Moodle 4.1.22
Unsupported Moodle Version
This version of Moodle is no longer supported and will not receive fixes for security risks.
You are encouraged to upgrade to a supported version of Moodle.
You are encouraged to upgrade to a supported version of Moodle.
Release date: 8 December 2025
Here is the full list of fixed issues in 4.1.22.
Accessibility fixes and improvements
- MDL-87149 - Insufficient contrast for feedback questions with Dependence item set
Security fixes
- MSA-25-0051 - Remote code execution risk via file restore
- MSA-25-0052 - Authentication via LTI Provider available to suspended users
- MSA-25-0054 - XSS risk in formula editor
- MSA-25-0055 - Formula injection risk when exporting data to CSV / Excel
- MSA-25-0056 - Open redirect in OAuth login
- MSA-25-0057 - Password brute force risk from confirmation email web service
- MSA-25-0058 - Participants can access forum ratings without permission
- MSA-25-0059 - Reflected XSS risk in policy tool
- MSA-25-0060 - Badges with a role criterion could be awarded to users who do not hold the role
- MSA-25-0061 - User IDs exposed in URLs when using anonymous submissions in assignment