Moodle 4.0.4

Unsupported Moodle Version

This version of Moodle is no longer supported and will not receive fixes for security risks.
You are encouraged to upgrade to a supported version of Moodle.

Release date: 12 September 2022

Here is the full list of fixed issues in 4.0.4.

General fixes and improvements

• MDL-75092 - Links for selecting all/none checkboxes lost from backup/import/restore pages (Course reuse)
• MDL-71662 - Add group-filter to H5P-activity attempts report
• MDL-70480 - get_user_submission susceptible to race condition resulting in invalid DB state
• MDL-75199 - BigBlueButton is a blocker in upgrade to 4.0
• MDL-74770 - Grader report: Unable to sort using custom profile fields
• MDL-74873 - Notification preferences should disable controls if user disabled all notifications before
• MDL-73685 - Error on /admin/roles/admins.php if email removed from identity fields
• MDL-74901 - extend_navigation_frontpage now relies on the user having course:update capabilites to view the secondary navigation
• MDL-68717 - Upcoming events block doesn't remove completed activities
• MDL-74969 - When short forms are disabled the sections headers change style
• MDL-75311 - Error when send report schedules by schedule task manager
• MDL-74749 - Import recording button shown when feature disabled in BigBlueButton
• MDL-75040 - Course completion details page contains incorrect course navigation

Security fixes

• MSA-22-0023 - Stored XSS and page denial of service risks due to recursive rendering in Mustache template helpers
• MSA-22-0024 - Remote code execution risk when restoring malformed backup file from Moodle 1.9
• MSA-22-0025 - Minor SQL injection risk in admin user browsing
• MSA-22-0026 - No groups filtering in H5P activity attempts report