Skip to main content

Moodle 3.9.3

Unsupported Moodle Version
This version of Moodle is no longer supported and will not receive fixes for security risks.
You are encouraged to upgrade to a supported version of Moodle.

Release date: 9 November 2020

Here is the full list of fixed issues in 3.9.3.

Warning

If you have a large database, the upgrade step added in MDL-69687 may be very, very slow. To avoid excessive down-time when you grade, you may want to test for this. A fix is being developed in MDL-70285.

General fixes and improvements

  • MDL-68722 - Atto Equation Editor Symbols missing
  • MDL-68070 - Messaging breaks when "Personal messages between users" is disabled
  • MDL-69355 - Download of files bigger than 10 MB fails
  • MDL-68900 - Attempting to grade forums outside of their display period causes invalid response value error
  • MDL-69257 - H5P Interactive video should comply with maxbytes file upload limits
  • MDL-65792 - Timed/Scheduled Posts are displaying create/modified time instead of release time
  • MDL-69266 - Drag and drop questions with 'unlimited' options fail in Moodle 3.9
  • MDL-69736 - H5P Interactive book does not show a submit button
  • MDL-69667 - Competencies count always 0 in competencyframeworks
  • MDL-69772 - Incorrect 'allcountrycodes' field prevents country selection during registration
  • MDL-69657 - Method of saving embedded H5P content grades in the gradebook (Backport of MDL-69174)
  • MDL-69641 - Fix Course gradebook slow query due to cross join on full user table (backport of MDL-69190)
  • MDL-62387 - Cohort sync dropdown contains redundant entries
  • MDL-69342 - 'Delete picture' checkbox deletes also the new profile picture when editing profile
  • MDL-69359 - Add option to show only contributed plugins in uninstall script (backport of MDL-69260)
  • MDL-69156 - Course copy: idnumber field is missing if not permitted
  • MDL-67654 - Forum inline reply does not use formchangechecker
  • MDL-69791 - Grader report doesn't show an error message when an invalid grade is entered in AJAX mode
  • MDL-69818 - Restoring a feedback activity doesn't restore item dependency
  • MDL-69751 - Activity chooser does not display if site contains invalid user
  • MDL-67650 - Forced $CFG config checkbox, select, textarea are not disabled in GUI
  • MDL-68438 - Changing notification email format fails if messaging is disabled
  • MDL-70093 - PDF dataformat export is misformatted when a cell height is greater than a page height
  • MDL-69698 - List of licenses is not displayed in the user's preferred language
  • MDL-69729 - Clean up temporary H5P editor files (backport of MDL-68909)
  • MDL-68284 - Locking invisible quiz in gradebook setup makes it visible (but only on gradebook setup page)
  • MDL-69805 - Database activity shows the comments option even if comments are disabled at site level

Accessibility improvements

  • MDL-65074 - Quiz navigation buttons use part of btn-secondary styles, can disappear
  • MDL-68167 - Fix core/form_autocomplete accessibility issues
  • MDL-69390 - Insufficient colour contrast for focused/mouseover action menu items
  • MDL-70004 - Invalid role attribute in the label for the "Clear my choice" option
  • MDL-69392 - Colour contrast issues in quiz
  • MDL-68766 - Login form: "Log in using your account on:" should be h3, not h6
  • MDL-69395 - Insufficient colour contrast between form control borders and background
  • MDL-69649 - Missing labels in restore page
  • MDL-69644 - Focus outline of the "contact the privacy officer" link inconsistent with rest of page

For developers

  • MDL-52407 - Travis: Start sending e-mail notifications

Security improvements

  • MDL-68292 - admin/modules.php exposes CSRF token (sesskey) in url
  • MDL-69014 - User preferences not removed when tours are deleted
  • MDL-69807 - Editing a block exposes the CSRF token (sesskey) in the url

Security fixes

  • MSA-20-0016 Teacher is able to unenrol users without permission using course restore
  • MSA-20-0017 Privilege escalation within a course when restoring role overrides
  • MSA-20-0018 Some database module web services did not respect group settings
  • MSA-20-0019 tool_uploadcourse creates new enrol instances unexpectedly in some circumstances
  • MSA-20-0020 Stored XSS possible when renaming content bank items
  • MSA-20-0021 The participants table download feature did not respect the site's "show user identity" configuration

Translations