Moodle 4.0.9
Unsupported Moodle Version
This version of Moodle is no longer supported and will not receive fixes for security risks.
You are encouraged to upgrade to a supported version of Moodle.
You are encouraged to upgrade to a supported version of Moodle.
Release date: 12 June 2023
Here is the full list of fixed issues in 4.0.9.
General fixes and improvements
- MDL-75576 - Question bank statistics are fetched inefficiently
- MDL-75623 - Encode pluginfile.php urls in backup
- MDL-73138 - & (ampersand) is displayed as & in group and role names in the participants list filter
- MDL-75552 - Badgr.com is not working because the apiBase in badgeconnect.json is ignored
- MDL-77791 - File search areas for database activity entries need to index using the content id
- MDL-78010 - Improve performance/information for the labels upgrade in MDL-77612
- MDL-78047 - Links with a new line in Text and media area aren't displayed within the text box
- MDL-77997 - Regression: can no longer download a single question in Moodle XML format when previewing it
- MDL-76936 - Activity dates not reflecting in the course page after resetting course start date
- MDL-78346 - langimport can accidentally uninstall all languages
- MDL-78260 - Statistics for Random quiz questions: View details link broken
- MDL-77766 - Multi-choice and True-false labelling need to respect showstandardinstruction setting
- MDL-76903 - Hidden final page in Book prevents activity completion
- MDL-76693 - Activity Chooser - Activity Summary content overlap/scroll issue
- MDL-73331 - Accessibility toolkit advanced page update for page flow issues
- MDL-75696 - Errors when restoring pre-4.0 quiz backups
- MDL-77933 - Dynamic registration should return site name and logo
- MDL-77987 - Backup is timing out for huge courses with a lot of files to annotate
- MDL-77883 - Themes: Error message display for text area field client side form validation is not reliably updated
- MDL-78038 - Bigbluebutton index page contains hardcoded "Week" course format string
- MDL-76835 - Unordered lists indented incorrectly in the web page and the Atto editor
- MDL-78125 - Feedback Modal not showing on quiz - Embedded answers (Cloze)
- MDL-78025 - quiz_questions_in_use logic is wrong
- MDL-76344 - Course image "non image file" should not be displayed on the left like image file
- MDL-78242 - Inconsistent coursecontact checking can lead to PHP notices during plugin installation
- MDL-78176 - Drag and drop onto image/Drag and drop markers create question: Theme oddity in Preview section
- MDL-78152 - No editing button for students in book with the right to create new chapters in boost
- MDL-77259 - Event monitor is missing all core subsystem events
- MDL-78023 - tool_policy in Moodle 4.1.2: Spreadsheet (CSV/XLSX/ODT) download in some cases not working
- MDL-78364 - Calculate custom report schedule users earlier
- MDL-78026 - Multilang filter is not applied when creating calendar events
- MDL-78170 - Glossary ratings average is not calculated properly using MSSQL database
- MDL-78378 - Survey activity: Instructions for all three types of surveys are missing (M4.1 & M4.2)
- MDL-77313 - Course restore searching is broken
For developers
- MDL-78308 - preg_match(): Passing null to parameter #2 ($subject) when configuring custom menu items (PHP 8.1)
- MDL-77995 - Building JS modules with Grunt doesn't work if dirroot contains "/src"
- MDL-77733 - Enable accessibility tests by default during Behat init
- MDL-77799 - REST web service request exceptions are not included in server logs
Security improvements
- MDL-78225 - Content bank is leaking user sesskey when switching contexts
- MDL-77320 - License manager leaks sesskey when creating new license
- MDL-76688 - Add \ExplSyntaxOn to latex deny-list to prevent LaTeX3 programming syntax
Security fixes
- MSA-23-0016 - XSS risk on groups page
- MSA-23-0017 - Minor SQL injection risk on Mnet SSO access control page
- MSA-23-0018 - SSRF risk due to insufficient check on the cURL blocked hosts list