moodle E-Learningplattform Security und Bugfix Release 4.2.1

Die Entwickler der freien E-Learningplattform moodle, haben das Update 4.2, 4.1.3 sowie 4.0.8 veröffentlicht. Die Updates beheben zahlreiche Fehler und schließen Sicherheitslücken.

moodle 4.2.1 Release Notes

General fixes and improvements​

• MDL-75576 – Question bank statistics are fetched inefficiently
• MDL-75623 – Encode pluginfile.php urls in backup
• MDL-73138 – & (ampersand) is displayed as & in group and role names in the participants list filter
• MDL-75552 – Badgr.com is not working because the apiBase in badgeconnect.json is ignored
• MDL-77791 – File search areas for database activity entries need to index using the content id
• MDL-78087 – The H5P Timeline activity is not displayed
• MDL-78010 – Improve performance/information for the labels upgrade in MDL-77612
• MDL-78047 – Links with a new line in Text and media area aren’t displayed within the text box
• MDL-77997 – Regression: can no longer download a single question in Moodle XML format when previewing it
• MDL-76936 – Activity dates not reflecting in the course page after resetting course start date
• MDL-78346 – langimport can accidentally uninstall all languages
• MDL-78260 – Statistics for Random quiz questions: View details link broken
• MDL-78151 – The setGregorianChange() error appears on the profile page when the Kyiv time zone is selected.
• MDL-78065 – TinyMCE link icon doesn’t work correctly
• MDL-77451 – Quick switching between selectors throws exception
• MDL-77766 – Multi-choice and True-false labelling need to respect showstandardinstruction setting
• MDL-76903 – Hidden final page in Book prevents activity completion
• MDL-76693 – Activity Chooser – Activity Summary content overlap/scroll issue
• MDL-73331 – Accessibility toolkit advanced page update for page flow issues
• MDL-75696 – Errors when restoring pre-4.0 quiz backups
• MDL-77933 – Dynamic registration should return site name and logo
• MDL-77987 – Backup is timing out for huge courses with a lot of files to annotate
• MDL-77883 – Themes: Error message display for text area field client side form validation is not reliably updated
• MDL-76835 – Unordered lists indented incorrectly in the web page and the Atto editor
• MDL-77546 – Fix the sorting order of the items in the grade items selector in Single view report
• MDL-78125 – Feedback Modal not showing on quiz – Embedded answers (Cloze)
• MDL-76344 – Course image „non image file“ should not be displayed on the left like image file
• MDL-78052 – Upgrade Font Awesome Library to 6.4.0
• MDL-78094 – Soap protocol broken in Moodle 4.2
• MDL-78054 – Encrypted mobile notifications: payload can be encrypted several times
• MDL-78242 – Inconsistent coursecontact checking can lead to PHP notices during plugin installation
• MDL-78176 – Drag and drop onto image/Drag and drop markers create question: Theme oddity in Preview section
• MDL-78149 – Database: Separate groups database – can’t switch groups if the group has no entries.
• MDL-78152 – No editing button for students in book with the right to create new chapters in boost
• MDL-77810 – Grade summary: plugin types not translated
• MDL-77781 – Course Reset: course_modules_viewed entries not deleted
• MDL-78023 – tool_policy in Moodle 4.1.2: Spreadsheet (CSV/XLSX/ODT) download in some cases not working
• MDL-78364 – Calculate custom report schedule users earlier
• MDL-78006 – Activity chooser opens twice in the newly added sections (4.2 regression)
• MDL-78034 – Multilanguage group names displayed incorrectly on BigBlueButton module
• MDL-78026 – Multilang filter is not applied when creating calendar events
• MDL-78007 – Tiny editor missing media buttons when teacher is commenting on quiz attempt
• MDL-78170 – Glossary ratings average is not calculated properly using MSSQL database
• MDL-78378 – Survey activity: Instructions for all three types of surveys are missing (M4.1 & M4.2)
• MDL-77313 – Course restore searching is broken

For developers​

• MDL-78308 – preg_match(): Passing null to parameter #2 ($subject) when configuring custom menu items (PHP 8.1)
• MDL-77995 – Building JS modules with Grunt doesn’t work if dirroot contains „/src“
• MDL-77733 – Enable accessibility tests by default during Behat init
• MDL-77799 – REST web service request exceptions are not included in server logs
• MDL-76971 – Finish removing requires of externallib.php from Report builder

Security improvements​

• MDL-78225 – Content bank is leaking user sesskey when switching contexts
• MDL-77320 – License manager leaks sesskey when creating new license
• MDL-76688 – Add \ExplSyntaxOn to latex deny-list to prevent LaTeX3 programming syntax

Security fixes​

A number of security related issues were resolved. Details of these issues will be released after a period of approximately one week to allow system administrators to safely update to the latest version.

Quelle: https://moodledev.io/general/releases/4.2/4.2.1