Moodle 4.1.10
Unsupported Moodle Version
This version of Moodle is no longer supported for general bug fixes.
You are encouraged to upgrade to a supported version of Moodle.
You are encouraged to upgrade to a supported version of Moodle.
Release date: 22 April 2024
Here is the full list of fixed issues in 4.1.10.
General fixes and improvements
- MDL-81060 - Private files area quota applies when unzipping to non-private file areas
- MDL-80835 - Add CHIPS support to LTI cookies
- MDL-79712 - Ensure SameSite=None on MoodleSession cookie to retain support for embedded launches
- MDL-81405 - Support Chrome's partitioned cookies in the mobile app
- MDL-80836 - Replace session piggyback with login flow during account linking process in LTI provider
- MDL-80167 - Add environment check for Oracle database
Security fixes
- MSA-24-0007 - Broken access control when setting calendar event type
- MSA-24-0008 - Stored XSS risk when editing another user's equation in equation editor
- MSA-24-0009 - Stored XSS via user's name on participants page when opening some options
- MSA-24-0011 - Stored XSS in lesson overview report via user ID number
- MSA-24-0012 - CSRF risk in admin preset tool management of presets
- MSA-24-0013 - Authenticated LFI risk in some misconfigured shared hosting environments via modified mod_feedback backup
- MSA-24-0014 - Authenticated LFI risk in some misconfigured shared hosting environments via modified mod_workshop backup
- MSA-24-0015 - Authenticated LFI risk in some misconfigured shared hosting environments via modified mod_wiki backup
- MSA-24-0016 - Authenticated LFI risk in some misconfigured shared hosting environments via modified mod_data backup
- MSA-24-0017 - Unsanitized HTML in site log for config_log_created
- MSA-24-0019 - CSRF risk in analytics management of models