Skip to main content

Forums
Documentation
Downloads
Demo
Tracker
Development
Translation

What are you looking for?

Learn about Moodle's products, like Moodle LMS or Moodle Worplace, or find a Moodle Certified Service Provider.

Moodle.com

Our social network to share and curate open educational resources.

MoodleNet

Courses and programs to develop your skills as a Moodle educator, administrator, designer or developer.

Moodle Academy

Moodle.com
Learn about Moodle's products, like Moodle LMS or Moodle Worplace, or find a Moodle Certified Service Provider.

MoodleNet
Our social network to share and curate open educational resources.

Moodle Academy
Courses and programs to develop your skills as a Moodle educator, administrator, designer or developer.

Moodle 4.2.8

Unsupported Moodle Version

This version of Moodle is no longer supported and will not receive fixes for security risks.
You are encouraged to upgrade to a supported version of Moodle.

Release date: 10 June 2024

Here is the full list of fixed issues in 4.2.8.

General fixes and improvements

MDL-81613 - Log report does not export user fullname when downloading
MDL-81897 - Incorrect handling of partitioned cookies is preventing the mobile app from using the "embedded browser" authentication method

Security fixes

MSA-24-0021 - BigBlueButton web service leaks meeting joining information to users who should not have access
MSA-24-0022 - Stored XSS via calendar's event title when deleting the event
MSA-24-0023 - HTTP authorization header is preserved between "emulated redirects"
MSA-24-0024 - CSRF risks due to misuse of confirm_sesskey
MSA-24-0025 - QR login key and auto-login key for the Moodle mobile app should be generated as separate keys

General fixes and improvements
Security fixes