Moodle 4.0.7
Unsupported Moodle Version
This version of Moodle is no longer supported for general bug fixes.
You are encouraged to upgrade to a supported version of Moodle.
You are encouraged to upgrade to a supported version of Moodle.
Release date: 13 March 2023
Here is the full list of fixed issues in 4.0.7.
General fixes and improvements
- MDL-69690 - Require Assessment Grade for Workshop Activity Completion Blocked
- MDL-66221 - Deleted activities cannot be restored from recycle bin when backup_auto_activities setting is disabled
- MDL-70586 - Feedback: the preview icon shouldn't be displayed for students
- MDL-74756 - Previous activity with completion not working if activity completion is disabled
- MDL-76525 - mod_data: Missing validation of image width and height
- MDL-76947 - Dropdown menus are narrower and unnecessarily wrap
- MDL-73847 - LTI 1.3: Keyset fetch does not use the HTTP proxy
- MDL-75719 - Wrong completion status for hidden grade items
- MDL-77003 - Template string helper does not render complex language strings
- MDL-58945 - Showing rendered question text can break JS: disable filtering on quiz edit page and make optional in the question bank
- MDL-74905 - Decide Moodle 4.2 requirements and push them to environment.xml (due date: 2022-12-26)
- MDL-74698 - Course backups from versions earlier than 3.11.7 lose format options on restore
- MDL-77014 - Single activity course format should support multilang course titles
- MDL-75012 - Bump nodejs from lts/gallium to stable (>=v18.x.x, now lts/hydrogen)
- MDL-77230 - The preview of questions for feedback is still possible via WebServices
- MDL-77322 - Authenticate token requests via HTTP headers cannot be turned off
- MDL-76314 - Add missing form validation when combining single discussion and separate group
- MDL-77057 - Module override forms are not correctly formatting group names
- MDL-77210 - Quiz 'Try another question like this one' breaks regrading
- MDL-76904 - Question bank: Question highlight is missing after we go back and forth between pages
- MDL-76298 - Drag drop questions don't validate that drop zones have been defined (causing division by zero errors in the statistics)
- MDL-77241 - Javascript console errors opening section/activity menus when editing course
- MDL-76878 - Prohibiting editownprofile capability breaks functionality of blocks/content bank
- MDL-63608 - Access order when manually grading quizzes
- MDL-76948 - Description of submission_unlocked event says "locked" instead of "unlocked"
- MDL-76066 - Deleting a field when applying a preset doesn't raise 'field deleted' event
- MDL-76602 - Cannot add LTI 1.3 LTI service without modifying locallib
- MDL-77024 - Quiz editing log events have the wrong edulevel
- MDL-77018 - Error loading question bank statistics if the context no longer exists
- MDL-77365 - Inaccurate word count
Accessibility improvements
- MDL-76672 - block_myoverview: aria-label attribute is not well supported on a div without role attribute
- MDL-77052 - block_recentlyaccesseditems: Element with role="list" must have children with role="listitem"
- MDL-77318 - core / user_menu: aria-label attribute is not well supported on a div without role attribute
- MDL-76313 - improve accessibility on subscribers page
Security improvements
- MDL-76478 - Browsers auto-completing the user's password into inappropriate password unmask form fields
- MDL-76370 - Public / private paths security report is inaccurate when using HTTP proxy
- MDL-75454 - sesskey included in URL in cache administration adding and editing stores
Security fixes
- MSA-23-0004 - Authenticated SQL injection via availability check
- MSA-23-0005 - Authenticated arbitrary file read through malformed backup file
- MSA-23-0006 - XSS risk when outputting database activity filter data
- MSA-23-0007 - Algebra filter XSS when filter is misconfigured
- MSA-23-0008 - Pix helper potential Mustache code injection risk
- MSA-23-0009 - Users' name enumeration possible via IDOR on learning plans page
- MSA-23-0011 - Teacher can access names of users they do not have permission to access
- MSA-23-0012 - Course participation report shows roles the user should not see