Skip to main content

Moodle 4.0.9

Unsupported Moodle Version
This version of Moodle is no longer supported and will not receive fixes for security risks.
You are encouraged to upgrade to a supported version of Moodle.

Release date: 12 June 2023

Here is the full list of fixed issues in 4.0.9.

General fixes and improvements

  • MDL-75576 - Question bank statistics are fetched inefficiently
  • MDL-75623 - Encode pluginfile.php urls in backup
  • MDL-73138 - & (ampersand) is displayed as & in group and role names in the participants list filter
  • MDL-75552 - is not working because the apiBase in badgeconnect.json is ignored
  • MDL-77791 - File search areas for database activity entries need to index using the content id
  • MDL-78010 - Improve performance/information for the labels upgrade in MDL-77612
  • MDL-78047 - Links with a new line in Text and media area aren't displayed within the text box
  • MDL-77997 - Regression: can no longer download a single question in Moodle XML format when previewing it
  • MDL-76936 - Activity dates not reflecting in the course page after resetting course start date
  • MDL-78346 - langimport can accidentally uninstall all languages
  • MDL-78260 - Statistics for Random quiz questions: View details link broken
  • MDL-77766 - Multi-choice and True-false labelling need to respect showstandardinstruction setting
  • MDL-76903 - Hidden final page in Book prevents activity completion
  • MDL-76693 - Activity Chooser - Activity Summary content overlap/scroll issue
  • MDL-73331 - Accessibility toolkit advanced page update for page flow issues
  • MDL-75696 - Errors when restoring pre-4.0 quiz backups
  • MDL-77933 - Dynamic registration should return site name and logo
  • MDL-77987 - Backup is timing out for huge courses with a lot of files to annotate
  • MDL-77883 - Themes: Error message display for text area field client side form validation is not reliably updated
  • MDL-78038 - Bigbluebutton index page contains hardcoded "Week" course format string
  • MDL-76835 - Unordered lists indented incorrectly in the web page and the Atto editor
  • MDL-78125 - Feedback Modal not showing on quiz - Embedded answers (Cloze)
  • MDL-78025 - quiz_questions_in_use logic is wrong
  • MDL-76344 - Course image "non image file" should not be displayed on the left like image file
  • MDL-78242 - Inconsistent coursecontact checking can lead to PHP notices during plugin installation
  • MDL-78176 - Drag and drop onto image/Drag and drop markers create question: Theme oddity in Preview section
  • MDL-78152 - No editing button for students in book with the right to create new chapters in boost
  • MDL-77259 - Event monitor is missing all core subsystem events
  • MDL-78023 - tool_policy in Moodle 4.1.2: Spreadsheet (CSV/XLSX/ODT) download in some cases not working
  • MDL-78364 - Calculate custom report schedule users earlier
  • MDL-78026 - Multilang filter is not applied when creating calendar events
  • MDL-78170 - Glossary ratings average is not calculated properly using MSSQL database
  • MDL-78378 - Survey activity: Instructions for all three types of surveys are missing (M4.1 & M4.2)
  • MDL-77313 - Course restore searching is broken

For developers

  • MDL-78308 - preg_match(): Passing null to parameter #2 ($subject) when configuring custom menu items (PHP 8.1)
  • MDL-77995 - Building JS modules with Grunt doesn't work if dirroot contains "/src"
  • MDL-77733 - Enable accessibility tests by default during Behat init
  • MDL-77799 - REST web service request exceptions are not included in server logs

Security improvements

  • MDL-78225 - Content bank is leaking user sesskey when switching contexts
  • MDL-77320 - License manager leaks sesskey when creating new license
  • MDL-76688 - Add \ExplSyntaxOn to latex deny-list to prevent LaTeX3 programming syntax

Security fixes

  • MSA-23-0016 - XSS risk on groups page
  • MSA-23-0017 - Minor SQL injection risk on Mnet SSO access control page
  • MSA-23-0018 - SSRF risk due to insufficient check on the cURL blocked hosts list