Moodle 4.1.1 Security und Bugfix Release

Die Entwickler der freien E-Learningplattform moodle, haben vor ein paar Wochen das Update 4.1.1 veröffentlicht. Das Update behebt zahlreiche Fehler und schließt Sicherheitslücken.

Moodle LTS 4.1.1 Release Notes

Here is the full list of fixed issues in 4.1.1.

General fixes and improvements​

• MDL-69570 – Reset and delete all submissions doesn’t delete the assignfeedback_editpdf files
• MDL-76106 – Drag and Drop Marker Question Type: Incorrect/lost marker positions (follow-up of MDL-71145 and MDL-72679)
• MDL-68981 – Recycle bin does not include user data if “General restore defaults > Include users” is No
• MDL-76258 – Restoring mod_lti course modules with LTI 1.3 produces database errors when using preconfigured tools
• MDL-76274 – bump_submission_for_stale_conversions adhoc task runs in situations when it shouldn’t
• MDL-74454 – SCORM bugs when it has three or more levels
• MDL-76330 – Edit icon also shown for enrolment methods when enrol/{method}:config is not granted
• MDL-76061 – Calendar event type cannot be changed from type “user”
• MDL-66924 – Users with “mod/forum:postprivatereply” capability cannot view their own private replies when “mod/forum:readprivatereplies” is not enabled
• MDL-74779 – BigBlueButton recordings show up ordered by name instead of date
• MDL-76225 – ‘Absolute ‘direct links to sections (course/view.php?id=25122#sectionid-346124-title) do not work any more, only course/view.php?id=25122#section-4
• MDL-75279 – LTI NRPS response omits username property
• MDL-76380 – Unable to edit OAuth2 Service if requireconfirmation is disabled
• MDL-76251 – Forum on the phone is bigger than device’s width
• MDL-72563 – Rubric content is shown out of the area when zooming in
• MDL-76666 – setlocale() problems with locale strings longer than 255 characters
• MDL-69071 – CLI installer triggers debugging if langpack download fails (Fatal error in PHP 8.0)
• MDL-60038 – Web service users should not have to accept site policies
• MDL-75914 – Quiz test_process_attempt test sends debugging output if an essay question is present in the attempt and that question includes attaachments
• MDL-76193 – Backup and restore with tags for quiz category questions fails
• MDL-32105 – Glossary: Allows special characters in keywords
• MDL-75588 – Student’s Timeline should show a TO-DO submission task after another attempt is granted in an Assignment
• MDL-76273 – No filename for custom report’s PDF download for multibyte char name
• MDL-75441 – Guest users no longer prompted to create an account and enrol in order to post in a forum
• MDL-76571 – Description questions appearing in the quiz reports
• MDL-76674 – String for timezone america/ciudad_juarez not found (tzdb 2022g)
• MDL-76679 – Admin config fields of type password inconsistent behaviour
• MDL-76487 – Tiny editor is still reloading old content (and console errors on save)
• MDL-75965 – Questions: Misalignment of correct and incorrect icons in multichoice
• MDL-76308 – Question\D&D: The draggable area seem to have very tall/slim characters to select
• MDL-53137 – Min and max limits are reversed in calculated questions with a negative answer and geometric tolerance
• MDL-75789 – Long multibyte course shortname ruins course restoration process (Incorrect string value: ‘\xD1_1’ for column ‘shortname’ at row 1)
• MDL-76250 – Submission page asks to “Reload page” when selecting a filter
• MDL-75281 – BigBlueButton upgrade script failure when recording table exists
• MDL-75381 – Grader report generate an exception with PHP 8.0
• MDL-73017 – Add environment check for versions not supporting PHP 8.1
• MDL-76074 – Activity completion reports filter by first name and surname not working with custom profile fields
• MDL-72019 – The custom user profile field for dates showing unixtime when downloading via bulk user actions
• MDL-76476 – Image preview tries to load preview when no image is set
• MDL-75571 – Timeline block uses stock LTI icon even if it has been customized
• MDL-75826 – Parameter ‘returnto’ is ignored when editing a user
• MDL-76127 – The profiling URL link on the breadcrumbs summary page is not clickable on the Boost theme
• MDL-76145 – Long course names and course id exceeding available space on the manage courses and categories page
• MDL-76446 – Course participant shows active users when filtering by inactive and keyword
• MDL-76166 – Username logging not honoured in complete_user_login
• MDL-75346 – Resetting dashboards containing a missing block displays an exception

Accessibility improvements​

• MDL-74822 – Accessibility issues with user tours
• MDL-76597 – Quiz editing page accessibility issues
• MDL-76601 – Action menus in course cards in My courses cannot be navigated to by keyboard
• MDL-76803 – Make the options in the Email display select box more concise

For developers​

• MDL-75105 – List available behat data generators on admin/tool/behat/index.php

Security fixes​

• MSA-23-0001 – Reflected XSS risk in some returnurl parameters
• MSA-23-0002 – Reflected XSS risk in blog search
• MSA-23-0003 – Possible to set the preferred “start page” of other users

Quelle: Moodle 4.1.1 | Moodle Developer Resources