Skip to main content

Forums
Documentation
Downloads
Demo
Tracker
Development
Translation

What are you looking for?

Learn about Moodle's products, like Moodle LMS or Moodle Worplace, or find a Moodle Certified Service Provider.

Moodle.com

Our social network to share and curate open educational resources.

MoodleNet

Courses and programs to develop your skills as a Moodle educator, administrator, designer or developer.

Moodle Academy

Moodle.com
Learn about Moodle's products, like Moodle LMS or Moodle Worplace, or find a Moodle Certified Service Provider.

MoodleNet
Our social network to share and curate open educational resources.

Moodle Academy
Courses and programs to develop your skills as a Moodle educator, administrator, designer or developer.

Moodle 4.2.8

Unsupported Moodle Version

This version of Moodle is no longer supported for general bug fixes.
You are encouraged to upgrade to a supported version of Moodle.

Release date: 10 June 2024

Here is the full list of fixed issues in 4.2.8.

General fixes and improvements

MDL-81613 - Log report does not export user fullname when downloading
MDL-81897 - Incorrect handling of partitioned cookies is preventing the mobile app from using the "embedded browser" authentication method

Security fixes

MSA-24-0021 - BigBlueButton web service leaks meeting joining information to users who should not have access
MSA-24-0022 - Stored XSS via calendar's event title when deleting the event
MSA-24-0023 - HTTP authorization header is preserved between "emulated redirects"
MSA-24-0024 - CSRF risks due to misuse of confirm_sesskey
MSA-24-0025 - QR login key and auto-login key for the Moodle mobile app should be generated as separate keys

General fixes and improvements
Security fixes