Skip to main content

Moodle 4.2.2

Unsupported Moodle Version
This version of Moodle is no longer supported and will not receive fixes for security risks.
You are encouraged to upgrade to a supported version of Moodle.

Release date: 14 August 2023

Here is the full list of fixed issues in 4.2.2.

General fixes and improvements

  • MDL-78618 - Very poor performance on my/courses.php
  • MDL-77591 - Assignment feedback files upload is broken for group assignments
  • MDL-76174 - Performance impact on course_overview block and my/courses.php
  • MDL-71133 - Grade decimals are missing prior to the release of grades when using the marking workflow
  • MDL-64648 - Course Manual enrolment instance "Notify before enrolment expires" setting does not default correctly
  • MDL-75115 - RTL tooltip arrow direction
  • MDL-75047 - Revert flipping help icon direction in right-to-left languages
  • MDL-63120 - Badges cron task fails because of a join over +61 tables
  • MDL-78485 - TinyMCE does not allow insertion of script tags
  • MDL-78056 - Incorrect Attempts Report H5P Core - Fill in the Blanks
  • MDL-78488 - Question bank statistics still being pulled/loaded when associated columns disabled
  • MDL-78297 - Deprecated capabilities feature puts high pressure on caches
  • MDL-76840 - Displayed remaining time does not take into account granted extensions
  • MDL-69983 - Asynchronous course backups should be stored in user backup area
  • MDL-77817 - TinyMCE editor display bug with overlay for source code and small displays
  • MDL-77865 - Quiz question drag and drop text fails after clicking (not dragging) 2 answers
  • MDL-78313 - admin/blocks.php database query fails to load on large dataset
  • MDL-77375 - Dropdowns are being overlapped by their parent containers
  • MDL-77525 - Add text filtering stages
  • MDL-74893 - Auto-Login as Guest Doesn't Work Unless Button is Enabled
  • MDL-78492 - AWS Aurora MySQL does not support COMPRESSED row format
  • MDL-73213 - Dropdown value cleared when opening and closing without change
  • MDL-77378 - Cloze question where all subquestions have zero weight cause Division by zero errors
  • MDL-77679 - Drag and drop question type drag and drop duplicating available options
  • MDL-78674 - Moving Activity in Calendar to another date does not reflect new date on Activity view page
  • MDL-78237 - TinyMCE: Source code modal offset
  • MDL-78391 - RecordRTC Safari not working (A variety of related bugs)
  • MDL-78642 - Unexpected return type error in assignment when portfolios are enabled
  • MDL-77873 - Style the quiz edit question number inplace editable as the points inplace editable
  • MDL-78066 - LTI Advantage content selection error when workshop or other multi-grade-item activities are present
  • MDL-75195 - Missing supportemail field on Moodle install_database.php
  • MDL-76757 - Cannot easily delete all versions of a question
  • MDL-77224 - Attempts should be removed when H5P activity is deleted from a course
  • MDL-78435 - Force error/warning when Moodle assignment start and due date are identical
  • MDL-78632 - Add missing yaml filetype
  • MDL-78622 - Add question to quiz query has wrong join on mdl_question_references causing performance issues
  • MDL-75359 - Numeric aggregation in report builder does not work on 'checkbox' user profile fields
  • MDL-78644 - Favicon doesn't support .ico format
  • MDL-78704 - Activity dates string should render raw un-escaped HTML
  • MDL-77180 - Support multilang for custom field category names
  • MDL-78263 - Airnotifier notification name shouldn't be removed when encryption is enabled
  • MDL-77645 - Course Editor JS error when student tries to access course while enrolment method is disabled
  • MDL-78484 - Accessibility: enable checkbox comes after the date picker in tab order
  • MDL-75937 - Frontpage settings incorrectly display config.php
  • MDL-76445 - The zero state flow in the gradebook reports causes usability issues
  • MDL-78018 - Assignment - support multilanguage group names on 'view all submissions page'
  • MDL-78564 - Student unable to submit assignment when the Submission statement is empty but set to required
  • MDL-78460 - Broken HTML coding in Forum timed posts modal
  • MDL-76319 - Add missing continue button after CSV grades import error
  • MDL-76661 - Warnings on the BigBlueButton index page
  • MDL-78742 - Show activity dates default not respected during course upload
  • MDL-78172 - Multilang filter is not applied in forum groups
  • MDL-74824 - Custom change password URL is not included in login notification messages
  • MDL-77396 - Wiki print preview page should not use the site's background image
  • MDL-78676 - Database activity allows save without any activity completion rule selected
  • MDL-78715 - The action menu on payments accounts screen gets overlapped by the layout
  • MDL-78071 - Cohort action menu should not be added for managed cohorts
  • MDL-78377 - Pagination doesn't work properly when we change group not on first page in pagination on grader report
  • MDL-78443 - Error shown to site admins on the app when not enrolled in any courses
  • MDL-78216 - Grader report overall average row is cut-off when scrolling
  • MDL-77993 - No navigation item to go to Detailed Statistics report for lesson report in classic theme
  • MDL-78350 - core/dynamic_tabs JS is trying to add JS within JS
  • MDL-78055 - Deprecated: function_exists(): Passing null to parameter of type string when building CSS (PHP 8.1)
  • MDL-78461 - Plagiarism plugin settings links broken on plugins overview page

Accessibility improvements

  • MDL-77690 - Heading hierarchy skips one level
  • MDL-76046 - Secondary navigation can overflow on smaller screens
  • MDL-78542 - mod_url link texts are shown as URL instead of a human-readable text
  • MDL-76673 - Accessibility checker giving colour contrast error on <ol>
  • MDL-78556 - flexible_table should support caption tag for table caption
  • MDL-78550 - HTML validator errors on the gradebook setup page

Security improvements

  • MDL-67852 - Security overview report shows critical warning for "Default role for all users" with default requestdelete config
  • MDL-78714 - Disable client-side TinyMCE DOM Purification

Security fixes

  • MSA-23-0019 - Proxy bypass risk due to insufficient validation
  • MSA-23-0020 - Remote code execution risk when parsing malformed file repository reference
  • MSA-23-0021 - Some block permissions on Dashboard not respected
  • MSA-23-0022 - SQL injection risk in grader report sorting
  • MSA-23-0023 - Stored self-XSS escalated to stored XSS via OAuth 2 login
  • MSA-23-0024 - Private course participant data available from external grade report method
  • MSA-23-0026 - IDOR in message processor fragments allows fetching of other users' data
  • MSA-23-0028 - Open redirect risk on admin view all policies page
  • MSA-23-0029 - Competency framework tools are not restricted as intended
  • MSA-23-0030 - Quiz sequential navigation bypass possible