Skip to main content

Moodle 4.3.5

Unsupported Moodle Version
This version of Moodle is no longer supported and will not receive fixes for security risks.
You are encouraged to upgrade to a supported version of Moodle.

Release date: 10 June 2024

Here is the full list of fixed issues in 4.3.5.

General fixes and improvements

  • MDL-78768 - Cannot import more than one New Grade Item
  • MDL-77272 - Enable module level report options
  • MDL-81613 - Log report does not export user fullname when downloading
  • MDL-51360 - Full course grade recalculation can have huge impact on opening/closing quizzes
  • MDL-81897 - Incorrect handling of partitioned cookies is preventing the mobile app from using the "embedded browser" authentication method
  • MDL-81717 - Increase robustness of the task for downloading/upgrading H5P content types in case any of them fails
  • MDL-68262 - assignfeedback_pdf uses tempdir instead of requestdir
  • MDL-80583 - Course won't load if the Matrix server is unavailable
  • MDL-81733 - The multi-language filter is not supported on the navigation link to the next activity in Lesson
  • MDL-81850 - Restriction by group works incorrectly
  • MDL-81724 - "Heading X" strings are not translated in the TinyMCE editor
  • MDL-81380 - Error in the Column Sort Order question bank plugin
  • MDL-80571 - Add the ability to enable/disable specific TinyMCE Premium Plugins from site administration
  • MDL-82015 - The dates of the BigBlueButton import recordings links in are incorrectly formatted
  • MDL-81870 - Stricter validation of upgrade savepoint components
  • MDL-81749 - SCORM activity completion not respecting requirement
  • MDL-73735 - Minor duplicate line in course/rest.php
  • MDL-81146 - Buttons not disabled when form submitted in Chrome browser
  • MDL-80911 - Some ad-hoc tasks fail when run from cron with keep-alive flag
  • MDL-81904 - A Feedback activity with no questions throws an exception when exporting questions
  • MDL-81948 - Error on falling back to standard normal layout on outputlib.php
  • MDL-81274 - Allow import to respect approval status for database activity entries
  • MDL-78433 - Duplicate search form on course/search when searching as a student
  • MDL-70441 - Wrong workflow state shown to graders who can't release grades
  • MDL-81407 - Adding and deleting a Question Custom Field can break the Question Bank Sort Order screen
  • MDL-81862 - Files attached to the activity instructions in an assignment are not retained during backup
  • MDL-80849 - Numeric user IDs throws error while creating users in Matrix
  • MDL-81570 - Tiny editor "Premium" plugin missing language string debugging
  • MDL-82045 - Category autocomplete disappears when copy course form is not valid
  • MDL-81544 - The hint displayed when editing the question heading is not as neat in RTL as it is in LTR
  • MDL-81397 - Missing capability checks hide section editing controls during AJAX reloads
  • MDL-81530 - Tiny editor does not load when editing a calendar event in Firefox
  • MDL-81434 - Applying the same condition/filter to custom report can throw DML exceptions
  • MDL-81601 - Activity with only "Receive a grade" for the completion condition is being shown as "Failed" in the course index
  • MDL-81318 - "Download all submissions" generates HTML file for online text when nothing has been submitted
  • MDL-81750 - Filemanager cannot be disabled by disabledif when in a form group
  • MDL-81564 - When a database activity field type is missing the error is displayed for all fields added just after
  • MDL-78889 - Pass/fail icons are shown for grade totals, even when the totals are set to hidden
  • MDL-81538 - Incorrect popover arrow position in RTL layout
  • MDL-81610 - Improve core_courseformat_get_state performance
  • MDL-81587 - Checkboxes when adding random questions cause confusion
  • MDL-81656 - H5P core "Edit H5P content" link has problem with empty spaces

Security fixes

  • MSA-24-0021 - BigBlueButton web service leaks meeting joining information to users who should not have access
  • MSA-24-0022 - Stored XSS via calendar's event title when deleting the event
  • MSA-24-0023 - HTTP authorization header is preserved between "emulated redirects"
  • MSA-24-0024 - CSRF risks due to misuse of confirm_sesskey
  • MSA-24-0025 - QR login key and auto-login key for the Moodle mobile app should be generated as separate keys