moodle 4.1.2 Security und Bugfix Release

moodle Logo

Die Entwickler der freien E-Learningplattform moodle, haben das Update 4.1.2 veröffentlicht. Das Update behebt zahlreiche Fehler und schließt Sicherheitslücken.

moodle 4.1.2 Release Notes

General fixes and improvements

  • MDL-69690 – Require Assessment Grade for Workshop Activity Completion Blocked
  • MDL-66221 – Deleted activities cannot be restored from recycle bin when backup_auto_activities setting is disabled
  • MDL-70586 – Feedback: the preview icon shouldn’t be displayed for students
  • MDL-74756 – Previous activity with completion not working if activity completion is disabled
  • MDL-76525 – mod_data: Missing validation of image width and height
  • MDL-76947 – Dropdown menus are narrower and unnecessarily wrap
  • MDL-73847 – LTI 1.3: Keyset fetch does not use the HTTP proxy
  • MDL-75719 – Wrong completion status for hidden grade items
  • MDL-77003 – Template string helper does not render complex language strings
  • MDL-58945 – Showing rendered question text can break JS: disable filtering on quiz edit page and make optional in the question bank
  • MDL-74905 – Decide Moodle 4.2 requirements and push them to environment.xml (due date: 2022-12-26)
  • MDL-74698 – Course backups from versions earlier than 3.11.7 lose format options on restore
  • MDL-77014 – Single activity course format should support multilang course titles
  • MDL-75012 – Bump nodejs from lts/gallium to stable (>=v18.x.x, now lts/hydrogen)
  • MDL-77140 – LTI Custom Parameter not set from Content-Item Message
  • MDL-77230 – The preview of questions for feedback is still possible via WebServices
  • MDL-76620 – BigBlueButton external guests not possible when “forcelogin” setting is turned on
  • MDL-77322 – Authenticate token requests via HTTP headers cannot be turned off
  • MDL-76314 – Add missing form validation when combining single discussion and separate group
  • MDL-77057 – Module override forms are not correctly formatting group names
  • MDL-77210 – Quiz ‘Try another question like this one’ breaks regrading
  • MDL-76904 – Question bank: Question highlight is missing after we go back and forth between pages
  • MDL-76298 – Drag drop questions don’t validate that drop zones have been defined (causing division by zero errors in the statistics)
  • MDL-77241 – Javascript console errors opening section/activity menus when editing course
  • MDL-77290 – Editing audio/video elements in TinyMCE produce a new element
  • MDL-76791 – Cache: Locking does not work when store supports multiple identifiers
  • MDL-76878 – Prohibiting editownprofile capability breaks functionality of blocks/content bank
  • MDL-63608 – Access order when manually grading quizzes
  • MDL-76948 – Description of submission_unlocked event says “locked” instead of “unlocked”
  • MDL-76066 – Deleting a field when applying a preset doesn’t raise ‘field deleted’ event
  • MDL-76602 – Cannot add LTI 1.3 LTI service without modifying locallib
  • MDL-77024 – Quiz editing log events have the wrong edulevel
  • MDL-76967 – Question bank question last used column line height
  • MDL-77018 – Error loading question bank statistics if the context no longer exists
  • MDL-76447 – Tiny editor menu doesn’t follow editor when scrolling the page on Boost theme
  • MDL-77365 – Inaccurate word count

Accessibility improvements

  • MDL-76672 – block_myoverview: aria-label attribute is not well supported on a div without role attribute
  • MDL-77052 – block_recentlyaccesseditems: Element with role=”list” must have children with role=”listitem”
  • MDL-76569 – When you set a table heading in TinyMCE it does not present as bold text like Atto does
  • MDL-76825 – Accessibility issues reported by Axe in TinyMCE media plugin
  • MDL-77318 – core / user_menu: aria-label attribute is not well supported on a div without role attribute
  • MDL-76313 – improve accessibility on subscribers page
  • MDL-76562 – Atto removed the justify text button. TinyMCE should too to aid accessibility

Security improvements

  • MDL-76478 – Browsers auto-completing the user’s password into inappropriate password unmask form fields
  • MDL-76370 – Public / private paths security report is inaccurate when using HTTP proxy
  • MDL-75454 – sesskey included in URL in cache administration adding and editing stores

Security fixes

A number of security related issues were resolved. Details of these issues will be released after a period of approximately one week to allow system administrators to safely update to the latest version.

Quelle: Moodle 4.1.2 | Moodle Developer Resources

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert