Skip to main content

Moodle 4.0.11

Unsupported Moodle Version
This version of Moodle is no longer supported and will not receive fixes for security risks.
You are encouraged to upgrade to a supported version of Moodle.

Release date: 9 October 2023

Here is the full list of fixed issues in 4.0.11.

General fixes and improvements

  • MDL-78549 - Cloze question: Correct answer is not displayed
  • MDL-79360 - Broken nolink tag support in text filtering

Accessibility improvements

  • MDL-78806 - Accessibility issue: Page title does not contain website (WCAG 2.1 - 2.4.2 Page Titled)

Security improvements

  • MDL-79017 - Semicolon or closing curly braces in reference filename break \file_storage::unpack_reference

Security fixes

  • MSA-23-0031 - Authenticated remote code execution risk in Lesson
  • MSA-23-0032 - Authenticated remote code execution risk in IMSCP
  • MSA-23-0033 - XSS risk when using CSV grade import method
  • MSA-23-0035 - Duplicating a BigBlueButton activity assigns the same meeting ID
  • MSA-23-0036 - Stored XSS and potential IDOR risk in Wiki comments
  • MSA-23-0037 - Auto-populated H5P author name causes a potential information leak
  • MSA-23-0038 - Stored XSS in quiz grading report via user ID number
  • MSA-23-0039 - XSS risk when previewing data in course upload tool
  • MSA-23-0040 - Make file serving endpoints revision control stricter
  • MSA-23-0041 - Insufficient capability checks when updating the parent of a course category
  • MSA-23-0042 - RCE due to LFI risk in some misconfigured shared hosting environments
  • MSA-23-0043 - Forum summary report shows students from other groups when in Separate Groups mode