Moodle 4.4.9

Unsupported Moodle Version

This version of Moodle is no longer supported and will not receive fixes for security risks.
You are encouraged to upgrade to a supported version of Moodle.

Release date: 9 June 2025

Here is the full list of fixed issues in 4.4.9.

General fixes and improvements

• MDL-84232 - Turning off Recover old grades for re-enrolled users not working for Quiz
• MDL-78886 - Next page button not working when viewing Annotated PDFs in Assignment
• MDL-79464 - Assignment grading allows navigation after undetected save failure causing data loss
• MDL-84304 - Remove the COMPLETION_COMPLETE_FAIL status from SCORM
• MDL-83550 - Rubric criterion selection persists after deselection in the assignment grader
• MDL-83195 - Cannot release Assignment grades to Gradebook without revealing identities
• MDL-84793 - Behat: Allow CLI scripts to run on Behat instance
• MDL-84140 - Cannot add activities to course if MoodleNet tool uninstalled
• MDL-84149 - Grader report triggers an error during data privacy download
• MDL-83990 - Courses created via web service have a default startdate of "0"
• MDL-84820 - MoodleNet: Bootstrap upgrade broke sharing modal

Accessibility improvements

• MDL-84833 - Clicking "Mark as done" does not provide feedback to assistive technology users

Security improvements

• MDL-83979 - Repository URL should always use proxy
• MDL-55034 - GET request Includes sesskey during External Blog deletion

Security fixes

• MSA-25-0030 - Password can be revealed in login page after log out due to caching
• MSA-25-0031 - Upgrade ADOdb including security fix (upstream)
• MSA-25-0032 - SSRF risk via DNS rebind
• MSA-25-0033 - Course visibility not honoured consistently
• MSA-25-0034 - CSRF risk in badges backpack management
• MSA-25-0035 - Missing authorisation checks in BigBlueButton view page
• MSA-25-0036 - IDOR allows fetching of recently accessed courses for other users via web service