Moodle 4.3.4
Release date: 22 April 2024
Here is the full list of fixed issues in 4.3.4.
General fixes and improvements
- MDL-78547 - Question modifications made during quiz preview are not visible
- MDL-69656 - H5P embeds not rewritten during restore/import
- MDL-52891 - Unable to overwrite old wildcards in a calculated simple question
- MDL-78370 - Course Overview Block Performance
- MDL-79174 - "Membership is hidden" groups do not work for availability restrictions
- MDL-81327 - Resolve log and loglive report issues when external database are used to store logs
- MDL-80766 - The grader report does not accept unlimited grades
- MDL-79802 - Add a new setting for adding custom H5P styles
- MDL-78902 - Error when restoring quiz with random questions
- MDL-81152 - Backport LTI custom params support
- MDL-77779 - Fatal error when restoring a Moodle 3.11 course with competencies to 4.1
- MDL-76024 - Calculated Question - Negative Answer with Units incorrectly evaluated
- MDL-80684 - When PHP runs out of memory, tasks are treated as still running instead of being marked as failed
- MDL-81060 - Private files area quota applies when unzipping to non-private file areas
- MDL-80865 - Label printed for empty textarea course custom fields
- MDL-80565 - Fix log and loglive report user selectors to show the list in expected order
- MDL-80384 - Prevent activity name to be read twice by screen reader in course content
- MDL-81127 - Support filters on course completion message
- MDL-81114 - Selecting random questions to start a quiz attempt does not handle draft state correctly
- MDL-80835 - Add CHIPS support to LTI cookies
- MDL-79712 - Ensure SameSite=None on MoodleSession cookie to retain support for embedded launches
- MDL-80302 - Error when accessing the default activity completion page
- MDL-81306 - xsendfiles cannot support per-request directories
- MDL-80818 - When Completion conditions are locked, the radio buttons options should remain disabled
- MDL-81359 - Availability condition display 'show more' sometimes doesn't show more
- MDL-78457 - Link to Participants changes to site id if user cannot view for current course
- MDL-81402 - Activity Chooser won't load after indenting content
- MDL-80481 - Missing the breadcrumb in the Activity completion on the Classic theme
- MDL-80646 - Unable to set key and secret for a manually configured tool instance restored in Moodle 4.3
- MDL-80930 - Course delete modules adhoc task handle non deletable modules
- MDL-81405 - Support Chrome's partitioned cookies in the mobile app
- MDL-80827 - XMLDB editor broken with PHP 8.1
- MDL-81584 - Gradebook popover is positioned below the table footer, so an option can't be seen
- MDL-80836 - Replace session piggyback with login flow during account linking process in LTI provider
- MDL-81393 - VideoJS not playing .ogv files in Chrome browser
- MDL-80765 - Creating fields with space at the end break the Add entry template
- MDL-80598 - Bigbluebuttonbn adhoc tasks do not gracefully handle missing course modules or users
- MDL-81300 - Inline edit icons overlap drag and drop to upload on Course
- MDL-81307 - Fix course bulk action buttons in sticky footer in small resolutions
- MDL-80934 - "Text and media" resources are not automatically open when clicking the course index if their section is collapsed
- MDL-80919 - Duplicate empty section throws an error
- MDL-80869 - Fix random BigBlueButton test failure getting meeting information from log
- MDL-80936 - Custom field report columns show default values when they shouldn't
- MDL-81472 - Exception related to the SCORM activity hinders privacy data processing
- MDL-80630 - Hidden timer in timed quiz un-hides every page change
- MDL-80326 - Availability shouldn't be changed when the user hasn't the right capability
- MDL-79829 - Use move or grab/grabbing cursors, not a copy cursor when moving elements
- MDL-80383 - The floating previous/next buttons for navigating book chapters pose usability issues on narrow screens
- MDL-80917 - asynchronous_copy_task does not clear course cache
- MDL-80943 - Custom reports containing "select" custom fields offer incorrect aggregation
- MDL-80605 - User upload DB error when matching by email and new and existing upload type
- MDL-80167 - Add environment check for Oracle database
- MDL-80391 - Cannot add and edit source code when using TinyMCE in a modal
- MDL-80338 - Unable to embed Youtube video on a URL resource when title of video contains quotation mark
- MDL-81123 - TinyMCE source code viewer has limited height
- MDL-77015 - HTML in database field management page escaped in an unexpected way
Accessibility improvements
- MDL-68674 - Dashboard block headings should be h3, not h5; and there should be an overall block heading
- MDL-79007 - Improve screen reader feedback in calendar UI
- MDL-70829 - ARIA role presentation conflicts with the empty alt
- MDL-80195 - Moodleform datepicker in report builder filter form shifts the focus to "Skip to main content" link
- MDL-81110 - Keyboard focus is off screen when Skip to Content link is used
- MDL-81029 - When adding a new activity module the title attribute is "Editing..." instead of "Adding..."
- MDL-80279 - Missing alt text in the common user header when user does not have picture
- MDL-80183 - Online status in messaging toolbar has no alt text. Plus incorrect use of ARIA label
- MDL-80731 - Invalid /Lang attribute in generated PDF files
- MDL-80364 - Insufficient colour contrast of the icon on notification message on hover or focus
- MDL-80469 - Add a legend to the Submit-cancel button group
- MDL-72923 - Messaging drawer missing levels of headings in search results
- MDL-80805 - Required form fields should indicate required status
- MDL-80197 - Datepicker popup in moodleform is not accessible with keyboard
Security improvements
- MDL-80160 - Site admins selector does not indicate when $CFG->siteadmins is defined in config.php
Security fixes
- MSA-24-0007 - Broken access control when setting calendar event type
- MSA-24-0008 - Stored XSS risk when editing another user's equation in equation editor
- MSA-24-0009 - Stored XSS via user's name on participants page when opening some options
- MSA-24-0010 - Unsafe direct use of $_SERVER['HTTP_REFERER'] in admin/tool/mfa/index.php
- MSA-24-0011 - Stored XSS in lesson overview report via user ID number
- MSA-24-0012 - CSRF risk in admin preset tool management of presets
- MSA-24-0013 - Authenticated LFI risk in some misconfigured shared hosting environments via modified mod_feedback backup
- MSA-24-0014 - Authenticated LFI risk in some misconfigured shared hosting environments via modified mod_workshop backup
- MSA-24-0015 - Authenticated LFI risk in some misconfigured shared hosting environments via modified mod_wiki backup
- MSA-24-0016 - Authenticated LFI risk in some misconfigured shared hosting environments via modified mod_data backup
- MSA-24-0017 - Unsanitized HTML in site log for config_log_created
- MSA-24-0018 - Logout CSRF in admin/tool/mfa/auth.php
- MSA-24-0019 - CSRF risk in analytics management of models
- MSA-24-0020 - ReCAPTCHA can be bypassed on the login page