Skip to main content

Moodle 4.0.3

Release date: 22 August 2022

Here is the full list of fixed issues in 4.0.3.

General fixes and improvements

  • MDL-62959 - Changing a course event to a user event results in an error
  • MDL-74947 - As Admin, when creating an external tool (LTI), "Shared secret" is truncated at < character
  • MDL-69251 - LTI enrol method wrongly unenrols users due to bad task internal state
  • MDL-68843 - LTI Tools don't get deleted when linked activity module is deleted from course
  • MDL-74681 - Reads directly after writes to a table are stale when using read replicas if the update takes too long
  • MDL-75386 - Editor stylesheets does not include stylesheets for subplugins
  • MDL-75083 - Login form double submission leads to invalid login
  • MDL-74768 - Change category for a question in bank affects quizzes using random questions
  • MDL-74492 - Atto editor wrongfully creates UL tags inside SVG
  • MDL-75205 - Resetting report filters need to include original parameters
  • MDL-75181 - Exception when both completion setting "student view" and custom settings are enabled
  • MDL-73215 - Undefined variable error when online text assignment submission deleted
  • MDL-74784 - Related system badges causing badge rendering issue
  • MDL-75185 - Custom report sources selection is not ordered consistently
  • MDL-74826 - Add new "Disabled feature" within Mobile app settings for the new Reports option introduced in 4.0
  • MDL-74282 - Outcomes report should not be available if outcomes are disabled
  • MDL-74964 - Page enrol/index.php should not have secondary navigation
  • MDL-74595 - Cannot navigate back to the main calendar page from import/export calendars page
  • MDL-72430 - Editing events results in changing the type of event and removing the Course option
  • MDL-56923 - Assignment, Add new criterion icon should be aligned to the right, in RTL mode (theme:boost)

Accessibility improvements

  • MDL-74740 - Skip links not showing up on blocks drawer
  • MDL-74800 - HTML validator errors on course homepage

Security improvements

  • MDL-75237 - Alternate implementation of MSA-22-0016 applied to fix a regression (Note: There was no new security risk addressed, however MDL-75237 still has access restricted to avoid revealing details of the original vulnerability)

Security fixes

  • MSA-22-0021 - Upgrade Mustache to latest version (upstream)
  • MSA-22-0022 - CSRF risk in enabling/disabling installed H5P libraries
  • MSA-22-0027 - Quiz sequential navigation bypass using web services