Skip to main content

Moodle 4.2.7

Unsupported Moodle Version
This version of Moodle is no longer supported and will not receive fixes for security risks.
You are encouraged to upgrade to a supported version of Moodle.

Release date: 22 April 2024

Here is the full list of fixed issues in 4.2.7.

General fixes and improvements

  • MDL-78547 - Question modifications made during quiz preview are not visible
  • MDL-69656 - H5P embeds not rewritten during restore/import
  • MDL-52891 - Unable to overwrite old wildcards in a calculated simple question
  • MDL-78370 - Course Overview Block Performance
  • MDL-79174 - "Membership is hidden" groups do not work for availability restrictions
  • MDL-81327 - Resolve log and loglive report issues when external database are used to store logs
  • MDL-80766 - The grader report does not accept unlimited grades
  • MDL-79802 - Add a new setting for adding custom H5P styles
  • MDL-78902 - Error when restoring quiz with random questions
  • MDL-77779 - Fatal error when restoring a Moodle 3.11 course with competencies to 4.1
  • MDL-76024 - Calculated Question - Negative Answer with Units incorrectly evaluated
  • MDL-80684 - When PHP runs out of memory, tasks are treated as still running instead of being marked as failed
  • MDL-81060 - Private files area quota applies when unzipping to non-private file areas
  • MDL-80865 - Label printed for empty textarea course custom fields
  • MDL-80565 - Fix log and loglive report user selectors to show the list in expected order
  • MDL-81127 - Support filters on course completion message
  • MDL-81114 - Selecting random questions to start a quiz attempt does not handle draft state correctly
  • MDL-80835 - Add CHIPS support to LTI cookies
  • MDL-79712 - Ensure SameSite=None on MoodleSession cookie to retain support for embedded launches
  • MDL-81306 - xsendfiles cannot support per-request directories
  • MDL-80818 - When Completion conditions are locked, the radio buttons options should remain disabled
  • MDL-78457 - Link to Participants changes to site id if user cannot view for current course
  • MDL-81402 - Activity Chooser won't load after indenting content
  • MDL-80481 - Missing the breadcrumb in the Activity completion on the Classic theme
  • MDL-80930 - Course delete modules adhoc task handle non deletable modules
  • MDL-81405 - Support Chrome's partitioned cookies in the mobile app
  • MDL-80827 - XMLDB editor broken with PHP 8.1
  • MDL-81584 - Gradebook popover is positioned below the table footer, so an option can't be seen
  • MDL-80836 - Replace session piggyback with login flow during account linking process in LTI provider
  • MDL-81393 - VideoJS not playing .ogv files in Chrome browser
  • MDL-80765 - Creating fields with space at the end break the Add entry template
  • MDL-80598 - Bigbluebuttonbn adhoc tasks do not gracefully handle missing course modules or users
  • MDL-81300 - Inline edit icons overlap drag and drop to upload on Course
  • MDL-81307 - Fix course bulk action buttons in sticky footer in small resolutions
  • MDL-80934 - "Text and media" resources are not automatically open when clicking the course index if their section is collapsed
  • MDL-80919 - Duplicate empty section throws an error
  • MDL-80869 - Fix random BigBlueButton test failure getting meeting information from log
  • MDL-80936 - Custom field report columns show default values when they shouldn't
  • MDL-81472 - Exception related to the SCORM activity hinders privacy data processing
  • MDL-79829 - Use move or grab/grabbing cursors, not a copy cursor when moving elements
  • MDL-80917 - asynchronous_copy_task does not clear course cache
  • MDL-80943 - Custom reports containing "select" custom fields offer incorrect aggregation
  • MDL-80605 - User upload DB error when matching by email and new and existing upload type
  • MDL-80167 - Add environment check for Oracle database
  • MDL-80338 - Unable to embed Youtube video on a URL resource when title of video contains quotation mark
  • MDL-77015 - HTML in database field management page escaped in an unexpected way

Accessibility improvements

  • MDL-68674 - Dashboard block headings should be h3, not h5; and there should be an overall block heading
  • MDL-79007 - Improve screen reader feedback in calendar UI
  • MDL-70829 - ARIA role presentation conflicts with the empty alt
  • MDL-80195 - Moodleform datepicker in report builder filter form shifts the focus to "Skip to main content" link
  • MDL-81029 - When adding a new activity module the title attribute is "Editing..." instead of "Adding..."
  • MDL-80279 - Missing alt text in the common user header when user does not have picture
  • MDL-80183 - Online status in messaging toolbar has no alt text. Plus incorrect use of ARIA label
  • MDL-80731 - Invalid /Lang attribute in generated PDF files
  • MDL-80364 - Insufficient colour contrast of the icon on notification message on hover or focus
  • MDL-80469 - Add a legend to the Submit-cancel button group
  • MDL-72923 - Messaging drawer missing levels of headings in search results
  • MDL-80805 - Required form fields should indicate required status
  • MDL-80197 - Datepicker popup in moodleform is not accessible with keyboard

Security improvements

  • MDL-80160 - Site admins selector does not indicate when $CFG->siteadmins is defined in config.php

Security fixes

  • MSA-24-0007 - Broken access control when setting calendar event type
  • MSA-24-0008 - Stored XSS risk when editing another user's equation in equation editor
  • MSA-24-0009 - Stored XSS via user's name on participants page when opening some options
  • MSA-24-0011 - Stored XSS in lesson overview report via user ID number
  • MSA-24-0012 - CSRF risk in admin preset tool management of presets
  • MSA-24-0013 - Authenticated LFI risk in some misconfigured shared hosting environments via modified mod_feedback backup
  • MSA-24-0014 - Authenticated LFI risk in some misconfigured shared hosting environments via modified mod_workshop backup
  • MSA-24-0015 - Authenticated LFI risk in some misconfigured shared hosting environments via modified mod_wiki backup
  • MSA-24-0016 - Authenticated LFI risk in some misconfigured shared hosting environments via modified mod_data backup
  • MSA-24-0017 - Unsanitized HTML in site log for config_log_created
  • MSA-24-0019 - CSRF risk in analytics management of models