Moodle LMS 4.1.12
22 August 2024
Moodle LMS version 4.1.12 is now available (security release).
Upgrading to Moodle LMS 4.1.12
Moodle LMS 4.1.12 can be upgraded to (or installed) using any of Installatron's products. Use Installatron's optional Automatic Update feature to automatically apply Moodle LMS updates as new versions are released, or use Installatron's Clone feature to duplicate an existing Moodle LMS install to test the 4.1.12 upgrade prior to applying it live. Get started managing your Moodle LMS installations with Installatron
What's New in Moodle LMS 4.1.12
General fixes and improvements
- MDL-80345 - Hash collision guaranteed to break cron with 'locktimeout' (only with PostgreSQL)
- MDL-66903 - Support autoloading of test classes
- MDL-82373 - Support Selenium 4
- MDL-81265 - Accessibility issues on the workshop page
Accessibility improvements
- MDL-72876 - The new welcome message is not accessible when there's a background
- MDL-82551 - Page is missing a level 1 heading when the welcome message is displayed
Security improvements
- MDL-81803 - Setting privacyrequestexpiry to 0 immediately expires data requests
Security fixes
- MSA-24-0026 - Remote code execution via calculated question types
- MSA-24-0027 - Arbitrary file read risk through pdfTeX
- MSA-24-0028 - Admin presets export tool includes some secrets that should not be exported
- MSA-24-0029 - Cache poisoning via injection into storage
- MSA-24-0030 - User information visibility control issues in gradebook reports
- MSA-24-0032 - IDOR in badges allows deletion of arbitrary badges
- MSA-24-0033 - Authorization headers preserved between "emulated redirects"
- MSA-24-0035 - CSRF risk in Feedback non-respondents report
- MSA-24-0036 - Can create global glossary without being admin
- MSA-24-0037 - Site administration SQL injection via XMLDB editor
- MSA-24-0038 - XSS risk when restoring malicious course backup file
- MSA-24-0039 - IDOR in Feedback non-respondents report allows messaging arbitrary site users
- MSA-24-0040 - Reflected XSS via H5P error message
- MSA-24-0041 - LFI vulnerability when restoring malformed block backups