Skip to main content

Moodle 4.3.6

Unsupported Moodle Version
This version of Moodle is no longer supported for general bug fixes.
You are encouraged to upgrade to a supported version of Moodle.

Release date: 12 August 2024

Here is the full list of fixed issues in 4.3.6.

General fixes and improvements

  • MDL-79758 - Quiz add from question bank: paging loses filter options
  • MDL-77665 - H5P activity Link to file error after removing user
  • MDL-80017 - user_get_grade_items web service throws exception with special characters and spaces
  • MDL-73662 - 404 error on quiz with browsersecurity when time finish or student clicks "Submit all and finish"
  • MDL-82344 - LTI Select content button has become required
  • MDL-78388 - Duplicate activity does not copy permission overrides
  • MDL-75864 - Cleaning old sessions from cache not working (and raises warnings if no sessions found)
  • MDL-79796 - Quiz add from question bank pop-up: Question preview icon should be visible without scrolling
  • MDL-66251 - Static form elements cannot be hidden using hideIf and disabled using disabledif
  • MDL-81739 - TinyMCE noautolink plugin behaves differently to Atto version
  • MDL-80345 - Hash collision guaranteed to break cron with 'locktimeout' (only with PostgreSQL)
  • MDL-79231 - TinyMCE in fullscreen mode doesn't show menus in Feedback comments (Assignment and modals)
  • MDL-81689 - Failing ad-hoc tasks sometimes run twice ignoring nextruntime/faildelay
  • MDL-70972 - Course Creator cannot create Single Activity course format
  • MDL-77834 - Feedback module has a problem with symbols such as ampersand (&) and quotation mark (")
  • MDL-81730 - Randomly incorrect submission order in PDF annotator
  • MDL-66903 - Support autoloading of test classes
  • MDL-82605 - H5P core content bank slow when user has elevated system capabilities
  • MDL-78080 - Duplicate section has several issues
  • MDL-81781 - CSV log report exports contain HTML code for the apostrophe in the "Description" field
  • MDL-80064 - Null passwords no longer allowed for auth plugin user creation
  • MDL-82373 - Support Selenium 4
  • MDL-80947 - Changing some course settings removes the "Custom link" URL setting for the course
  • MDL-58287 - Missing format not listed in plugins overview
  • MDL-80061 - Change Field Used to Filter recordings in check_dismissed_recordings task
  • MDL-82024 - Highlight/Un-highlight icon is not updated properly in the actions menu
  • MDL-82100 - Quiz reports do not show customised question numbers
  • MDL-69514 - Help text floating after closing a modal
  • MDL-81287 - Setting Discussions per page (forum_manydiscussions) has no effect
  • MDL-81949 - Replace CLI script options return true if no arguments given
  • MDL-68540 - hideIf function doesn't work with editor field
  • MDL-81510 - "Text and media" resources are not automatically opened in additional cases (follow up of MDL-80934)
  • MDL-82289 - Feedback response action bar doesn't correctly identify site course
  • MDL-82467 - Days taking course columns do not aggregate/sort correctly
  • MDL-82309 - Linktext option gets lost when the new comments loaded in via AJAX
  • MDL-82528 - Colour setting of the group icon cannot be changed in the settings menu of the activities
  • MDL-82481 - Custom fields of type dropdown don't format their options consistently
  • MDL-82451 - Switch hide and show icons for section action menu
  • MDL-82090 - Workshop error message in settings page after student's submission
  • MDL-81265 - Accessibility issues on the workshop page
  • MDL-81428 - The "Add to contacts" button does not let the user know that the request has been sent
  • MDL-68211 - Feedback has wrong numbers in excel export file
  • MDL-82193 - AICC HACP multiline content not stored/processed correctly
  • MDL-82200 - Inplace editable: background behind instruction text sometimes too short
  • MDL-79971 - Activity completion Report - Course modules can get marked as view even when they aren't viewed
  • MDL-82444 - The "Tidy" text filter doesn't advertise the fact it requires an extension
  • MDL-82445 - filter_tidy breaks page locale
  • MDL-81119 - Recycle bin is ignoring forced config settings
  • MDL-82308 - Forms - multi-selects - set a sensible default size for the number of choices (backport of MDL-81515)
  • MDL-81761 - Frequently Used Comment in Assignment is inserted twice when using Chrome
  • MDL-82178 - Quiz attempt graded notification not sent if the permission is only assigned in the quiz context
  • MDL-80625 - Plugin mod_bigbluebuttonbn: Wrong API parameter
  • MDL-82167 - The reactive debug panel throws an error when editing the state manually
  • MDL-81678 - Course email subjects containing & show &
  • MDL-78773 - Course Statistics: Mode Selection rendered in Primary Navigation
  • MDL-82233 - The "This badge has been issued user(s)." notification is displayed in more situations than expected
  • MDL-82202 - Course last access custom report column doesn't aggregate correctly
  • MDL-82611 - Grade button appears in assignments without having grading capability
  • MDL-82360 - Remove error console debugging when uploading course files
  • MDL-82208 - Starred courses block problem with special characters
  • MDL-81644 - Calendar day view from calendar block gives error 404 after reloading the page
  • MDL-81932 - Communication provider change not limiting room name update to newly set provider
  • MDL-81830 - Clearing course selection in new calendar event triggers exception
  • MDL-82002 - Video embedding from the app is not styled correctly
  • MDL-73091 - Undefined variable: overall in award_criteria_courseset.php
  • MDL-81991 - has_capability() does not return the correct result for some tasks if user data marked "dirty" (requiring re-fetching)
  • MDL-82008 - "Continue" and "Cancel" buttons not separated in final course restore step

Accessibility improvements

  • MDL-72876 - The new welcome message is not accessible when there's a background
  • MDL-82551 - Page is missing a level 1 heading when the welcome message is displayed

Security improvements

  • MDL-81803 - Setting privacyrequestexpiry to 0 immediately expires data requests

Security fixes

  • MSA-24-0026 - Remote code execution via calculated question types
  • MSA-24-0027 - Arbitrary file read risk through pdfTeX
  • MSA-24-0028 - Admin presets export tool includes some secrets that should not be exported
  • MSA-24-0029 - Cache poisoning via injection into storage
  • MSA-24-0030 - User information visibility control issues in gradebook reports
  • MSA-24-0032 - IDOR in badges allows deletion of arbitrary badges
  • MSA-24-0033 - Authorization headers preserved between "emulated redirects"
  • MSA-24-0034 - Matrix user/power level management not always working as expected with suspended users
  • MSA-24-0035 - CSRF risk in Feedback non-respondents report
  • MSA-24-0036 - Can create global glossary without being admin
  • MSA-24-0037 - Site administration SQL injection via XMLDB editor
  • MSA-24-0038 - XSS risk when restoring malicious course backup file
  • MSA-24-0039 - IDOR in Feedback non-respondents report allows messaging arbitrary site users
  • MSA-24-0040 - Reflected XSS via H5P error message
  • MSA-24-0041 - LFI vulnerability when restoring malformed block backups