Skip to main content

Moodle 3.9.7

Unsupported Moodle Version
This version of Moodle is no longer supported and will not receive fixes for security risks.
You are encouraged to upgrade to a supported version of Moodle.

Release date: 10 May 2021

Here is the full list of fixed issues in 3.9.7.

General fixes and improvements

  • MDL-71156 - Upgrade step from MDL-67494 corrupts calendar events
  • MDL-52724 - Atto does not generate UL tags when pasting LI tags
  • MDL-69415 - H5P has namespace overlap with mod_hvp, causing unexpected behavior
  • MDL-64336 - When an assignment is frozen students cannot see their submission
  • MDL-69956 - Rubric and Marking Guide gray boxes and unclear error if configured incorrectly
  • MDL-70947 - File upload navigation warning not protecting all uploads and interacts with double-submit protection
  • MDL-71274 - "Students who have not accessed the course recently" insights should not be generated for hidden courses
  • MDL-68716 - Error with forum_discussionlistsortorder during privacy process
  • MDL-70909 - H5P mod/h5pactivity:submit capability incorrectly used
  • MDL-69304 - Import succeeds unintentionally if csv file contains id which has number and string mixed
  • MDL-71460 - Change site registration notifications and newsletter subscriptions to opt-in checkbox
  • MDL-62244 - Link to mod_label redirects to the course, not to the label
  • MDL-71187 - Safe Exam Browser - deeper integration - The information you're about to submit is not secure
  • MDL-71168 - Cannot send message to all users in participation report
  • MDL-71400 - The notification after uploading a grading worksheet is inaccurate
  • MDL-71338 - Wrong content type when exporting user tours
  • MDL-70616 - Filters not applied to rubric name
  • MDL-71200 - When copying a course, mod_folder settings are copied incorrectly
  • MDL-71416 - Course report log for user displays course name instead of users name in header
  • MDL-71171 - Course custom field data remains as default values
  • MDL-71170 - Incorrect error message on course custom field 'text' page
  • MDL-71481 - Flickr public repository not displaying file information
  • MDL-71440 - Assignment submission status info should not be displayed for teachers
  • MDL-71003 - Autocomplete elements in course participant filters obscure text inputs
  • MDL-70980 - Fix review mode in the H5P activity
  • MDL-71059 - Set the default returntype in repository_contentbank (Backport of MDL-70429)
  • MDL-71116 - Backpack API and URL should support more than 50 characters
  • MDL-71107 - Content bank content's author is not restored when copying a course
  • MDL-70863 - Q&A forums incorrectly display a "post cannot be viewed by you" error in some circumstances
  • MDL-70786 - Some course report pages are displaying only the users's first name

Accessibility improvements

  • MDL-71087 - File picker: Focus lost after 'Create folder'

Security fixes

  • MSA-21-0012 Forum CSV export could result in posts from all courses being exported
  • MSA-21-0013 Quiz unreleased grade disclosure via web service
  • MSA-21-0014 Blind SQL injection possible via MNet authentication
  • MSA-21-0015 Stored XSS in quiz grading report via user ID number
  • MSA-21-0016 Files API should mitigate denial-of-service risk when adding to the draft file area
  • MSA-21-0018 Reflected XSS and open redirect in LTI authorization endpoint
  • MSA-21-0019 Upgrade H5P PHP library to latest minor version (upstream)

Translations