Moodle 4.3.10

Unsupported Moodle Version

This version of Moodle is no longer supported and will not receive fixes for security risks.
You are encouraged to upgrade to a supported version of Moodle.

Release date: 10 February 2025

Here is the full list of fixed issues in 4.3.10.

General fixes and improvements

• MDL-84152 - URLs generated by getExternalTestFileUrl() now contain double forward slash
• MDL-83988 - Remove git diffs for JavaScript maps, minified JavaScript, and similar

Security fixes

• MSA-25-0001 - Arbitrary file read risk through pdfTeX
• MSA-25-0002 - Feedback response viewing and deletions did not respect Separate Groups mode
• MSA-25-0003 - Non-searchable tags can still be discovered on the tag search page and in the tags block
• MSA-25-0004 - Stored XSS in ddimageortext question type
• MSA-25-0005 - Stored XSS risk in admin live log
• MSA-25-0006 - Reflected XSS via question bank filter
• MSA-25-0007 - Upgrade RequireJS including security fix (upstream)
• MSA-25-0008 - IDOR in badges allows disabling of arbitrary badges
• MSA-25-0009 - Teachers can evade trusttext config when restoring glossary entries
• MSA-25-0010 - SQL injection risk in course search module list filter