moodle 4.1.2 Security und Bugfix Release

Die Entwickler der freien E-Learningplattform moodle, haben das Update 4.1.2 veröffentlicht. Das Update behebt zahlreiche Fehler und schließt Sicherheitslücken.

moodle 4.1.2 Release Notes

General fixes and improvements​

• MDL-69690 – Require Assessment Grade for Workshop Activity Completion Blocked
• MDL-66221 – Deleted activities cannot be restored from recycle bin when backup_auto_activities setting is disabled
• MDL-70586 – Feedback: the preview icon shouldn’t be displayed for students
• MDL-74756 – Previous activity with completion not working if activity completion is disabled
• MDL-76525 – mod_data: Missing validation of image width and height
• MDL-76947 – Dropdown menus are narrower and unnecessarily wrap
• MDL-73847 – LTI 1.3: Keyset fetch does not use the HTTP proxy
• MDL-75719 – Wrong completion status for hidden grade items
• MDL-77003 – Template string helper does not render complex language strings
• MDL-58945 – Showing rendered question text can break JS: disable filtering on quiz edit page and make optional in the question bank
• MDL-74905 – Decide Moodle 4.2 requirements and push them to environment.xml (due date: 2022-12-26)
• MDL-74698 – Course backups from versions earlier than 3.11.7 lose format options on restore
• MDL-77014 – Single activity course format should support multilang course titles
• MDL-75012 – Bump nodejs from lts/gallium to stable (>=v18.x.x, now lts/hydrogen)
• MDL-77140 – LTI Custom Parameter not set from Content-Item Message
• MDL-77230 – The preview of questions for feedback is still possible via WebServices
• MDL-76620 – BigBlueButton external guests not possible when “forcelogin” setting is turned on
• MDL-77322 – Authenticate token requests via HTTP headers cannot be turned off
• MDL-76314 – Add missing form validation when combining single discussion and separate group
• MDL-77057 – Module override forms are not correctly formatting group names
• MDL-77210 – Quiz ‘Try another question like this one’ breaks regrading
• MDL-76904 – Question bank: Question highlight is missing after we go back and forth between pages
• MDL-76298 – Drag drop questions don’t validate that drop zones have been defined (causing division by zero errors in the statistics)
• MDL-77241 – Javascript console errors opening section/activity menus when editing course
• MDL-77290 – Editing audio/video elements in TinyMCE produce a new element
• MDL-76791 – Cache: Locking does not work when store supports multiple identifiers
• MDL-76878 – Prohibiting editownprofile capability breaks functionality of blocks/content bank
• MDL-63608 – Access order when manually grading quizzes
• MDL-76948 – Description of submission_unlocked event says “locked” instead of “unlocked”
• MDL-76066 – Deleting a field when applying a preset doesn’t raise ‘field deleted’ event
• MDL-76602 – Cannot add LTI 1.3 LTI service without modifying locallib
• MDL-77024 – Quiz editing log events have the wrong edulevel
• MDL-76967 – Question bank question last used column line height
• MDL-77018 – Error loading question bank statistics if the context no longer exists
• MDL-76447 – Tiny editor menu doesn’t follow editor when scrolling the page on Boost theme
• MDL-77365 – Inaccurate word count

Accessibility improvements​

• MDL-76672 – block_myoverview: aria-label attribute is not well supported on a div without role attribute
• MDL-77052 – block_recentlyaccesseditems: Element with role=”list” must have children with role=”listitem”
• MDL-76569 – When you set a table heading in TinyMCE it does not present as bold text like Atto does
• MDL-76825 – Accessibility issues reported by Axe in TinyMCE media plugin
• MDL-77318 – core / user_menu: aria-label attribute is not well supported on a div without role attribute
• MDL-76313 – improve accessibility on subscribers page
• MDL-76562 – Atto removed the justify text button. TinyMCE should too to aid accessibility

Security improvements​

• MDL-76478 – Browsers auto-completing the user’s password into inappropriate password unmask form fields
• MDL-76370 – Public / private paths security report is inaccurate when using HTTP proxy
• MDL-75454 – sesskey included in URL in cache administration adding and editing stores

Security fixes​

A number of security related issues were resolved. Details of these issues will be released after a period of approximately one week to allow system administrators to safely update to the latest version.

Quelle: Moodle 4.1.2 | Moodle Developer Resources