Upstream changes:
Highlights
MDL-27891 Tag flagging is now logged
Functional changes
MDL-31095 Quiz max grade maintained when adding and removing questions
MDL-30031 Quiz Adaptive mode ignores invalid answers without penalty
Security issues
MSA-12-0013 - Database activity export permission issue
MSA-12-0014 - Password and Web services issue
MSA-12-0015 - Backup and private files issue
MSA-12-0016 - Default repository capabilities issue
MSA-12-0017 - Personal information leak issue
MSA-12-0018 - Course information leak in Gradebook export
MSA-12-0019 - Overview report and hidden course issue
MSA-12-0020 - Forum subscription permission issue
MSA-12-0021 - Course information leak through tags
MSA-12-0022 - Security conflict in Web services
Fixes and improvements
MDL-31248 Change to RC4 encryption is now backwards compatible
- Note: all users will need to log in to set a new cookie after this update
MDL-31213 Problem with new password form was fixed
MDL-29254 Problem adding blog entries after an update from 1.9 was resolved
MDL-22896 Forum messages with ampersands are now sent correctly by email
MDL-27793 Login names now appear consistently in all themes across all languages
MDL-26037 When importing in a site with lots of courses, all courses are checked
MDL-30484 Regrading quiz causes essay attachments to disappear
MDL-28364 Correct import formats accepted when importing questions
MDL-31407 Quiz grades are saved properly when the submitter is not the user taking the quiz
MDL-31876, MDL-31495 Quiz performance improvements have been made
Fixes many security advisories, see below in the changelog.
Highlights
MDL-28710 - CSS class names have been added for rating div/span elements
enabling theming
MDL-29579 - Question text included in export of quiz statistics report in
Moodle 2.1
Functional changes
MDL-19147 - Single Simple forums are no longer targets for moving (and losing)
discussions
MDL-30273 - Students and teachers can add additional topics to a simple forum
discussion
Security issues
MSA-12-0001 - Recaptcha transmission consistency issue
MSA-12-0003 - Added password protection
MSA-12-0004 - Added profile image security
MSA-12-0005 - Encryption enhancement
MSA-12-0006 - Additional email address validation
MSA-12-0007 - Email injection prevention
MSA-12-0008 - Unsynchronised access via tokens
MSA-12-0009 - Role access issue
MSA-12-0010 - Unauthorised access to session key
MSA-12-0011 - Browser autofill password issue
MSA-12-0012 - Form validation issue
Fixes and improvements
MDL-30376 - Glossary RSS feed no longer generates error
MDL-30378 - Site page links fixed in Navigation blocks
MDL-30460 - Wiki image dropdown includes files with upper case suffixes
MDL-30466 - Writing to database fixed for restoring a course with uses course
completion
MDL-30569 - Editing the front page when defaulthomepage = mymoodle now works as
expected
MDL-28180 - Duplicating an assignment that has course completion enabled no
longer breaks course completion for the course
MDL-27314 - It is now possible to delete or regrade quiz attempts in separate
groups mode
MDL-29730 - Fixed Lesson question shortanswer with regexp option
MDL-30260 - Emailstop option fixed
Upstream highlights:
--------------------
Highlights
MDL-27037 - Wiki 2.0 respects 'visible groups' functionality
MDL-29960 - Dropbox repository now functioning with new API
Functional changes
MDL-27516 - RTL Theme fixes for Moodle 2
Security issues
MSA-11-0042 - Information leak in Wiki
MSA-11-0043 - Possible link redirect in Calendar
MSA-11-0044 - Expired identification information shown in Web services
MSA-11-0045 - Potential to masquerade through MNet
MSA-11-0047 - Possible injection attack in Calendar
MSA-11-0048 - Password loss issue
MSA-11-0050 - Backup capability issue
MSA-11-0051 - Authentication issue with Web services
MSA-11-0052 - Potential to exploit developer debugging scripts
MSA-11-0053 - Security and system administration conflict
MSA-11-0054 - Personal information leak
Fixes and improvements
MDL-28292 - Removed possibility to 'lose' a block by docking it
MDL-29542 - Lesson no longer gets corrupted after creating a new question
MDL-30010 - Core themes which have pagelayout problems when moving blocks have been fixed
MDL-27790 - Temporary course remains after restore
MDL-29529 - Fixed database error when assignments were sorted by status
MDL-30375 - Comments block no longer disappears when cancel is clicked
MDL-30398 - Lesson no longer accepts blank password
Upstream changes:
Highlights
MDL-28729 - Numerous multi-lang fixes and improvements
Functional changes
MDL-28410 - Allow a single option in a Choice activity
MDL-29394 - HTML editor format option selector hidden when there is only one option
MDL-23520 - Option added to allow deleting of a wiki page
Security issues:
MSA-11-0027 to MSA-11-0035, MSA-11-0039 to MSA-11-0041.
Fixes SA46427
See http://docs.moodle.org/dev/Moodle_2.1.2_release_notes for complete
release notes.
* Some general minor bugs fixed in different areas.
* Four security fixes (see below).
Some of these vulnerabilities are potentially serious so we strongly
recommend you upgrade.
Full details to be released soon.
Moodle is a course management system (CMS) - a free, Open Source software
package designed using sound pedagogical principles, to help educators
create effective online learning communities. You can use it on any
computer you have handy (including webhosts), yet it can scale from a
single-teacher site to a 40,000-student University.
