Moodle 4.0.3
Release date: 22 August 2022
Here is the full list of fixed issues in 4.0.3.
General fixes and improvements
- MDL-62959 - Changing a course event to a user event results in an error
- MDL-74947 - As Admin, when creating an external tool (LTI), "Shared secret" is truncated at < character
- MDL-69251 - LTI enrol method wrongly unenrols users due to bad task internal state
- MDL-68843 - LTI Tools don't get deleted when linked activity module is deleted from course
- MDL-74681 - Reads directly after writes to a table are stale when using read replicas if the update takes too long
- MDL-75386 - Editor stylesheets does not include stylesheets for subplugins
- MDL-75083 - Login form double submission leads to invalid login
- MDL-74768 - Change category for a question in bank affects quizzes using random questions
- MDL-74492 - Atto editor wrongfully creates UL tags inside SVG
- MDL-75205 - Resetting report filters need to include original parameters
- MDL-75181 - Exception when both completion setting "student view" and custom settings are enabled
- MDL-73215 - Undefined variable error when online text assignment submission deleted
- MDL-74784 - Related system badges causing badge rendering issue
- MDL-75185 - Custom report sources selection is not ordered consistently
- MDL-74826 - Add new "Disabled feature" within Mobile app settings for the new Reports option introduced in 4.0
- MDL-74282 - Outcomes report should not be available if outcomes are disabled
- MDL-74964 - Page enrol/index.php should not have secondary navigation
- MDL-74595 - Cannot navigate back to the main calendar page from import/export calendars page
- MDL-72430 - Editing events results in changing the type of event and removing the Course option
- MDL-56923 - Assignment, Add new criterion icon should be aligned to the right, in RTL mode (theme:boost)
Accessibility improvements
- MDL-74740 - Skip links not showing up on blocks drawer
- MDL-74800 - HTML validator errors on course homepage
Security improvements
- MDL-75237 - Alternate implementation of MSA-22-0016 applied to fix a regression (Note: There was no new security risk addressed, however MDL-75237 still has access restricted to avoid revealing details of the original vulnerability)
Security fixes
- MSA-22-0021 - Upgrade Mustache to latest version (upstream)
- MSA-22-0022 - CSRF risk in enabling/disabling installed H5P libraries
- MSA-22-0027 - Quiz sequential navigation bypass using web services