Skip to main content

Moodle 4.2.1

Unsupported Moodle Version
This version of Moodle is no longer supported and will not receive fixes for security risks.
You are encouraged to upgrade to a supported version of Moodle.

Release date: 12 June 2023

Here is the full list of fixed issues in 4.2.1.

General fixes and improvements

  • MDL-75576 - Question bank statistics are fetched inefficiently
  • MDL-75623 - Encode pluginfile.php urls in backup
  • MDL-73138 - & (ampersand) is displayed as & in group and role names in the participants list filter
  • MDL-75552 - Badgr.com is not working because the apiBase in badgeconnect.json is ignored
  • MDL-77791 - File search areas for database activity entries need to index using the content id
  • MDL-78087 - The H5P Timeline activity is not displayed
  • MDL-78010 - Improve performance/information for the labels upgrade in MDL-77612
  • MDL-78047 - Links with a new line in Text and media area aren't displayed within the text box
  • MDL-77997 - Regression: can no longer download a single question in Moodle XML format when previewing it
  • MDL-76936 - Activity dates not reflecting in the course page after resetting course start date
  • MDL-78346 - langimport can accidentally uninstall all languages
  • MDL-78260 - Statistics for Random quiz questions: View details link broken
  • MDL-78151 - The setGregorianChange() error appears on the profile page when the Kyiv time zone is selected.
  • MDL-78065 - TinyMCE link icon doesn't work correctly
  • MDL-77451 - Quick switching between selectors throws exception
  • MDL-77766 - Multi-choice and True-false labelling need to respect showstandardinstruction setting
  • MDL-76903 - Hidden final page in Book prevents activity completion
  • MDL-76693 - Activity Chooser - Activity Summary content overlap/scroll issue
  • MDL-73331 - Accessibility toolkit advanced page update for page flow issues
  • MDL-75696 - Errors when restoring pre-4.0 quiz backups
  • MDL-77933 - Dynamic registration should return site name and logo
  • MDL-77987 - Backup is timing out for huge courses with a lot of files to annotate
  • MDL-77883 - Themes: Error message display for text area field client side form validation is not reliably updated
  • MDL-76835 - Unordered lists indented incorrectly in the web page and the Atto editor
  • MDL-77546 - Fix the sorting order of the items in the grade items selector in Single view report
  • MDL-78125 - Feedback Modal not showing on quiz - Embedded answers (Cloze)
  • MDL-76344 - Course image "non image file" should not be displayed on the left like image file
  • MDL-78052 - Upgrade Font Awesome Library to 6.4.0
  • MDL-78094 - Soap protocol broken in Moodle 4.2
  • MDL-78054 - Encrypted mobile notifications: payload can be encrypted several times
  • MDL-78242 - Inconsistent coursecontact checking can lead to PHP notices during plugin installation
  • MDL-78176 - Drag and drop onto image/Drag and drop markers create question: Theme oddity in Preview section
  • MDL-78149 - Database: Separate groups database - can't switch groups if the group has no entries.
  • MDL-78152 - No editing button for students in book with the right to create new chapters in boost
  • MDL-77810 - Grade summary: plugin types not translated
  • MDL-77781 - Course Reset: course_modules_viewed entries not deleted
  • MDL-78023 - tool_policy in Moodle 4.1.2: Spreadsheet (CSV/XLSX/ODT) download in some cases not working
  • MDL-78364 - Calculate custom report schedule users earlier
  • MDL-78006 - Activity chooser opens twice in the newly added sections (4.2 regression)
  • MDL-78034 - Multilanguage group names displayed incorrectly on BigBlueButton module
  • MDL-78026 - Multilang filter is not applied when creating calendar events
  • MDL-78007 - Tiny editor missing media buttons when teacher is commenting on quiz attempt
  • MDL-78170 - Glossary ratings average is not calculated properly using MSSQL database
  • MDL-78378 - Survey activity: Instructions for all three types of surveys are missing (M4.1 & M4.2)
  • MDL-77313 - Course restore searching is broken

For developers

  • MDL-78308 - preg_match(): Passing null to parameter #2 ($subject) when configuring custom menu items (PHP 8.1)
  • MDL-77995 - Building JS modules with Grunt doesn't work if dirroot contains "/src"
  • MDL-77733 - Enable accessibility tests by default during Behat init
  • MDL-77799 - REST web service request exceptions are not included in server logs
  • MDL-76971 - Finish removing requires of externallib.php from Report builder

Security improvements

  • MDL-78225 - Content bank is leaking user sesskey when switching contexts
  • MDL-77320 - License manager leaks sesskey when creating new license
  • MDL-76688 - Add \ExplSyntaxOn to latex deny-list to prevent LaTeX3 programming syntax

Security fixes

  • MSA-23-0016 - XSS risk on groups page
  • MSA-23-0017 - Minor SQL injection risk on Mnet SSO access control page
  • MSA-23-0018 - SSRF risk due to insufficient check on the cURL blocked hosts list