Skip to main content

Moodle 4.2.3

Unsupported Moodle Version
This version of Moodle is no longer supported and will not receive fixes for security risks.
You are encouraged to upgrade to a supported version of Moodle.

Release date: 9 October 2023

Here is the full list of fixed issues in 4.2.3.

General fixes and improvements

  • MDL-78580 - Add locking to quiz statistics calculation to prevent database deadlocks
  • MDL-71909 - Editpdf feedback setting in assign not respected
  • MDL-78239 - TinyMCE editor fields too short/small in several areas
  • MDL-77381 - Quiz with only Description questions break Recalculate question statistics task
  • MDL-61811 - Problem with "notifyall" field
  • MDL-65363 - Starred courses remain starred (in Starred Courses block) after unenrolment
  • MDL-76713 - Date restrictions conflicts with other date-independent (OR) restrictions if multiple restriction sets are nested
  • MDL-76865 - Cache loader coursemodinfo setaftervalidation can create a lock issue
  • MDL-78745 - TinyMCE does not link Glossary entries when concept has diacritics
  • MDL-65887 - In workshop, incorrect grade is displayed when a teacher overrides student grade
  • MDL-63539 - Suspend_data not being stored for AICC HACP content
  • MDL-74828 - VideoJS player "loading" spinner is misaligned in RTL mode
  • MDL-79191 - Report builder report showing incorrect grades
  • MDL-78502 - Grade export does not check for permissions before redirecting
  • MDL-78895 - URL activity links contain double encoded &, loss of display specific attributes
  • MDL-68435 - Customfield textarea file serving bug
  • MDL-79254 - Quiz statistics processing task doesn't support large processing loads
  • MDL-78549 - Cloze question: Correct answer is not displayed
  • MDL-79181 - Sign in with LinkedIn (v1) is deprecated
  • MDL-75329 - Courses without section data trigger PHP exceptions
  • MDL-76557 - "The grade failed to send" error in sync_grades when status code is 201, 202, 204
  • MDL-79428 - New Creative Commons Licenses version 4 (Backport of MDL-43195)
  • MDL-78678 - Scrolling up and down a course page does not highlight modules with FEATURE_NO_VIEW_LINK (eg label) in the course index
  • MDL-79539 - Errors encountered on email to private files feature while receiving incoming email
  • MDL-78302 - Forum grading broken for simple discussion type when accessed from activities block
  • MDL-78795 - Dynamic forms with repeated elements don't run JS when a noSubmitButton is pressed
  • MDL-78707 - Change from expand all to collapse all when all fieldsets are expanded
  • MDL-79226 - Aiken question import does not verify that the import file is UTF-8
  • MDL-79280 - Exception when creating a quiz user override
  • MDL-79186 - Moodle Error on cron save
  • MDL-79041 - MoodleNet API needs to convert the resource name to correct format
  • MDL-79364 - Error when attempting quiz restored from an old backup
  • MDL-79360 - Broken nolink tag support in text filtering
  • MDL-78813 - Course average is covered by help popup
  • MDL-76419 - Enable "not logged in users" to see the site calendar
  • MDL-79204 - Trailing slash on HTML tags causing code check fails for course format plugins
  • MDL-71955 - With navigation block set to be displayed on any page, H5P activities show "Trying to get property 'id' of non-object" error
  • MDL-68712 - Add warning when self enrolment key is the same as the group key
  • MDL-78082 - Locking grade category or category total is broken
  • MDL-78966 - Site event icon in Upcoming events block is smaller than activity icons
  • MDL-78918 - Send_notification event log causes errors after migration
  • MDL-78761 - Filtering custom report by suspended enrolment status not working correctly
  • MDL-78688 - Uploading admin preset gives no indication of accepted file types
  • MDL-69187 - Filepicker: file type validation behaves inconsistently depending on how the list of accepted types is passed
  • MDL-78656 - Custommenuitems fails to display tooltip titles
  • MDL-74429 - Some input form element don't fit for max width
  • MDL-79349 - Cache: Lock on multi-layer cache can behave incorrectly
  • MDL-78728 - Read-only forms section collapsing broken
  • MDL-77708 - Update references from docs.moodle.org/dev/ to moodledev.io/
  • MDL-79274 - Assignment conversion to PDF fails when the submitting assignment user is unenrolled from the course
  • MDL-78397 - Appended suffixes in duplicated course items do not reflect in Gradebook
  • MDL-79327 - Gradebook collapsed columns dialogue double encoding & missing label markup
  • MDL-79205 - admin/webservice/documentation.php doesn't gracefully handle missing plugins
  • MDL-78927 - Profile: Page does not display breadcrumbs if no id= parameter
  • MDL-78787 - DB data truncated to 255 chars when casting to char/concatenating in MSSQL
  • MDL-78615 - Lack of info when deleting cache instance with existing mappings
  • MDL-79236 - Tiny editor subplugin type language strings missing

Accessibility improvements

  • MDL-78874 - Accessibility: Check button in interactive questions not descriptive enough
  • MDL-79048 - Provide unique page titles for the different view modes of the course homepage
  • MDL-78806 - Accessibility issue: Page title does not contain website (WCAG 2.1 - 2.4.2 Page Titled)
  • MDL-78749 - Accessibility\Quiz: Previous attempt summary table caption missing
  • MDL-79059 - Accessibility issues on the Database activity module
  • MDL-79063 - Fix colour contrast issues on the course homepage's Move modal
  • MDL-79071 - Missing alt text for course images on site home
  • MDL-79060 - block_myoverview: Link text to the activity with the course image need to be more descriptive
  • MDL-79045 - H2 heading generated by \print_grade_page_head should only cover the user name
  • MDL-79057 - Accessibility issues on the single-view grade report page
  • MDL-79283 - The URL resource embedded iframe must have an accessible name
  • MDL-79056 - Accessibility issues on Grades > User report
  • MDL-79047 - Gradebook pages need to have a unique page title
  • MDL-79250 - The iframe in core/external_content_banner must have an accessible name

Security improvements

  • MDL-79017 - Semicolon or closing curly braces in reference filename break \file_storage::unpack_reference
  • MDL-78980 - Multiselect configuration is not exported correctly by site admin presets
  • MDL-78961 - Smtppass setting should not be included in admin site presets
  • MDL-79139 - The default role for all users security report check contains misleading action text

Security fixes

  • MSA-23-0031 - Authenticated remote code execution risk in Lesson
  • MSA-23-0032 - Authenticated remote code execution risk in IMSCP
  • MSA-23-0033 - XSS risk when using CSV grade import method
  • MSA-23-0034 - Students could see other students in "Only see own membership" groups
  • MSA-23-0035 - Duplicating a BigBlueButton activity assigns the same meeting ID
  • MSA-23-0036 - Stored XSS and potential IDOR risk in Wiki comments
  • MSA-23-0037 - Auto-populated H5P author name causes a potential information leak
  • MSA-23-0038 - Stored XSS in quiz grading report via user ID number
  • MSA-23-0039 - XSS risk when previewing data in course upload tool
  • MSA-23-0040 - Make file serving endpoints revision control stricter
  • MSA-23-0041 - Insufficient capability checks when updating the parent of a course category
  • MSA-23-0042 - RCE due to LFI risk in some misconfigured shared hosting environments
  • MSA-23-0043 - Forum summary report shows students from other groups when in Separate Groups mode