Skip to main content

Moodle 4.2.7

Unsupported Moodle Version
This version of Moodle is no longer supported for general bug fixes.
You are encouraged to upgrade to a supported version of Moodle.

Release date: 22 April 2024

Here is the full list of fixed issues in 4.2.7.

General fixes and improvements

  • MDL-78547 - Question modifications made during quiz preview are not visible
  • MDL-69656 - H5P embeds not rewritten during restore/import
  • MDL-52891 - Unable to overwrite old wildcards in a calculated simple question
  • MDL-78370 - Course Overview Block Performance
  • MDL-79174 - "Membership is hidden" groups do not work for availability restrictions
  • MDL-81327 - Resolve log and loglive report issues when external database are used to store logs
  • MDL-80766 - The grader report does not accept unlimited grades
  • MDL-79802 - Add a new setting for adding custom H5P styles
  • MDL-78902 - Error when restoring quiz with random questions
  • MDL-77779 - Fatal error when restoring a Moodle 3.11 course with competencies to 4.1
  • MDL-76024 - Calculated Question - Negative Answer with Units incorrectly evaluated
  • MDL-80684 - When PHP runs out of memory, tasks are treated as still running instead of being marked as failed
  • MDL-81060 - Private files area quota applies when unzipping to non-private file areas
  • MDL-80865 - Label printed for empty textarea course custom fields
  • MDL-80565 - Fix log and loglive report user selectors to show the list in expected order
  • MDL-81127 - Support filters on course completion message
  • MDL-81114 - Selecting random questions to start a quiz attempt does not handle draft state correctly
  • MDL-80835 - Add CHIPS support to LTI cookies
  • MDL-79712 - Ensure SameSite=None on MoodleSession cookie to retain support for embedded launches
  • MDL-81306 - xsendfiles cannot support per-request directories
  • MDL-80818 - When Completion conditions are locked, the radio buttons options should remain disabled
  • MDL-78457 - Link to Participants changes to site id if user cannot view for current course
  • MDL-81402 - Activity Chooser won't load after indenting content
  • MDL-80481 - Missing the breadcrumb in the Activity completion on the Classic theme
  • MDL-80930 - Course delete modules adhoc task handle non deletable modules
  • MDL-81405 - Support Chrome's partitioned cookies in the mobile app
  • MDL-80827 - XMLDB editor broken with PHP 8.1
  • MDL-81584 - Gradebook popover is positioned below the table footer, so an option can't be seen
  • MDL-80836 - Replace session piggyback with login flow during account linking process in LTI provider
  • MDL-81393 - VideoJS not playing .ogv files in Chrome browser
  • MDL-80765 - Creating fields with space at the end break the Add entry template
  • MDL-80598 - Bigbluebuttonbn adhoc tasks do not gracefully handle missing course modules or users
  • MDL-81300 - Inline edit icons overlap drag and drop to upload on Course
  • MDL-81307 - Fix course bulk action buttons in sticky footer in small resolutions
  • MDL-80934 - "Text and media" resources are not automatically open when clicking the course index if their section is collapsed
  • MDL-80919 - Duplicate empty section throws an error
  • MDL-80869 - Fix random BigBlueButton test failure getting meeting information from log
  • MDL-80936 - Custom field report columns show default values when they shouldn't
  • MDL-81472 - Exception related to the SCORM activity hinders privacy data processing
  • MDL-79829 - Use move or grab/grabbing cursors, not a copy cursor when moving elements
  • MDL-80917 - asynchronous_copy_task does not clear course cache
  • MDL-80943 - Custom reports containing "select" custom fields offer incorrect aggregation
  • MDL-80605 - User upload DB error when matching by email and new and existing upload type
  • MDL-80167 - Add environment check for Oracle database
  • MDL-80338 - Unable to embed Youtube video on a URL resource when title of video contains quotation mark
  • MDL-77015 - HTML in database field management page escaped in an unexpected way

Accessibility improvements

  • MDL-68674 - Dashboard block headings should be h3, not h5; and there should be an overall block heading
  • MDL-79007 - Improve screen reader feedback in calendar UI
  • MDL-70829 - ARIA role presentation conflicts with the empty alt
  • MDL-80195 - Moodleform datepicker in report builder filter form shifts the focus to "Skip to main content" link
  • MDL-81029 - When adding a new activity module the title attribute is "Editing..." instead of "Adding..."
  • MDL-80279 - Missing alt text in the common user header when user does not have picture
  • MDL-80183 - Online status in messaging toolbar has no alt text. Plus incorrect use of ARIA label
  • MDL-80731 - Invalid /Lang attribute in generated PDF files
  • MDL-80364 - Insufficient colour contrast of the icon on notification message on hover or focus
  • MDL-80469 - Add a legend to the Submit-cancel button group
  • MDL-72923 - Messaging drawer missing levels of headings in search results
  • MDL-80805 - Required form fields should indicate required status
  • MDL-80197 - Datepicker popup in moodleform is not accessible with keyboard

Security improvements

  • MDL-80160 - Site admins selector does not indicate when $CFG->siteadmins is defined in config.php

Security fixes

  • MSA-24-0007 - Broken access control when setting calendar event type
  • MSA-24-0008 - Stored XSS risk when editing another user's equation in equation editor
  • MSA-24-0009 - Stored XSS via user's name on participants page when opening some options
  • MSA-24-0011 - Stored XSS in lesson overview report via user ID number
  • MSA-24-0012 - CSRF risk in admin preset tool management of presets
  • MSA-24-0013 - Authenticated LFI risk in some misconfigured shared hosting environments via modified mod_feedback backup
  • MSA-24-0014 - Authenticated LFI risk in some misconfigured shared hosting environments via modified mod_workshop backup
  • MSA-24-0015 - Authenticated LFI risk in some misconfigured shared hosting environments via modified mod_wiki backup
  • MSA-24-0016 - Authenticated LFI risk in some misconfigured shared hosting environments via modified mod_data backup
  • MSA-24-0017 - Unsanitized HTML in site log for config_log_created
  • MSA-24-0019 - CSRF risk in analytics management of models