Skip to main content

Moodle 4.5.4

Release date: 14 April 2025

Here is the full list of fixed issues in 4.5.4.

General fixes and improvements

  • MDL-83499 - Attempting to duplicate a section with multiple subsections fails
  • MDL-75971 - Add email handling capabilities to Behat (Mailpit)
  • MDL-76801 - Unexpected behavior in assignment grader when the user filter shows 0 remaining users
  • MDL-84058 - restore_backup.php does not restore the original course name
  • MDL-83856 - HTML line break tags visible in feedback for forums with advanced grading
  • MDL-76668 - No links to manual grading/statistics/responses in Quiz in Single activity course format
  • MDL-83692 - MFA SMS factor secret validity duration is forced to zero
  • MDL-80091 - Assignment grader does not auto-select a student with "Requires grading" filter applied
  • MDL-83591 - Error in Single View grade report when last viewed grade item is deleted
  • MDL-83272 - Deleting a question bank category can orphan questions and break quizzes
  • MDL-81655 - Maintenance warning countdown is hidden behind footer button and block drawer
  • MDL-85112 - Unread conversations message displayed incorrectly in notifications popover
  • MDL-85001 - Report builder filtering does not work when report duplicated on page
  • MDL-85023 - SEB configuration should also allow use of WebRTC recording on MacOS
  • MDL-61730 - Missing setType() error when importing XML file in gradebook
  • MDL-84940 - The section links block should not show subsections
  • MDL-84970 - Editor tiny does not support switching to Chinese
  • MDL-84112 - Default completion is not available with Big blue button when there is a large amount of users
  • MDL-84419 - Scheduled task timing is incorrect when daylight saving time begins
  • MDL-84997 - Messaging drawer displays a small background after clearing notifications
  • MDL-84893 - Users with long names make the message drawer content overlap
  • MDL-84222 - XOAuth: Sending mail via Google using smptmailer results in exception: call to a member functionhasExpired() on string
  • MDL-85000 - Error "No compatible source was found for this media" when trying to play OGV files on Firefox

Accessibility improvements

  • MDL-84823 - Incorrect use of ARIA attributes in the notications popover and messaging drawers
  • MDL-84816 - Resize text issue on the notifications popover
  • MDL-84826 - The delete menu item in an action menu has poor colour contrast when in focus
  • MDL-84803 - Pages in the feedback activity do not have unique titles
  • MDL-61823 - The filetypes form element has two labels, one of which is broken

Security fixes

  • MSA-25-0013 - Remote code execution risk via MimeTeX command (upstream)
  • MSA-25-0014 - User DoS and name disclosure risks via IDOR in MFA email factor revoke action
  • MSA-25-0015 - Some user data available before completing second factor with MFA enabled
  • MSA-25-0016 - Assignment submissions search on anonymous submissions reveals student identities
  • MSA-25-0017 - Self enrolment available before completing second factor with MFA enabled
  • MSA-25-0018 - CSRF risk in user tours manager allows tour duplication
  • MSA-25-0019 - IDOR in RSS block allows access to additional RSS feeds
  • MSA-25-0020 - mod_data edit/delete pages pass CSRF token in GET parameter
  • MSA-25-0021 - CSRF risk in Brickfield tool's analysis request action
  • MSA-25-0022 - IDOR in web service allows users enrolled in a course to access some details of other users
  • MSA-25-0023 - Authenticated remote code execution risk in the Moodle LMS Dropbox repository
  • MSA-25-0024 - Authenticated remote code execution risk in the Moodle LMS EQUELLA repository
  • MSA-25-0025 - Reflected XSS risk in policy tool
  • MSA-25-0026 - AJAX section delete does not respect course_can_delete_section()
  • MSA-25-0027 - IDOR in messaging web service allows access to some user details
  • MSA-25-0028 - IDOR when accessing the cohorts report