Releases > Moodle 3.10.4 release notes

Release date: 10 May 2021

Here is the full list of fixed issues in 3.10.4.

General fixes and improvements

• MDL-71156 - Upgrade step from MDL-67494 corrupts calendar events
• MDL-52724 - Atto does not generate UL tags when pasting LI tags
• MDL-69415 - H5P has namespace overlap with mod_hvp, causing unexpected behavior
• MDL-64336 - When an assignment is frozen students cannot see their submission
• MDL-69956 - Rubric and Marking Guide gray boxes and unclear error if configured incorrectly
• MDL-70947 - File upload navigation warning not protecting all uploads and interacts with double-submit protection
• MDL-71274 - "Students who have not accessed the course recently" insights should not be generated for hidden courses
• MDL-68716 - Error with forum_discussionlistsortorder during privacy process
• MDL-70909 - H5P `mod/h5pactivity:submit` capability incorrectly used
• MDL-69304 - Import succeeds unintentionally if csv file contains id which has number and string mixed
• MDL-71460 - Change site registration notifications and newsletter subscriptions to opt-in checkbox
• MDL-62244 - Link to mod_label redirects to the course, not to the label
• MDL-71187 - Safe Exam Browser - deeper integration - The information you're about to submit is not secure
• MDL-71168 - Cannot send message to all users in participation report
• MDL-71400 - The notification after uploading a grading worksheet is inaccurate
• MDL-71338 - Wrong content type when exporting user tours
• MDL-70616 - Filters not applied to rubric name
• MDL-71200 - When copying a course, mod_folder settings are copied incorrectly
• MDL-71416 - Course report log for user displays course name instead of users name in header
• MDL-71171 - Course custom field data remains as default values
• MDL-71170 - Incorrect error message on course custom field 'text' page
• MDL-71481 - Flickr public repository not displaying file information
• MDL-71329 - MoodleNet profile not being validated properly when linking through the activity chooser
• MDL-71440 - Assignment submission status info should not be displayed for teachers
• MDL-71003 - Autocomplete elements in course participant filters obscure text inputs
• MDL-70980 - Fix review mode in the H5P activity
• MDL-71059 - Set the default returntype in repository_contentbank (Backport of MDL-70429)
• MDL-71116 - Backpack API and URL should support more than 50 characters
• MDL-71107 - Content bank content's author is not restored when copying a course
• MDL-70863 - Q&A forums incorrectly display a "post cannot be viewed by you" error in some circumstances
• MDL-70786 - Some course report pages are displaying only the users's first name

Accessibility improvements

• MDL-71087 - File picker: Focus lost after 'Create folder'

Security fixes

• MSA-21-0012 Forum CSV export could result in posts from all courses being exported
• MSA-21-0013 Quiz unreleased grade disclosure via web service
• MSA-21-0014 Blind SQL injection possible via MNet authentication
• MSA-21-0015 Stored XSS in quiz grading report via user ID number
• MSA-21-0016 Files API should mitigate denial-of-service risk when adding to the draft file area
• MSA-21-0017 Last app access time is visible to non-site-admins on user profile page
• MSA-21-0018 Reflected XSS and open redirect in LTI authorization endpoint
• MSA-21-0019 Upgrade H5P PHP library to latest minor version (upstream)

See also

• Moodle 3.10.3 release notes