If you want to create a new page for developers, you should create it on the Moodle Developer Resource site.

Moodle 2.9.3 release notes

From MoodleDocs

This content of this page has been updated and migrated to the new Moodle Developer Resources. The information contained on the page should no longer be seen up-to-date.

Why not view this page on the new site and help us to migrate more content to the new site!

Releases > Moodle 2.9.3 release notes

Release date: 9 November 2015

Here is the full list of fixed issues in 2.9.3.


  • MDL-42639 - Web service core_user_get_users_by_field should return username or idnumber to all managers
  • MDL-48861 - Assignment: "Need grading" filter is not working properly within grading overview
  • MDL-51552 - "Single View" bulk insert for empty grades no longer overwrites non-empty grades
  • MDL-51083 - Fixed undesired browser password autofilling in several forms (majority of forms were fixed in MDL-45772 in previous release)
  • MDL-36606 - AJAX Grader report now works correctly when uneditable cells are present

Functional changes

  • MDL-49545 - Teachers without capability to change course full or short name should not be able to do it during restore as well
  • MDL-50917 - Allow manager to access another user's preferences
  • MDL-50811 - Forum email replies update completion tracking information
  • MDL-51834 - Lock custom profile fields that are set to by synchronised with various auth plugins
  • MDL-44707 - Copy embedded files in HTML block when duplicating block (mostly affects adding HTML block with files to default Dashboard)
  • MDL-51467 - Changing course start date when resetting course now correctly adjusts Date Restrictions
  • MDL-43594 - Assignment: Resetting course start date now updates calendar events respectfully

UI changes

  • MDL-40710 - Better visualization of badges backpack icon
  • MDL-51290 - Make adding a photo to a profile more obvious
  • MDL-50207 - Fixed activity results block CSS not to overwrite table caption and work correctly with RTL

Security issues

  • MSA-15-0037 Possible to send a message to a user who blocked messages from non contacts
  • MSA-15-0038 DDoS possibility in Atto
  • MSA-15-0039 CSRF in site registration form
  • MSA-15-0040 Student XSS in survey
  • MSA-15-0041 XSS in flash video player
  • MSA-15-0042 CSRF in lesson login form
  • MSA-15-0043 Web service core_enrol_get_enrolled_users does not respect course group mode
  • MSA-15-0044 Capability to view available badges is not respected
  • MSA-15-0045 SCORM module allows to bypass access restrictions based on date
  • MSA-15-0046 Choice module closing date can be bypassed

Fixes and improvements

  • MDL-51514 - Performance improvement in one of regrading queries on MySQL
  • MDL-51498 - Improve performance for regrading gradebook
  • MDL-50805 - Performance improvement in cron Messaging Cleanup Task
  • MDL-50790 - Fixed problem with removing content of Reply to email feature in gmail
  • MDL-26429 - Added missing criteria icons to completion report
  • MDL-51190 - Fixed MS Edge locking up when viewing embedded PDF
  • MDL-46710 - LTI module correctly tracks completion when opened in a new window
  • MDL-46497 - Atto: clicking RTL button and then LTR button should not add additional HTML tags
  • MDL-49032 - RFC2445_WSP defined incorrectly for Bennu iCal.
  • MDL-50892 - Fixed errors appearing when resource or activity was named '0' (zero)
  • MDL-51390 - Badges: fixed connection to external backpack
  • MDL-50079 - Atto: Fixed bug when user was unable to select "open in new window" when linking to the file from repository
  • MDL-48881 - Fixed bug with lesson not always showing student attempts

API changes, for developers

  • MDL-51756 - Please can someone explain this. It leads to debugging messages relating to web services that don't make it clear how to fix ones code.

See also