Skip to main content

Moodle 4.1.11

Unsupported Moodle Version
This version of Moodle is no longer supported for general bug fixes.
You are encouraged to upgrade to a supported version of Moodle.

Release date: 10 June 2024

Here is the full list of fixed issues in 4.1.11.

General fixes and improvements

  • MDL-81897 - Incorrect handling of partitioned cookies is preventing the mobile app from using the "embedded browser" authentication method

Security fixes

  • MSA-24-0021 - BigBlueButton web service leaks meeting joining information to users who should not have access
  • MSA-24-0022 - Stored XSS via calendar's event title when deleting the event
  • MSA-24-0023 - HTTP authorization header is preserved between "emulated redirects"
  • MSA-24-0024 - CSRF risks due to misuse of confirm_sesskey
  • MSA-24-0025 - QR login key and auto-login key for the Moodle mobile app should be generated as separate keys