Moodle 4.2.8
Unsupported Moodle Version
This version of Moodle is no longer supported for general bug fixes.
You are encouraged to upgrade to a supported version of Moodle.
You are encouraged to upgrade to a supported version of Moodle.
Release date: 10 June 2024
Here is the full list of fixed issues in 4.2.8.
General fixes and improvements
- MDL-81613 - Log report does not export user fullname when downloading
- MDL-81897 - Incorrect handling of partitioned cookies is preventing the mobile app from using the "embedded browser" authentication method
Security fixes
- MSA-24-0021 - BigBlueButton web service leaks meeting joining information to users who should not have access
- MSA-24-0022 - Stored XSS via calendar's event title when deleting the event
- MSA-24-0023 - HTTP authorization header is preserved between "emulated redirects"
- MSA-24-0024 - CSRF risks due to misuse of confirm_sesskey
- MSA-24-0025 - QR login key and auto-login key for the Moodle mobile app should be generated as separate keys