Skip to main content

Moodle 4.1.5

Unsupported Moodle Version
This version of Moodle is no longer supported for general bug fixes.
You are encouraged to upgrade to a supported version of Moodle.

Release date: 14 August 2023

Here is the full list of fixed issues in 4.1.5.

General fixes and improvements

  • MDL-78618 - Very poor performance on my/courses.php
  • MDL-77591 - Assignment feedback files upload is broken for group assignments
  • MDL-76174 - Performance impact on course_overview block and my/courses.php
  • MDL-71133 - Grade decimals are missing prior to the release of grades when using the marking workflow
  • MDL-64648 - Course Manual enrolment instance "Notify before enrolment expires" setting does not default correctly
  • MDL-75115 - RTL tooltip arrow direction
  • MDL-75047 - Revert flipping help icon direction in right-to-left languages
  • MDL-63120 - Badges cron task fails because of a join over +61 tables
  • MDL-78485 - TinyMCE does not allow insertion of script tags
  • MDL-73052 - Images within the description of a page resource won't be displayed unless they are accompanied by text
  • MDL-78056 - Incorrect Attempts Report H5P Core - Fill in the Blanks
  • MDL-78488 - Question bank statistics still being pulled/loaded when associated columns disabled
  • MDL-78297 - Deprecated capabilities feature puts high pressure on caches
  • MDL-76840 - Displayed remaining time does not take into account granted extensions
  • MDL-69983 - Asynchronous course backups should be stored in user backup area
  • MDL-77817 - TinyMCE editor display bug with overlay for source code and small displays
  • MDL-77865 - Quiz question drag and drop text fails after clicking (not dragging) 2 answers
  • MDL-77375 - Dropdowns are being overlapped by their parent containers
  • MDL-77525 - Add text filtering stages
  • MDL-74893 - Auto-Login as Guest Doesn't Work Unless Button is Enabled
  • MDL-78492 - AWS Aurora MySQL does not support COMPRESSED row format
  • MDL-73213 - Dropdown value cleared when opening and closing without change
  • MDL-77378 - Cloze question where all subquestions have zero weight cause Division by zero errors
  • MDL-77679 - Drag and drop question type drag and drop duplicating available options
  • MDL-78674 - Moving Activity in Calendar to another date does not reflect new date on Activity view page
  • MDL-78237 - TinyMCE: Source code modal offset
  • MDL-78391 - RecordRTC Safari not working (A variety of related bugs)
  • MDL-78066 - LTI Advantage content selection error when workshop or other multi-grade-item activities are present
  • MDL-75195 - Missing supportemail field on Moodle install_database.php
  • MDL-76757 - Cannot easily delete all versions of a question
  • MDL-77224 - Attempts should be removed when H5P activity is deleted from a course
  • MDL-78435 - Force error/warning when Moodle assignment start and due date are identical
  • MDL-78632 - Add missing yaml filetype
  • MDL-78622 - Add question to quiz query has wrong join on mdl_question_references causing performance issues
  • MDL-78554 - Add a TinyMCE link plugin (backport of MDL-76520)
  • MDL-75359 - Numeric aggregation in report builder does not work on 'checkbox' user profile fields
  • MDL-78644 - Favicon doesn't support .ico format
  • MDL-78704 - Activity dates string should render raw un-escaped HTML
  • MDL-77180 - Support multilang for custom field category names
  • MDL-78263 - Airnotifier notification name shouldn't be removed when encryption is enabled
  • MDL-77645 - Course Editor JS error when student tries to access course while enrolment method is disabled
  • MDL-78484 - Accessibility: enable checkbox comes after the date picker in tab order
  • MDL-75937 - Frontpage settings incorrectly display config.php
  • MDL-76445 - The zero state flow in the gradebook reports causes usability issues
  • MDL-78018 - Assignment - support multilanguage group names on 'view all submissions page'
  • MDL-78564 - Student unable to submit assignment when the Submission statement is empty but set to required
  • MDL-78460 - Broken HTML coding in Forum timed posts modal
  • MDL-76319 - Add missing continue button after CSV grades import error
  • MDL-76661 - Warnings on the BigBlueButton index page
  • MDL-78742 - Show activity dates default not respected during course upload
  • MDL-78172 - Multilang filter is not applied in forum groups
  • MDL-74824 - Custom change password URL is not included in login notification messages
  • MDL-77396 - Wiki print preview page should not use the site's background image
  • MDL-78676 - Database activity allows save without any activity completion rule selected
  • MDL-78715 - The action menu on payments accounts screen gets overlapped by the layout
  • MDL-78071 - Cohort action menu should not be added for managed cohorts
  • MDL-78443 - Error shown to site admins on the app when not enrolled in any courses
  • MDL-77993 - No navigation item to go to Detailed Statistics report for lesson report in classic theme
  • MDL-78350 - core/dynamic_tabs JS is trying to add JS within JS
  • MDL-78055 - Deprecated: function_exists(): Passing null to parameter of type string when building CSS (PHP 8.1)
  • MDL-78461 - Plagiarism plugin settings links broken on plugins overview page

Accessibility improvements

  • MDL-77690 - Heading hierarchy skips one level
  • MDL-76046 - Secondary navigation can overflow on smaller screens
  • MDL-78542 - mod_url link texts are shown as URL instead of a human-readable text
  • MDL-76673 - Accessibility checker giving colour contrast error on <ol>
  • MDL-78556 - flexible_table should support caption tag for table caption
  • MDL-78550 - HTML validator errors on the gradebook setup page

Security improvements

  • MDL-67852 - Security overview report shows critical warning for "Default role for all users" with default requestdelete config
  • MDL-78714 - Disable client-side TinyMCE DOM Purification

Security fixes

  • MSA-23-0019 - Proxy bypass risk due to insufficient validation
  • MSA-23-0020 - Remote code execution risk when parsing malformed file repository reference
  • MSA-23-0021 - Some block permissions on Dashboard not respected
  • MSA-23-0023 - Stored self-XSS escalated to stored XSS via OAuth 2 login
  • MSA-23-0026 - IDOR in message processor fragments allows fetching of other users' data
  • MSA-23-0028 - Open redirect risk on admin view all policies page
  • MSA-23-0029 - Competency framework tools are not restricted as intended
  • MSA-23-0030 - Quiz sequential navigation bypass possible