Upstream changes(since 2.4.0):
2.4.3
Regression fix
MDL-38474 - Teachers unable to access server files
Note: Moodle 2.4.3 is being released just one week after 2.4.2 in response to a serious regression being discovered in 2.4.2.
Other fixes
MDL-38303 - MUC: Session cache is adjusted accordingly when user logs in or out
MDL-38386 - Upgrade step for 24 and master adjusted
MDL-38332 - Browsing users paginates properly for multiples of 30 users
MDL-33424 - Images correctly restored from a 1.9 course quiz
MDL-34011 - Display of student attempts for Short Answer questions in Lessons is now correct
2.4.2
Highlights
MDL-32975 - There is an option to sort My Courses list alphabetically
MDL-36297 - HTML purifier strings are now cached
MDL-35074 - More students can now appear per page in the Grader Report
MDL-34435 - Actions in categories are now logged
Functional changes
MDL-30669 - Admins are warned before deleting 'Sticky' site-wide blocks in 2.2 accidentally through a course page
MDL-37894 - Not yet opened quizzes show close date as well as open date
MDL-35336 - Process for enabling statistics is now clearer
API changes
MDL-36363 - Removing a file store cache instance removes its folder too
MDL-31636 - Comments API allows plugins to set the date format
Security issues
MSA-13-0011 Calendar subscription capability issue
MSA-13-0012 Information leak in course profiles
MSA-13-0013 Server information revealed through exception messages
MSA-13-0014 Password revealed in WebDav repository
MSA-13-0015 Cross-site scripting issue in Filepicker
MSA-13-0016 External Entity Injection through Zend library
MSA-13-0017 Form manipulation issue in notes
MSA-13-0018 Personal information leak through repositories
MSA-13-0019 Unauthorised settings editing through WebDav repository
Fixes and improvements
Fixes for MUC - MDL-37683 MDL-37545 MDL-38110 MDL-38165
MDL-37792 - Conditional Resource based on a profile interest field now works when fields are empty
MDL-38173 - Adding modules to courses where completion is enabled no longer causes corruption
MDL-37847 - Plain text essays now show HTML special characters appropriately
MDL-37774 - Moodle 1.9 to 2.x course restore now works with directory resources
MDL-37563 - Assignment upgrade now includes conditional access settings
MDL-36757 - Editing an activity no longer reveals hidden grades
MDL-35780 - Participants page disclosure of email addresses is now consistent
MDL-35175 - Lesson now shows attempts if associated with a grouping
MDL-37710 - Students can access their own submitted files in a team submission assignment
MDL-38352 - Improved language strings added to the English language pack, the most noticeable being 'My Moodle' in the site admin settings renamed as My home
2.4.1
Highlights
MDL-32880 - Make 1.9 blocks restorable in 2.3 onwards
MDL-34791 - Activity quick title edit updates name in gradebook
MDL-35653 - Wiki module works if you activate the force format option
API changes
MDL-30700 - There is a new function "text_sorting($columnname)" for the class flexible_table which allows you to specify which columns are of type "text" so they can be sorted correctly in all databases.
MDL-35593 - core_webservice_get_site_info returns version number as PARAM_TEXT
MDL-30961 - get_course_contents web service's name value is now PARAM_RAW
Security issues
MSA-13-0001 - Security issue in Google Spellchecker in TinyMCE
MSA-13-0002 - Capability issue with Outcome editing
MSA-13-0003 - Potential server file access through backup restoration
MSA-13-0004 - Information leak through activity report
MSA-13-0005 - Potential phishing attack through URL redirects
MSA-13-0006 - Potential information leak in Assignment module
MSA-13-0007 - Potential exploit in messaging
MSA-13-0008 - Information leak through Blog RSS
MSA-13-0009 - Information leak through Blog RSS
MSA-13-0010 - Failure to check capabilities in calendar
Fixes and improvements
MDL-36680 - Overview report now gives correct course total by not including hidden item grades
MDL-37165 - Assignment summary displays on Oracle
MDL-36963 - Automatic updates deployer needs checks directory permissions
1.) Fix broken "yasm" version check which only accepts version numbers
like "a.b.c.d" but not like "a.b.c" and therefore fails with
Yasm 1.2.0. This probably affects other platforms (e.g. Linux
as well).
2.) Use "-R" instead of non-portable "-rpath" linker option.
The build under Solaris 10 fails now during the build phase and not
already in the configuration phase.
it will fallback to "yacc" (instead of "bison") and the library will
not link properly. This problem is probably only visible under Solaris
where "lex" is not "flex".
Bump package revision because of this fix.
- NULL is a pointer. Don't use it for '\0', which is a character.
- Silence warnings about unused variables.
- Silence clang warnings about format strings.
- Fix up the makefile and configure logic, rolling in patch-aa and
patch-ab. Make the configure script report what it's doing instead
of making wrong decisions silently.
- Fix broken build when using system curses instead of the builtin
curses subset. (This is not the default, nor apparently recommended,
but can happen if the configure script doesn't like you.)
- Bump PKGREVISION.
