Skip to main content

Moodle 3.9.7

Unsupported Moodle Version
This version of Moodle is no longer supported for general bug fixes.
You are encouraged to upgrade to a supported version of Moodle.

Release date: 10 May 2021

Here is the full list of fixed issues in 3.9.7.

General fixes and improvements

  • MDL-71156 - Upgrade step from MDL-67494 corrupts calendar events
  • MDL-52724 - Atto does not generate UL tags when pasting LI tags
  • MDL-69415 - H5P has namespace overlap with mod_hvp, causing unexpected behavior
  • MDL-64336 - When an assignment is frozen students cannot see their submission
  • MDL-69956 - Rubric and Marking Guide gray boxes and unclear error if configured incorrectly
  • MDL-70947 - File upload navigation warning not protecting all uploads and interacts with double-submit protection
  • MDL-71274 - "Students who have not accessed the course recently" insights should not be generated for hidden courses
  • MDL-68716 - Error with forum_discussionlistsortorder during privacy process
  • MDL-70909 - H5P mod/h5pactivity:submit capability incorrectly used
  • MDL-69304 - Import succeeds unintentionally if csv file contains id which has number and string mixed
  • MDL-71460 - Change site registration notifications and newsletter subscriptions to opt-in checkbox
  • MDL-62244 - Link to mod_label redirects to the course, not to the label
  • MDL-71187 - Safe Exam Browser - deeper integration - The information you're about to submit is not secure
  • MDL-71168 - Cannot send message to all users in participation report
  • MDL-71400 - The notification after uploading a grading worksheet is inaccurate
  • MDL-71338 - Wrong content type when exporting user tours
  • MDL-70616 - Filters not applied to rubric name
  • MDL-71200 - When copying a course, mod_folder settings are copied incorrectly
  • MDL-71416 - Course report log for user displays course name instead of users name in header
  • MDL-71171 - Course custom field data remains as default values
  • MDL-71170 - Incorrect error message on course custom field 'text' page
  • MDL-71481 - Flickr public repository not displaying file information
  • MDL-71440 - Assignment submission status info should not be displayed for teachers
  • MDL-71003 - Autocomplete elements in course participant filters obscure text inputs
  • MDL-70980 - Fix review mode in the H5P activity
  • MDL-71059 - Set the default returntype in repository_contentbank (Backport of MDL-70429)
  • MDL-71116 - Backpack API and URL should support more than 50 characters
  • MDL-71107 - Content bank content's author is not restored when copying a course
  • MDL-70863 - Q&A forums incorrectly display a "post cannot be viewed by you" error in some circumstances
  • MDL-70786 - Some course report pages are displaying only the users's first name

Accessibility improvements

  • MDL-71087 - File picker: Focus lost after 'Create folder'

Security fixes

  • MSA-21-0012 Forum CSV export could result in posts from all courses being exported
  • MSA-21-0013 Quiz unreleased grade disclosure via web service
  • MSA-21-0014 Blind SQL injection possible via MNet authentication
  • MSA-21-0015 Stored XSS in quiz grading report via user ID number
  • MSA-21-0016 Files API should mitigate denial-of-service risk when adding to the draft file area
  • MSA-21-0018 Reflected XSS and open redirect in LTI authorization endpoint
  • MSA-21-0019 Upgrade H5P PHP library to latest minor version (upstream)

Translations