Moodle 4.3.7
Release date: 2 September 2024
Here is the full list of fixed issues in 4.3.7.
General fixes and improvements
- MDL-69684 - It is possible to hold a Redis session lock forever
- MDL-82502 - Course edit menu issues when manageactivities is unset
- MDL-82455 - Direct link from the Badges report the list of recipients has been lost
- MDL-82724 - TinyMCE adding quicktoolbar function throws error when quicktoolbar is disabled
- MDL-79215 - Calling graphlib->draw_brush results in un-rendered image and error message
- MDL-82802 - XMLDB editor cannot retrofit MySQL tables containing numbers
- MDL-64675 - Confusing restrictions on page breaks in feedback activity
- MDL-82790 - Remove filter_tidy
- MDL-82747 - Moodle class autoloader does not include composer autoload.files files
- MDL-82214 - Some admin settings reset to empty when read-only and the page it is on is saved
- MDL-78785 - Accessibility colour contrast check not correctly processing RGB values
- MDL-82810 - Question action menu can get truncated in some layouts
- MDL-82695 - Cloze questions where all subquestions have zero weight cause division by zero errors with interactive behaviour
Security fixes
- MSA-24-0042 - Unprotected access to sensitive information via dynamic tables.
Note: Please check the announcement for further details about required coding changes for any third party Moodle code implementing dynamic tables. - MSA-24-0043 - IDOR when deleting OAuth2 linked accounts
- MSA-24-0044 - Lesson activity password bypass through PHP loose comparison