Moodle 4.2.3
Release date: 9 October 2023
Here is the full list of fixed issues in 4.2.3.
General fixes and improvements
- MDL-78580 - Add locking to quiz statistics calculation to prevent database deadlocks
- MDL-71909 - Editpdf feedback setting in assign not respected
- MDL-78239 - TinyMCE editor fields too short/small in several areas
- MDL-77381 - Quiz with only Description questions break Recalculate question statistics task
- MDL-61811 - Problem with "notifyall" field
- MDL-65363 - Starred courses remain starred (in Starred Courses block) after unenrolment
- MDL-76713 - Date restrictions conflicts with other date-independent (OR) restrictions if multiple restriction sets are nested
- MDL-76865 - Cache loader coursemodinfo setaftervalidation can create a lock issue
- MDL-78745 - TinyMCE does not link Glossary entries when concept has diacritics
- MDL-65887 - In workshop, incorrect grade is displayed when a teacher overrides student grade
- MDL-63539 - Suspend_data not being stored for AICC HACP content
- MDL-74828 - VideoJS player "loading" spinner is misaligned in RTL mode
- MDL-79191 - Report builder report showing incorrect grades
- MDL-78502 - Grade export does not check for permissions before redirecting
- MDL-78895 - URL activity links contain double encoded &, loss of display specific attributes
- MDL-68435 - Customfield textarea file serving bug
- MDL-79254 - Quiz statistics processing task doesn't support large processing loads
- MDL-78549 - Cloze question: Correct answer is not displayed
- MDL-79181 - Sign in with LinkedIn (v1) is deprecated
- MDL-75329 - Courses without section data trigger PHP exceptions
- MDL-76557 - "The grade failed to send" error in sync_grades when status code is 201, 202, 204
- MDL-79428 - New Creative Commons Licenses version 4 (Backport of MDL-43195)
- MDL-78678 - Scrolling up and down a course page does not highlight modules with FEATURE_NO_VIEW_LINK (eg label) in the course index
- MDL-79539 - Errors encountered on email to private files feature while receiving incoming email
- MDL-78302 - Forum grading broken for simple discussion type when accessed from activities block
- MDL-78795 - Dynamic forms with repeated elements don't run JS when a noSubmitButton is pressed
- MDL-78707 - Change from expand all to collapse all when all fieldsets are expanded
- MDL-79226 - Aiken question import does not verify that the import file is UTF-8
- MDL-79280 - Exception when creating a quiz user override
- MDL-79186 - Moodle Error on cron save
- MDL-79041 - MoodleNet API needs to convert the resource name to correct format
- MDL-79364 - Error when attempting quiz restored from an old backup
- MDL-79360 - Broken nolink tag support in text filtering
- MDL-78813 - Course average is covered by help popup
- MDL-76419 - Enable "not logged in users" to see the site calendar
- MDL-79204 - Trailing slash on HTML tags causing code check fails for course format plugins
- MDL-71955 - With navigation block set to be displayed on any page, H5P activities show "Trying to get property 'id' of non-object" error
- MDL-68712 - Add warning when self enrolment key is the same as the group key
- MDL-78082 - Locking grade category or category total is broken
- MDL-78966 - Site event icon in Upcoming events block is smaller than activity icons
- MDL-78918 - Send_notification event log causes errors after migration
- MDL-78761 - Filtering custom report by suspended enrolment status not working correctly
- MDL-78688 - Uploading admin preset gives no indication of accepted file types
- MDL-69187 - Filepicker: file type validation behaves inconsistently depending on how the list of accepted types is passed
- MDL-78656 - Custommenuitems fails to display tooltip titles
- MDL-74429 - Some input form element don't fit for max width
- MDL-79349 - Cache: Lock on multi-layer cache can behave incorrectly
- MDL-78728 - Read-only forms section collapsing broken
- MDL-77708 - Update references from docs.moodle.org/dev/ to moodledev.io/
- MDL-79274 - Assignment conversion to PDF fails when the submitting assignment user is unenrolled from the course
- MDL-78397 - Appended suffixes in duplicated course items do not reflect in Gradebook
- MDL-79327 - Gradebook collapsed columns dialogue double encoding & missing label markup
- MDL-79205 - admin/webservice/documentation.php doesn't gracefully handle missing plugins
- MDL-78927 - Profile: Page does not display breadcrumbs if no id= parameter
- MDL-78787 - DB data truncated to 255 chars when casting to char/concatenating in MSSQL
- MDL-78615 - Lack of info when deleting cache instance with existing mappings
- MDL-79236 - Tiny editor subplugin type language strings missing
Accessibility improvements
- MDL-78874 - Accessibility: Check button in interactive questions not descriptive enough
- MDL-79048 - Provide unique page titles for the different view modes of the course homepage
- MDL-78806 - Accessibility issue: Page title does not contain website (WCAG 2.1 - 2.4.2 Page Titled)
- MDL-78749 - Accessibility\Quiz: Previous attempt summary table caption missing
- MDL-79059 - Accessibility issues on the Database activity module
- MDL-79063 - Fix colour contrast issues on the course homepage's Move modal
- MDL-79071 - Missing alt text for course images on site home
- MDL-79060 - block_myoverview: Link text to the activity with the course image need to be more descriptive
- MDL-79045 - H2 heading generated by \print_grade_page_head should only cover the user name
- MDL-79057 - Accessibility issues on the single-view grade report page
- MDL-79283 - The URL resource embedded iframe must have an accessible name
- MDL-79056 - Accessibility issues on Grades > User report
- MDL-79047 - Gradebook pages need to have a unique page title
- MDL-79250 - The iframe in core/external_content_banner must have an accessible name
Security improvements
- MDL-79017 - Semicolon or closing curly braces in reference filename break \file_storage::unpack_reference
- MDL-78980 - Multiselect configuration is not exported correctly by site admin presets
- MDL-78961 - Smtppass setting should not be included in admin site presets
- MDL-79139 - The default role for all users security report check contains misleading action text
Security fixes
- MSA-23-0031 - Authenticated remote code execution risk in Lesson
- MSA-23-0032 - Authenticated remote code execution risk in IMSCP
- MSA-23-0033 - XSS risk when using CSV grade import method
- MSA-23-0034 - Students could see other students in "Only see own membership" groups
- MSA-23-0035 - Duplicating a BigBlueButton activity assigns the same meeting ID
- MSA-23-0036 - Stored XSS and potential IDOR risk in Wiki comments
- MSA-23-0037 - Auto-populated H5P author name causes a potential information leak
- MSA-23-0038 - Stored XSS in quiz grading report via user ID number
- MSA-23-0039 - XSS risk when previewing data in course upload tool
- MSA-23-0040 - Make file serving endpoints revision control stricter
- MSA-23-0041 - Insufficient capability checks when updating the parent of a course category
- MSA-23-0042 - RCE due to LFI risk in some misconfigured shared hosting environments
- MSA-23-0043 - Forum summary report shows students from other groups when in Separate Groups mode