Skip to main content

Moodle 4.5.12

Unsupported Moodle Version
This version of Moodle is no longer supported for general bug fixes.
You are encouraged to upgrade to a supported version of Moodle.

Release date: 8 June 2026

Here is the full list of fixed issues in 4.5.12.

General fixes and improvements

  • MDL-88637 - H5P content fails to load or navigate after Moodle 4.5.11 upgrade / h5plibraryhandler 1.28
  • MDL-88518 - H5P downloader task fails on new sites

Accessibility fixes and improvements

  • MDL-88242 - "core/search_input_auto" can cause duplicate search landmark issues

Security improvements

  • MDL-83526 - Session Token Missing SameSite Attribute

Security fixes

  • MSA-26-0012 - Arbitrary file read risk in Database activity module
  • MSA-26-0013 - Email-based MFA bypass
  • MSA-26-0014 - Arbitrary file read risk in backup restore
  • MSA-26-0015 - RCE risk via admin presets import
  • MSA-26-0016 - Missing group access checks in grade web services
  • MSA-26-0017 - IDOR allows arbitrary comment deletion
  • MSA-26-0018 - CSRF risk in user homepage preference setting
  • MSA-26-0019 - CSRF risk in user profile page reset
  • MSA-26-0020 - Reflected XSS via Feedback import error message
  • MSA-26-0021 - CSRF and XSS in grade item idnumber editing
  • MSA-26-0022 - CSRF risk in group messaging state toggle
  • MSA-26-0023 - CSRF risk when adding quiz section headings
  • MSA-26-0024 - Missing capability checks in AI placement web services
  • MSA-26-0025 - CSRF risk in quiz attempt regrading
  • MSA-26-0026 - Missing capability check in Assignment marker allocation
  • MSA-26-0027 - Blind SSRF risk in MNet peers function
  • MSA-26-0028 - DoS risk via user profile description
  • MSA-26-0029 - Missing capability checks in report builder fragment callbacks