Upstream changes:
Highlights
MDL-41252 - Accessibility improvements to course page.
MDL-34209 - Moving sections by drag and drop reorders sections correctly.
MDL-29987 - Embedded PDF files behave correctly.
Functional changes
MDL-42069 - Option to sort by last name in Quiz grading report.
MDL-38267 - Submit button is not shown after cut-off date in Assignment.
MDL-22669 - When restoring a larger course over a smaller one, the number of sections is maintained.
MDL-42666 and MDL-42668 - The Box.net repository and Box.net portfolio have been updated to use Box.net API v2. Moodle sites which have used the Box.net repository previously need to run the Box.net-alias-to-copy-conversion tool as soon as possible. Also, HTTPS is now required for sites to access Box.net. See Box.net APIv1 migration for details.
API changes
MDL-41861, MDL-41882, MDL-41853,... - Generator tools have been backported.
Security issues
A number of security related issues were resolved. Details of these issues will be released after a period of approximately one week to allow system administrators to safely update to the latest version.
Fixes and improvements
MDL-32862 - Links to 1.9 resource types work after upgrade to 2.2 followed by backup and restore.
MDL-40903 - Persistent cache is now split into logical parts.
MDL-41942 - Courses in categories no longer become invisible due to caching problem.
MDL-41352 - Mymobile theme no longer producing JavaScript error on course pages.
MDL-37528 - Block drag-and-drop issue resolved.
MDL-42542 - The Portfolio cron job is now working.
MDL-42619 - Error deleting a course link from the community block is fixed.
MDL-37877 - Automated backup failure is now reported.
* APACHE_USER and APACHE_GROUP are defined somewhere else; don't redefine these here.
* Don't depend on php-zlib as Moodle does not require this module.
* Faster installation using 'pax'.
* Auto-generare PLIST.
* Don't change owner/group of Moodle files; web-server should only be able to read them, and nothing more.
Upstream changes:
Releases > Moodle 2.5.2 release notes
Release date: 9 September 2013
Here is the full list of fixed issues in 2.5.2.
Contents [hide]
1 Highlights
2 Functional changes
3 API changes
4 Security issues
5 Fixes and improvements
6 See also
Highlights
MDL-30839 - Form validation and error recovery draws the user to where focus is needed.
MDL-27953 - Uploaded users can be added with authentication options other than Manual account or No login.
MDL-38707 - Folders displayed on course pages show their name.
Functional changes
MDL-40854 - Links to course activities/resources do not appear to users without appropriate view capabilities.
MDL-35981 - Confirmation is no longer needed after deleting a comment.
MDL-38707 - Folders displayed on course pages show their name.
MDL-41036 - Question category info is now edited using the HTML editor.
API changes
MDL-40176 - Mock form submission introduced for testing.
Security issues
A number of security related issues were resolved. Details of these issues will be released after a period of approximately one week to allow system administrators to safely update to the latest version.
Fixes and improvements
MDL-37333 - Clicking "Clear theme caches" in Default theme selector redirects page to "Select theme for tablet device".
MDL-41106 - MUC session cache fixes were made.
MDL-36803 - TinyMCE editor now works better with iOS.
MDL-40891 - MUC cache purge works consistently when creating directories.
MDL-31487 - Grade items remain hidden if explicitly hidden via Gradebook (regardless of activity state).
Upstream changes:
2.5.1
Highlights
MDL-39824 - Simplification of themes
MDL-38434 - Functional tests added for the Chat activity
MDL-39723 - Two unnecessary course queries were removed from most pages
Functional changes
MDL-39790 - My Latest badges block appears on the course page
API changes
MDL-40137 - Correct naming of functions in theme/clean/lib.php
Security issues
A number of security related issues were resolved. Details of these issues will be released after a period of approximately one week to allow system administrators to safely update to the latest version.
Fixes and improvements
MDL-39778 - Course deletion now functions with badges.
MDL-40120 - Issue when recent PostgreSQL versions retrieve the number of records from course table fixed.
MDL-39697 - Bootstrap layouts now have 'Maintenance' layout and related options.
MDL-40065 - Bootstrap Theme only sends content to "side-pre" if necessary.
MDL-40088 - Can now edit course settings if course is in a hidden category.
MDL-39979 - Teachers no longer see errors when Show Activity Reports is set to yes.
MDL-39363 - SCORM pass/fail status is set for a grade of 0.
MDL-39227 - SCORM navigation panel is no longer hidden when a Bootstrap theme is active.
MDL-39177 - Overwriting files always observes the "alias" attribute.
MDL-33719 - When overwriting a copy of a file with an alias/shortcut of a file, the file thumbnail is refreshed.
MDL-40142 - No JavaScript error is caused by the navigation block in relation to course categories.
MDL-40289 - Badges capabilities now have correct risks, levels and archetypes. Note for sites which are upgrading from 2.5: See the section 'Upgrading from Moodle 2.5 to 2.5.1' in Upgrading for details of how to correctly set badge permissions for each role archetype.
a) refer 'perl' in their Makefile, or
b) have a directory name of p5-*, or
c) have any dependency on any p5-* package
Like last time, where this caused no complaints.
Upstream changes(since 2.4.0):
2.4.3
Regression fix
MDL-38474 - Teachers unable to access server files
Note: Moodle 2.4.3 is being released just one week after 2.4.2 in response to a serious regression being discovered in 2.4.2.
Other fixes
MDL-38303 - MUC: Session cache is adjusted accordingly when user logs in or out
MDL-38386 - Upgrade step for 24 and master adjusted
MDL-38332 - Browsing users paginates properly for multiples of 30 users
MDL-33424 - Images correctly restored from a 1.9 course quiz
MDL-34011 - Display of student attempts for Short Answer questions in Lessons is now correct
2.4.2
Highlights
MDL-32975 - There is an option to sort My Courses list alphabetically
MDL-36297 - HTML purifier strings are now cached
MDL-35074 - More students can now appear per page in the Grader Report
MDL-34435 - Actions in categories are now logged
Functional changes
MDL-30669 - Admins are warned before deleting 'Sticky' site-wide blocks in 2.2 accidentally through a course page
MDL-37894 - Not yet opened quizzes show close date as well as open date
MDL-35336 - Process for enabling statistics is now clearer
API changes
MDL-36363 - Removing a file store cache instance removes its folder too
MDL-31636 - Comments API allows plugins to set the date format
Security issues
MSA-13-0011 Calendar subscription capability issue
MSA-13-0012 Information leak in course profiles
MSA-13-0013 Server information revealed through exception messages
MSA-13-0014 Password revealed in WebDav repository
MSA-13-0015 Cross-site scripting issue in Filepicker
MSA-13-0016 External Entity Injection through Zend library
MSA-13-0017 Form manipulation issue in notes
MSA-13-0018 Personal information leak through repositories
MSA-13-0019 Unauthorised settings editing through WebDav repository
Fixes and improvements
Fixes for MUC - MDL-37683 MDL-37545 MDL-38110 MDL-38165
MDL-37792 - Conditional Resource based on a profile interest field now works when fields are empty
MDL-38173 - Adding modules to courses where completion is enabled no longer causes corruption
MDL-37847 - Plain text essays now show HTML special characters appropriately
MDL-37774 - Moodle 1.9 to 2.x course restore now works with directory resources
MDL-37563 - Assignment upgrade now includes conditional access settings
MDL-36757 - Editing an activity no longer reveals hidden grades
MDL-35780 - Participants page disclosure of email addresses is now consistent
MDL-35175 - Lesson now shows attempts if associated with a grouping
MDL-37710 - Students can access their own submitted files in a team submission assignment
MDL-38352 - Improved language strings added to the English language pack, the most noticeable being 'My Moodle' in the site admin settings renamed as My home
2.4.1
Highlights
MDL-32880 - Make 1.9 blocks restorable in 2.3 onwards
MDL-34791 - Activity quick title edit updates name in gradebook
MDL-35653 - Wiki module works if you activate the force format option
API changes
MDL-30700 - There is a new function "text_sorting($columnname)" for the class flexible_table which allows you to specify which columns are of type "text" so they can be sorted correctly in all databases.
MDL-35593 - core_webservice_get_site_info returns version number as PARAM_TEXT
MDL-30961 - get_course_contents web service's name value is now PARAM_RAW
Security issues
MSA-13-0001 - Security issue in Google Spellchecker in TinyMCE
MSA-13-0002 - Capability issue with Outcome editing
MSA-13-0003 - Potential server file access through backup restoration
MSA-13-0004 - Information leak through activity report
MSA-13-0005 - Potential phishing attack through URL redirects
MSA-13-0006 - Potential information leak in Assignment module
MSA-13-0007 - Potential exploit in messaging
MSA-13-0008 - Information leak through Blog RSS
MSA-13-0009 - Information leak through Blog RSS
MSA-13-0010 - Failure to check capabilities in calendar
Fixes and improvements
MDL-36680 - Overview report now gives correct course total by not including hidden item grades
MDL-37165 - Assignment summary displays on Oracle
MDL-36963 - Automatic updates deployer needs checks directory permissions
Upstream changes:
Highlights
MDL-32880 - Make 1.9 blocks restorable in 2.3 onwards
MDL-34791 - Activity quick title edit updates name in gradebook
MDL-35653 - Wiki module works if you activate the force format option
Functional changes
MDL-35422 - To start writing their Workshop submissions, students now click a button labelled 'Start preparing your submission' instead of 'Submit'
API changes
MDL-30700 - There is a new function "text_sorting($columnname)" for the class flexible_table which allows you to specify which columns are of type "text" so they can be sorted correctly in all databases.
MDL-35593 - core_webservice_get_site_info returns version number as PARAM_TEXT
MDL-30961 - get_course_contents web service's name value is now PARAM_RAW
MDL-36795 - In the default course settings, numsections is not limited to maxsections
Security issues
MSA-13-0001 - Security issue in Google Spellchecker in TinyMCE
MSA-13-0002 - Capability issue with Outcome editing
MSA-13-0003 - Potential server file access through backup restoration
MSA-13-0004 - Information leak through activity report
MSA-13-0005 - Potential phishing attack through URL redirects
MSA-13-0006 - Potential information leak in Assignment module
MSA-13-0007 - Potential exploit in messaging
MSA-13-0008 - Information leak through Blog RSS
MSA-13-0009 - Information leak through Blog RSS
Fixes and improvements
MDL-36680 - Overview report now gives correct course total by not including hidden item grades
MDL-35717 - Quiz cron not closing old attempts after quiz close date (also MDL-36842)
MDL-37165 - Assignment summary displays on Oracle
MDL-36668 - Performance issue resolved in viewing pages in Database activity
MDL-36760 - Numerical type quiz questions now work with frozen elements changes
MDL-36551 - Database presets retain advanced search template
MDL-33863 - Importing quiz questions into new course happens without error
MDL-36683 - It is now possible to duplicate a quiz when course question bank contains matching questions
Upstream changes:
Moodle 2.3.3 release notes
Highlights
MDL-35297 - Upgrading books from earlier versions now works correctly
MDL-21801 - References to the non-functional Powerpoint import option have been removed from the Lesson module
MDL-33166 - A capability has been introduced to consistently exempt specific users from forum auto-subscriptions and forced subscriptions
MDL-34607 - Folder resources now show files in sorted order
MDL-33646 - Viewing an empty book shows a friendly notice rather than an error messsage
Functional changes
MDL-34794 - Course reset now works with the new Assignment module
MDL-35370 - Blank answers in Cloze type quiz questions are treated accordingly, when an answer of zero is expected
MDL-33374 - When adding or updating a user profile, the action button displays 'Create user' and 'Update user' relatively
MDL-27786 - The title field of a new calendar event is now labelled "Event title" instead of "Name"
MDL-28235 - The close button on help dialogues have changed to provide greater accessibility. (Note: if debugging is turned on, a string error will appear during the upgrade process. This is expected and will be resolved once the upgrade process is complete.)
API changes
MDL-30667 - Maximum upload limits are enforced consistently in relation to various system variables
MDL-35395 - A method has been added so forms can work around form change checking when necessary
MDL-35442 - Local plugins now have settings and uninstall links on the plugins overview page
Security issues
MSA-12-0057 Access issue through repository
MSA-12-0058 Possible form data manipulation issue
MSA-12-0059 Information leak in Database activity module
MSA-12-0060 Cross-site scripting vulnerability in YUI2
MSA-12-0061 Remote code execution through Portfolio API
MSA-12-0062 Information leak in Database activity module
MSA-12-0063 Information leak in Check Permissions page
Fixes and improvements
MDL-35411 - Submissions and feedback are now saved with imported/restored assignments
MDL-35397 - Notifications page 'many other contributors' link leads to appropriate credits page
MDL-35726 - Feedback forms work correctly when grading a series of assignments
MDL-35754 - Quizzes in pop-up windows now work correctly
Approved by: obache@
Upstream changes:
Highlights
MDL-28557 Group event now appears to teachers, managers and administrators
MDL-33398 MDL-27368 Cron works when course completion is enabled
Functional changes
MDL-24401 Lesson string changes
MDL-33401 Managers can add blocks at the site level
Security issues
MSA-12-0042 File access issue in blocks
MSA-12-0043 Early information access issue in forum
MSA-12-0044 Capability check issue in forum subscriptions
MSA-12-0045 Injection potential in admin for repositories
MSA-12-0046 Insecure protocol redirection in LDAP authentication
MSA-12-0047 SQL injection potential in Feedback module
MSA-12-0048 Possible XSS in cohort administration
MSA-12-0049 Group restricted activity displayed to all users
MSA-12-0050 Potential DOS attack through database activity
Fixes and improvements
MDL-32866 Filemanager in private files now saves changes
MDL-33583 "Keep all" automated backups now works
MDL-33607 Add new wiki page no longer reports error writing to database
MDL-33603 Database activity entries are linked correctly
MDL-26892 Question images not lost during upgrade
MDL-29924 Glossary attachments appear in filter popups
Based on maintainer update request by PR 46498.
Upstream changes:
Highlights
* MDL-32431 Calendar events can be backed-up and restored
* MDL-29262 Moodle 2 backup_controllers table is no longer needlessly massive
Functional changes
* MDL-27862 Ability to unset a theme
* MDL-31835 Recent conversations link added when viewing a message
* MDL-27427 Option added to delete external blog entries
Security issues
* MSA-12-0024 Hidden information access issue
* MSA-12-0025 Personal communication access issue
* MSA-12-0026 Quiz capability issue
* MSA-12-0027 Question bank capability issues
* MSA-12-0028 Insecure authentication issue
* MSA-12-0029 Information editing access issue
* MSA-12-0030 Capability manipulation issue
* MSA-12-0031 Cross-site scripting vulnerability in Wiki
* MSA-12-0032 Cross-site scripting vulnerability in Web services
* MSA-12-0035 Cross-site scripting vulnerability in "download all"
* MSA-12-0036 Cross-site scripting vulnerability in category identifier
* MSA-12-0037 Write access issue in Database activity module
* MSA-12-0038 Calendar event write permission issue
Fixes and improvements
* MDL-32061 Backup fixed when there is a lesson with attempts in the course
* MDL-31008 CSS fixed to display dimmed objects
* MDL-30867 Lesson essay question formatting fixed
* MDL-31528 Breadcrumbs appearing consistently when editing is off
* MDL-31631 Caching fixed so deleted activities do not remain listed
* MDL-26674 Wiki Module activity logs activity fully
* MDL-31510 Students in groups see only assignments in the Gradebook according to their group allocation
* MDL-32141 Custom TinyMCE additions now work in Firefox 11
Upstream changes:
Highlights
MDL-27891 Tag flagging is now logged
Functional changes
MDL-31095 Quiz max grade maintained when adding and removing questions
MDL-30031 Quiz Adaptive mode ignores invalid answers without penalty
Security issues
MSA-12-0013 - Database activity export permission issue
MSA-12-0014 - Password and Web services issue
MSA-12-0015 - Backup and private files issue
MSA-12-0016 - Default repository capabilities issue
MSA-12-0017 - Personal information leak issue
MSA-12-0018 - Course information leak in Gradebook export
MSA-12-0019 - Overview report and hidden course issue
MSA-12-0020 - Forum subscription permission issue
MSA-12-0021 - Course information leak through tags
MSA-12-0022 - Security conflict in Web services
Fixes and improvements
MDL-31248 Change to RC4 encryption is now backwards compatible
- Note: all users will need to log in to set a new cookie after this update
MDL-31213 Problem with new password form was fixed
MDL-29254 Problem adding blog entries after an update from 1.9 was resolved
MDL-22896 Forum messages with ampersands are now sent correctly by email
MDL-27793 Login names now appear consistently in all themes across all languages
MDL-26037 When importing in a site with lots of courses, all courses are checked
MDL-30484 Regrading quiz causes essay attachments to disappear
MDL-28364 Correct import formats accepted when importing questions
MDL-31407 Quiz grades are saved properly when the submitter is not the user taking the quiz
MDL-31876, MDL-31495 Quiz performance improvements have been made
Fixes many security advisories, see below in the changelog.
Highlights
MDL-28710 - CSS class names have been added for rating div/span elements
enabling theming
MDL-29579 - Question text included in export of quiz statistics report in
Moodle 2.1
Functional changes
MDL-19147 - Single Simple forums are no longer targets for moving (and losing)
discussions
MDL-30273 - Students and teachers can add additional topics to a simple forum
discussion
Security issues
MSA-12-0001 - Recaptcha transmission consistency issue
MSA-12-0003 - Added password protection
MSA-12-0004 - Added profile image security
MSA-12-0005 - Encryption enhancement
MSA-12-0006 - Additional email address validation
MSA-12-0007 - Email injection prevention
MSA-12-0008 - Unsynchronised access via tokens
MSA-12-0009 - Role access issue
MSA-12-0010 - Unauthorised access to session key
MSA-12-0011 - Browser autofill password issue
MSA-12-0012 - Form validation issue
Fixes and improvements
MDL-30376 - Glossary RSS feed no longer generates error
MDL-30378 - Site page links fixed in Navigation blocks
MDL-30460 - Wiki image dropdown includes files with upper case suffixes
MDL-30466 - Writing to database fixed for restoring a course with uses course
completion
MDL-30569 - Editing the front page when defaulthomepage = mymoodle now works as
expected
MDL-28180 - Duplicating an assignment that has course completion enabled no
longer breaks course completion for the course
MDL-27314 - It is now possible to delete or regrade quiz attempts in separate
groups mode
MDL-29730 - Fixed Lesson question shortanswer with regexp option
MDL-30260 - Emailstop option fixed
Upstream highlights:
--------------------
Highlights
MDL-27037 - Wiki 2.0 respects 'visible groups' functionality
MDL-29960 - Dropbox repository now functioning with new API
Functional changes
MDL-27516 - RTL Theme fixes for Moodle 2
Security issues
MSA-11-0042 - Information leak in Wiki
MSA-11-0043 - Possible link redirect in Calendar
MSA-11-0044 - Expired identification information shown in Web services
MSA-11-0045 - Potential to masquerade through MNet
MSA-11-0047 - Possible injection attack in Calendar
MSA-11-0048 - Password loss issue
MSA-11-0050 - Backup capability issue
MSA-11-0051 - Authentication issue with Web services
MSA-11-0052 - Potential to exploit developer debugging scripts
MSA-11-0053 - Security and system administration conflict
MSA-11-0054 - Personal information leak
Fixes and improvements
MDL-28292 - Removed possibility to 'lose' a block by docking it
MDL-29542 - Lesson no longer gets corrupted after creating a new question
MDL-30010 - Core themes which have pagelayout problems when moving blocks have been fixed
MDL-27790 - Temporary course remains after restore
MDL-29529 - Fixed database error when assignments were sorted by status
MDL-30375 - Comments block no longer disappears when cancel is clicked
MDL-30398 - Lesson no longer accepts blank password
Upstream changes:
Highlights
MDL-28729 - Numerous multi-lang fixes and improvements
Functional changes
MDL-28410 - Allow a single option in a Choice activity
MDL-29394 - HTML editor format option selector hidden when there is only one option
MDL-23520 - Option added to allow deleting of a wiki page
Security issues:
MSA-11-0027 to MSA-11-0035, MSA-11-0039 to MSA-11-0041.
Fixes SA46427
See http://docs.moodle.org/dev/Moodle_2.1.2_release_notes for complete
release notes.
* Some general minor bugs fixed in different areas.
* Four security fixes (see below).
Some of these vulnerabilities are potentially serious so we strongly
recommend you upgrade.
Full details to be released soon.
Moodle is a course management system (CMS) - a free, Open Source software
package designed using sound pedagogical principles, to help educators
create effective online learning communities. You can use it on any
computer you have handy (including webhosts), yet it can scale from a
single-teacher site to a 40,000-student University.
