Skip to main content

Forums
Documentation
Downloads
Demo
Tracker
Development
Translation

What are you looking for?

Learn about Moodle's products, like Moodle LMS or Moodle Workplace, or find a Moodle Certified Service Provider.

Moodle.com

Our social network to share and curate open educational resources.

MoodleNet

Courses and programs to develop your skills as a Moodle educator, administrator, designer or developer.

Moodle Academy

Moodle.com
Learn about Moodle's products, like Moodle LMS or Moodle Workplace, or find a Moodle Certified Service Provider.

MoodleNet
Our social network to share and curate open educational resources.

Moodle Academy
Courses and programs to develop your skills as a Moodle educator, administrator, designer or developer.

Moodle 4.1.16

Unsupported Moodle Version

This version of Moodle is no longer supported for general bug fixes.
You are encouraged to upgrade to a supported version of Moodle.

Release date: 10 February 2025

Here is the full list of fixed issues in 4.1.16.

General fixes and improvements

MDL-84152 - URLs generated by getExternalTestFileUrl() now contain double forward slash
MDL-83988 - Remove git diffs for JavaScript maps, minified JavaScript, and similar

Security fixes

MSA-25-0001 - Arbitrary file read risk through pdfTeX
MSA-25-0002 - Feedback response viewing and deletions did not respect Separate Groups mode
MSA-25-0003 - Non-searchable tags can still be discovered on the tag search page and in the tags block
MSA-25-0004 - Stored XSS in ddimageortext question type
MSA-25-0005 - Stored XSS risk in admin live log
MSA-25-0007 - Upgrade RequireJS including security fix (upstream)
MSA-25-0008 - IDOR in badges allows disabling of arbitrary badges
MSA-25-0009 - Teachers can evade trusttext config when restoring glossary entries
MSA-25-0010 - SQL injection risk in course search module list filter

General fixes and improvements
Security fixes