Skip to main content

Moodle 4.4.8

Unsupported Moodle Version
This version of Moodle is no longer supported and will not receive fixes for security risks.
You are encouraged to upgrade to a supported version of Moodle.

Release date: 14 April 2025

Here is the full list of fixed issues in 4.4.8.

General fixes and improvements

  • MDL-75971 - Add email handling capabilities to Behat (Mailpit)
  • MDL-76801 - Unexpected behavior in assignment grader when the user filter shows 0 remaining users
  • MDL-84058 - restore_backup.php does not restore the original course name
  • MDL-83856 - HTML line break tags visible in feedback for forums with advanced grading
  • MDL-76668 - No links to manual grading/statistics/responses in Quiz in Single activity course format
  • MDL-80091 - Assignment grader does not auto-select a student with "Requires grading" filter applied
  • MDL-83591 - Error in Single View grade report when last viewed grade item is deleted
  • MDL-83272 - Deleting a question bank category can orphan questions and break quizzes
  • MDL-81655 - Maintenance warning countdown is hidden behind footer button and block drawer
  • MDL-85112 - Unread conversations message displayed incorrectly in notifications popover
  • MDL-85001 - Report builder filtering does not work when report duplicated on page
  • MDL-85023 - SEB configuration should also allow use of WebRTC recording on MacOS
  • MDL-61730 - Missing setType() error when importing XML file in gradebook
  • MDL-84970 - Editor tiny does not support switching to Chinese
  • MDL-84112 - Default completion is not available with Big blue button when there is a large amount of users
  • MDL-84419 - Scheduled task timing is incorrect when daylight saving time begins
  • MDL-84997 - Messaging drawer displays a small background after clearing notifications
  • MDL-84893 - Users with long names make the message drawer content overlap
  • MDL-84222 - XOAuth: Sending mail via Google using smptmailer results in exception: call to a member functionhasExpired() on string
  • MDL-85000 - Error "No compatible source was found for this media" when trying to play OGV files on Firefox

Accessibility improvements

  • MDL-84823 - Incorrect use of ARIA attributes in the notications popover and messaging drawers
  • MDL-84816 - Resize text issue on the notifications popover
  • MDL-84826 - The delete menu item in an action menu has poor colour contrast when in focus
  • MDL-84803 - Pages in the feedback activity do not have unique titles
  • MDL-61823 - The filetypes form element has two labels, one of which is broken

Security fixes

  • MSA-25-0013 - Remote code execution risk via MimeTeX command (upstream)
  • MSA-25-0014 - User DoS and name disclosure risks via IDOR in MFA email factor revoke action
  • MSA-25-0015 - Some user data available before completing second factor with MFA enabled
  • MSA-25-0017 - Self enrolment available before completing second factor with MFA enabled
  • MSA-25-0018 - CSRF risk in user tours manager allows tour duplication
  • MSA-25-0019 - IDOR in RSS block allows access to additional RSS feeds
  • MSA-25-0020 - mod_data edit/delete pages pass CSRF token in GET parameter
  • MSA-25-0021 - CSRF risk in Brickfield tool's analysis request action
  • MSA-25-0022 - IDOR in web service allows users enrolled in a course to access some details of other users
  • MSA-25-0023 - Authenticated remote code execution risk in the Moodle LMS Dropbox repository
  • MSA-25-0024 - Authenticated remote code execution risk in the Moodle LMS EQUELLA repository
  • MSA-25-0025 - Reflected XSS risk in policy tool
  • MSA-25-0026 - AJAX section delete does not respect course_can_delete_section()
  • MSA-25-0027 - IDOR in messaging web service allows access to some user details
  • MSA-25-0028 - IDOR when accessing the cohorts report