Moodle 4.3.7

Unsupported Moodle Version

This version of Moodle is no longer supported and will not receive fixes for security risks.
You are encouraged to upgrade to a supported version of Moodle.

Release date: 2 September 2024

Here is the full list of fixed issues in 4.3.7.

General fixes and improvements

• MDL-69684 - It is possible to hold a Redis session lock forever
• MDL-82502 - Course edit menu issues when manageactivities is unset
• MDL-82455 - Direct link from the Badges report the list of recipients has been lost
• MDL-82724 - TinyMCE adding quicktoolbar function throws error when quicktoolbar is disabled
• MDL-79215 - Calling graphlib->draw_brush results in un-rendered image and error message
• MDL-82802 - XMLDB editor cannot retrofit MySQL tables containing numbers
• MDL-64675 - Confusing restrictions on page breaks in feedback activity
• MDL-82790 - Remove filter_tidy
• MDL-82747 - Moodle class autoloader does not include composer autoload.files files
• MDL-82214 - Some admin settings reset to empty when read-only and the page it is on is saved
• MDL-78785 - Accessibility colour contrast check not correctly processing RGB values
• MDL-82810 - Question action menu can get truncated in some layouts
• MDL-82695 - Cloze questions where all subquestions have zero weight cause division by zero errors with interactive behaviour

Security fixes

• MSA-24-0042 - Unprotected access to sensitive information via dynamic tables.
  Note: Please check the announcement for further details about required coding changes for any third party Moodle code implementing dynamic tables.
• MSA-24-0043 - IDOR when deleting OAuth2 linked accounts
• MSA-24-0044 - Lesson activity password bypass through PHP loose comparison