moodle E-Learning Plattform 4.2 und 4.1.3 sowie 4.0.8 Security und Bugfix Release

Die Entwickler der freien E-Learningplattform moodle, haben das Update 4.2, 4.1.3 sowie 4.0.8 veröffentlicht. Die Updates beheben zahlreiche Fehler und schließen Sicherheitslücken.

moodle 4.2 Release Notes

Major UX improvements​

Gradebook​

• MDL-77030 – Display feedback in the Grader report
• MDL-76149 – Implement “records per page” selector in the Grader report
• MDL-75274 – Ability to collapse/expand items (columns) in the Grader report
• MDL-76147 – Implement dropdown menu for the header actions in the Grader report table
• MDL-77029 – Revamp the column sorting in the Grader report
• MDL-77032 – Collapsible grade categories in the Gradebook setup
• MDL-76143 – Implement search functionality in the Grader report
• MDL-77033 – Indicators when the state of a grade item or category is changed in the Gradebook setup
• MDL-76150 – General styling improvements to the Grader report
• MDL-76146 – Move grade actions (hide, show, lock, grade analysis) to dropdown menu in the Grader report table
• MDL-77031 – General styling improvements to the Gradebook setup
• MDL-76139 – Implement a new group selector in the Grader report

Database activity​

• MDL-76360 – Improve the look and feel of the Database fields page
• MDL-76357 – Make sticky footer more prominent and noticeable
• MDL-75498 – Add ##otherfields##, [[FIELD#name]] and [[FIELD#description]] tags to the database templates
• MDL-75337 – Change Delete buttons’ style on Database to ‘danger’ button

Course hierarchy​

• MDL-76990 – Recover move right/left functionality removed/hidden for 4.0
• MDL-76997 – Add an option for admins to reset indentation for courses on the site
• MDL-76992 – Apply indentation on the course index
• MDL-76991 – New course format setting to enable/disable course indentation in Weeks and Topics

Other Major features​

TinyMCE 6 improvements and setting as the default editor​

• MDL-76866 – Make TinyMCE the default editor
• MDL-77308 – Remove the legacy TinyMCE editor from core (editor_tinymce)
• MDL-76867 – Allow Moodle TinyMCE plugins to be disabled
• MDL-76520 – Add a TinyMCE link plugin

MoodleNet integration – phase 1​

• MDL-75316 – Implement LMS foundation for sharing content to MoodleNet (share activities)
• MDL-75650 – Add OAuth 2.0 Authorization Server Metadata support to issuers and create MoodleNet issuer

Bulk course activity editing​

• MDL-76783 – The basic bulk section and activity selection UI
• MDL-76850 – Add bulk duplicate activity action
• MDL-76893 – Add bulk activity move action
• MDL-76848 – Add bulk availability edit action
• MDL-76894 – Add bulk section move
• MDL-76895 – Add fast selections to the bulk editing
• MDL-76851 – Add bulk delete action
• MDL-74989 – Migrate delete activity course tools to the new reactive actions
• MDL-74987 – Migrate duplicate activity course tools to the new reactive actions

BigBlueButton​

• MDL-74664 – Option to restrict recording formats viewable by everyone
• MDL-75753 – Add support for SHA256 (and longer) to BigBlueButton
• MDL-76551 – Option to show profile pictures of participants in BBB sessions
• MDL-75334 – Create a set of test courses which include BigBlueButton activities

Quiz and questions​

• MDL-35745 – There must be a way to get a “Never submitted” quiz attempt back to the “In progress” state
• MDL-74609 – Quiz: allow the displayed question numbers to be customised
• MDL-71261 – Quiz user override should only get enrolled users

Report builder​

• MDL-77056 – Add relative date filter option to select dates before given period
• MDL-74145 – Create API for report bulk actions
• MDL-76154 – Add files to custom blog reporting
• MDL-77062 – Add more filters/conditions fields in course_completion entity
• MDL-77201 – Allow report column callbacks to define how aggregated data is displayed
• MDL-76479 – Custom report time filter should support last/current/next hour
• MDL-76933 – Create “User badges” custom report source

Content bank and H5P​

• MDL-67789 – Add support to “Save content state” in mod_h5pactivity
• MDL-77049 – Customise H5P styles via Raw SCSS theme setting

Assignment​

• MDL-45301 – Option to set PDF font in course settings for generated PDF files
• MDL-55929 – Messaging from Assignment

Usability improvements​

• MDL-75596 – Adding new activities should be possible anywhere in a section
• MDL-62839 – Deselect “Accept grades from this tool” by default for new LTI instances
• MDL-75908 – Links added in the navbar should receive focus/active behaviour (custommenuitems) on the Boost theme
• MDL-31235 – Support text format for marking guide criteria and levels
• MDL-40600 – Add ability to duplicate a course section
• MDL-74465 – Display block configuration form in a popup
• MDL-68347 – Add a way to find which users were created during course restore process
• MDL-76377 – Improve links to moodle.org / moodle.academy (course creators/teachers)
• MDL-76418 – Have a way to get the permalink to a course section

Other Highlights​

Functional changes​

• MDL-74272 – Reassess the inclusion of the plugin name on the course page
• MDL-77291 – Show text and media elements (aka labels) in the course index also in non edit mode
• MDL-75594 – Change course module creation to support parameter for inserting modules at any place in the section
• MDL-77387 – Copy course UI – enrol a user such as editingteacher in the copied course
• MDL-76312 – Subscribers list should ordered by name
• MDL-76386 – Provide option to have group count before names when adding users to group
• MDL-77130 – Add cohort custom fields functionality
• MDL-70226 – Default tab in the activity chooser should be recommended activities

For administrators​

• MDL-68093 – Membership in some groups should be hidden from some roles for FERPA/ADA compliance
• MDL-77406 – Log every time a user adds a file to a draft area
• MDL-73503 – Add filtering by section to report_progress
• MDL-65471 – Optionally allow CLI PHP upgrade.php –no-outage
• MDL-77370 – New setting for the “Services and support” URL
• MDL-74874 – Mark readonly sessions as no longer experimental
• MDL-61789 – Allow to choose custom profile fields from OAuth 2 field mappings
• MDL-70975 – Add new options to admin/cli/adhoc_task.php and from admin web UI
• MDL-77385 – CLI Script to enable or disable the emailstop flag
• MDL-64153 – Allow administrator to override sqlsrv connection options
• MDL-72775 – Add a new status check for the cron task API to watch very long running tasks

Performance​

• MDL-70687 – Redis session lock expiration should default shorter than session timeout
• MDL-77232 – Optimize LTI 1.3 gradesync task
• MDL-72559 – The core plugin_functions cache should be allowed to be stored locally
• MDL-77186 – Add a keep-alive setting to admin/cli/cron.php
• MDL-76129 – Improve upgrade/install performance relating to capabilities and settings
• MDL-75667 – Improve speed of admin/blocks.php by combining db counts

Security improvements​

• MDL-76722 – Add encrypted mobile notifications support (also see MDL-77893)
• MDL-76755 – Improve default coverage of “cURL blocked hosts list” by including 127.0.0.0/8

For developers​

• MDL-76135 – Import the Guzzle library in LMS
• MDL-76989 – Upgrade Font Awesome to 6.3.0
• MDL-76219 – Switch from Box/Spout to OpenSpout/OpenSpout
• MDL-73144 – Allow use of dartsass for scss compilation
• MDL-76134 – Build a reusable filter output component
• MDL-71096 – All APIs should be listed in code
• MDL-77714 – Remove Travis support from core
• MDL-72609 – Convert pendingPromise to native Promise
• MDL-76583 – Move lib/externallib.php to namespaced classes and fix coding style, etc

Migration away from YUI3​

• MDL-77172 – Migrate moodle-tool_capability-search to ESM
• MDL-77171 – Migrate moodle-core-tooltip and moodle-core-popuphelp to ESM
• MDL-77009 – Replace moodle-tool_monitor-dropdown with ESM or generic
• MDL-58615 – Remove YUI CDN support
• MDL-77007 – Remove auth-passwordunmask YUI module
• MDL-69164 – Convert question/qengine.js to AMD modules

Web service additions and updates​

• MDL-77643 – Return via tool_mobile_get_config site location settings to properly display the user time zone in the app

Core plugins removed​

• MDL-72350 – Remove Assignment 2.2 (mod_assignment) from core
• MDL-77163 – Remove cachestore_mongodb from core
• MDL-77161 – Remove cachestore_memcached from core

Deprecations​

• MDL-52805 – Final deprecation of legacy log store
• MDL-76898 – Quiz: final deprecations for things deprecated before 3.10

Component API updates​

• admin/tool/generator/upgrade.txt
• admin/tool/lp/upgrade.txt
• admin/tool/mobile/upgrade.txt
• admin/upgrade.txt
• analytics/upgrade.txt
• auth/upgrade.txt
• availability/upgrade.txt
• blocks/upgrade.txt
• cache/upgrade.txt
• cohort/upgrade.txt
• comment/upgrade.txt
• course/format/upgrade.txt
• course/upgrade.txt
• customfield/upgrade.txt
• enrol/upgrade.txt
• grade/report/upgrade.txt
• group/upgrade.txt
• lib/editor/tinymce/upgrade.txt
• lib/editor/tiny/plugins/accessibilitychecker/upgrade.txt
• lib/editor/tiny/upgrade.txt
• lib/form/upgrade.txt
• lib/upgrade.txt
• lib/xapi/upgrade.txt
• message/upgrade.txt
• mod/assignment/type/upgrade.txt
• mod/assign/upgrade.txt
• mod/bigbluebuttonbn/upgrade.txt
• mod/data/upgrade.txt
• mod/feedback/upgrade.txt
• mod/h5pactivity/upgrade.txt
• mod/lti/upgrade.txt
• mod/quiz/accessrule/upgrade.txt
• mod/quiz/report/upgrade.txt
• mod/quiz/upgrade.txt
• mod/upgrade.txt
• mod/workshop/upgrade.txt
• plagiarism/upgrade.txt
• question/engine/upgrade.txt
• question/upgrade.txt
• reportbuilder/upgrade.txt
• report/upgrade.txt
• search/upgrade.txt
• theme/upgrade.txt
• user/upgrade.txt
• webservice/upgrade.txt

moodle 4.1.3 Release Notes

General fixes and improvements​

• MDL-74452 – Quiz and question versions: confusing errors if all versions of a question are draft
• MDL-76257 – Activity intro / format does not respect user editor preferences on creation
• MDL-72533 – Calendar event table performance is slow
• MDL-77523 – Textarea database field should honor preferred editor format
• MDL-76309 – Submissions download as ZIP not compatible with upload of feedback files
• MDL-76986 – TinyMCE 6 does not use translated strings
• MDL-76481 – Download accessibility summary report giving error in PHP8
• MDL-77105 – Non-monologo icons are being rendered as whitened out
• MDL-77670 – Course summary format not preserved after saving data
• MDL-76995 – Apply indentation on the course index (backport of MDL-76992)
• MDL-73771 – Scroll bar in a course can get hidden in large courses
• MDL-77012 – Unable to select Heading options in new TinyMCE editor
• MDL-76993 – Recover move right/left functionality removed/hidden for 4.0 (backport of MDL-76990)
• MDL-76994 – New course format level setting to enable/disable course indentation in 4.0 and 4.1 (backport of MDL-76991)
• MDL-70976 – H5P activity error while adding a new event in calendar
• MDL-76998 – Add an option for admins to reset indentation for courses on the site for 4.0 and 4.1 (backport of MDL-76997)
• MDL-77833 – Course content change notification subject does not process multi-lang filter
• MDL-77897 – TinyMCE editor does not save modifications in assignment feedback comments
• MDL-77324 – Inconsistent menus on singleview report page
• MDL-77807 – File report does not aggregate columns correctly
• MDL-77552 – Add module and pluginname to course editor activity state (backport of MDL-77386)
• MDL-75301 – Question preview: version drop-down should have an always latest option
• MDL-77392 – Calendar events may not show up for user
• MDL-77555 – Report builder filters break with params
• MDL-75746 – Problems with backup and restore of quiz slots in Moodle 4.0
• MDL-77456 – Highlight current activity in the course index when navigating from an activity page
• MDL-73642 – Editing the assignment setting “Require students to click the submit button” from “Yes” to “No”, leaves draft submissions as is
• MDL-77762 – There is no back button in the Content bank when viewing a content created by a different user
• MDL-77827 – Unexpected error when logging in using Clever SSO
• MDL-77382 – OAuth 2: broken error handling when denying access to scopes during authorization code flow
• MDL-77626 – Quiz statistics: error if a random question has zero max mark in a quiz
• MDL-77148 – Question bank: Filtering question by tags and then deleting, throws errors
• MDL-76212 – Fix the responsive design of the the gradebook tertiary nav
• MDL-77692 – Custom field names shown unformatted as custom report conditions/filters
• MDL-77773 – Over large size of Quiz question and feedback boxes with TinyMCE
• MDL-76303 – Fix User Limit to match BBB maxParticipants

Accessibility improvements​

• MDL-76941 – Ensure that user tours resize and reposition accordingly when page zoom is changed
• MDL-77856 – HTML parsing error related to qtype_multianswer feedback in its subquestions
• MDL-77761 – Editor format select element does not have a label
• MDL-77764 – Content bank context selection element does not have a label

Security improvements​

• MDL-77618 – Browsers auto-completing the user’s password into admin setting password unmask fields
• MDL-76680 – Prevent $USER->ignoresesskey from remaining enabled beyond its intended usage
• MDL-73610 – Upgrade xmldom dev dependency

Security fixes​

A number of security related issues were resolved. Details of these issues will be released after a period of approximately one week to allow system administrators to safely update to the latest version.

moodle 4.0.8 Release Notes

General fixes and improvements​

• MDL-74452 – Quiz and question versions: confusing errors if all versions of a question are draft
• MDL-76257 – Activity intro / format does not respect user editor preferences on creation
• MDL-72533 – Calendar event table performance is slow
• MDL-77523 – Textarea database field should honor preferred editor format
• MDL-76481 – Download accessibility summary report giving error in PHP8
• MDL-77105 – Non-monologo icons are being rendered as whitened out
• MDL-77670 – Course summary format not preserved after saving data
• MDL-76995 – Apply indentation on the course index (backport of MDL-76992)
• MDL-73771 – Scroll bar in a course can get hidden in large courses
• MDL-76993 – Recover move right/left functionality removed/hidden for 4.0 (backport of MDL-76990)
• MDL-76994 – New course format level setting to enable/disable course indentation in 4.0 and 4.1 (backport of MDL-76991)
• MDL-70976 – H5P activity error while adding a new event in calendar
• MDL-76998 – Add an option for admins to reset indentation for courses on the site for 4.0 and 4.1 (backport of MDL-76997)
• MDL-77833 – Course content change notification subject does not process multi-lang filter
• MDL-77552 – Add module and pluginname to course editor activity state (backport of MDL-77386)
• MDL-75301 – Question preview: version drop-down should have an always latest option
• MDL-77392 – Calendar events may not show up for user
• MDL-77555 – Report builder filters break with params
• MDL-75746 – Problems with backup and restore of quiz slots in Moodle 4.0
• MDL-77456 – Highlight current activity in the course index when navigating from an activity page
• MDL-73642 – Editing the assignment setting “Require students to click the submit button” from “Yes” to “No”, leaves draft submissions as is
• MDL-77762 – There is no back button in the Content bank when viewing a content created by a different user
• MDL-77827 – Unexpected error when logging in using Clever SSO
• MDL-77382 – OAuth 2: broken error handling when denying access to scopes during authorization code flow
• MDL-77626 – Quiz statistics: error if a random question has zero max mark in a quiz
• MDL-77148 – Question bank: Filtering question by tags and then deleting, throws errors
• MDL-77692 – Custom field names shown unformatted as custom report conditions/filters
• MDL-76303 – Fix User Limit to match BBB maxParticipants

Accessibility improvements​

• MDL-76941 – Ensure that user tours resize and reposition accordingly when page zoom is changed
• MDL-77856 – HTML parsing error related to qtype_multianswer feedback in its subquestions
• MDL-77761 – Editor format select element does not have a label
• MDL-77764 – Content bank context selection element does not have a label

Security improvements​

• MDL-77618 – Browsers auto-completing the user’s password into admin setting password unmask fields
• MDL-76680 – Prevent $USER->ignoresesskey from remaining enabled beyond its intended usage
• MDL-73610 – Upgrade xmldom dev dependency

Security fixes​

A number of security related issues were resolved. Details of these issues will be released after a period of approximately one week to allow system administrators to safely update to the latest version.