Moodle 4.4.12

Unsupported Moodle Version

This version of Moodle is no longer supported and will not receive fixes for security risks.
You are encouraged to upgrade to a supported version of Moodle.

Release date: 8 December 2025

Here is the full list of fixed issues in 4.4.12.

General fixes and improvements

• MDL-81604 - Broken file serving under PHP 8.1+, Apache and PHP-FPM via mod_proxy_fcgi, when the filename is not only plain ASCII or w/ blank spaces

Accessibility fixes and improvements

• MDL-87149 - Insufficient contrast for feedback questions with Dependence item set

Security improvements

• MDL-86369 - Deleting a single attempt from SCORM reports page deletes all user attempts when reloading the page

Security fixes

• MSA-25-0051 - Remote code execution risk via file restore
• MSA-25-0052 - Authentication via LTI Provider available to suspended users
• MSA-25-0054 - XSS risk in formula editor
• MSA-25-0055 - Formula injection risk when exporting data to CSV / Excel
• MSA-25-0056 - Open redirect in OAuth login
• MSA-25-0057 - Password brute force risk from confirmation email web service
• MSA-25-0058 - Participants can access forum ratings without permission
• MSA-25-0059 - Reflected XSS risk in policy tool
• MSA-25-0060 - Badges with a role criterion could be awarded to users who do not hold the role
• MSA-25-0061 - User IDs exposed in URLs when using anonymous submissions in assignment