| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
is built into PHP. Bump resp. PKGREVISION.
|
|
Upstream changes:
Here is the full list of fixed issues in 3.2.2.
Highlights
MDL-36233 - Fixed inconsistent "Submissions not graded" link displayed to the teachers on the course overview block
MDL-48228 - MySQL and MariaDB drivers updated to support full UTF-8 . For sites upgrading to 3.2.2, a CLI script may be used to convert to full UTF-8. See MySQL full unicode support for details.
Security issues
A number of security related issues were resolved. Details of these issues will be released after a period of approximately one week to allow system administrators to safely update to the latest version.
Fixes and improvements
MDL-56122 - Force reload/recreation of (unoconv) preview in grading interface
MDL-51833 - Performance improvement in event monitor preferences loading
MDL-55859 - Assignment: Delete incomplete files after pdf conversion failure
MDL-55762 - Better error handling around ghostscript
MDL-50719 - Long-running scheduled task should not significantly slow down cron processing of other tasks
MDL-57587 - Quiz: Show feedback images when reviewing a quiz attempt
MDL-57608 - VideoJS and VideoJs-Youtube javascript modules are no longer loaded when not required on the page
MDL-50770 - Dashboard should apply customized block positions during dashboard reset
MDL-57374 - Pasting unformatted non HTML plain text in Atto should not remove all styles and class attributes from all existing content in editor
MDL-57362 - Assignment list all submissions must respect separate groups mode
MDL-46782 - When re-entering Multi-SCO SCORM start from the first uncompleted SCO
MDL-53367 - Importing a forum with auto subscription now automatically subscribes current users
MDL-50625 - Allow to use LDAP user synchronisation without page control
MDL-55915 - Respect capability to view full names in assignment grading, grader report and manual user enrolment popup
MDL-57785 - Don't refresh SCORM navigation when navigation display is disabled
MDL-57370 - Performance improvement when displaying notifications and messages popups
MDL-57296 - Fixed bug when teacher without permission to view hidden grades was not able to collapse grade categories in the gradebook
MDL-55547 - Event monitor: fixed bug preventing to view current subscription after deleting a course with subscriptions
For developers
MDL-57030 - Add option to behat run tool to automatically rerun failures
MDL-57940 - Allow behat parallel run to start at different time
|
|
Upstream changes:
Moodle 3.2.1 release notes
Releases > Moodle 3.2.1 release notes
Release date: 9 January 2017
Here is the full list of fixed issues in 3.2.1.
Fixes and improvements
MDL-55906 - Assignment grading table reset button should clear persistent settings
MDL-57222 - Marking workflow and grading must still save for hidden Assignment
MDL-56810 - Fixed error converting submissions for annotation when student is unenrolled from course
MDL-55062 - Upload users admin tool incorrectly updates authentication method for existing users when not included in CSV
MDL-56912 - Feedback: Allow to submit empty not required multichoice questions
MDL-53044 - Completely prevent login with expired passwords
MDL-57213 - Boost - Fixed bug when my courses were not displayed at all with $CFG->navshowmycoursecategories on
Security issues
MSA-17-0001 System file inclusion when adding own preset file in Boost theme
MSA-17-0002 Incorrect sanitation of attributes in forums
MSA-17-0003 PHPMailer vulnerability in no-reply address
MSA-17-0004 XSS in assignment submission page
|
|
Upstream changes:
Major features
Highlights
MDL-55071, MDL-55074 - New "Boost" Bootstrap 4 theme, usability improvements of the navigation
MDL-54682 - Messaging UI improvements
MDL-52777 - User tours - walkthoughs/instructional overlays for first time user on page
MDL-38158 - Pluggable media players in Moodle; Video.JS player
MDL-55324 - Easier embedding videos in audios in Atto editor with poster, subtitles and other attributes
MDL-54987 - New chart API and library
Mobile app
MDL-53870 - Support for offline quizzes in the Mobile app
MDL-53777 - Include support for login via the browser in the new Moodle Mobile admin tool
MDL-55059 - Support Smart App Banners for iOS
MDL-56607 - Move mobile settings to top-level admin
External tool (LTI)
MDL-49609 - Add LTI Content Item support
MDL-47113 - Open LTI Tools in new Window, add link when popup is blocked
MDL-53832 - LTI v2.0 support
Assignment
MDL-38105 - Allow negative score for rubric and change default grade calculation method
MDL-29795 - Assignment deadline overrides for an individual or group
MDL-54872 - Sort blind marked assignment by blind ID instead of userid
Quiz
MDL-48629 - Change the separator for matching correct answer feedback
MDL-3782 - Allow multiple answers in cloze MULTICHOICE question type
MDL-55200 - Show coordinates in ddmarker questions to simplify dropzone creation
MDL-27072 - Quiz reports now work on very large courses, rather than running out of memory
Choice
MDL-18592 - Allow teacher to make choices for students
MDL-11369 - Show choice deadline in the course calendar
MDL-55140 - Allow to specify open and close dates separately
MDL-37946 - When choice display is set horizontal or vertical apply it to both options and results display
Forum
MDL-18599 - Upon restore, association of "owner" of single simple discussion forum type defaults to user completing restore. Solution: hide author of the first post
MDL-37669 - Forum: Make "Mark as read on notification" a user preference
MDL-55982 - Add support for automatic locking of an individual forum discussion after a period of inactivity
Other activity modules
MDL-55327 - Lesson: option to duplicate pages
MDL-55868 - Book: various usability improvements
MDL-56100 - Folder: Display in recent activity block
MDL-54945 - Workshop: integrate with portfolio API
MDL-48944 - Survey: activity completion condition on survey completion
MDL-44712 - SCORM: improve Multi-SCO completion handing in activity completion
MDL-55158 - Database activity: add start and end dates to the calendar
MDL-14448, MDL-55464, MDL-55254, MDL-55251, MDL-49029 - Add standard capability "mod/xxxxx:view" to Lesson, Label, Database, Chat and Choice activities
MDL-55866 - Remember editor disabled setting on a per-activity setting
Global search
MDL-54794 - Add users to global search
MDL-54973 - Add messages to global search
MDL-55127 - Add database entries to global search
MDL-53222 - Revise admin settings/report for global search for improved usability
Other improvements
MDL-30179 - Allow teacher to toggle to/from "user view" in the User report in the gradebook (some items may be hidden for students but not teachers)
MDL-53048 - New "password" fields that are not auto-filled by password managers
MDL-55767 - Competency frameworks import
MDL-29110 - Specify welcome email sender in enrol_self, or send emails from system noreply address
MDL-22078 - Store "End date" for each course to be used in reports and analytics
MDL-53399 - 'Activity chooser off/on' option moved to user preferences
MDL-54751 - Introduce asynchronous module deletion so that recycle bin backup does not slow down editing process for the teacher
MDL-55981 - By default non-editing teacher should not be able to access all groups (roles in upgraded sites are not changed)
MDL-31356 - IMS Enterprise enrol plugin added features
MDL-43230 - Support revoking awarded badges
MDL-50286 - Allow to filter report_log by origin : Logs clogged up with events listed as origin cli
MDL-51749 - Add Ability to Export Calendar for user or group events
MDL-50888 - Antivirus: Implement ClamAV virus scanning using unix sockets.
MDL-54617 - Always show count of online users in the online users block
MDL-54680 - Offer cartridges in LTI provider
For administrators
Please read carefully: Possible issues that may affect you in Moodle 3.2
MDL-44467 - Return-Path should use no-reply address instead of support email; use only no-reply email or allowed domains in "From" header
MDL-48468 - Add a Redis cache store to Moodle core
MDL-39117 - Add a APCu cache store to Moodle core
MDL-54947 - Update PostgreSQL binary (bytea) handling and improve connection performance
MDL-48766 - Support IPv6 in IP lookup tool
MDL-55124 - Support for connection pooler (pgbouncer) in PostgreSQL connection
MDL-55916 - Maintenance mode should serve a http 503 instead of a 200
MDL-54606 - Sessions: Add support for Redis as a session_class_handler
MDL-53366 - Antivirus clamav: Remove "Quarantine directory" settings parameter.
MDL-55791 - Add capability to allow certain users through Maintenance mode
Plugins removal
If you are using any of the following you need to download and install the plugins or otherwise they will be removed following 3.2 upgrade:
MDL-55837 - Themes Base and Canvas - these themes can not be used by themselves but they may be used as parent themes
MDL-49533 - Repository Alfresco for Alfresco 4.2 and below, see Alfresco repository documentation
MDL-55927 - Authentication method Radius. This plugin uses mcrypt library and is not compatible with PHP 7.1
MDL-38158 - Media players Flowplayer, Windows media player, RealPlayer, Quicktime - these media players were present in Moodle 3.1 but removed in 3.2. They need to be installed in media/player directory
Web services
MDL-31465 - Incorporate user suspension into web services
MDL-45639 - Web Service for SSO (auto-login from the app to the site)
MDL-55923 - Improve the behavior of deleted tokens on password reset
MDL-55928 - New Web Service gradereport_user_get_grade_items
MDL-55100 - New Web Service core_course_get_courses_by_field
For developers
MDL-55071, MDL-55074 - New "Boost" Bootstrap 4 theme, block and navigation changes (see Boost_Navigation and Themes)
MDL-38158 - Introduction of Media players plugin type (see Media players)
MDL-50937 - JQuery updated to version 3.1 (see jQuery)
MDL-54987 - New chart API and library (see Charts_API)
MDL-55727 - AMD modal module introduced (see AMD Modal documentation)
MDL-52127 - Linting for Javascript with ESLint (see Linting Javascript)
MDL-55058 - Linting for CSS with stylelint (see Linting CSS)
MDL-48114 - Moodle can now be downloaded via composer (see Composer)
MDL-55091 - phpunit has been upgraded to 5.x
MDL-55072 - Behat now supports different themes. (See Running_acceptance_test)
MDL-55048 - Grunt and npm build dependencies now require node version 4 or above
MDL-31243 - New get_with_capability_sql function for retrieving SQL for finding users with capability in the given context
MDL-49599 - Boxnet v1 API is now deprecated
MDL-53306 - New authentication plugin method added which is called before user login
MDL-47162 - Course ID is now required in message events
MDL-55141 - Debugging option added for scheduled tasks from CLI (see Scheduled tasks documentation)
MDL-54941 - Add filesize as a new field returned in all the Web Services returning file information
MDL-56082 - Expose external authentication methods (loginpage_idp_list) in login block (see Authentication plugins)
|
|
Upstream changes:
Moodle 3.1.3 release notes
Functional changes
MDL-56022 - Assignment: Allow to bulk download students submissions in separate folders to avoid file renaming confirmations
MDL-46946 - Prompt users to complete required custom user profile fields before allowing them to use the site
MDL-43796 - Assignment: When importing an assignment with blind marking into another course never reveal identities
API changes
MDL-52051 - Migrate to Dropbox API v2
MDL-55602 - Sessions: Add support for Redis as a session_class_handler
Security issues
A number of security related issues were resolved. Details of these issues will be released after a period of approximately one week to allow system administrators to safely update to the latest version.
Fixes and improvements
MDL-47500 - SCORM: Remove blank space on top
MDL-54852 - Assignment: Do not display "Do you want to leave this page" dialogue on PDF grading screen when changes are saved
MDL-29332 - Allow calculated questions to have variables with case differences (usually affects upgrades from before Moodle 2.1)
MDL-56129 - Fix video playback with iOS 10.0 and 10.1 devices (iPad / iPhone)
MDL-29774 - When adding group members and using user search display groups of potential members
MDL-42041 - Book: put "Turn editing on" button in a more obvious location
MDL-56368 - Fixed alignment of settings for Restrict Access when activity titles are very long
MDL-55858 - Remove unsubscribe link from notification email in forum with forced subscription
MDL-45969 - PDF annotations now show the submission of the selected attempt (fixed the bug when only last attempt was shown)
MDL-55505 - Assignment: Fixed bug when editing grades for previous submission attempts overwrites existing grades
MDL-56328 - Bootstrapbase Themes - reduce section activity indent when not editing
|
|
Upstream changes:
3.1.2
Highlights
MDL-37250 - Lessons: save students attempts if they timeout
MDL-54977 - Fixed bug with navigation tree not working in some cases
MDL-50586 - Warn teachers about removing level 0 in rubrics as it leads to unexpected grades.
MDL-41174 - Update the calendar event when inline changing activity name or duplicating activity
MDL-33741 - Allow teacher to access course files in hidden categories using Server files repository in filepicker
MDL-55333 - Fixed error when trying to view/export feedback responses with over 60 questions using mariadb/mysql
Security issues
MSA-16-0022 Web service tokens should be invalidated when the user password is changed or forced to be changed
Fixes and improvements
MDL-55312 - Bugfix: Load timeout for modules: core/first occurs after purge caches
MDL-55229 - Bugfix: Meta Enrolment - Search for course produces error
MDL-55707 - Bugfix: Possible to get in "recalculating grades" infinite loop
MDL-55292 - Include tideways profiler along with xhprof for PHP7 profiling
MDL-54892 - Uninstall scheduled tasks when plugin is uninstalled
MDL-22183 - Prevent stats from running later and later - use scheduled task time only
MDL-47371 - Bugfix: The character & is displayed as " & amp ; " in book module
MDL-52544 - Resolved problems of Oracle driver in PHP7 environment
MDL-55246 - Bugfix: Unoconv fails on files with spaces in the name.
MDL-51078 - Add "All changes" option to the Action selector in report_log (was present in 2.6 and removed in 2.7+)
MDL-52105 - Remove CAP_PROHIBIT in manager role for capability 'enrol/self:holdkey'
MDL-54847 - Allow students to insert HTML audio and video tags
MDL-55273 - Default setting for cookiesecure should be on
MDL-55520 - Assignment module no longer resets max grade to 100 during module editing
MDL-55245 - Attempting to select text in PDF annotation comments drags the comment box
|
|
|
|
Upstream changes:
Moodle 3.1.1 release notes
Releases > Moodle 3.1.1 release notes
Release date: 11 July, 2016
Here is the full list of fixed issues in 3.1.1.
Highlights
MDL-41922 - Completed quizzes no longer appear in the Course overview block for students
MDL-54165 - Allow to hide the document preview in assignment grading interface
MDL-41945 - Do not overwrite submission with an empty filearea when several team members edit the same assignment
MDL-49852 - Mark assignment as completed for all students in the team when one student from the team has made a submission
MDL-29905 - Fixed the bug when deleting empty quiz category was showing an error that it has questions
MDL-46721 - Assignment blind marking: participant number in the notification email matches the number on the submission
MDL-45427 - Database activity: When creating a template clicking on the tags should add it to the textarea when Atto editor is used
MDL-35104 - Allow to change username of a user registered under LDAP authentication method
MDL-51806 - Workshop: allow to save edited settings when using comma as a decimal separator
MDL-43887 - Fixed bug when handling optional date/time custom user profile field with date range starting later than 1970
MDL-35987 - Do not abort restore process in case of multichoice question error 'Backup error: invalid input syntax for integer: ""'
Fixes and improvements
MDL-55020 - Fixed bug when installing plugin downloaded from github repository
MDL-54909 - Show different background from page when annotating PDF
MDL-53111 - Allow to unmark completion criterion 'Require end reached'
MDL-37138 - When clicking a URL in chat, it should open in a new window or tab
MDL-54997 - Activity completion for a competency should be attached to course competency and not the learning plan competency
MDL-54934 - Accessibility enhancements: Indicate phase name/form name on the Workshop title
Security issues
A number of security related issues were resolved. Details of these issues will be released after a period of approximately one week to allow system administrators to safely update to the latest version.
For developers
MDL-53019 - PHP 5.6.5 or higher is required for development on master branch
|
|
|
|
Upstream changelog is too long, please visit:
https://docs.moodle.org/dev/Moodle_3.1_release_notes
|
|
Upstream changes:
Moodle 3.0.3 release notes
Releases > Moodle 3.0.3 release notes
Release date: 14 March 2016
Here is the full list of fixed issues in 3.0.3.
Contents
1 Highlights
2 Fixes and improvements
3 Security issues
4 See also
Highlights
MDL-48778 - Fixed problems with assign quick grading in case of multiple attempts
MDL-21912 - New setting 'Allow admin conflict resolution' for restoring a course from a different Moodle site
MDL-31635 - Course completion "grade" criteria now correctly shows grades as points and not percents
MDL-51702 - Restored ability to assign roles to blocks in Default dashboard and My home
MDL-49807 - Wiki table of contents correctly displays headers created in Atto editor
Fixes and improvements
MDL-48015 - Fixed misalignment in gradebook when category has no total and items
MDL-52566 - Releasing assignment with team submission now releases grades to all group members
MDL-52486 - Fixed javascript errors in languages with _ in the name such as en_us (for example when editing user interests)
MDL-52249 - Custom menus with subitems now work correctly on touch screen devices
MDL-51723 - Fixed bug with unenrolling users on login under LDAP auth with Active Directory
MDL-38020 - Corrected user enrollment workflow through Participant list using Edit Icon
MDL-41531 - Fixed irregular characters in course name interfering with PayPal enrolment
MDL-51075 - Centered positioning of glossary popup
MDL-52217 - Cleaning temporary download directory for dropbox repository
MDL-52637 - Fixed problems with connection to SMTP mail in some configurations
MDL-52589 - Allow non-default cache stores to be uninstalled
MDL-50083 - Unlock submissions when reopening locked assignment
MDL-43620 - Allow to reset the course start date when having a chat activity
MDL-49338 - Fixed bug when quiz statistics report displays the preview icons to the wrong variant
MDL-52763 - Users with the mod/assign:viewblinddetails capability are able to cross reference users with their blind identities
MDL-52435 - Plagiarism prevention links are moved to the top of the submission text
MDL-52814 - Fixed overlapping of redo button in Quiz
MDL-53012 - Behat: Add step to run scheduled task
MDL-50218 - If there is no grade, an external tool (LTI) module will now return a grade of '' instead of 0 to the LTI tool producer
Security issues
MSA-16-0003 Incorrect capability check when displaying users emails in Participants list
MSA-16-0004 XSS from profile fields from external db
MSA-16-0005 Reflected XSS in mod_data advanced search
MSA-16-0006 Hidden courses are shown to students in Event Monitor
MSA-16-0007 Non-Editing Instructor role can edit exclude checkbox in Single View
MSA-16-0008 External function get_calendar_events return events that pertains to hidden activities
MSA-16-0009 CSRF in Assignment plugin management page
MSA-16-0010 Enumeration of category details possible without authentication
MSA-16-0011 Add no referrer to links with _blank target attribute
MSA-16-0012 External function mod_assign_save_submission does not check due dates
|
|
Move the line of ${SED} from do-install to post-patch, to pet pkglint
Upstream change:
Releases > Moodle 3.0.2 release notes
Release date: 11 January 2016
Here is the full list of fixed issues in 3.0.2.
Security issues
A number of security related issues were resolved. Details of these issues will be released after a period of approximately one week to allow system administrators to safely update to the latest version.
Fixes and improvements
This is a very quiet release since Moodle 3.0.1 has only come out recently and lots of developers and users took Christmas holidays after that. Additional interesting issues included in 3.0.2 are:
MDL-49473 - Logs export contains year
MDL-52078 - Fixed error in grade totals when using natural grading and excluding hidden items that appeared only when viewed by students
MDL-52354, MDL-52355 - Database module now allows to set dates in a broader range and respects calendar type plugin
MDL-51257 - Messaging screen now indicates when a message is not sent
MDL-52194 - Fixed Flowplayer not working with insecure configuration of request_order
|
|
use php-mysql package.
|
|
|
|
Upstream changes:
Major features
Highlights
MDL-29801 - Allow users to delete personal messages
MDL-27177 - Allow students to see each other's contact details in full profile without global permission if they are able to see each other's course profile
MDL-46455 - Backup/restore functionality with new logging system
MDL-46878 - Reset Dashboard for all users after changing the default Dashboard
Quiz
MDL-47494 - New question types from the UK Open University - Select missing words, Drag and drop into text, Drag and drop onto image and Drag and drop markers
MDL-38214 - New Cloze subquestion types with shuffling of answers - MCS, MCVS, MCHS
MDL-50217 - Question types sorted with common ones at the top
MDL-29771 - Interactive behaviour should show number of tries left in the Try again state
Forum
MDL-49682 - Make forum email template editable
MDL-46321 - Uninformative error when moving forum without first selecting destination
MDL-50993 - Timed discussions are now displayed to students in a logical order
MDL-50430 - Number of subscribers specified in forum subscriber list
Assignment
MDL-49176 - Assignment marking guide 'flattens' instructions for markers and students
MDL-49515 - Upgrade FPDI library in assignfeedback_editpdf to 1.5.4 to fix problems with PDF annotator on some files
MDL-50283 - Improve Rubric interface to include the ability to duplicate rows
Other activity modules
MDL-49028 - Wiki: Option to delete pages during course reset
MDL-40836 - File resource: New file resource setting option to display upload/modified date
MDL-26501 - Glossary: Do not allow to browse by author if author is never displayed
MDL-50673 - Workshop: display all participants on "Submission phase" page in a table
MDL-50664 - Database activity: add setting to disallow managing of own entries after approval
MDL-50658 - LTI: Add support for LTI Memberships service
MDL-49581 - Lesson: Remove high scores list feature
MDL-49882 - Lesson: Essay questions are not imported into the lesson Module
MDL-50720 - Database activity: Highlight database entries that are not yet approved.
User interface and usability improvements
MDL-51051 - Rename 'Categories and items' to 'Gradebook setup' and add link
MDL-51250 - Show default section name when editing section details with default checkbox being checked
MDL-49984 - Add visual blocks outlines to My profile page to help separate information
MDL-48947 - Collect all course section editing buttons under one "Edit" dropdown
MDL-51087 - Use client-side validation in the signup form
MDL-50113 - Improve display of long user and course names in Messaging
MDL-50919 - Simplify the Manage tags page, allow to quickly change name, flag and official status of the tags
MDL-51013 - Navbar button should appear for smaller screens only when the custom menu or language menu is not empty
MDL-51260 - Use the new autocomplete form field for tags
MDL-51296 - Add title to page when adding blog post
MDL-38763 - Permission override UI should use JS confirmation
MDL-29763 - Add description to Portfolio settings page
Atto editor
MDL-45515 - New table editing features in Atto editor
MDL-49732 - Keyboard interaction for hyperlink in Atto (Ctrl+K)
MDL-50936 - More Atto editor Maths equation buttons (sum, sqrt, int, etc.)
MDL-50142 - Text editor preferences help pop-up
Enrolments
MDL-30674 - Set guest access key from enrolment methods page
MDL-30157 - Allow users to start manual enrolments right now
MDL-49746 - Allow to sort enrolled users page by last course access
MDL-48074 - Group filter in enrolments list should have option "not in any group"
Administration
MDL-49329 - Multiple improvements in the plugins installation/update system including ability to install several plugins at the same time
MDL-49280 - New configuration setting to allow duplicate email addresses
MDL-51330 - Show scheduled tasks component in the cron log
MDL-51261 - Upgrade key - mechanism to protect anonymous web access to upgrade screens
MDL-50602 - New settings in Automated backup setup for deleting older backups and keeping a minimum number of backups
MDL-48438 - Add real name to email about login failures
MDL-30960 - New option in email settings to specify SSL or TLS (SMTPSecure property of PHPMailer)
MDL-46623, MDL-51824 - CAS and LDAP: Replace CLI script to synchronise users with a scheduled tasks
MDL-39319 - Allow administrator to uninstall several languages in one single action
MDL-50155 - Move and rename "Common activities settings" link to be under "Manage activities" for consistency
MDL-50631 - Display Moodle ASCII logo in CLI installer
MDL-46167 - New option for CLI installation: skip database
MDL-50572 - Disable YouTube repository by default since it requires setting up
MDL-51739 - Lock theme selector UI when $CFG->theme is hardcoded in config.php
MDL-51478 - Enable Mobile services by default for sites with https
MDL-19748 - Do not allow to edit tags in the default authenticated user role
MDL-46398 - Make HTML5 video the default player for capable videos
Other improvements
MDL-51132 - Introduce course tagging as a replacement for user-course-tagging in the "Tags" block. See upgrade documentation
MDL-41042 - Course contacts shown in course listings no longer lag by an hour
MDL-44273 - Back-off strategy for RSS feeds
MDL-45981 - CAS Auth Config needs way to specify that curl should use SSLv3.
MDL-49891 - Add description meta to frontpage
MDL-25451 - Go straight to "Permissions" from block context menu instead of "Assign roles" if they are not available
MDL-50647 - Add 'not in group' section to group overview page
MDL-50956 - Allow main menu block to be displayed "throughout the entire site"
MDL-28954 - Allow images and embedded files in the cohort descriptions
MDL-50371 - Use $CFG->gradepointdefault for new manual gradeitems and grade categories
Security issues
There are no new security issues since the Moodle 2.9.3 release on 9 November 2015.
For developers
MDL-46455 - Events must define fields mappings in order to be correctly restored (documentation)
MDL-50125 - Allow all plugins to inject links in the preferences page (documentation)
MDL-51247 - Revive / refresh / rebuild the autocomplete mform element.
MDL-50839 - Allow themes to set User menu avatar size (documentation)
MDL-48494 - Make $plugin->component required for all plugins
MDL-43896 - Drop support for $module in version.php files for Moodle 3.0
MDL-50645 - Cache the list of available callbacks per plugin
MDL-33564 - rss_error() should return a proper HTTP response code
MDL-37864 - New method to add help icons to the sortable table headers (documentation)
MDL-51737 - Add ability to detect MS Edge in our browser sniffing code
MDL-51213 - external_format_text should be safe to call from web or webservice (documentation)
MDL-51413 - Add an additional return field in get_forums_by_courses in order to specify if the current user can create discussions
MDL-51217 - Using recaptcha is not possible outside auth_email plugin.
MDL-51107 - Add a callback to inject nodes in the category settings navigation (documentation)
MDL-50891 - is_web_crawler should be moved to useragent class
MDL-50453 - Replace reserved word usage from \core\progress\null (PHP7)
MDL-50009 - Prevent scheduled tasks from leaving unfinished db transactions
MDL-49821 - Some Web Services miss checks for guest and deleted users
MDL-50926 - Upgrade to phpunit 4.x
MDL-50491 - New format_text option to exclude particular filters
MDL-50783 - Allow some ajax external functions to be called without a session
MDL-50150 - Add "Blocks" feature to JS and PHP mustache engines (documentation)
|
|
Upstream changes:
Highlights
MDL-42639 - Web service core_user_get_users_by_field should return username or idnumber to all managers
MDL-48861 - Assignment: "Need grading" filter is not working properly within grading overview
MDL-51552 - "Single View" bulk insert for empty grades no longer overwrites non-empty grades
MDL-51083 - Fixed undesired browser password autofilling in several forms (majority of forms were fixed in MDL-45772 in previous release)
MDL-36606 - AJAX Grader report now works correctly when uneditable cells are present
Functional changes
MDL-49545 - Teachers without capability to change course full or short name should not be able to do it during restore as well
MDL-50917 - Allow manager to access another user's preferences
MDL-50811 - Forum email replies update completion tracking information
MDL-51834 - Lock custom profile fields that are set to by synchronised with various auth plugins
MDL-44707 - Copy embedded files in HTML block when duplicating block (mostly affects adding HTML block with files to default Dashboard)
MDL-51467 - Changing course start date when resetting course now correctly adjusts Date Restrictions
MDL-43594 - Assignment: Resetting course start date now updates calendar events respectfully
UI changes
MDL-40710 - Better visualization of badges backpack icon
MDL-51290 - Make adding a photo to a profile more obvious
MDL-50207 - Fixed activity results block CSS not to overwrite table caption and work correctly with RTL
Security issues
A number of security related issues were resolved. Details of these issues will be released after a period of approximately one week to allow system administrators to safely update to the latest version.
Fixes and improvements
MDL-51514 - Performance improvement in one of regrading queries on MySQL
MDL-51498 - Improve performance for regrading gradebook
MDL-50805 - Performance improvement in cron Messaging Cleanup Task
MDL-50790 - Fixed problem with removing content of Reply to email feature in gmail
MDL-26429 - Added missing criteria icons to completion report
MDL-51190 - Fixed MS Edge locking up when viewing embedded PDF
MDL-46710 - LTI module correctly tracks completion when opened in a new window
MDL-46497 - Atto: clicking RTL button and then LTR button should not add additional HTML tags
MDL-49032 - RFC2445_WSP defined incorrectly for Bennu iCal.
MDL-50892 - Fixed errors appearing when resource or activity was named '0' (zero)
MDL-51390 - Badges: fixed connection to external backpack
MDL-50079 - Atto: Fixed bug when user was unable to select "open in new window" when linking to the file from repository
MDL-48881 - Fixed bug with lesson not always showing student attempts
|
|
Problems found locating distfiles:
Package haskell-cgi: missing distfile haskell-cgi-20001206.tar.gz
Package nginx: missing distfile array-var-nginx-module-0.04.tar.gz
Package nginx: missing distfile encrypted-session-nginx-module-0.04.tar.gz
Package nginx: missing distfile headers-more-nginx-module-0.261.tar.gz
Package nginx: missing distfile nginx_http_push_module-0.692.tar.gz
Package nginx: missing distfile set-misc-nginx-module-0.29.tar.gz
Package nginx-devel: missing distfile echo-nginx-module-0.58.tar.gz
Package nginx-devel: missing distfile form-input-nginx-module-0.11.tar.gz
Package nginx-devel: missing distfile lua-nginx-module-0.9.16.tar.gz
Package nginx-devel: missing distfile nginx_http_push_module-0.692.tar.gz
Package nginx-devel: missing distfile set-misc-nginx-module-0.29.tar.gz
Package php-owncloud: missing distfile owncloud-8.2.0.tar.bz2
Otherwise, existing SHA1 digests verified and found to be the same on
the machine holding the existing distfiles (morden). All existing
SHA1 digests retained for now as an audit trail.
|
|
Oked by wiz@
Upstream changes:
Moodle 2.9.2
Highlights
MDL-50062 - Changing grading category aggregation method no longer results in unexpected "Extra credit" items
MDL-34938 - Enrolment expiration dates are now respected in meta course enrolments
MDL-35148 - Course/Category themes are respected when viewing website on tablets or mobile devices
MDL-45772 - Forms such as "Create new group" are no longer populated with passwords and usernames by the browsers
UI changes
MDL-37832 - Course overview block on "My" ("Dashboard") page indicates that activities are expandable/collapsible
MDL-46860 - Filepicker is displayed correctly inside Manage Files popup in Atto
MDL-49536 - "Clean" and "More" theme's logo removes all header information.
MDL-45841 - Blog-style forums better indicate unread posts
MDL-50293 - File name wraps properly in the Navigation block
MDL-50323 - Unordered lists are styled in course sections properly
MDL-50869 - Increased contract of warning colours for AA accessibility
MDL-50801 - Allow to set the caption side in Atto table
MDL-50525 - Improve placement of preventsubmissionnotingroup on settings page
Functional changes
MDL-49826 - Single view now requires capability moodle/grade:edit and not moodle/grade:manage
MDL-35027 - Forum's subscribers list shows participants with no access to forum
MDL-51179 - Atto autosave restore is disabled if the content is modified by somebody else
MDL-49629 - Possible to specify icon URL for a named external tool
MDL-50868 - Allow to use ruby tags
API changes
MDL-49085 - Block tag_youtube is converted to the new YouTube API
MDL-49360 - Function get_local_referer() should be used rather than HTTP_REFERER directly
Security issues
A number of security related issues were resolved. Details of these issues will be released after a period of approximately one week to allow system administrators to safely update to the latest version.
Fixes and improvements
MDL-46232 - Fixed "Only lowercase letters allowed" error on deleting users with empty email
MDL-30315 - Uploading feedback from CSV no longer overrides local assigned grades
MDL-50446 - Main menu block no longer throws error if there is a resource to be opened in a new window
MDL-49440 - Date picker correctly displays names for week days in all locales
MDL-42670 - Recent activity block no longer shows student name when assignment blind marking is on
MDL-49864 - Assignment PDF Pen annotations are always visible even if there are draft pen annotations
MDL-43785 - Corrected error message text about expired sessions when clicking on AJAX elements such as expanding admin menu
MDL-44962 - Fixed error when using HTML tags inside wiki headers
MDL-50649 - Optimised database query for Course Participation report
MDL-50714 - Posting in a forum does not unnecessarily require capability 'mod/forum:movediscussions'
MDL-50799 - Improve question bank "questions per page" string behaviou
|
|
Upstream changes:
Moodle-2.9.1
Highlights
A lot of work has been done in dealing with unexpected grade changes in the gradebook which some users have experienced when upgrading from Moodle 2.7 to 2.8 or 2.9. See the user documentation Grades min max and Gradebook calculation changes for details.
MDL-48618 - Dealing with unexpected changes to grades after upgrading to Moodle 2.8
MDL-49257 - Adjusting weights when extra credit item is present causes unexpected behaviour
MDL-48239 - Changing the maximum grade of items with calculation to the value different from 100
Another release highlight is the introduction of the authorised access to the YouTube repository. After upgrading you will need to enter an API key from YouTube into your site's YouTube repository settings.
MDL-50176 - Authenticated access to the YouTube repository
Functional changes
MDL-50089 - Gradebook export now respects aggregate only non-empty grades for percentage and letter
MDL-48467 - Atto: Clean the html even if submitting the form when Atto is in html view mode
API changes
MDL-49022 - sync_users must trigger event core\event\user_updated
Security issues
A number of security related issues were resolved. Details of these issues will be released after a period of approximately one week to allow system administrators to safely update to the latest version.
Fixes and improvements
MDL-50177 - Upgrading assignments in 2.7/2.8 works even when conditional access is used
MDL-39353 - Connection to a hub from behind a proxy server
MDL-49742 - Enrolled users page no longer displays sorting by fields that are not used in user identity
MDL-47787 - After deleting a quiz, its question categories and questions remain in the database
MDL-49764 - Fixed gradebook UI inconsistencies in Internet Explorer
MDL-49885 - The course overview block can now be added to Dashboard
MDL-50675 - Display Wikimedia repository thumbnails (caused by the change in Wikimedia API)
MDL-50091 - Fixed fatal error in gradebook singleview after a module has been uninstalled
MDL-48664 - Messaging contacts paging bar no longer expands and overlaps other text
MDL-50092 - User unenrollment is now working with IMS Enterprise
MDL-49560 - SOAP web service now works with token
MDL-50004 - Fix coursename and enrolment icons in category combo on Frontpage
MDL-50646 - Site default language should be set as the language for new users
MDL-50394 - Grade to pass no longer throws an error when a decimal point separator is used
MDL-50276 - Added missing new line separator in plain text e-mails from the forum
MDL-49061 - The activity completion report in a course correctly shortens headers when multi language filter is used
MDL-50275 - Added missing version bump after risk bitmap change in MDL-49941
MDL-50380 - Fixed missing parameter error when editing files in wiki
|
|
having a PKGNAME of p5-*, or depending such a package,
for perl-5.22.0.
|
|
Upstream changes is too long, please visit:
https://docs.moodle.org/dev/Moodle_2.9_release_notes
|
|
Upstream changes:
Highlights
MDL-35392 - Feedback from module assign is now always shown in the gradebook
MDL-31036 - No more truncating characters in assignment quick grading
MDL-46626 - Log report export no longer contains html
MDL-23273 - Limit of responses in choice module is respected in case of synchronous submissions
Functional changes
MDL-31578 - Shibboleth can map attributes for all Moodle fields including custom attributes
MDL-47911 - Performance improvement on gradebook operations
MDL-49240 - Web service core_get_string now functions correctly
MDL-45621 - It is possible to uninstall portfolio plugins
MDL-48670 - Standard behat tests now work properly regardless of user timezone
UI changes
MDL-48533 - Backup report now links to the individual course backup summaries
MDL-49064 - left-align css class now has an RTL equivalent in bootstrap base
Security issues
A number of security related issues were resolved. Details of these issues will be released after a period of approximately one week to allow system administrators to safely update to the latest version.
Fixes and improvements
MDL-42138 - Required custom profile fields are always required on signup form even when user has logged in as guest
MDL-49059 - Possible to embed YouTube videos with start time or playlist info
MDL-48544 - Block region no longer disappears if all blocks in it were hidden
MDL-48841 - Fixed bug with not being able to reset scheduled task to defaults
MDL-49167 - Fixed regression with $CFG->yuislasharguments introduced by previous minor release
MDL-47953 - Grader report shows correct number of students per page when suspended users are present
MDL-48294 - enablemobilewebservice is no longer duplicated in Site admin
MDL-48679 - Fixed bug with missing grade export URL when using grade publishing
|
|
Upstream changes:
Moodle-2.8.3
Highlights
MDL-47935 - Atto Autosave message no longer covers text you are editing
MDL-44560 - Pagination in glossary category works correctly when entries have multiple categories
MDL-47792 - Course and Activity Completion Reports display vertical text without truncating
Functional changes
MDL-43386 - Lesson grade essay responses preserve HTML formatting
MDL-14730 - Allow linking to pages inside a lesson
MDL-47761 - Explanation is given to the users why they are unable to enrol in the course
MDL-47871 - Event monitor: Teacher can duplicate System rule
UI changes
MDL-44907 - Better styling of admin setting validation messages in bootstrapbase
MDL-48596 - Lesson editing page has correct layout used by other editing pages and does not obstruct page with blocks
MDL-47166 - Atto: outdent button is shown first followed by indent button
Security issues
A number of security related issues were resolved. Details of these issues will be released after a period of approximately one week to allow system administrators to safely update to the latest version.
Fixes and improvements
MDL-48765 - Improved icon alignment on course enrolment methods page
MDL-40285 - When assignment is submitted by one team member it is shown as submitted for all team members
MDL-38142 - User forum posts page no longer displays error for the hidden course
MDL-36877 - Final lesson page is displayed when course setting "Show gradebook to students" is set to "No"
MDL-48073 - Group filter is preserved when moving to next page of enrolled users
MDL-40326 - Course reset also resets lesson progress bar
MDL-48383 - Cron no longer warns about disabled enrol_imsenterprise after each scheduled task
MDL-48914 - Roles assignment page does not display user select if there are too many users preventing from php memory error
|
|
Upstream changes:
Release date: 12 January, 2015
Here is the full list of fixed issues in 2.8.2.
CONTENTS [hide]
1 Highlights
2 Functional changes
3 API changes
4 UI changes
5 Security issues
6 Fixes and improvements
7 See also
Highlights
MDL-40241 - Default Manager and Teacher role are able to manually mark course as completed
MDL-46442 - Notifications about assignment re-submissions are sent
MDL-43462 - EditPDF correctly shows landscape PDFs
MDL-43679 - Clicking link to Moodle in MS Word no longer results "You are already logged in" message
Functional changes
MDL-42717 - Ensure automated backup files are deleted when an error occurs because of directory permissions
MDL-47601 - Ensure old automated backups are deleted including the case when file name is renamed from language string
MDL-48023 - Changed "Cache-control: private" to "public" on public static files to increase performance
MDL-48224 - In the Task API, each adhoc and scheduled task now has it's own SMTP buffer, and the legacy cron has one buffer for all tasks. Previously scheduled tasks had no buffer, and the legacy cron had a buffer only for tasks of activity modules.
MDL-33606 - Make distinction between all section course view and a single section course view log entry
API changes
MDL-44657 - No more Javascript error when the form class is namespaced
MDL-22309 - get_role_users() works correctly when a user is assigned more than one role
MDL-48697 - Completion directory is recognized by Moodle as a valid component directory
MDL-48495 - Limit protocols supported by curl by default
UI changes
MDL-35078 - End date for self enrolment on the bulk enrolment form now also contains time
MDL-42501 - Added help about deleting grades in the course reset form
MDL-48206 - Wider textarea for the comments in the comments block
Security issues
A number of security related issues were resolved. Details of these issues will be released after a period of approximately one week to allow system administrators to safely update to the latest version.
Fixes and improvements
MDL-40097 - Course completion role criteria no longer causes fatal error
MDL-35494 - User is able to restore an activity even when they own only one course
MDL-20304 - Practice lesson does not appear in Gradebook [Patch]
MDL-45324 - Grading notifications are not sent before the grades are released to students
MDL-47133 - Keyboard shortcuts in Atto do not interfere with regional keyboard settings
MDL-37704 - Possible to lock Description field in users' profiles
MDL-36240 - Calendar events from activities are restored even without user data
MDL-14908 - Parent Role can view courses for students that are in groups
MDL-46472 - Fixed upgrade loop caused by undeletable themes
MDL-31822 - Non-default section name is shown at the site level
MDL-47475 - PDF annotation is visible by all students in the team and not only by the one who made a submission
MDL-47993, MDL-48088 - Correctly parse dates with timezones when importing from Microsoft calendar
MDL-48150 - Fixed a bug whereby only the first post in a forum was sent with the correct headers on each run of cron
MDL-48288, MDL-48191 - Grader report's floating headers work correctly when email or average row is hidden
MDL-48179 - Backup progress no longer times out when compressing large backup
MDL-48164 - 'Reply to email' does not result in out-of-office replies posted in forum
|
|
Upstream changes:
Moodle 2.8.1 release notes
Release date: 13 November 2014
Here is the full list of fixed issues in 2.8.1.
Regression fixes
MDL-48204 - Syntax error in mod/wiki/admin.php -- Note: this is the regression that lead to Moodle 2.8.1 being released a few days after 2.8.
MDL-48168 - It should be possible to edit the overall max grade after a quiz has been attempted
MDL-48156 - Schedule task manager misinterprets core\plugininfo\base::is_enabled()
Other fixes
MDL-48093 - HTML 5 video: Firefox now supports .mp4
MDL-47391 - Default profile page uses page-layout "mydashboard" instead of "mypublic"
MDL-39692 - Letter boundary cannot be deleted
MDL-39376 - performance problem while calling admin setting page in case of large amount of categories
MDL-30968 - Group hyper-link in Forum view links to list of all participants
|
|
Upstream changelog is too long, please visit:
https://docs.moodle.org/dev/Moodle_2.8_release_notes
|
|
|
|
Upstream changes:
Highlights
MDL-45780 - Atto now working with form change checker and quiz autosave
MDL-46748 - Mathjax address that changed, that caused Atto to fail to load, has been updated in Moodle
MDL-35984 - Gradebook Sum of grades shows correct total if items are hidden
Functional changes
MDL-45724 - Warning given when the same memcached instance is used for both sessions and MUC
MDL-46681 - For Multiple choices questions in the quiz / question bank, the options "Clear incorrect responses" and "Show the number of correct responses" did not make sense for "One answer only" questions. It is now impossible to select that combination of options on the form.
Security issues
MSA-14-0033 URL parameter injection in CAS authentication
MSA-14-0034 Identity information revealed early in Q&A forum
Fixes and improvements
MDL-37509 - Description of assignment hidden in calendar if "always show description" = NO
MDL-46545 - Weekly stats now working again
MDL-46589 - Automatic emails now sent after users import from CSV
MDL-43197 - Parent role only sees course total and no longer individual grades
MDL-46236 - Start New Attempt option is now followed if SCORM is set to appear in a popup
Approved by: wiz@
|
|
Upstream changes:
2.7.1
Highlights
MDL-41383 - File picker works when zooming in and out of browser
MDL-45580 - PDF Annotations working with multiple attempts
Functional changes
MDL-43274 - Course logs can no longer be deleted when course is reset
API changes
MDL-44871 - Behat tests written for Atto functionalities
MDL-43669 - Configuration option added so that mail can be sent from noreply address exclusively
UI changes
MDL-45599 - The term 'add-on' is changed to 'plugin'
Security issues
A number of security related issues were resolved. Details of these issues will be released after a period of approximately one week to allow system administrators to safely update to the latest version.
Fixes and improvements
MDL-44124 - iCal import recurrence rules working consistently
MDL-45579 - Duplicate group enrolment keys for the same course are no longer allowed
MDL-45682 - Can now insert images using Chrome
|
|
Add missing php module zlib
Update minimum php version to 5.4.4
Upstream changes:
Please visiti: http://docs.moodle.org/27/en/New_features
|
|
Do it for all packages that
* mention perl, or
* have a directory name starting with p5-*, or
* depend on a package starting with p5-
like last time, for 5.18, where this didn't lead to complaints.
Let me know if you have any this time.
|
|
Upstream changes:
Moodle 2.5.6 release notes
Release date: 12 May, 2014
Here is the full list of fixed issues in 2.5.6.
Functional changes
MDL-43985 - Checkbox added to control sending of feedback when grading Assignment (backport of MDL-33600)
Security issues
MSA-14-0014 Cross-site request forgery possible in Assignment
MSA-14-0015 Web service token expiry issue for MoodleMobile
MSA-14-0016 Anonymous student identity revealed in Assignment
MSA-14-0017 File access issue in HTML block
MSA-14-0019 Reflected XSS in URL downloader repository
Fixes and improvements
MDL-45119 - When student opens assignment feedback PDF no error messages are shown
MDL-41551 - Block drag-drop fixed for Clean theme on My Home page
MDL-44936 - CSS chunking is now more reliable on IE
MDL-45154 - Warnings and errors in user profile page fixed
MDL-43721 - Poor performance on Assignment grading page fixed
|
|
Approved by: wiz@
Upstream changes:
2.5.5
Highlights
MDL-43733 - Auto-saved responses are used when a quiz attempt is submitted automatically
MDL-27414 - Random short answer matching question type now works again (with thanks to Jean-Michel Védrine)
Functional changes
MDL-40821 - Language menu in Clean shows language used
API changes
MDL-43882 - "Time spent waiting for the database" value added to performance info
UI changes
MDL-44425 - Skydrive, Box.net and Google Docs are renamed OneDrive, Box and Google Drive respectively to reflect these remote service name changes.
Security issues
MSA-14-0004 Incorrect filtering in Quiz
MSA-14-0005 Access issue in Feedback activity
MSA-14-0006 Capability issue in Chat
MSA-14-0007 Access issue in Wiki
MSA-14-0008 Cross site scripting potential in Flowplayer
MSA-14-0009 Identity information leak in Forum and Quiz
MSA-14-0010 Identity information leak in Alfresco Repository
MSA-14-0011 Cross site request forgery potential in IMS enrolments
MSA-14-0012 Access issue in Badges
Fixes and improvements
MDL-40705 - Long course names are truncated in navigation menu
MDL-40205 - Long block titles are truncated in Clean
MDL-42882 - Performance improvement to missing root directory upgrade step
MDL-40849 - Assignment marking guide screen fixed in Clean
MDL-44217 - The link colour in Bootstrapbase (and Clean) is now WCAG compliant
MDL-44029 - Quiz user overrides no longer deleted by group event handler
MDL-44018 - Variant field of question_attempts is backed up by Moodle backup
MDL-43941 - Activity show/hide toggle fixed in hidden and orphaned sections
MDL-43306 - Backup no longer introduces duplicate gradeitem sortorders when restoring
2.5.4
Highlights
MDL-41819 - Able to edit a larger number of grades in the grader report
Functional changes
MDL-42504 - Quiz auto-save detects that the connection to the server has been lost and warns students
API changes
MDL-40741 - Behat tests adapted to Clean theme
MDL-42942 - Environmental information shown at the beginning of every Behat run
Security issues
MSA-14-0001 Config passwords visibility issue
MSA-14-0002 Group constraints lacking in "login as"
MSA-14-0003 Cross-site request forgery vulnerability in profile fields
Fixes and improvements
MDL-34182 - Invalid JSON no longer output on filepicker when repository plugins output invalid content
MDL-43367 - get_child_contexts() returns correct contexts when context path missing
MDL-42913 - Group cache works as expected
MDL-40003 - Assignment submission comments are restored
MDL-42085 - Default enrolment duration is now applied when manually enrolling a user
|
|
Upstream changes:
Highlights
MDL-41252 - Accessibility improvements to course page.
MDL-34209 - Moving sections by drag and drop reorders sections correctly.
MDL-29987 - Embedded PDF files behave correctly.
Functional changes
MDL-42069 - Option to sort by last name in Quiz grading report.
MDL-38267 - Submit button is not shown after cut-off date in Assignment.
MDL-22669 - When restoring a larger course over a smaller one, the number of sections is maintained.
MDL-42666 and MDL-42668 - The Box.net repository and Box.net portfolio have been updated to use Box.net API v2. Moodle sites which have used the Box.net repository previously need to run the Box.net-alias-to-copy-conversion tool as soon as possible. Also, HTTPS is now required for sites to access Box.net. See Box.net APIv1 migration for details.
API changes
MDL-41861, MDL-41882, MDL-41853,... - Generator tools have been backported.
Security issues
A number of security related issues were resolved. Details of these issues will be released after a period of approximately one week to allow system administrators to safely update to the latest version.
Fixes and improvements
MDL-32862 - Links to 1.9 resource types work after upgrade to 2.2 followed by backup and restore.
MDL-40903 - Persistent cache is now split into logical parts.
MDL-41942 - Courses in categories no longer become invisible due to caching problem.
MDL-41352 - Mymobile theme no longer producing JavaScript error on course pages.
MDL-37528 - Block drag-and-drop issue resolved.
MDL-42542 - The Portfolio cron job is now working.
MDL-42619 - Error deleting a course link from the community block is fixed.
MDL-37877 - Automated backup failure is now reported.
|
|
* APACHE_USER and APACHE_GROUP are defined somewhere else; don't redefine these here.
* Don't depend on php-zlib as Moodle does not require this module.
* Faster installation using 'pax'.
* Auto-generare PLIST.
* Don't change owner/group of Moodle files; web-server should only be able to read them, and nothing more.
|
|
Upstream changes:
Releases > Moodle 2.5.2 release notes
Release date: 9 September 2013
Here is the full list of fixed issues in 2.5.2.
Contents [hide]
1 Highlights
2 Functional changes
3 API changes
4 Security issues
5 Fixes and improvements
6 See also
Highlights
MDL-30839 - Form validation and error recovery draws the user to where focus is needed.
MDL-27953 - Uploaded users can be added with authentication options other than Manual account or No login.
MDL-38707 - Folders displayed on course pages show their name.
Functional changes
MDL-40854 - Links to course activities/resources do not appear to users without appropriate view capabilities.
MDL-35981 - Confirmation is no longer needed after deleting a comment.
MDL-38707 - Folders displayed on course pages show their name.
MDL-41036 - Question category info is now edited using the HTML editor.
API changes
MDL-40176 - Mock form submission introduced for testing.
Security issues
A number of security related issues were resolved. Details of these issues will be released after a period of approximately one week to allow system administrators to safely update to the latest version.
Fixes and improvements
MDL-37333 - Clicking "Clear theme caches" in Default theme selector redirects page to "Select theme for tablet device".
MDL-41106 - MUC session cache fixes were made.
MDL-36803 - TinyMCE editor now works better with iOS.
MDL-40891 - MUC cache purge works consistently when creating directories.
MDL-31487 - Grade items remain hidden if explicitly hidden via Gradebook (regardless of activity state).
|
|
|
|
Upstream changes:
2.5.1
Highlights
MDL-39824 - Simplification of themes
MDL-38434 - Functional tests added for the Chat activity
MDL-39723 - Two unnecessary course queries were removed from most pages
Functional changes
MDL-39790 - My Latest badges block appears on the course page
API changes
MDL-40137 - Correct naming of functions in theme/clean/lib.php
Security issues
A number of security related issues were resolved. Details of these issues will be released after a period of approximately one week to allow system administrators to safely update to the latest version.
Fixes and improvements
MDL-39778 - Course deletion now functions with badges.
MDL-40120 - Issue when recent PostgreSQL versions retrieve the number of records from course table fixed.
MDL-39697 - Bootstrap layouts now have 'Maintenance' layout and related options.
MDL-40065 - Bootstrap Theme only sends content to "side-pre" if necessary.
MDL-40088 - Can now edit course settings if course is in a hidden category.
MDL-39979 - Teachers no longer see errors when Show Activity Reports is set to yes.
MDL-39363 - SCORM pass/fail status is set for a grade of 0.
MDL-39227 - SCORM navigation panel is no longer hidden when a Bootstrap theme is active.
MDL-39177 - Overwriting files always observes the "alias" attribute.
MDL-33719 - When overwriting a copy of a file with an alias/shortcut of a file, the file thumbnail is refreshed.
MDL-40142 - No JavaScript error is caused by the navigation block in relation to course categories.
MDL-40289 - Badges capabilities now have correct risks, levels and archetypes. Note for sites which are upgrading from 2.5: See the section 'Upgrading from Moodle 2.5 to 2.5.1' in Upgrading for details of how to correctly set badge permissions for each role archetype.
|
|
a) refer 'perl' in their Makefile, or
b) have a directory name of p5-*, or
c) have any dependency on any p5-* package
Like last time, where this caused no complaints.
|
|
Upstream changelog is too long, please visit:
http://docs.moodle.org/dev/Moodle_2.5_release_notes
|
|
Upstream changes(since 2.4.0):
2.4.3
Regression fix
MDL-38474 - Teachers unable to access server files
Note: Moodle 2.4.3 is being released just one week after 2.4.2 in response to a serious regression being discovered in 2.4.2.
Other fixes
MDL-38303 - MUC: Session cache is adjusted accordingly when user logs in or out
MDL-38386 - Upgrade step for 24 and master adjusted
MDL-38332 - Browsing users paginates properly for multiples of 30 users
MDL-33424 - Images correctly restored from a 1.9 course quiz
MDL-34011 - Display of student attempts for Short Answer questions in Lessons is now correct
2.4.2
Highlights
MDL-32975 - There is an option to sort My Courses list alphabetically
MDL-36297 - HTML purifier strings are now cached
MDL-35074 - More students can now appear per page in the Grader Report
MDL-34435 - Actions in categories are now logged
Functional changes
MDL-30669 - Admins are warned before deleting 'Sticky' site-wide blocks in 2.2 accidentally through a course page
MDL-37894 - Not yet opened quizzes show close date as well as open date
MDL-35336 - Process for enabling statistics is now clearer
API changes
MDL-36363 - Removing a file store cache instance removes its folder too
MDL-31636 - Comments API allows plugins to set the date format
Security issues
MSA-13-0011 Calendar subscription capability issue
MSA-13-0012 Information leak in course profiles
MSA-13-0013 Server information revealed through exception messages
MSA-13-0014 Password revealed in WebDav repository
MSA-13-0015 Cross-site scripting issue in Filepicker
MSA-13-0016 External Entity Injection through Zend library
MSA-13-0017 Form manipulation issue in notes
MSA-13-0018 Personal information leak through repositories
MSA-13-0019 Unauthorised settings editing through WebDav repository
Fixes and improvements
Fixes for MUC - MDL-37683 MDL-37545 MDL-38110 MDL-38165
MDL-37792 - Conditional Resource based on a profile interest field now works when fields are empty
MDL-38173 - Adding modules to courses where completion is enabled no longer causes corruption
MDL-37847 - Plain text essays now show HTML special characters appropriately
MDL-37774 - Moodle 1.9 to 2.x course restore now works with directory resources
MDL-37563 - Assignment upgrade now includes conditional access settings
MDL-36757 - Editing an activity no longer reveals hidden grades
MDL-35780 - Participants page disclosure of email addresses is now consistent
MDL-35175 - Lesson now shows attempts if associated with a grouping
MDL-37710 - Students can access their own submitted files in a team submission assignment
MDL-38352 - Improved language strings added to the English language pack, the most noticeable being 'My Moodle' in the site admin settings renamed as My home
2.4.1
Highlights
MDL-32880 - Make 1.9 blocks restorable in 2.3 onwards
MDL-34791 - Activity quick title edit updates name in gradebook
MDL-35653 - Wiki module works if you activate the force format option
API changes
MDL-30700 - There is a new function "text_sorting($columnname)" for the class flexible_table which allows you to specify which columns are of type "text" so they can be sorted correctly in all databases.
MDL-35593 - core_webservice_get_site_info returns version number as PARAM_TEXT
MDL-30961 - get_course_contents web service's name value is now PARAM_RAW
Security issues
MSA-13-0001 - Security issue in Google Spellchecker in TinyMCE
MSA-13-0002 - Capability issue with Outcome editing
MSA-13-0003 - Potential server file access through backup restoration
MSA-13-0004 - Information leak through activity report
MSA-13-0005 - Potential phishing attack through URL redirects
MSA-13-0006 - Potential information leak in Assignment module
MSA-13-0007 - Potential exploit in messaging
MSA-13-0008 - Information leak through Blog RSS
MSA-13-0009 - Information leak through Blog RSS
MSA-13-0010 - Failure to check capabilities in calendar
Fixes and improvements
MDL-36680 - Overview report now gives correct course total by not including hidden item grades
MDL-37165 - Assignment summary displays on Oracle
MDL-36963 - Automatic updates deployer needs checks directory permissions
|
|
|
|
Upstream changes:
Highlights
MDL-32880 - Make 1.9 blocks restorable in 2.3 onwards
MDL-34791 - Activity quick title edit updates name in gradebook
MDL-35653 - Wiki module works if you activate the force format option
Functional changes
MDL-35422 - To start writing their Workshop submissions, students now click a button labelled 'Start preparing your submission' instead of 'Submit'
API changes
MDL-30700 - There is a new function "text_sorting($columnname)" for the class flexible_table which allows you to specify which columns are of type "text" so they can be sorted correctly in all databases.
MDL-35593 - core_webservice_get_site_info returns version number as PARAM_TEXT
MDL-30961 - get_course_contents web service's name value is now PARAM_RAW
MDL-36795 - In the default course settings, numsections is not limited to maxsections
Security issues
MSA-13-0001 - Security issue in Google Spellchecker in TinyMCE
MSA-13-0002 - Capability issue with Outcome editing
MSA-13-0003 - Potential server file access through backup restoration
MSA-13-0004 - Information leak through activity report
MSA-13-0005 - Potential phishing attack through URL redirects
MSA-13-0006 - Potential information leak in Assignment module
MSA-13-0007 - Potential exploit in messaging
MSA-13-0008 - Information leak through Blog RSS
MSA-13-0009 - Information leak through Blog RSS
Fixes and improvements
MDL-36680 - Overview report now gives correct course total by not including hidden item grades
MDL-35717 - Quiz cron not closing old attempts after quiz close date (also MDL-36842)
MDL-37165 - Assignment summary displays on Oracle
MDL-36668 - Performance issue resolved in viewing pages in Database activity
MDL-36760 - Numerical type quiz questions now work with frozen elements changes
MDL-36551 - Database presets retain advanced search template
MDL-33863 - Importing quiz questions into new course happens without error
MDL-36683 - It is now possible to duplicate a quiz when course question bank contains matching questions
|
|
Upstream changes:
Moodle 2.3.3 release notes
Highlights
MDL-35297 - Upgrading books from earlier versions now works correctly
MDL-21801 - References to the non-functional Powerpoint import option have been removed from the Lesson module
MDL-33166 - A capability has been introduced to consistently exempt specific users from forum auto-subscriptions and forced subscriptions
MDL-34607 - Folder resources now show files in sorted order
MDL-33646 - Viewing an empty book shows a friendly notice rather than an error messsage
Functional changes
MDL-34794 - Course reset now works with the new Assignment module
MDL-35370 - Blank answers in Cloze type quiz questions are treated accordingly, when an answer of zero is expected
MDL-33374 - When adding or updating a user profile, the action button displays 'Create user' and 'Update user' relatively
MDL-27786 - The title field of a new calendar event is now labelled "Event title" instead of "Name"
MDL-28235 - The close button on help dialogues have changed to provide greater accessibility. (Note: if debugging is turned on, a string error will appear during the upgrade process. This is expected and will be resolved once the upgrade process is complete.)
API changes
MDL-30667 - Maximum upload limits are enforced consistently in relation to various system variables
MDL-35395 - A method has been added so forms can work around form change checking when necessary
MDL-35442 - Local plugins now have settings and uninstall links on the plugins overview page
Security issues
MSA-12-0057 Access issue through repository
MSA-12-0058 Possible form data manipulation issue
MSA-12-0059 Information leak in Database activity module
MSA-12-0060 Cross-site scripting vulnerability in YUI2
MSA-12-0061 Remote code execution through Portfolio API
MSA-12-0062 Information leak in Database activity module
MSA-12-0063 Information leak in Check Permissions page
Fixes and improvements
MDL-35411 - Submissions and feedback are now saved with imported/restored assignments
MDL-35397 - Notifications page 'many other contributors' link leads to appropriate credits page
MDL-35726 - Feedback forms work correctly when grading a series of assignments
MDL-35754 - Quizzes in pop-up windows now work correctly
|
|
are called p5-*.
I hope that's all of them.
|
|
Approved by: obache@
Upstream changes:
Highlights
MDL-28557 Group event now appears to teachers, managers and administrators
MDL-33398 MDL-27368 Cron works when course completion is enabled
Functional changes
MDL-24401 Lesson string changes
MDL-33401 Managers can add blocks at the site level
Security issues
MSA-12-0042 File access issue in blocks
MSA-12-0043 Early information access issue in forum
MSA-12-0044 Capability check issue in forum subscriptions
MSA-12-0045 Injection potential in admin for repositories
MSA-12-0046 Insecure protocol redirection in LDAP authentication
MSA-12-0047 SQL injection potential in Feedback module
MSA-12-0048 Possible XSS in cohort administration
MSA-12-0049 Group restricted activity displayed to all users
MSA-12-0050 Potential DOS attack through database activity
Fixes and improvements
MDL-32866 Filemanager in private files now saves changes
MDL-33583 "Keep all" automated backups now works
MDL-33607 Add new wiki page no longer reports error writing to database
MDL-33603 Database activity entries are linked correctly
MDL-26892 Question images not lost during upgrade
MDL-29924 Glossary attachments appear in filter popups
|
|
Bump PKGREVISION.
|
|
Based on maintainer update request by PR 46498.
Upstream changes:
Highlights
* MDL-32431 Calendar events can be backed-up and restored
* MDL-29262 Moodle 2 backup_controllers table is no longer needlessly massive
Functional changes
* MDL-27862 Ability to unset a theme
* MDL-31835 Recent conversations link added when viewing a message
* MDL-27427 Option added to delete external blog entries
Security issues
* MSA-12-0024 Hidden information access issue
* MSA-12-0025 Personal communication access issue
* MSA-12-0026 Quiz capability issue
* MSA-12-0027 Question bank capability issues
* MSA-12-0028 Insecure authentication issue
* MSA-12-0029 Information editing access issue
* MSA-12-0030 Capability manipulation issue
* MSA-12-0031 Cross-site scripting vulnerability in Wiki
* MSA-12-0032 Cross-site scripting vulnerability in Web services
* MSA-12-0035 Cross-site scripting vulnerability in "download all"
* MSA-12-0036 Cross-site scripting vulnerability in category identifier
* MSA-12-0037 Write access issue in Database activity module
* MSA-12-0038 Calendar event write permission issue
Fixes and improvements
* MDL-32061 Backup fixed when there is a lesson with attempts in the course
* MDL-31008 CSS fixed to display dimmed objects
* MDL-30867 Lesson essay question formatting fixed
* MDL-31528 Breadcrumbs appearing consistently when editing is off
* MDL-31631 Caching fixed so deleted activities do not remain listed
* MDL-26674 Wiki Module activity logs activity fully
* MDL-31510 Students in groups see only assignments in the Gradebook according to their group allocation
* MDL-32141 Custom TinyMCE additions now work in Firefox 11
|
|
Upstream changes:
Highlights
MDL-27891 Tag flagging is now logged
Functional changes
MDL-31095 Quiz max grade maintained when adding and removing questions
MDL-30031 Quiz Adaptive mode ignores invalid answers without penalty
Security issues
MSA-12-0013 - Database activity export permission issue
MSA-12-0014 - Password and Web services issue
MSA-12-0015 - Backup and private files issue
MSA-12-0016 - Default repository capabilities issue
MSA-12-0017 - Personal information leak issue
MSA-12-0018 - Course information leak in Gradebook export
MSA-12-0019 - Overview report and hidden course issue
MSA-12-0020 - Forum subscription permission issue
MSA-12-0021 - Course information leak through tags
MSA-12-0022 - Security conflict in Web services
Fixes and improvements
MDL-31248 Change to RC4 encryption is now backwards compatible
- Note: all users will need to log in to set a new cookie after this update
MDL-31213 Problem with new password form was fixed
MDL-29254 Problem adding blog entries after an update from 1.9 was resolved
MDL-22896 Forum messages with ampersands are now sent correctly by email
MDL-27793 Login names now appear consistently in all themes across all languages
MDL-26037 When importing in a site with lots of courses, all courses are checked
MDL-30484 Regrading quiz causes essay attachments to disappear
MDL-28364 Correct import formats accepted when importing questions
MDL-31407 Quiz grades are saved properly when the submitter is not the user taking the quiz
MDL-31876, MDL-31495 Quiz performance improvements have been made
|
