Moodle 3.9.7
Unsupported Moodle Version
This version of Moodle is no longer supported and will not receive fixes for security risks.
You are encouraged to upgrade to a supported version of Moodle.
You are encouraged to upgrade to a supported version of Moodle.
Release date: 10 May 2021
Here is the full list of fixed issues in 3.9.7.
General fixes and improvements
- MDL-71156 - Upgrade step from MDL-67494 corrupts calendar events
- MDL-52724 - Atto does not generate UL tags when pasting LI tags
- MDL-69415 - H5P has namespace overlap with mod_hvp, causing unexpected behavior
- MDL-64336 - When an assignment is frozen students cannot see their submission
- MDL-69956 - Rubric and Marking Guide gray boxes and unclear error if configured incorrectly
- MDL-70947 - File upload navigation warning not protecting all uploads and interacts with double-submit protection
- MDL-71274 - "Students who have not accessed the course recently" insights should not be generated for hidden courses
- MDL-68716 - Error with forum_discussionlistsortorder during privacy process
- MDL-70909 - H5P
mod/h5pactivity:submit
capability incorrectly used - MDL-69304 - Import succeeds unintentionally if csv file contains id which has number and string mixed
- MDL-71460 - Change site registration notifications and newsletter subscriptions to opt-in checkbox
- MDL-62244 - Link to mod_label redirects to the course, not to the label
- MDL-71187 - Safe Exam Browser - deeper integration - The information you're about to submit is not secure
- MDL-71168 - Cannot send message to all users in participation report
- MDL-71400 - The notification after uploading a grading worksheet is inaccurate
- MDL-71338 - Wrong content type when exporting user tours
- MDL-70616 - Filters not applied to rubric name
- MDL-71200 - When copying a course, mod_folder settings are copied incorrectly
- MDL-71416 - Course report log for user displays course name instead of users name in header
- MDL-71171 - Course custom field data remains as default values
- MDL-71170 - Incorrect error message on course custom field 'text' page
- MDL-71481 - Flickr public repository not displaying file information
- MDL-71440 - Assignment submission status info should not be displayed for teachers
- MDL-71003 - Autocomplete elements in course participant filters obscure text inputs
- MDL-70980 - Fix review mode in the H5P activity
- MDL-71059 - Set the default returntype in repository_contentbank (Backport of MDL-70429)
- MDL-71116 - Backpack API and URL should support more than 50 characters
- MDL-71107 - Content bank content's author is not restored when copying a course
- MDL-70863 - Q&A forums incorrectly display a "post cannot be viewed by you" error in some circumstances
- MDL-70786 - Some course report pages are displaying only the users's first name
Accessibility improvements
- MDL-71087 - File picker: Focus lost after 'Create folder'
Security fixes
- MSA-21-0012 Forum CSV export could result in posts from all courses being exported
- MSA-21-0013 Quiz unreleased grade disclosure via web service
- MSA-21-0014 Blind SQL injection possible via MNet authentication
- MSA-21-0015 Stored XSS in quiz grading report via user ID number
- MSA-21-0016 Files API should mitigate denial-of-service risk when adding to the draft file area
- MSA-21-0018 Reflected XSS and open redirect in LTI authorization endpoint
- MSA-21-0019 Upgrade H5P PHP library to latest minor version (upstream)