Skip to main content

Moodle 4.1.6

Unsupported Moodle Version
This version of Moodle is no longer supported for general bug fixes.
You are encouraged to upgrade to a supported version of Moodle.

Release date: 9 October 2023

Here is the full list of fixed issues in 4.1.6.

General fixes and improvements

  • MDL-78580 - Add locking to quiz statistics calculation to prevent database deadlocks
  • MDL-71909 - Editpdf feedback setting in assign not respected
  • MDL-78239 - TinyMCE editor fields too short/small in several areas
  • MDL-77381 - Quiz with only Description questions break Recalculate question statistics task
  • MDL-61811 - Problem with "notifyall" field
  • MDL-65363 - Starred courses remain starred (in Starred Courses block) after unenrolment
  • MDL-76713 - Date restrictions conflicts with other date-independent (OR) restrictions if multiple restriction sets are nested
  • MDL-76865 - Cache loader coursemodinfo setaftervalidation can create a lock issue
  • MDL-78745 - TinyMCE does not link Glossary entries when concept has diacritics
  • MDL-65887 - In workshop, incorrect grade is displayed when a teacher overrides student grade
  • MDL-63539 - Suspend_data not being stored for AICC HACP content
  • MDL-74828 - VideoJS player "loading" spinner is misaligned in RTL mode
  • MDL-79191 - Report builder report showing incorrect grades
  • MDL-78502 - Grade export does not check for permissions before redirecting
  • MDL-78895 - URL activity links contain double encoded &, loss of display specific attributes
  • MDL-68435 - Customfield textarea file serving bug
  • MDL-79254 - Quiz statistics processing task doesn't support large processing loads
  • MDL-78549 - Cloze question: Correct answer is not displayed
  • MDL-79181 - Sign in with LinkedIn (v1) is deprecated
  • MDL-75329 - Courses without section data trigger PHP exceptions
  • MDL-76557 - "The grade failed to send" error in sync_grades when status code is 201, 202, 204
  • MDL-79428 - New Creative Commons Licenses version 4 (Backport of MDL-43195)
  • MDL-79539 - Errors encountered on email to private files feature while receiving incoming email
  • MDL-78302 - Forum grading broken for simple discussion type when accessed from activities block
  • MDL-78795 - Dynamic forms with repeated elements don't run JS when a noSubmitButton is pressed
  • MDL-78707 - Change from expand all to collapse all when all fieldsets are expanded
  • MDL-79226 - Aiken question import does not verify that the import file is UTF-8
  • MDL-79186 - Moodle Error on cron save
  • MDL-79364 - Error when attempting quiz restored from an old backup
  • MDL-79360 - Broken nolink tag support in text filtering
  • MDL-78813 - Course average is covered by help popup
  • MDL-76419 - Enable "not logged in users" to see the site calendar
  • MDL-71955 - With navigation block set to be displayed on any page, H5P activities show "Trying to get property 'id' of non-object" error
  • MDL-68712 - Add warning when self enrolment key is the same as the group key
  • MDL-78966 - Site event icon in Upcoming events block is smaller than activity icons
  • MDL-78918 - Send_notification event log causes errors after migration
  • MDL-78761 - Filtering custom report by suspended enrolment status not working correctly
  • MDL-78688 - Uploading admin preset gives no indication of accepted file types
  • MDL-69187 - Filepicker: file type validation behaves inconsistently depending on how the list of accepted types is passed
  • MDL-78656 - Custommenuitems fails to display tooltip titles
  • MDL-74429 - Some input form element don't fit for max width
  • MDL-79349 - Cache: Lock on multi-layer cache can behave incorrectly
  • MDL-78728 - Read-only forms section collapsing broken
  • MDL-77708 - Update references from docs.moodle.org/dev/ to moodledev.io/
  • MDL-79274 - Assignment conversion to PDF fails when the submitting assignment user is unenrolled from the course
  • MDL-78397 - Appended suffixes in duplicated course items do not reflect in Gradebook
  • MDL-79205 - admin/webservice/documentation.php doesn't gracefully handle missing plugins
  • MDL-78927 - Profile: Page does not display breadcrumbs if no id= parameter
  • MDL-78787 - DB data truncated to 255 chars when casting to char/concatenating in MSSQL
  • MDL-78615 - Lack of info when deleting cache instance with existing mappings
  • MDL-79236 - Tiny editor subplugin type language strings missing

Accessibility improvements

  • MDL-78874 - Accessibility: Check button in interactive questions not descriptive enough
  • MDL-79048 - Provide unique page titles for the different view modes of the course homepage
  • MDL-78806 - Accessibility issue: Page title does not contain website (WCAG 2.1 - 2.4.2 Page Titled)
  • MDL-78749 - Accessibility\Quiz: Previous attempt summary table caption missing
  • MDL-79059 - Accessibility issues on the Database activity module
  • MDL-79063 - Fix colour contrast issues on the course homepage's Move modal
  • MDL-79071 - Missing alt text for course images on site home
  • MDL-79060 - block_myoverview: Link text to the activity with the course image need to be more descriptive
  • MDL-79045 - H2 heading generated by \print_grade_page_head should only cover the user name
  • MDL-79057 - Accessibility issues on the single-view grade report page
  • MDL-79283 - The URL resource embedded iframe must have an accessible name
  • MDL-79056 - Accessibility issues on Grades > User report
  • MDL-79047 - Gradebook pages need to have a unique page title
  • MDL-79250 - The iframe in core/external_content_banner must have an accessible name

Security improvements

  • MDL-79017 - Semicolon or closing curly braces in reference filename break \file_storage::unpack_reference
  • MDL-78980 - Multiselect configuration is not exported correctly by site admin presets
  • MDL-78961 - Smtppass setting should not be included in admin site presets
  • MDL-79139 - The default role for all users security report check contains misleading action text

Security fixes

  • MSA-23-0031 - Authenticated remote code execution risk in Lesson
  • MSA-23-0032 - Authenticated remote code execution risk in IMSCP
  • MSA-23-0033 - XSS risk when using CSV grade import method
  • MSA-23-0035 - Duplicating a BigBlueButton activity assigns the same meeting ID
  • MSA-23-0036 - Stored XSS and potential IDOR risk in Wiki comments
  • MSA-23-0037 - Auto-populated H5P author name causes a potential information leak
  • MSA-23-0038 - Stored XSS in quiz grading report via user ID number
  • MSA-23-0039 - XSS risk when previewing data in course upload tool
  • MSA-23-0040 - Make file serving endpoints revision control stricter
  • MSA-23-0041 - Insufficient capability checks when updating the parent of a course category
  • MSA-23-0042 - RCE due to LFI risk in some misconfigured shared hosting environments
  • MSA-23-0043 - Forum summary report shows students from other groups when in Separate Groups mode