar doesn't correctly identify site course
- MDL-82467 - Days taking course columns do not aggregate/sort correctly
- MDL-82309 - Linktext option gets lost when the new comments loaded in via AJAX
- MDL-82528 - Colour setting of the group icon cannot be changed in the settings menu of the activities
- MDL-82481 - Custom fields of type dropdown don't format their options consistently
- MDL-82451 - Switch hide and show icons for section action menu
- MDL-82090 - Workshop error message in settings page after student's submission
- MDL-81265 - Accessibility issues on the workshop page
- MDL-81428 - The "Add to contacts" button does not let the user know that the request has been sent
- MDL-68211 - Feedback has wrong numbers in excel export file
- MDL-82193 - AICC HACP multiline content not stored/processed correctly
- MDL-82200 - Inplace editable: background behind instruction text sometimes too short
- MDL-79971 - Activity completion Report - Course modules can get marked as view even when they aren't viewed
- MDL-82444 - The "Tidy" text filter doesn't advertise the fact it requires an extension
- MDL-82445 - filter_tidy breaks page locale
- MDL-81119 - Recycle bin is ignoring forced config settings
- MDL-82308 - Forms - multi-selects - set a sensible default size for the number of choices (backport of MDL-81515)
- MDL-81761 - Frequently Used Comment in Assignment is inserted twice when using Chrome
- MDL-82178 - Quiz attempt graded notification not sent if the permission is only assigned in the quiz context
- MDL-80625 - Plugin mod_bigbluebuttonbn: Wrong API parameter
- MDL-82167 - The reactive debug panel throws an error when editing the state manually
- MDL-81678 - Course email subjects containing & show &
- MDL-78773 - Course Statistics: Mode Selection rendered in Primary Navigation
- MDL-82233 - The "This badge has been issued user(s)." notification is displayed in more situations than expected
- MDL-82202 - Course last access custom report column doesn't aggregate correctly
- MDL-82611 - Grade button appears in assignments without having grading capability
- MDL-82360 - Remove error console debugging when uploading course files
- MDL-82208 - Starred courses block problem with special characters
- MDL-81644 - Calendar day view from calendar block gives error 404 after reloading the page
- MDL-81932 - Communication provider change not limiting room name update to newly set provider
- MDL-81830 - Clearing course selection in new calendar event triggers exception
- MDL-82002 - Video embedding from the app is not styled correctly
- MDL-73091 - Undefined variable: overall in award_criteria_courseset.php
- MDL-81991 - has_capability() does not return the correct result for some tasks if user data marked "dirty" (requiring re-fetching)
- MDL-82008 - "Continue" and "Cancel" buttons not separated in final course restore step
Accessibility improvements
- MDL-72876 - The new welcome message is not accessible when there's a background
- MDL-82551 - Page is missing a level 1 heading when the welcome message is displayed
Security improvements
- MDL-81803 - Setting privacyrequestexpiry to 0 immediately expires data requests
Security fixes
- MSA-24-0026 - Remote code execution via calculated question types
- MSA-24-0027 - Arbitrary file read risk through pdfTeX
- MSA-24-0028 - Admin presets export tool includes some secrets that should not be exported
- MSA-24-0029 - Cache poisoning via injection into storage
- MSA-24-0030 - User information visibility control issues in gradebook reports
- MSA-24-0032 - IDOR in badges allows deletion of arbitrary badges
- MSA-24-0033 - Authorization headers preserved between "emulated redirects"
- MSA-24-0034 - Matrix user/power level management not always working as expected with suspended users
- MSA-24-0035 - CSRF risk in Feedback non-respondents report
- MSA-24-0036 - Can create global glossary without being admin
- MSA-24-0037 - Site administration SQL injection via XMLDB editor
- MSA-24-0038 - XSS risk when restoring malicious course backup file
- MSA-24-0039 - IDOR in Feedback non-respondents report allows messaging arbitrary site users
- MSA-24-0040 - Reflected XSS via H5P error message
- MSA-24-0041 - LFI vulnerability when restoring malformed block backups