Skip to main content

Moodle 4.0.10

Unsupported Moodle Version
This version of Moodle is no longer supported for general bug fixes.
You are encouraged to upgrade to a supported version of Moodle.

Release date: 14 August 2023

Here is the full list of fixed issues in 4.0.10.

General fixes and improvements

  • MDL-78488 - Question bank statistics still being pulled/loaded when associated columns disabled
  • MDL-77525 - Add text filtering stages

Security fixes

  • MSA-23-0019 - Proxy bypass risk due to insufficient validation
  • MSA-23-0020 - Remote code execution risk when parsing malformed file repository reference
  • MSA-23-0021 - Some block permissions on Dashboard not respected
  • MSA-23-0023 - Stored self-XSS escalated to stored XSS via OAuth 2 login
  • MSA-23-0025 - phpCAS library upgraded to 1.6.0 (upstream)
  • MSA-23-0026 - IDOR in message processor fragments allows fetching of other users' data
  • MSA-23-0028 - Open redirect risk on admin view all policies page
  • MSA-23-0029 - Competency framework tools are not restricted as intended
  • MSA-23-0030 - Quiz sequential navigation bypass possible