Skip to main content

Moodle 4.3.7

Release date: 2 September 2024

Here is the full list of fixed issues in 4.3.7.

General fixes and improvements

  • MDL-69684 - It is possible to hold a Redis session lock forever
  • MDL-82502 - Course edit menu issues when manageactivities is unset
  • MDL-82455 - Direct link from the Badges report the list of recipients has been lost
  • MDL-82724 - TinyMCE adding quicktoolbar function throws error when quicktoolbar is disabled
  • MDL-79215 - Calling graphlib->draw_brush results in un-rendered image and error message
  • MDL-82802 - XMLDB editor cannot retrofit MySQL tables containing numbers
  • MDL-64675 - Confusing restrictions on page breaks in feedback activity
  • MDL-82790 - Remove filter_tidy
  • MDL-82747 - Moodle class autoloader does not include composer autoload.files files
  • MDL-82214 - Some admin settings reset to empty when read-only and the page it is on is saved
  • MDL-78785 - Accessibility colour contrast check not correctly processing RGB values
  • MDL-82810 - Question action menu can get truncated in some layouts
  • MDL-82695 - Cloze questions where all subquestions have zero weight cause division by zero errors with interactive behaviour

Security fixes

  • MSA-24-0042 - Unprotected access to sensitive information via dynamic tables.
    Note: Please check the announcement for further details about required coding changes for any third party Moodle code implementing dynamic tables.
  • MSA-24-0043 - IDOR when deleting OAuth2 linked accounts
  • MSA-24-0044 - Lesson activity password bypass through PHP loose comparison