Moodle 4.2.2
Release date: 14 August 2023
Here is the full list of fixed issues in 4.2.2.
General fixes and improvements
- MDL-78618 - Very poor performance on my/courses.php
- MDL-77591 - Assignment feedback files upload is broken for group assignments
- MDL-76174 - Performance impact on course_overview block and my/courses.php
- MDL-71133 - Grade decimals are missing prior to the release of grades when using the marking workflow
- MDL-64648 - Course Manual enrolment instance "Notify before enrolment expires" setting does not default correctly
- MDL-75115 - RTL tooltip arrow direction
- MDL-75047 - Revert flipping help icon direction in right-to-left languages
- MDL-63120 - Badges cron task fails because of a join over +61 tables
- MDL-78485 - TinyMCE does not allow insertion of script tags
- MDL-78056 - Incorrect Attempts Report H5P Core - Fill in the Blanks
- MDL-78488 - Question bank statistics still being pulled/loaded when associated columns disabled
- MDL-78297 - Deprecated capabilities feature puts high pressure on caches
- MDL-76840 - Displayed remaining time does not take into account granted extensions
- MDL-69983 - Asynchronous course backups should be stored in user backup area
- MDL-77817 - TinyMCE editor display bug with overlay for source code and small displays
- MDL-77865 - Quiz question drag and drop text fails after clicking (not dragging) 2 answers
- MDL-78313 - admin/blocks.php database query fails to load on large dataset
- MDL-77375 - Dropdowns are being overlapped by their parent containers
- MDL-77525 - Add text filtering stages
- MDL-74893 - Auto-Login as Guest Doesn't Work Unless Button is Enabled
- MDL-78492 - AWS Aurora MySQL does not support COMPRESSED row format
- MDL-73213 - Dropdown value cleared when opening and closing without change
- MDL-77378 - Cloze question where all subquestions have zero weight cause Division by zero errors
- MDL-77679 - Drag and drop question type drag and drop duplicating available options
- MDL-78674 - Moving Activity in Calendar to another date does not reflect new date on Activity view page
- MDL-78237 - TinyMCE: Source code modal offset
- MDL-78391 - RecordRTC Safari not working (A variety of related bugs)
- MDL-78642 - Unexpected return type error in assignment when portfolios are enabled
- MDL-77873 - Style the quiz edit question number inplace editable as the points inplace editable
- MDL-78066 - LTI Advantage content selection error when workshop or other multi-grade-item activities are present
- MDL-75195 - Missing supportemail field on Moodle install_database.php
- MDL-76757 - Cannot easily delete all versions of a question
- MDL-77224 - Attempts should be removed when H5P activity is deleted from a course
- MDL-78435 - Force error/warning when Moodle assignment start and due date are identical
- MDL-78632 - Add missing yaml filetype
- MDL-78622 - Add question to quiz query has wrong join on mdl_question_references causing performance issues
- MDL-75359 - Numeric aggregation in report builder does not work on 'checkbox' user profile fields
- MDL-78644 - Favicon doesn't support .ico format
- MDL-78704 - Activity dates string should render raw un-escaped HTML
- MDL-77180 - Support multilang for custom field category names
- MDL-78263 - Airnotifier notification name shouldn't be removed when encryption is enabled
- MDL-77645 - Course Editor JS error when student tries to access course while enrolment method is disabled
- MDL-78484 - Accessibility: enable checkbox comes after the date picker in tab order
- MDL-75937 - Frontpage settings incorrectly display config.php
- MDL-76445 - The zero state flow in the gradebook reports causes usability issues
- MDL-78018 - Assignment - support multilanguage group names on 'view all submissions page'
- MDL-78564 - Student unable to submit assignment when the Submission statement is empty but set to required
- MDL-78460 - Broken HTML coding in Forum timed posts modal
- MDL-76319 - Add missing continue button after CSV grades import error
- MDL-76661 - Warnings on the BigBlueButton index page
- MDL-78742 - Show activity dates default not respected during course upload
- MDL-78172 - Multilang filter is not applied in forum groups
- MDL-74824 - Custom change password URL is not included in login notification messages
- MDL-77396 - Wiki print preview page should not use the site's background image
- MDL-78676 - Database activity allows save without any activity completion rule selected
- MDL-78715 - The action menu on payments accounts screen gets overlapped by the layout
- MDL-78071 - Cohort action menu should not be added for managed cohorts
- MDL-78377 - Pagination doesn't work properly when we change group not on first page in pagination on grader report
- MDL-78443 - Error shown to site admins on the app when not enrolled in any courses
- MDL-78216 - Grader report overall average row is cut-off when scrolling
- MDL-77993 - No navigation item to go to Detailed Statistics report for lesson report in classic theme
- MDL-78350 - core/dynamic_tabs JS is trying to add JS within JS
- MDL-78055 - Deprecated: function_exists(): Passing null to parameter of type string when building CSS (PHP 8.1)
- MDL-78461 - Plagiarism plugin settings links broken on plugins overview page
Accessibility improvements
- MDL-77690 - Heading hierarchy skips one level
- MDL-76046 - Secondary navigation can overflow on smaller screens
- MDL-78542 - mod_url link texts are shown as URL instead of a human-readable text
- MDL-76673 - Accessibility checker giving colour contrast error on <ol>
- MDL-78556 - flexible_table should support caption tag for table caption
- MDL-78550 - HTML validator errors on the gradebook setup page
Security improvements
- MDL-67852 - Security overview report shows critical warning for "Default role for all users" with default requestdelete config
- MDL-78714 - Disable client-side TinyMCE DOM Purification
Security fixes
- MSA-23-0019 - Proxy bypass risk due to insufficient validation
- MSA-23-0020 - Remote code execution risk when parsing malformed file repository reference
- MSA-23-0021 - Some block permissions on Dashboard not respected
- MSA-23-0022 - SQL injection risk in grader report sorting
- MSA-23-0023 - Stored self-XSS escalated to stored XSS via OAuth 2 login
- MSA-23-0024 - Private course participant data available from external grade report method
- MSA-23-0026 - IDOR in message processor fragments allows fetching of other users' data
- MSA-23-0028 - Open redirect risk on admin view all policies page
- MSA-23-0029 - Competency framework tools are not restricted as intended
- MSA-23-0030 - Quiz sequential navigation bypass possible