Moodle 3.9.3 release notes

From MoodleDocs

Releases > Moodle 3.9.3 release notes


Release date: 9 November 2020

Here is the full list of fixed issues in 3.9.3.

Warning

If you have a large database, the upgrade step added in MDL-69687 may be very, very slow. To avoid excessive down-time when you grade, you may want to test for this. A fix is being developed in MDL-70285.

General fixes and improvements

  • MDL-68722 - Atto Equation Editor Symbols missing
  • MDL-68070 - Messaging breaks when "Personal messages between users" is disabled
  • MDL-69355 - Download of files bigger than 10 MB fails
  • MDL-68900 - Attempting to grade forums outside of their display period causes invalid response value error
  • MDL-69257 - H5P Interactive video should comply with maxbytes file upload limits
  • MDL-65792 - Timed/Scheduled Posts are displaying create/modified time instead of release time
  • MDL-69266 - Drag and drop questions with 'unlimited' options fail in Moodle 3.9
  • MDL-69736 - H5P Interactive book does not show a submit button
  • MDL-69667 - Competencies count always 0 in competencyframeworks
  • MDL-69772 - Incorrect 'allcountrycodes' field prevents country selection during registration
  • MDL-69657 - Method of saving embedded H5P content grades in the gradebook (Backport of MDL-69174)
  • MDL-69641 - Fix Course gradebook slow query due to cross join on full user table (backport of MDL-69190)
  • MDL-62387 - Cohort sync dropdown contains redundant entries
  • MDL-69342 - 'Delete picture' checkbox deletes also the new profile picture when editing profile
  • MDL-69359 - Add option to show only contributed plugins in uninstall script (backport of MDL-69260)
  • MDL-69156 - Course copy: idnumber field is missing if not permitted
  • MDL-67654 - Forum inline reply does not use formchangechecker
  • MDL-69791 - Grader report doesn't show an error message when an invalid grade is entered in AJAX mode
  • MDL-69818 - Restoring a feedback activity doesn't restore item dependency
  • MDL-69751 - Activity chooser does not display if site contains invalid user
  • MDL-67650 - Forced $CFG config checkbox, select, textarea are not disabled in GUI
  • MDL-68438 - Changing notification email format fails if messaging is disabled
  • MDL-70093 - PDF dataformat export is misformatted when a cell height is greater than a page height
  • MDL-69698 - List of licenses is not displayed in the user's preferred language
  • MDL-69729 - Clean up temporary H5P editor files (backport of MDL-68909)
  • MDL-68284 - Locking invisible quiz in gradebook setup makes it visible (but only on gradebook setup page)
  • MDL-69805 - Database activity shows the comments option even if comments are disabled at site level

Accessibility improvements

  • MDL-65074 - Quiz navigation buttons use part of btn-secondary styles, can disappear
  • MDL-68167 - Fix core/form_autocomplete accessibility issues
  • MDL-69390 - Insufficient colour contrast for focused/mouseover action menu items
  • MDL-70004 - Invalid role attribute in the label for the "Clear my choice" option
  • MDL-69392 - Colour contrast issues in quiz
  • MDL-68766 - Login form: "Log in using your account on:" should be h3, not h6
  • MDL-69395 - Insufficient colour contrast between form control borders and background
  • MDL-69649 - Missing labels in restore page
  • MDL-69644 - Focus outline of the "contact the privacy officer" link inconsistent with rest of page

For developers

  • MDL-52407 - Travis: Start sending e-mail notifications

Security improvements

  • MDL-68292 - admin/modules.php exposes CSRF token (sesskey) in url
  • MDL-69014 - User preferences not removed when tours are deleted
  • MDL-69807 - Editing a block exposes the CSRF token (sesskey) in the url

Security fixes

  • MSA-20-0016 Teacher is able to unenrol users without permission using course restore
  • MSA-20-0017 Privilege escalation within a course when restoring role overrides
  • MSA-20-0018 Some database module web services did not respect group settings
  • MSA-20-0019 tool_uploadcourse creates new enrol instances unexpectedly in some circumstances
  • MSA-20-0020 Stored XSS possible when renaming content bank items
  • MSA-20-0021 The participants table download feature did not respect the site's "show user identity" configuration

See also