Moodle 4.1.18
Unsupported Moodle Version
This version of Moodle is no longer supported for general bug fixes.
You are encouraged to upgrade to a supported version of Moodle.
You are encouraged to upgrade to a supported version of Moodle.
Release date: 14 April 2025
Here is the full list of fixed issues in 4.1.18.
General fixes and improvements
- MDL-85000 - Error "No compatible source was found for this media" when trying to play OGV files on Firefox
Security fixes
- MSA-25-0013 - Remote code execution risk via MimeTeX command (upstream)
- MSA-25-0018 - CSRF risk in user tours manager allows tour duplication
- MSA-25-0019 - IDOR in RSS block allows access to additional RSS feeds
- MSA-25-0020 - mod_data edit/delete pages pass CSRF token in GET parameter
- MSA-25-0021 - CSRF risk in Brickfield tool's analysis request action
- MSA-25-0022 - IDOR in web service allows users enrolled in a course to access some details of other users
- MSA-25-0023 - Authenticated remote code execution risk in the Moodle LMS Dropbox repository
- MSA-25-0024 - Authenticated remote code execution risk in the Moodle LMS EQUELLA repository
- MSA-25-0025 - Reflected XSS risk in policy tool
- MSA-25-0026 - AJAX section delete does not respect course_can_delete_section()
- MSA-25-0027 - IDOR in messaging web service allows access to some user details
- MSA-25-0028 - IDOR when accessing the cohorts report